Disabling Policy Access Controls at the Cluster-Level
Disable policy ACEs that are set in security policies at the cluster-level through
the cldb.pbs.access.control.enabled
option in the CLI and REST API and
through the Ignore Policy Access Control option in the Control System.
About this task
cldb.pbs.access.control.enabled
option is the
fastest way for administrators to turn security policies off in a cluster. CAUTION
Before you disable policy access controls at the cluster-level,
verify that POSIX mode bits or ACEs are directly applied to data objects to
prevent unauthorized access to data. See hadoop mfs, and refer to the
-getace
parameter.The following table summarizes how security policy enforcement works when policy
access controls are enabled and disabled in a cluster:
Policy Access Controls | Description |
---|---|
Enabled |
|
Disabled |
|
The following sections describe how to enable and disable policy access controls (ACEs set in security policies) at the cluster-level:
Disable Policy Access Controls Using the Control System
Procedure
- Log in to the Control System and click to display the Security settings page.
-
Move the slider associated with Ignore Policy Access
Control to Yes to disable access
control or No to enable access control using security
policies.
If set to Yes, access control enforcement is disabled for all the security policies on the cluster. If set to No, you can set the enforcement mode setting at the volume level to Policy Ace and Data Ace or Policy Ace Only to enable access control enforcement using security policy ACEs.
Disable Policy Access Controls Using the CLI
Procedure
Run the
config save
command and set the cldb.pbs.access.control.enabled
property to one of the following values:
0
— disables security policy ACE enforcement for data operations in the cluster1
— enables security policy ACE enforcement for data operations in the cluster
Example:
/opt/mapr/bin/maprcli config save -values '{"cldb.pbs.access.control.enabled":"0"}'
/opt/mapr/bin/maprcli config save -values '{"cldb.pbs.access.control.enabled":"1"}'