Enabling Table and Stream Authorizations with ACEs
About this task
Permissions for Data Fabric tables, column families, and columns are defined by ACEs. Set permissions for tables after you create or edit tables. Set default permissions for column families when you create or edit tables, and you can override these defaults when you create column families.
For the syntax to use when creating Access Control Expressions, see ACE Syntax.
If a user, group, or role requests to read data from, write data to, or append data to a column, HPE Ezmeral Data Fabric Database checks whether that user, group, or role has read or write permission for the column family AND read or write permission for the column. By default, columns allow read and write access to all users; in such cases, only the read or write permission for the column family matters.
However, suppose that a table contains columns
col1
and col2
in column family
cf1
, and these columns grant read and write permission only to the
table creator. A different user tries to write data to these columns. HPE Ezmeral Data Fabric Database checks
whether this user has write permission on cf1
AND col1
AND col2
. If the user does not have all three permissions, HPE Ezmeral Data Fabric Database
returns an error that says access for the write is denied.
If this user were to
try to read from the same two columns, HPE Ezmeral Data Fabric Database would simply not return the data. If the
user tried to read from those two columns and additional columns on which he had read
permissions, the results would contain the data for those additional columns but exclude
the data for col1
and col2
.
To set permissions directly in the filesystem, see Performing File System Operations on HPE Ezmeral Data Fabric Database Tables.
Setting Table ACEs Using the CLI
About this task
You can set ACEs with the following commands:
-
table create
— Creates a new Data Fabric table. -
table edit
— Edits a Data Fabric table. -
table cf create
— Creates a column family for a Data Fabric table. -
table cf edit
— Edits a column-family definition. -
table cf colperm set
— Set Access Control Expressions (ACEs) for a specified column.
Setting Stream ACEs Using the CLI
About this task
You can set ACEs with the following commands:
-
stream create
— Creates a new Data Fabric stream. -
stream edit
— Edits a Data Fabric stream.