Viewing the List of Security Policies
View the list of security policies using the Control System and extended attributes.
About this task
You can retrieve and view the list of security policies using the Control System, the CLI, and REST API.
Viewing the List of Security Policies Using the Control System
Procedure
Column Name | Description |
---|---|
Policy Name | Shows the name of the policy. |
Access Control | Indicates whether access control is enforced by the
Access Control Expression (ACE)
setting in the policy:
|
Tagging | Indicates whether data objects can be tagged with the policy. See Changing the State of a Security Policy. |
Description | Displayes the description of the policy. |
Date Created | Displays the date when the policy was created. |
Date Modified | Displays the date when the policy was last modified. |
Viewing the List of Security Policies Using the CLI and REST API
About this task
/opt/mapr/bin/maprcli security policy list -json
curl -X GET 'https://<host>:8443/rest/security/policy/list' --user <username>:<password>
policy list
.Retrieving Security Policies Using Extended Attributes
About this task
Security policies use a special format for the extended attribute
name, which is always set to the keyword
security.mapr.policy
.
To retrieve extended attributes, run one of the following commands:
getfattr [-hRLP] -n name pathname...
getfattr [-hRLP] -d [-m pattern] pathname...
The above commands retrieve both policy tags, as well as other extended attributes.
For example, to retrieve all extended attributes for the
/mapr/lab/foo.txt
file, use:
getfattr -d /mapr/lab/foo.txt
# file: /mapr/lab/foo.txt
security.mapr.policy="Lab_Security_Policy,Sensitive_data" ← policy tag
user.test="test" ← other attributes
To retrieve the security policy tags without retrieving the rest of
the extended attributes, use the -n
option to match
the security policy extended attribute name:
getfattr -d -n security.mapr.policy /mapr/lab/foo.txt
# file: /mapr/lab/foo.txt
security.mapr.policy="Lab_Security_Policy,Sensitive_Data"
security.mapr.policy
.To retrieve security policy attributes, use the command:
hadoop fs -getfattr [-R] -n
security.mapr.policy | -d <pathname>
For example, to retrieve security policy attributes for the
/mapr/lab/foo.txt
file, use:
hadoop fs -getfattr -n security.mapr.policy | -d
/mapr/lab/foo.txt
hadoop mfs -getsecuritypolicytag [-R] <path>
To retrieve security policy attributes, use the following Java APIs:
public byte[] getXAttr(Path path, String name) throws IOException
Gets an extended attribute name and value for a file or directory. The name must be prefixed with the namespace, followed by.
(period). For security policy tags, the extended attribute name issecurity.mapr.policy
.public Map<String,byte[]> getXAttrs(Path path) throws IOException
Gets all the extended attribute name/value pairs for a file or directory. Only those extended attributes that the logged-in user has permissions to view are returned.public Map<String,byte[]> getXAttrs(Path path, List<String> names) throws IOException
Gets the extended attributes specified by the given list of names. Only those extended attributes that the logged-in user has permissions to view are returned.public List<String> listXAttrs(Path path) throws IOException
Gets all the extended attribute names for a file or directory. Only those extended attribute names that the logged-in user has permissions to view are returned.
Security policies use a special format for the extended attribute
name and is always set to the keyword
security.mapr.policy
.
Retrieve extended attribute values
The getxattr
, lgetxattr
, and
fgetxattr
system calls are used to retrieve an
extended attribute value associated with a file system object, which
may be either a file or directory. The synopsis of these commands
are shown below. For additional details, refer to the
getxattr(2)
Linux manual page.
NAME
getxattr, lgetxattr, fgetxattr - retrieve an extended
attribute value
SYNOPSIS
#include <sys/types.h>
#include <attr/xattr.h>
ssize_t getxattr (const char *path, const char *name, void *value,
size_t size);
ssize_t lgetxattr (const char *path, const char *name, void *value,
size_t size);
ssize_t fgetxattr (int filedes, const char *name, void *value,
size_t size);
List extended attribute values
Use the listxattr
, llistxattr
, and
flistxattr
to list extended attribute names.
For more details, refer to the listxattr
(2) Linux
manual page.
NAME
listxattr, llistxattr, flistxattr - list extended attribute
names
#include <sys/types.h>
#include <attr/xattr.h>
ssize_t listxattr (const char *path, char *list, size_t size);
ssize_t llistxattr (const char *path, char *list, size_t size);
ssize_t flistxattr (int filedes, char *list, size_t size);