Modifying a Security Policy
Describes how to modify a security policy.
About this task
You can modify a security policy using the Control System, the CLI, and REST API. You
can change the following settings if you edit a security policy:
- Security policy state
- Wire-level encryption and auditing
- Data access control
- Security policy administration control
Modifying a Security Policy Using the Control System
Prerequisites
Procedure
- Log in to the Control System and go to the Security Policies tag in the page to view the list of security policies that you are allowed to see.
- Click the name of the security policy to display the Edit Security Policy page.
-
Make changes to the security policy status by selecting the state to
transition to from the drop-down list of statuses next to the
Edit Security Policy label.
See Changing the State of a Security Policy for more information on the various states and the valid state to which you need to transition a security policy.
-
Modify any of the following properties:
Description The description of the policy. The maximum length of the description is 128 characters. Enable Wire-level Encryption The wire-level encryption setting. Enable (Yes) or disable (No) wire-level encryption by moving the slider. Enable Audit Operations The audit setting for files, directories, tables, and streams. Enable (Yes) or disable (No) auditing of operations on files, directories, tables, and streams by moving the slider. Audit Operations (Visible only if auditing is enabled) The list of file, directory, table, and stream operations to audit. Select the default list of operations to audit by choosing the Default radio button. Select specific file, directory, table, and streams operations to audit by choosing the Custom radio button. Enabling setattr
automatically enables the following operations:chown
chgrp
chperm
setattr
, these operations are automatically disabled. If you do nothing withsetattr
(neither enable nor disable), you can enable or disablechown, chgrp,
andchperm
in any combination and they will not affectsetattr
.Allow Tagging (For JSON Tables)
The setting to enable (Yes) or disable (No) tagging of JSON tables for this security policy. If Yes, users can tag data objects of JSON tables with this policy. If No, users cannot tag data objects of JSON tables with this security policy. See Changing the State of a Security Policy for more information. -
Make changes to data access control as needed in the Data Access
Control section.
-
Make changes as needed to perform administrative operations on the policy
in the Policy Administration Control section.
You can:
- Create a copy of an existing policy administration control setting for an entity by clicking , which you can then modify.
- Remove a policy administration control setting for an entity by clicking .
- Add a policy administration control setting for another user or group by clicking Add Another.
- Modify an existing policy administration control setting for an entity.
- Click Save for the changes to take effect.
Modifying a Security Policy Using the CLI and REST API
About this task
The basic command to modify an existing security policy is:
/opt/mapr/bin/maprcli security policy modify -name <policyName> -json
Send a request of type POST. For example:
curl -X POST 'https://<host>:port/rest/security/policy/modify?name=<policyName>' --user <username>:<password>