Tagging Data Objects with Security Policies
Once security policies are configured (with tagging enabled), permitted users can associate the security policies with data objects through the Control System, CLI, and REST API. A data object can be associated with one or multiple security policies.
ATTENTION
Verify that the security policy state is set to allow tagging. By
default, a security policy has allowtagging=false
and
accesscontrol=Disarmed
when created. See Changing the State of a Security Policy.Supported Data Objects
The following table lists the data objects in the data-fabric platform that users can tag
with security policies:
file system | HPE Ezmeral Data Fabric Database |
---|---|
|
NOTE If you upgrade your data-fabric cluster to version 6.2.x from a pre-6.2.0
version, you can apply security policies to existing tables if Policy-Based
Security is enabled. See Policy-Based Security Quick Reference. |
Permissions Required to Tag Data Objects
Users must have the required permissions to tag security policies to data objects. Permission requirements vary depending on the data-fabric platform core component.
The following table lists the users that can tag data objects in the data-fabric filesystem
and database:
file system | HPE Ezmeral Data Fabric Database |
---|---|
The superuser cannot tag filesystem objects when the
|
|
The following sections describe how to tag data objects in the file system and HPE Ezmeral Data Fabric Database with security policies