Tagging JSON Tables, Column Families, and Fields with Security Policies
Associate security policies with HPE Ezmeral Data Fabric Database JSON tables, column families, and fields.
About this task
You can apply security policies to HPE Ezmeral Data Fabric Database objects
from the Control System, CLI, and the REST API. Tagging through nfsv3/nfsv4 is not
supported since these protocols do not support extended attributes. No limit exists
on the number of policies tagged to a database object, but be cautious of issues
than can occur due to conflicting settings in the policies.
NOTE
You cannot tag
binary tables or stream topics. If you apply a policy to a volume, the rules set
in the policy apply to all the content in the volume.Tagging JSON Tables
About this task
- CLI
- To associate a comma-separated list of security policies with a table at
the time of table creation:
To associate a comma-separated list of security policies with a table without replacing existing security policies, run the following command:maprcli table create -path <tablePath> -securitypolicy <policyName,...>
To replace security policies on a table with a comma-separated list of new security policies, run the following command:maprcli table securitypolicy add -path <tablePath> -securitypolicy <policyName,...>
To remove one or more security policies from a table, run the following command:maprcli table securitypolicy set -path <tablePath> -securitypolicy <policyName,...>
maprcli table securitypolicy remove -path <tablePath> -securitypolicy <policyName,...>
- REST API
- Send a request of type POST. For example, to associate a comma-separated
list of security policies with a table at the time of table creation,
send a request similar to the following:
To associate a comma-separated list of security policies with a table without replacing existing security policies, send a request similar to the following:https://<hostname>:8443/rest/table/create?path=<tablePath>&securitypolicy=<policyName,...>
To replace security policies on a table with a comma-separated list of new security policies, send a request similar to the following:https://<hostname>:8443/rest/table/securitypolicy/add?path=<tablePath>&securitypolicy=<policyName,...>
To remove one or more security policies from a table, run the following command:https://<hostname>:8443/rest/table/securitypolicy/set?path=<tablePath>&securitypolicy=<policyName,...>
https://<hostname>:8443/rest/table/securitypolicy/remove?path=<tablePath>&securitypolicy=<policyName,...>
- Control System
-
- Log in to the Control System and go to the Create New Table page or the Edit Table page.
- Select the security policies to associate with the table in the Security section.
- Specify all other required settings and click Save Changes.
TIP
For more information, see:Tagging Column Families
About this task
- CLI
- To associate a comma-separated list of security policies with a column
family when the column family is
created:
To associate a comma-separated list of security policies with a column family without replacing existing security policies, run the following command:maprcli table cf create -path <tablePath> -cfname <column-family-name> -jsonpath <family path> -securitypolicy <policyName,...> -force true
To replace security policies on a column family with a comma-separated list of new security policies, run the following command:maprcli table cf securitypolicy add -path <tablePath> -cfname <column-family-name> -securitypolicy <policyName,...>
To remove one or more security policies from a column family, run the following command:maprcli table cf securitypolicy set -path <tablePath> -cfname <column-family-name> -securitypolicy <policyName,...>
maprcli table cf securitypolicy remove -path <tablePath> -cfname <column-family-name> -securitypolicy <policyName,...>
- REST API
- Send a request of type POST. For example, to associate a comma-separated
list of security policies with a column family at the time of table
creation, send a request similar to the following:
To associate a comma-separated list of security policies with a column family without replacing existing security policies, send a request similar to the following:https://<hostname>:8443/rest/table/cf/create?path=<tablePath>&cfname=<column-family-name>&securitypolicy=<policyName,...>
To replace security policies on a column family with a comma-separated list of new security policies, send a request similar to the following:https://<hostname>:8443/rest/table/cf/securitypolicy/add?path=<path>&cfname=<column-family-name>&securitypolicy=<policyName,...>
To remove one or more security policies from a column family, run the following command:https://<hostname>:8443/rest/table/cf/securitypolicy/set?path=<path>&cfname=<column-family-name>&securitypolicy=<policyName,...>
https://<hostname>:8443/rest/table/cf/securitypolicy/remove?path=<path>&cfname=<column-family-name>&column=<JSON-table-field>&securitypolicy=<policyName,...>
- Control System
-
- Log in to the Control System, and click .
- Locate and select the table that contains the column family you want to secure.
- On the Summary tab, locate the Security section.
- In the Security section, click on the table name to expand the list of column families associated with the table.
- Click the + icon in the Security Policy column next to the column family you want to secure with a security policy.
- In the Tag Security Policy to Column Family: window, select the security policy you want to apply to the column family.
- Click Add.
TIP
For more information, see:Tagging Fields
About this task
- CLI
- To associate a comma-separated list of security policies with a JSON
table field, without replacing existing security policies, run the
following command:
To replace security policies on a JSON table field with a comma-separated list of new security policies, run the following command:maprcli table cf column securitypolicy add -path <tablePath> -cfname <column-family-name> -column <column-name> -securitypolicy <policyName,...>
To remove one or more security policies from a JSON table field, run the following command:maprcli table cf column securitypolicy set -path <tablePath> -cfname <column-family-name> -column <column-name> -securitypolicy <policyName,...>
maprcli table cf column securitypolicy remove -path <tablePath> -cfname <column-family-name> -column <column-name> -securitypolicy <policyName,...>
- REST API
- Send a request of type POST. For example, to associate a comma-separated
list of security policies with a column family at the time of table
creation, send a request similar to the following:
To associate a comma-separated list of security policies with a JSON table field without replacing existing security policies, send a request similar to the following:https://<hostname>:8443/rest/table/create?path=<tablePath>&securitypolicy=<policyName,...>
To replace security policies on a JSON table field, with a comma-separated list of new security policies, send a request similar to the following:https://<hostname>:8443/rest/table/cf/column/securitypolicy/add?path=<path>&cfname=<col-family-name>&securitypolicy=<policyName,...>
To remove one or more security policies from a JSON table field, run the following command:https://<hostname>:8443/rest/table/cf/column/securitypolicy/set?path=<path>&cfname=<column-family-name>&securitypolicy=<policyName,...>
https://<hostname>:8443/rest/table/cf/column/securitypolicy/remove?path=<path>&cfname=<column-family-name>&column=<JSON-table-field>&securitypolicy=<policyName,...>
- Control System
-
- Log in to the Control System, and click .
- Locate and select the table that contains the field you want to secure.
- On the Summary tab, locate the Security section.
- In the Security section, click on the table name to expand the list of column families, and then click on the column family that contains the field you want to secure.
- Click the + icon in the Security Policy column next to the field you want to secure with a security policy.
- In the Tag Security Policy to Column Family: window, select the security policy you want to apply to the column family.
- Click Add.
TIP
For more information, see: