Managing Whole Volume ACEs
Describes how to grant permissions to users, groups, and roles for the volume data using whole volume ACEs.
Whole volume Access Control Expression (ACE)s allow you to define allowlists to grant access and denylists to deny access for files and tables within a volume.
Volume administrators and mapr user can set and modify whole volume ACEs. By default, ACEs grant everyone access to read and write to files and tables in the volume at the volume-level. Inside the volume, to determine access for:
Supported Access Types
At the volume level, the following access types are supported:
Access Type | Description |
---|---|
-readAce | Read files, HPE Ezmeral Data Fabric Database binary tables, HPE Ezmeral Data Fabric Database JSON tables, and HPE Ezmeral Data Fabric streams in the volume. By default, this is set
to p to grant all users this permission. |
-writeAce | Write to files, HPE Ezmeral Data Fabric Database binary tables, HPE Ezmeral Data Fabric Database JSON tables, and HPE Ezmeral Data Fabric streams in the volume. By default, this is set
to p to grant all users this permission. |
ACE Behavior on Snapshots and Mirrors
Volume Snapshots
Volume snapshots reflect the ACEs of the volume at that point in time. Changes in volume ACEs:
- Are carried over to a new snapshot of the volume.
- Do not propagate to older snapshots of the volume.
Volume Mirrors
ACEs of a volume are propagated to mirror volumes. After each mirroring operation, mirror volumes reflect the current ACE setting of their source volume. After a mirror volume is promoted to a read-write volume, you can modify the ACEs on the mirror volume from the command line. ACEs on the promoted mirror volume can be different from the source volume.