Managing IAM Policies

Identity Access Management (IAM) policy can be managed by using the CLI or the Data Fabric UI.

IAM policy implementation is crucial for Data Fabric resources to prevent unauthorized access to the data that resides on the fabrics that comprise your global namespace.

An IAM policy could apply to:

one or more resources from multiple clusters that contain your data
multi-modal resources (volumes/objects/tables) that contain your data

An IAM policy is a JSON file with a set of statements that specify permissions on Data Fabric resources such as volumes, buckets, and database tables.

While creating an IAM policy, the fabric resources must be represented with consistent naming scheme that is known as Unique Resource Name (URN) . The URN identifies a specific fabric resource. See Fabric Resource URN Format to understand how a URN is constructed. For fabric resource URN generation and other fabric resource operations by using the command line, see security iam resource.

See IAM Policy JSON Format for details on IAM policy format, and to understand how to write an IAM policy.

An IAM policy can be tagged to identities (users, groups, and/or roles) to enforce the set of permissions configured in the IAM policy on the respective identities. For example, if you wish to grant access to certain operations related to a few volumes in your global namespace to user A, you must generate the URN for the volumes, create an IAM policy specifying the permissions for the volumes and then tag the IAM policy to user A.

Use command line to manage IAM policies

To configure and manage an IAM policy by using the command line interface (CLI), see security iam policy.

Monitor IAM policy enforcement

IAM policy enforcement is broken down into a series of tasks. The number of tasks correspond to the number of resources that are stated in one or more IAM policies that are to be enforced.

The IAM policies take a while to be enforced. The time taken to enforce an IAM policy depends on the following factors:

The number of statements in the policy and the number of actions and resources specified in the IAM policy
The number of policies are being enforced at a given point in time

You can check what policies have been enforced and on what resources based on the task ID. See security iam task for information on how to list tasks to check the policy enforcement status, filter out tasks, abort unsuccessful tasks.

For information about IAM policy states, see Identity Access Management Policy Life Cycle.

Use Data Fabric UI to manage IAM policies

To configure and manage an IAM policy by using the Data Fabric UI, see Administering IAM Policies.

HPE Data Fabric 8.0.0 Software Documentation
Abstract	This site contains documentation for HPE Data Fabric Software version 8.0.0 including installation, configuration, administration, and reference content, as well as content for the associated bundled ecosystem components and drivers.
Published	February 2026
Edition	8.0.0