About Security Policy Domain
Describes a security policy domain.
A security policy domain is a group of fabrics that directly or indirectly share data and use the same security policies to control access to the data. A security policy domain consists of one master fabric and zero or more member security policy fabrics that create a global security policy namespace.
A global policy master is a prerequisite for the creation of security policies. A global policy master is a fabric on which security policies can be created.
You can create and modify security policies only on the fabric that is designated as the
global policy master. When you create or update security policies, the policy server
updates the mapr.pbs.base
volume with the security policy metadata.
Subsequently, the security policies are mirrored to other member fabrics in the global
namespace.
By default, the first fabric or the primary fabric that you create on the global namespace is designated as the global policy master. Hence, it is not required to explicitly assign an alternate global policy master, unless the primary fabric goes down.
Each fabric, to which a security policy is applied, operates independently and,
therefore, does not require network connectivity to the global policy master to enforce
policies. A security policy server in each of the fabrics enforces the policies and
manages the security policy metadata in an internal volume named
mapr.pbs.base
.
See Security Policy Implementation Workflow for details on how to apply security policies to fabric volumes on Data Fabric.