Get Started
This section describes how you can get started learning about, installing, and using the HPE Ezmeral Data Fabric.
Platform
This section contains conceptual information that can help you to understand and use the HPE Ezmeral Data Fabric.
Administration
This section describes how to administer fabric resources in the global namespace of your HPE Ezmeral Data Fabric as-a-service platform.
- IPv6 Support in Data Fabric
  Describes the IPv6 support feature for Data Fabric.
- Administering Fabrics
  This section describes fabric operations that you can perform using the Data Fabric UI.
- Administering Identities
  This section describes the operations you can perform as an SSO user on identities, that is, IAM policies, SSO users, SSO groups, and roles for the HPE Ezmeral Data Fabric.
  - About Roles
    Describes roles in Data Fabric
  - Pre-defined Roles and Associated Permissions
    This page describes the roles supported by the HPE Ezmeral Data Fabric as-a-service platform.
  - Creating a Role
    Describes how to create a user-defined role.
  - Viewing Roles
    Describes how to view all roles in Data Fabric.
  - Editing a Role
    Describes how to edit a user-defined role.
  - Deleting a Role
    Describes how to delete a role.
  - Assigning a Role to a User
    Describes how to assign a role to a Data Fabric SSO user.
  - Assigning a Role to a Group
    Describes how to assign a role to a SSO group via the Data Fabric UI.
  - Viewing a List of Users
    Describes how to display a searchable list of SSO users that includes the names of the users and their roles.
  - Viewing a List of Groups
    Describes how to display a searchable list of all SSO groups that includes the names of the groups and their roles.
  - Administering IAM Policies
    Provides an overview of IAM policies in Data Fabric.
    - About IAM Policy
      Introduction to identity access management (IAM) policy.
    - Identity Access Management Policy Life Cycle
      Describes the life cycle of identity management policy.
    - Resource-level Permissions in an IAM Policy
      Describes various resource-level permissions that can be allowed or denied in an IAM policy.
    - Creating an IAM Policy
      Describes the procedure to create an IAM policy.
    - Editing an IAM Policy
      Describes the procedure to edit an identity access management policy
    - Deleting an IAM Policy
      Describes how to delete an IAM policy.
    - Viewing All IAM Policies
      Describes how to view a list of the existing IAM policies.
    - Assigning an IAM Policy
      Describes how to assign an IAM policy to an identity by using the Data Fabric UI.
  - Configuring Email Notifications
    Describes how to configure the Simple Mail Transfer Protocol (SMTP) to send email notifications from the Data Fabric UI to specified email accounts.
  - Viewing and Editing Access Control Information
    Describes how to find and use the Access Control card that shows the access privileges for users and groups.
  - Access Control Expression Syntax
    This topic explains access control expression.
- Administering Buckets
  Describes the operations you can perform related to buckets for the HPE Ezmeral Data Fabric.
- Administering Tables
  Describes the operations you can perform related to tables for HPE Ezmeral Data Fabric.
- Administering Topics
  Administer topics for Apache Kafka Wire Protocol with HPE Ezmeral Data Fabric.
- Administering Volumes
  Administer volumes on HPE Ezmeral Data Fabric.
- Administering Nodes
  This section describes node-administration and maintenance operations that you can perform using the Data Fabric UI.
- Auditing Fabric and Fabric Data
  Auditing in Data Fabric
- Administering Security Policies
  Add, edit, delete, and manage state of security policies.
- Administering Bucket Policies
  Describes how to manage the bucket policy associated with a bucket.
- Working with an External NFS Server
  Associate an external NFS server with Data Fabric to share data across clusters in the global namespace.
- Working with an External S3 Object Store
- Integrating the AWS Security Token Service (STS) with Data Fabric
  Describes how the HPE Ezmeral Data Fabric can access AWS services by using the Security Token Service (STS) rather than a secret key and access key.
- Administering Alarms
  Manage alarms via the HPE Ezmeral Data Fabric UI.
- Monitoring
  Describes monitoring with OpenTelemetry for HPE Ezmeral Data Fabric.
- Getting Started with Iceberg
  Summarizes what you need to know to begin using Iceberg with HPE Ezmeral Data Fabric release 7.6.x.
- Configuring Data Fabric to Track User Behavior
  Describes how to configure Data Fabric to be able to track user behavior.
Reference
Provides reference information for the HPE Ezmeral Data Fabric.
Glossary
Definitions for commonly used terms in MapR Converged Data Platform environments.

Administering IAM Policies

Provides an overview of IAM policies in Data Fabric.

Identity Access Management Policy

IMPORTANT

An IAM policy can be assigned to a user-defined role only. It is mandatory to have single sign-on enabled on the Data Fabric to be able to use the IAM policy feature.

An identity access management (IAM) policy is a security mechanism that states actions that can or cannot be performed by identities such as SSO users or groups on one or more resources that belong to one or more fabrics in a global namespace. An IAM policy defines allowable and disallowable actions on volumes, objects, and tables on more than one fabrics in a global namespace.

A fabric manager can create, modify, view, and delete IAM policies. A fabric manager can assign IAM policies to roles and vice-versa. A fabric manager can manage IAM policies from the Data Fabric UI, regardless of whether the fabric manager is logged on to the Data Fabric UI from the primary fabric or a non-primary fabric.

Use of IAM policies is recommended if you wish to associate a common set of allowable/disallowable actions on multiple disparate fabric resources at one go, that is, volumes, objects, tables in a global namespace for one or more SSO users and/or SSO groups.

TIP

Security policy can be configured exclusively for volumes belonging to a single fabric.
Bucket policies can be applied exclusively to buckets on an object store from a fabric.
A security policy or a bucket policy is associated with resources, while identity access management policy is associated with identities such as SSO users/groups and roles. As they apply to separate entities, security policies, bucket policies, and IAM policies can co-exist simultaneously.

Partners Support Dev-Hub Community Training ALA Privacy Policy Glossary

HPE Ezmeral Data Fabric 7.9 Documentation
Abstract	This site or PDF file contains documentation for the as-a-service platform, HPE Ezmeral Data Fabric version 7.9, including installation, configuration, administration, and reference content.
Published	October 2024
Edition	7.9.0