Get Started
This section describes how you can get started learning about, installing, and using the HPE Ezmeral Data Fabric.
Platform
This section contains conceptual information that can help you to understand and use the HPE Ezmeral Data Fabric.
Administration
This section describes how to administer fabric resources in the global namespace of your HPE Ezmeral Data Fabric as-a-service platform.
- IPv6 Support in Data Fabric
  Describes the IPv6 support feature for Data Fabric.
- Administering Fabrics
  This section describes fabric operations that you can perform using the Data Fabric UI.
- Administering Users and Roles
  This section describes the operations you can perform related to users, groups, and roles for the HPE Ezmeral Data Fabric.
- Administering Buckets
  Describes the operations you can perform related to buckets for the HPE Ezmeral Data Fabric.
- Administering Tables
  Describes the operations you can perform related to tables for HPE Ezmeral Data Fabric.
- Administering Topics
  Administer topics for Apache Kafka Wire Protocol with HPE Ezmeral Data Fabric.
- Administering Volumes
  Administer volumes on HPE Ezmeral Data Fabric.
- Administering Nodes
  This section describes node-administration and maintenance operations that you can perform using the Data Fabric UI.
- Auditing Fabric and Fabric Data
  Auditing in Data Fabric
- Administering Security Policies
  Add, edit, delete, and manage state of security policies.
  - About Security Policy Domain
    Describes a security policy domain.
  - Security Policy Implementation Workflow
    Describes the security policy workflow, in general, and the steps in implementing a security policy.
  - Security Policy Enforcement Process
    Describes the steps followed during security policy enforcement on volumes.
  - Understanding Access Control in a Security Policy
    The implications of permissions assigned to users and groups in a security policy.
  - Managing File and Directory ACEs
    Describes the implications of setting access control expressions on files and directories.
  - Security Policy Permissions
    Permissions define which administrative users can create, view, and modify security policies. Administrators set the permissions on security policies through cluster-level and security policy-level ACLs.
  - Designating a Fabric as Global Policy Master
    Designate a fabric in the global namespace as the global policy master.
  - Creating a Security Policy
    Add a security policy on the global policy master.
  - Viewing a Security Policy
    View security policy details.
  - Viewing All Security Policies
    View all security policies on the Data Fabric UI.
  - Editing a Security Policy
    Make changes to a security policy.
  - Assigning a Security Policy to One or More Volumes
  - Assigning Multiple Security Policies to One or More Volumes
    Describes how to assign multiple security policies to volumes.
  - Unassigning One or More Security Policies from a Volume
    Unassign a policy from a volume to which it has been previously assigned.
  - Disabling a Security Policy
    Describes how to disable a security policy.
  - Enabling a Security Policy
    Describes how to enable a security policy.
- Administering Bucket Policies
  Describes how to manage the bucket policy associated with a bucket.
- Working with an External NFS Server
  Associate an external NFS server with Data Fabric to share data across clusters in the global namespace.
- Working with External S3 Object Store
- Integrating the AWS Security Token Service (STS) with Data Fabric
  Describes how the HPE Ezmeral Data Fabric can access AWS services by using the Security Token Service (STS) rather than a secret key and access key.
- Administering Alarms
  Manage alarms via the HPE Ezmeral Data Fabric UI.
- Monitoring
  Describes monitoring with OpenTelemetry for HPE Ezmeral Data Fabric.
- Getting Started with Iceberg
  Summarizes what you need to know to begin using Iceberg with HPE Ezmeral Data Fabric release 7.6.x.
- Configuring Data Fabric to Track User Behavior
  Describes how to configure Data Fabric to be able to track user behavior.
Reference
Provides reference information for the HPE Ezmeral Data Fabric.
Glossary
Definitions for commonly used terms in MapR Converged Data Platform environments.

About Security Policy Domain

Describes a security policy domain.

A security policy domain is a group of fabrics that directly or indirectly share data and use the same security policies to control access to the data. A security policy domain consists of one master fabric and zero or more member security policy fabrics that create a global security policy namespace.

A global policy master is a prerequisite for the creation of security policies. A global policy master is a fabric on which security policies can be created.

You can create and modify security policies only on the fabric that is designated as the global policy master. When you create or update security policies, the policy server updates the mapr.pbs.base volume with the security policy metadata. Subsequently, the security policies are mirrored to other member fabrics in the global namespace.

By default, the first fabric or the primary fabric that you create on the global namespace is designated as the global policy master. Hence, it is not required to explicitly assign an alternate global policy master, unless the primary fabric goes down.

Each fabric, to which a security policy is applied, operates independently and, therefore, does not require network connectivity to the global policy master to enforce policies. A security policy server in each of the fabrics enforces the policies and manages the security policy metadata in an internal volume named mapr.pbs.base.

See Security Policy Implementation Workflow for details on how to apply security policies to fabric volumes on Data Fabric.