Get Started
This section describes how you can get started learning about, installing, and using the HPE Ezmeral Data Fabric.
Platform
This section contains conceptual information that can help you to understand and use the HPE Ezmeral Data Fabric.
Administration
This section describes how to administer fabric resources in the global namespace of your HPE Ezmeral Data Fabric as-a-service platform.
- IPv6 Support in Data Fabric
  Describes the IPv6 support feature for Data Fabric.
- Administering Fabrics
  This section describes fabric operations that you can perform using the Data Fabric UI.
- Administering Users and Roles
  This section describes the operations you can perform related to users, groups, and roles for the HPE Ezmeral Data Fabric.
- Administering Buckets
  Describes the operations you can perform related to buckets for the HPE Ezmeral Data Fabric.
- Administering Tables
  Describes the operations you can perform related to tables for HPE Ezmeral Data Fabric.
- Administering Topics
  Administer topics for Apache Kafka Wire Protocol with HPE Ezmeral Data Fabric.
- Administering Volumes
  Administer volumes on HPE Ezmeral Data Fabric.
- Administering Nodes
  This section describes node-administration and maintenance operations that you can perform using the Data Fabric UI.
- Auditing Fabric and Fabric Data
  Auditing in Data Fabric
- Administering Security Policies
  Add, edit, delete, and manage state of security policies.
  - About Security Policy Domain
    Describes a security policy domain.
  - Security Policy Implementation Workflow
    Describes the security policy workflow, in general, and the steps in implementing a security policy.
  - Security Policy Enforcement Process
    Describes the steps followed during security policy enforcement on volumes.
  - Understanding Access Control in a Security Policy
    The implications of permissions assigned to users and groups in a security policy.
  - Managing File and Directory ACEs
    Describes the implications of setting access control expressions on files and directories.
  - Security Policy Permissions
    Permissions define which administrative users can create, view, and modify security policies. Administrators set the permissions on security policies through cluster-level and security policy-level ACLs.
  - Designating a Fabric as Global Policy Master
    Designate a fabric in the global namespace as the global policy master.
  - Creating a Security Policy
    Add a security policy on the global policy master.
  - Viewing a Security Policy
    View security policy details.
  - Viewing All Security Policies
    View all security policies on the Data Fabric UI.
  - Editing a Security Policy
    Make changes to a security policy.
  - Assigning a Security Policy to One or More Volumes
  - Assigning Multiple Security Policies to One or More Volumes
    Describes how to assign multiple security policies to volumes.
  - Unassigning One or More Security Policies from a Volume
    Unassign a policy from a volume to which it has been previously assigned.
  - Disabling a Security Policy
    Describes how to disable a security policy.
  - Enabling a Security Policy
    Describes how to enable a security policy.
- Administering Bucket Policies
  Describes how to manage the bucket policy associated with a bucket.
- Working with an External NFS Server
  Associate an external NFS server with Data Fabric to share data across clusters in the global namespace.
- Working with External S3 Object Store
- Integrating the AWS Security Token Service (STS) with Data Fabric
  Describes how the HPE Ezmeral Data Fabric can access AWS services by using the Security Token Service (STS) rather than a secret key and access key.
- Administering Alarms
  Manage alarms via the HPE Ezmeral Data Fabric UI.
- Monitoring
  Describes monitoring with OpenTelemetry for HPE Ezmeral Data Fabric.
- Getting Started with Iceberg
  Summarizes what you need to know to begin using Iceberg with HPE Ezmeral Data Fabric release 7.6.x.
- Configuring Data Fabric to Track User Behavior
  Describes how to configure Data Fabric to be able to track user behavior.
Reference
Provides reference information for the HPE Ezmeral Data Fabric.
Glossary
Definitions for commonly used terms in MapR Converged Data Platform environments.

Creating a Security Policy

Add a security policy on the global policy master.

Prerequisites

You must have the permission to create a security policy.

About this task

Security policies can be created on a fabric that is designated as the global policy master.

See Designating a Fabric as Global Policy Master to designate a fabric as the global policy master.

A security policy is a common set of access permissions on the Data Fabric file system that can be assigned to users and/or groups, or to public (all users).

The following permissions can be assigned on files and directories on the Data Fabric file system.

Read, write, execute permissions on files
Read, lookup, add child directory, delete child directory on directories

A security policy can be assigned to volumes when tagging is allowed.

See Administering Security Policies for details on values for the allow tagging and access control fields for a security policy.

NOTE When you allow tagging, you can assign the security policy to a volume on the fabric.

Procedure

Log on to the Data Fabric UI.
Select Fabric manager from the dropdown on the Home page.
Click Security Administration seen on the Home page.
Click Create Policy on the Global policies card.
Enter the Name of the security policy.
Enter the Description.
Select the option for Access Control.
Toggle Allow Tagging to allow or disallow tagging.
Click Add access permissions to add access permissions to directories and files for selected users or groups.
To grant permission to all users and groups, turn on the Public toggle. To grant permissions to specific users or groups, turn off the Public toggle, and enter a comma-separated list of users or groups.
Select the permissions to be granted on directories and files to the specified users or groups.
Click Add.
Click Create.

Results

The security policy is created and is displayed on the Global Policies card for the fabric.

Related maprcli Commands

To implement the features described on this page, the Data Fabric UI relies on the following maprcli command. The command is provided for general reference. For more information, see maprcli Commands in This Guide.

policy create