Enabling and Restricting Access to Tenant Volume and Data
About this task
In a multi-tenant environment, the tenant volume (share) can be accessed by all users on the tenant instance by default. To restrict access to specific users and/or groups:
Procedure
-
Log in to the cluster as the cluster administrator and set ACEs on the volume using
the volume commands.
For example:
Here, value for <user> must be the UID of the user and value of <group> must be GID of the group on the tenant host.maprcli volume modify -name <volumename> -readAce "u:<user>|g:<group>" -writeAce "u:<user>|g:<group>"
TIP: For more information, seemaprcli volume modify
command. -
Log in as the tenant admin and set permissions for data access.
You can set permissions using:
- Linux commands such as
chmod
,chown
, and so on. - Access control expressions, which can be set on files and directories in the volume. For more information, see Using ACEs for MapR-FS.
- Linux commands such as