Home
6.0 Administration
This section describes how to manage the nodes and services that make up a cluster.
Configuring Security
Describes how to configure MapR security and manage secure clusters.
Configuring Mapr Security
Provides usage information for frequently used security functionality, including Access Control Lists (ACLs), Access Control Expressions (ACEs), file permissions, and subnet whitelisting.
Managing Access Controls
Describes how to create, enable, and use ACLs and ACEs.
Managing Access Control Expressions
Defines and describes how to create, enable, and use ACEs.
Using ACEs for MapR-FS
Managing Whole Volume ACEs

MapR 6.0 Documentation

6.0 Administration
This section describes how to manage the nodes and services that make up a cluster.
- Administering Users and Clusters
- Administering Nodes
- Administering Volumes
  This section provide information about how to organize and manage data using volumes, a unique feature of MapR clusters.
- Administering Files and Directories
- Administering Tables
  Administration of the MapR-DB is done primarily via the command line (maprcli) or with the MapR Control System (MCS). Regardless of whether the MapR-DB table is used for binary files or JSON documents, the same types of commands are used with slightly different parameter options. MapR-DB administration is associated with tables, columns and column families, and table regions.
- Administering Streams
- Administering MapR Gateways
  A MapR gateway mediates one-way communication between a source MapR cluster and a destination cluster. You can replicate MapR-DB tables (binary and JSON) and MapR-ES streams. MapR gateways also apply updates from JSON tables to their secondary indexes and propagate Change Data Capture (CDC) logs.
- Administering Services
- Monitoring the Cluster
  This section describes how to monitor the health and performance of a MapR cluster.
- Configuring Security
  Describes how to configure MapR security and manage secure clusters.
  - Configuring Mapr Security
    Provides usage information for frequently used security functionality, including Access Control Lists (ACLs), Access Control Expressions (ACEs), file permissions, and subnet whitelisting.
    - Getting Started with MapR Security
      Describes two core scenarios that allow quick implementation of security features.
    - Managing Encryption for MapR Core
      Provides information that allows you to use encryption across the MapR platform.
    - Configuring Authentication
      Provides information about MapR ticket, Kerberos, Pluggable Authentication Module (PAM) authentication.
    - Managing Access Controls
      Describes how to create, enable, and use ACLs and ACEs.
      - Managing Access Control Lists
        Defines and describes how to create ACLs.
      - Managing Access Control Expressions
        Defines and describes how to create, enable, and use ACEs.
        ACE Syntax
        Creating User Roles for ACEs
        Defining ACEs
        Using ACEs for MapR-FS
        Managing File and Directory ACEs
        Describes the implications of setting access control expressions on files and directories.
        Managing Whole Volume ACEs
        Setting Whole Volume ACEs
        Deleting Whole Volume ACEs
        Enabling Table and Stream Authorizations with ACEs
      - Creating Subnet Whitelists
        Provides the procedure necessary to restrict access to cluster data.
  - Managing Impersonation
    Provides instructions for enabling and using MapR impersonation features.
- Managing Secure Clusters
  Provides procedures that will enable you to use MapR clusters securely.
- Administering the MapR Data Access Gateway
  The MapR Data Access Gateway is a service that acts as a proxy and gateway for translating requests between lightweight client applications and the MapR cluster. This section describes considerations when upgrading the service, how to modify configuration settings, and how to administer and manage the service.
- Planning for High Availability
- Administrator's Reference
  This section contains in-depth reference information for the administrator.
- Troubleshooting Cluster Administration
- Best Practices for Backing Up MapR Information

Managing Whole Volume ACEs

You can grant permissions (using ACEs) to users, groups, and roles for the volume data using whole volume ACEs. Whole volume ACEs allow you to define whitelists, to grant access, and blacklists, to deny access, for files and tables within a volume.

Volume administrators and mapr user can set and modify whole volume ACEs. By default, ACEs grant everyone access to read and write to files and tables in the volume at the volume-level; however, inside the volume, to determine access for:

Files, the file ACEs or POSIX mode bits are used.
Tables, the table ACEs are used.

Supported Access Types

At the volume level, the following access types are supported:

Access Type	Description
-readAce	Read files, MapR-DB binary tables, MapR-DB JSON tables, and MapR streams in the volume. By default, this is set to `p` to grant all users this permission.
-writeAce	Write to files, MapR-DB binary tables, MapR-DB JSON tables, and MapR streams in the volume. By default, this is set to `p` to grant all users this permission.

ACE Behavior on Snapshots and Mirrors

Volume Snapshots

Volume snapshots reflect the ACEs of the volume at that point in time. Changes in volume ACEs:

Are carried over to a new snapshot of the volume.
Do not propagate to older snapshots of the volume.

Volume Mirrors

ACEs of a volume are propagated to mirror volumes. After each mirroring operation, mirror volumes reflect the current ACE setting of their source volume. After a mirror volume is promoted to a read-write volume, you can modify the ACEs on the mirror volume from the command line. ACEs on the promoted mirror volume can be different from the source volume.