Permissions on Non-default Column Families
If
a JSON document field is not in the MapR Database JSON default column
family, you must have readperm
and writeperm
permissions to
perform read and write operations on the field. You either receive the permissions from
the column family, inherit them from the field's parent field, or have the permissions from an
explicit grant on the field.
The following diagram shows a JSON document where fields b
and
c
are in a column family cf1
that is defined at field
b
with the path a.b
.
Granting Read and Write Permissions on Field c
To perform both read and write operations on field c
, when it is in column
family cf1
, you must have both readperm
and
writeperm
access on field c
:
- If you have
readperm
andwriteperm
permissions oncf1
, then you have access to fieldc
. - If you have
readperm
andwriteperm
permissions on fieldb
, then you have access to fieldc
. You do not need any further permissions. Fieldc
inherits yourreadperm
andwriteperm
permissions from fieldb
. - If you have
readperm
andwriteperm
permissions oncf1
but either fielda
orb
denied you permissions:- You must have
traverseperm
permission granted to you on the field that denied you access (fielda
orb
). - You must have
readperm
andwriteperm
permissions explicitly granted to you on fieldc
.
- You must have
- If you do not have
readperm
andwriteperm
permissions oncf1
:- You must have
traverseperm
permission granted to you on eithercf1
or field b. - You must have
readperm
andwriteperm
permissions explicitly granted to you on fieldc
.
- You must have
The following are examples of commands that grant these permissions:
/opt/mapr/bin/maprcli table cf colperm set
-path <path to JSON table >
-cfname cf1
-name a.b
-traverseperm u:<user ID> | <existing ACE for this field>
/opt/mapr/bin/maprcli table cf colperm set
-path <path to JSON table >
-cfname cf1
-name a.b.c
-readperm u:<user ID> | <existing ACE for this field>
-writeperm u:<user ID> | <existing ACE for this field>
/opt/mapr/bin/maprcli table cf edit
-path <path to JSON table >
-cfname cf1
-traverseperm u:<user ID> | <existing ACE for this field>
/opt/mapr/bin/maprcli table cf colperm set
-path <path to JSON table >
-cfname cf1
-name a.b.c
-readperm u:<user ID> | <existing ACE for this field>
-writeperm u:<user ID> | <existing ACE for this field>
Granting Read or Write Permission on Field c
To perform either read or write operations on field c
, when it is in
column family cf1
, you must have either readperm
or
writeperm
access on field c
:
- If you have the same permission (
readperm
orwriteperm
) oncf1
, then you have access to fieldc
. - If you have the same permission (
readperm
orwriteperm
) on fieldb
, then you have access to fieldc
. You do not need any further permissions. Fieldc
inherits yourreadperm
orwriteperm
permission from fieldb
. - If you have the same permission (
readperm
orwriteperm
) oncf1
but either fielda
orb
denied you permission:- You must have
traverseperm
permission granted to you on the field that denied you access (fielda
orb
). - You must have
readperm
orwriteperm
permission explicitly granted to you on fieldc
.
- You must have
- If you do not have the same permission (
readperm
orwriteperm
) oncf1
:- You must have the
traverseperm
permission granted to you on eithercf1
or fieldb
. - You must have
readperm
orwriteperm
permission explicitly granted to you on fieldc
.
- You must have the
The following example grants traverseperm
permission:
/opt/mapr/bin/maprcli table cf colperm set
-path <path to JSON table>
-cfname cf1
-name a.b
-traverseperm u:<user ID> | <existing ACE for this field>
The following example grants readperm
permission:
/opt/mapr/bin/maprcli table cf colperm set
-path <path to JSON table>
-cfname cf1
-name a.b.c
-readperm u:<user ID> | <existing ACE for this field>