Permissions and OJAI Queries

You need to understand permission requirements because they affect filter conditions in your OJAI queries.

HPE Ezmeral Data Fabric Database enforces permissions when your application processes the query result. In the basic application flow shown in the previous section, this corresponds to step 5. In an application, if user1 performs the query while user2 processes the result, then the result corresponds to user2's permissions.

You should create a separate OJAI connection for each unique user. Sharing a connection across users can result in non-optimal queries or invalid permission errors.

The following permissions are required to query documents:

If the user does not have the readperm permission on a field, HPE Ezmeral Data Fabric Database treats the field as non-existent for that user. When a query selects a non-existent field, HPE Ezmeral Data Fabric Database ignores the field. If a query filters on a non-existent field, the query behaves as follows:
Filter Condition on Non-existent Field Behavior
Filter for specific values in the field No documents qualify the filter because a non-existent field does not match any value.
Filter for non-matches in the field All documents qualify the filter because a non-match on a non-existent field is a no-op.

The exception is the rowkey field. Access control on the rowkey is not available. Users can always select and filter on rowkey.

For information about setting permissions, see Permission Types for Fields and Column Families in JSON Tables.