Tagging JSON Tables, Column Families, and Fields with Security Policies

Associate security policies with HPE Ezmeral Data Fabric Database JSON tables, column families, and fields.

You can apply security policies to HPE Ezmeral Data Fabric Database objects from the MapR Control System (MCS), maprcli, and REST API. Tagging via nfsv3/nfsv4 is not supported since these protocols do not support extended attributes. There is no limit on the number of policies you can tag to a database object, but be cautious of conflicts than can occur due to conflicting settings in the policies.
Note: You cannot tag binary tables or stream topics; however, if you apply a policy to a volume, the rules set in the policy apply to all the content in the volume.

Tagging JSON Tables

Associate security policies with JSON tables.
CLI
To associate a comma-separated list of security policies with a table at the time of table creation:
maprcli table create -path <tablePath> -securitypolicy <policyName,...>
To associate a comma-separated list of security policies with a table without replacing existing security policies, run the following command:
maprcli table securitypolicy add -path <tablePath> -securitypolicy <policyName,...>
To replace security policies on a table with a comma-separated list of new security policies, run the following command:
maprcli table securitypolicy set -path <tablePath> -securitypolicy <policyName,...>
To remove one or more security policies from a table, run the following command:
maprcli table securitypolicy remove -path <tablePath> -securitypolicy <policyName,...>
REST API
Send a request of type POST. For example, to associate a comma-separated list of security policies with a table at the time of table creation, send a request similar to the following:
https://<hostname>:8443/rest/table/create?path=<tablePath>&securitypolicy=<policyName,...>
To associate a comma-separated list of security policies with a table without replacing existing security policies, send a request similar to the following:
https://<hostname>:8443/rest/table/securitypolicy/add?path=<tablePath>&securitypolicy=<policyName,...>
To replace security policies on a table with a comma-separated list of new security policies, send a request similar to the following:
https://<hostname>:8443/rest/table/securitypolicy/set?path=<tablePath>&securitypolicy=<policyName,...>
To remove one or more security policies from a table, run the following command:
https://<hostname>:8443/rest/table/securitypolicy/remove?path=<tablePath>&securitypolicy=<policyName,...>
MCS
  1. Log in to MCS and go to the Create New Table page or the Edit Table page.
  2. Select the security policies to associate with the table in the Security section.
  3. Specify all other required settings and click Save Changes.

Tagging Column Families

Associate security policies with JSON table column families.
CLI
To associate a comma-separated list of security policies with a column family when the column family is created:
maprcli table cf create -path <tablePath> -cfname <column-family-name> -jsonpath <family path> -securitypolicy <policyName,...> -force true
To associate a comma-separated list of security policies with a column family without replacing existing security policies, run the following command:
maprcli table cf securitypolicy add -path <tablePath> -cfname <column-family-name> -securitypolicy <policyName,...>
To replace security policies on a column family with a comma-separated list of new security policies, run the following command:
maprcli table cf securitypolicy set -path <tablePath> -cfname <column-family-name> -securitypolicy <policyName,...>
To remove one or more security policies from a column family, run the following command:
maprcli table cf securitypolicy remove -path <tablePath> -cfname <column-family-name> -securitypolicy <policyName,...>
REST API
Send a request of type POST. For example, to associate a comma-separated list of security policies with a column family at the time of table creation, send a request similar to the following:
https://<hostname>:8443/rest/table/cf/create?path=<tablePath>&cfname=<column-family-name>&securitypolicy=<policyName,...>
To associate a comma-separated list of security policies with a column family without replacing existing security policies, send a request similar to the following:
https://<hostname>:8443/rest/table/cf/securitypolicy/add?path=<path>&cfname=<column-family-name>&securitypolicy=<policyName,...>
To replace security policies on a column family with a comma-separated list of new security policies, send a request similar to the following:
https://<hostname>:8443/rest/table/cf/securitypolicy/set?path=<path>&cfname=<column-family-name>&securitypolicy=<policyName,...>
To remove one or more security policies from a column family, run the following command:
https://<hostname>:8443/rest/table/cf/securitypolicy/remove?path=<path>&cfname=<column-family-name>&column=<JSON-table-field>&securitypolicy=<policyName,...>
MCS
  1. Log in to MCS, and select Data > Tables.
  2. Locate and select the table that contains the column family you want to secure.
  3. On the Summary tab, locate the Security section.
  4. In the Security section, click on the table name to expand the list of column families associated with the table.
  5. Click the + icon in the Security Policy column next to the column family you want to secure with a security policy.
  6. In the Tag Security Policy to Column Family: window, select the security policy you want to apply to the column family.
  7. Click Add.

Tagging Fields

Associate security policies with JSON fields.
CLI
To associate a comma-separated list of security policies with a JSON table field, without replacing existing security policies, run the following command:
maprcli table cf column securitypolicy add -path <tablePath> -cfname <column-family-name> -column <column-name> -securitypolicy <policyName,...>
To replace security policies on a JSON table field with a comma-separated list of new security policies, run the following command:
maprcli table cf column securitypolicy set -path <tablePath> -cfname <column-family-name> -column <column-name> -securitypolicy <policyName,...>
To remove one or more security policies from a JSON table field, run the following command:
maprcli table cf column securitypolicy remove -path <tablePath> -cfname <column-family-name> -column <column-name> -securitypolicy <policyName,...>
REST API
Send a request of type POST. For example, to associate a comma-separated list of security policies with a column family at the time of table creation, send a request similar to the following:
https://<hostname>:8443/rest/table/create?path=<tablePath>&securitypolicy=<policyName,...>
To associate a comma-separated list of security policies with a JSON table field without replacing existing security policies, send a request similar to the following:
https://<hostname>:8443/rest/table/cf/column/securitypolicy/add?path=<path>&cfname=<col-family-name>&securitypolicy=<policyName,...>
To replace security policies on a JSON table field, with a comma-separated list of new security policies, send a request similar to the following:
https://<hostname>:8443/rest/table/cf/column/securitypolicy/set?path=<path>&cfname=<column-family-name>&securitypolicy=<policyName,...>
To remove one or more security policies from a JSON table field, run the following command:
https://<hostname>:8443/rest/table/cf/column/securitypolicy/remove?path=<path>&cfname=<column-family-name>&column=<JSON-table-field>&securitypolicy=<policyName,...>
MCS
  1. Log in to MCS, and select Data > Tables.
  2. Locate and select the table that contains the field you want to secure.
  3. On the Summary tab, locate the Security section.
  4. In the Security section, click on the table name to expand the list of column families and then click on the column family that contains the field you want to secure.
  5. Click the + icon in the Security Policy column next to the field you want to secure with a security policy.
  6. In the Tag Security Policy to Column Family: window, select the security policy you want to apply to the column family.
  7. Click Add.