Adding Field Permissions to a JSON Table Column Family

Explains how to add fields and field permissions to a column family for a specified JSON table using the Control System.

About this task

Use the Control System to add field permissions to an existing table with a column family.
NOTE Field and field permissions can be used with and assigned to only JSON tables.

Procedure

  1. Log into the Control System using your login credentials. The Control System Overview page appears.
    NOTE This option is not available on the Kubernetes version of the Control System.
  2. Click Data > Tables from the top of the page. The Tables page appears.
  3. Select the JSON table needing field permissions added from the Recently Viewed Tables pane or enter the path to the needed table in the available field, and then click Go. The table information page of the selected table appears.
  4. Click the Column Families tab. A page showing column family information appears.
  5. Click the name of column family (under the All pane) to which field permissions are to be added, and then click Field Permission at the top of the Edit Column Family page. A new page appears showing existing fields, if any, in the left pane. If none, the FIELD AUTHORIZATION - ACCESS CONTROL EXPRESSION pane allows you to add a field to the column family.
  6. Click Add Field (if displayed) to add a field. The default Field description appears in the Field Name field.
  7. Replace the Field entry in the Field Name field by entering a new name for the new field, as applicable.
  8. Click the Data Masking pull-down menu (shown near to top of the page in the right pane), and then select one of the following data masking options, as needed:
    • Replace all alpha characters with an X and numeric characters with 0,
    • Show only the last 4 characters. Replace all other characters with an 'x',
    • Show only the first 4 characters. Replaces all other characters with an 'x',
    • Show only the first 6 and last 4 characters. Replaces other characters with an 'x',
    • Show the first and last 2 chars of username and part of domain,
    • Show the hash of the data, or
    • Shows only the year portion of the date and default everything else to Jan 1 and 00:00:00
    • None
  9. Set user access control permissions for the currently selected field by doing one of the following:
    • Select Basic, and then select a user type from the Type pull-dow menu, enter a name for the user type in the Name field, and check data access permissions, as needed.
    • Select Advanced, and then enter the permission details, and, if necessary, click (the pencil icon) to open the Edit Data Access Control Expression window to select additional permission definitions. See Defining ACEs Using the Access Control Expression Builder for more information.
      NOTE The AUTHORIZATION - ACCESS CONTROL EXPRESSION pane of the page displays default column family authorizations as a reference.
      Field Permission Descriptions (for JSON Tables)
      By default, a field inherits permissions from the column in which the field is located. Permissions set at this level override permissions inherited from the column. You can set the following permissions by selecting the associated checkbox, as described in the table below.
      Read Data Can read from the field. This permission extends to fields that are nested below as well unless explicitly denied on any of the nested fields.
      Write Data Can delete the field, insert a value into the field, or overwrite the field's value.
      NOTE Deleting a field also deletes all fields that are nested within that field, even those fields on which the write permission is explicitly denied.
      Traverse Data Can descend a hierarchy of fields to access the fields to read or write.
      Unmasked Data Check Unmask Data to allow the specified user to see all field data for field specified of the selected column family. Leaving the Unmask Data field unchecked hides field data for the selected column family from the selected user.
      By default, all permissions are given to the user creating the table.
  10. Opt to repeat the step above to:
    • Add another field by clicking Add Field.
    • Add a different set of permissions to a selected field for another public user or another user, group, or role.
  11. Click Save Changes to save your current additions and changes.