Editing Field Permissions for a JSON Table Column Family

Explains how to edit field permissions for an existing column family for a specified JSON table using the Control System.

About this task

Use the Control System to edit field permissions for fields that are part of a column family within an existing JSON table.

NOTE Field and field permissions can be used with and assigned to only JSON tables.

Procedure

  1. Log into the Control System using your login credentials. The Control System Overview page appears.
    NOTE This option is not available on the Kubernetes version of the Control System.
  2. Click Data > Tables from the top of the page. The Tables page appears.
  3. Select the JSON table needing field permissions edited by selecting it under the Recently Viewed Tables pane or entering the path to the needed table in the available field, and then clicking Go. The table information page of the selected table appears.
  4. Click the Column Families tab.
  5. Click the name of the column family (under the All pane) to which field permissions are to be edited, and then click Field Permission at the top of the Edit Column Family page.
  6. Opt to:
    • Add additional fields:
      1. Click Add Field to add one or more fields, and then select a field listed in the left-hand pane of the screen.
      2. Enter a name for the field in the Field Name field, as applicable.
    • Change the name of an existing field of the displayed column family by clicking on the name of the field (in the left panel) and then updating the name in the Field Name field.
    • Delete an existing field by clicking (delete) to the right of the field name shown in the left pane of the page. The field name is deleted immediately.
    • Change data masking options for a selected field:

      Select the field to have its masking options modified, and then click the Data Masking pull-down menu, and then select one of the following data masking options:

      • Replace all alpha characters with an X and numeric characters with 0,
      • Show only the last 4 characters. Replace all other characters with an 'x',
      • Show only the first 4 characters. Replaces all other characters with an 'x',
      • Show only the first 6 and last 4 characters. Replaces other characters with an 'x',
      • Show the first and last 2 chars of username and part of domain,
      • Show the hash of the data, or
      • Shows only the year portion of the date and default everything else to Jan 1 and 00:00:00
      • None
    • Change existing access permission selections for the currently displayed field or add a new set of access permissions for the selected field by clicking on the name of the field in the left panel and then selecting either of the following:
      • Basic. After selecting Basic, click Add Another and make selections and entries for a new set of permissions. Alternatively, for a listed user type, select a different user type from the Type pull-dow menu, , change the name for the user type in the Name field, and update access permissions, as needed. See the table below for permission option information.
        NOTE Alternatively, you can click (Duplicate) to duplicate the previously listed row and then select applicable permissions.
      • Advanced. After selecting Advanced, enter the permission details, and, if necessary, click (the pencil icon) to open the Edit Data Access Control Expression window to select additional permission definitions. See Defining ACEs Using the Access Control Expression Builder for more information on ACE functionality. See the table below for access permission option information.
      NOTE The AUTHORIZATION - ACCESS CONTROL EXPRESSION pane of the page displays default column family authorizations (just below the Data Masking pull-down menu) as a reference.
      Field Permissions (for JSON Tables)
      By default, a field inherits permissions from the column in which the field is located. Permissions set at this level override permissions inherited from the column. You can set the following permissions by selecting the associated checkbox, as described in the table below.
      Read Data Can read from the field. This permission extends to fields that are nested below as well, unless explicitly denied on any of the nested fields.
      Write Data Can delete the field, insert a value into the field, or overwrite the field's value.
      NOTE Deleting a field also deletes all fields that are nested within that field, even those fields on which the write permission is explicitly denied.
      JSON Traverse Can descend a hierarchy of fields to access the fields to read or write.
      Unmasked Data Check Unmask Data to allow the specified user to see all field data for field specified of the selected column family. Leaving the Unmask Data field unchecked hides field data for the selected column family from the selected user.
      By default, all permissions are given to the user creating the table. See Permission Types for Fields and Column Families in JSON Tables for more information.
    • Delete an existing set of permissions for a created user type of a select field:
      1. Click on the name of the field associated with the permissions to be deleted.
      2. Click (Delete) to the far right of the permission options. The set of permissions is deleted immediately.
  7. Opt to:
    • Add another field by clicking Add Field. See the above step for more details.
    • Update data masking options for another field. See the above step for more details.
    • Add a different set of permissions to a selected field for another public user or another user, group, or role. See the above step for more details.
    • Delete another set of permissions for a listed user type. See the above step for more details.
  8. Click Save Changes to save your current additions and changes.