Authorization with Volumes: Intelligent Policy Management

Describes methods to manage volume permissions.

The data-fabric filesystem uses volumes as a unique management entity. A volume is a logical unit that you create to apply policies to a set of files, directories, tables, and sub-volumes. You can create volumes for each user, department, or project. Mirror volumes and volume snapshots provide data recovery and data protection functionality.

Volumes can enforce disk usage limits, set replication levels, establish ownership and control permissible actions, and measure the cost generated by different projects or departments. When you set policies on a volume, all files contained within the volume inherit the same policies set on the volume. Other Hadoop distributions require administrators to manage policies at the file level.

You can manage volume permissions through one of the following:

  • Access Control Lists (ACLs) in the Control System or from the command line. ACLs can be used to control administrative access to volumes.
  • Access Control Expressions (ACEs) in the Control System or from the command line. ACEs can be used to control data access using boolean expressions.

You can also set read, write, and execute permissions on a file or directory for users and groups with ACEs and standard UNIX commands, when that volume has been mounted through NFS, or using standard hadoop fs commands.