Enabling Table Authorizations with Access Control Expressions
Describes how to set permissions for tables.
Permissions for MapR tables, column families, and columns are defined by Access Control Expressions (ACEs). You can set permissions for tables when you create or edit tables. You can set default permissions for column families when you create or edit tables, and you can override these defaults when you create column families.
For the syntax to use when creating Access Control Expressions, see Syntax of Access Control Expressions.
However, suppose that a table contains columns
col1
and col2
in column family
cf1
, and these columns grant read and write permission only to the
table creator. A different user tries to write data to these columns. MapR-DB checks
whether this user has write permission on cf1
AND col1
AND col2
. If the user does not have all three permissions, MapR-DB
returns an error that says access for the write is denied.
If this user were to
try to read from the same two columns, MapR-DB would simply not return the data. If the
user tried to read from those two columns and additional columns on which he had read
permissions, the results would contain the data for those additional columns but exclude
the data for col1
and col2
.