MapR 5.1 is at End of Life (EOL) and no longer supported. Please see the latest documentation. This documentation is not being updated.

Home
5.1 Administration
This section contains administration information such as managing your cluster, data, users, jobs and security information such as configuring your security environment and auditing.
Security Guide
Security Architecture
Describes the default security architecture and additional authentication and encryption capabilities.
Authorization Architecture: ACLs and ACEs

MapR 5.1 Documentation

5.1 Administration
This section contains administration information such as managing your cluster, data, users, jobs and security information such as configuring your security environment and auditing.
- Administrator Guide
- Security Guide
  - Security Overview
    Describes the security features of the MapR Converged Data Platform.
  - Security Architecture
    Describes the default security architecture and additional authentication and encryption capabilities.
    - Authentication Architecture: the maprlogin Utility
    - Authorization Architecture: ACLs and ACEs
    - Encryption Architecture: Wire-Level Security
      Provides information that allows you to understand encryption across the MapR platform.
    - Security Protocols Used by MapR
  - Logging into a Secure Cluster
    Describes how to use tickets to access a secure MapR cluster.
  - Tickets and Certificates
    Describes how tickets and certificates authenticate users and servers to a cluster.
  - Getting Started with MapR Security
    Describes the two core scenarios that allow quick implementation of security features.
  - Configuring MapR Security
    Describes how to enable security features and configure the components on a secure cluster.
  - Auditing of Cluster Administration and Operations on Directories, Files, Tables, and Streams
    Describes how to process and use audit records to improve data analysis.

Authorization Architecture: ACLs and ACEs

An Access Control List (ACL) is a list of users or groups. Each user or group in the list is paired with a defined set of permissions that limit the actions that the user or group can perform on the object secured by the ACL. In MapR, the objects secured by ACLs are the job queue, volumes, and the cluster itself.

A job queue ACL controls who can submit jobs to a queue, kill jobs, or modify their priority. A volume-level ACL controls which users and groups have access to that volume, and what actions they may perform, such as mirroring the volume, altering the volume properties, dumping or backing up the volume, or deleting the volume.

An Access Control Expression (ACE) is a combination of user, group, and role definitions. A role is a property of a user or group that defines a set of behaviors that the user or group performs regularly. You can use roles to implement your own custom authorization rules. ACEs are used to secure MapR-FS (files, directories, and volumes) and MapR-DB tables that use native storage (see Enabling Table Authorizations with Access Control Expressions).