Enabling and Restricting Access to Tenant Volume and Data

Describes how to restrict access to tenant volumes in a multi-tenant environment.

In a multi-tenant environment, the tenant volume (share) can be accessed by all users on the tenant instance by default. To restrict access to specific users and/or groups:

Log in to the cluster as the cluster administrator and set Access Control Expression (ACE)s on the volume using the volume commands.
For example:
```
/opt/mapr/bin/maprcli volume modify -name <volumename> -readAce "u:<user>|g:<group>" -writeAce "u:<user>|g:<group>"
```
Here, value for <user> must be the UID of the user and value of <group> must be GID of the group on the tenant host.
Tip: For more information, see maprcli volume modify command.
Log in as the tenant admin and set permissions for data access.
You can set permissions using:
- Linux commands such as chmod, chown, and so on.
- ACEs, which can be set on files and directories in the volume. For more information, see Enabling Volume, Directory, and File Authorizations with ACEs.