If a JSON document field is in the HPE Ezmeral Data Fabric Database JSON default column family, you must have
readperm and writeperm permissions to perform read and write
operations on the field. You either receive the permissions from the default column family,
inherit them from the field's parent field, or have the permissions from an explicit grant on
the field.
The following diagram shows a JSON document where all fields are in the default column family.
Granting Read and Write Permissions on Field c
To perform both read and write operations on field c, when it is in the
default column family, you must have both readperm and
writeperm access on field c:
- If you have
readpermandwritepermpermissions on the default column family, then you have access to fieldc. - If you have
readpermandwritepermpermissions on fieldb, then you have access to fieldc. You do not need any further permissions. Fieldcinherits yourreadpermandwritepermpermissions from fieldb. - If you have
readpermandwritepermpermissions on the default column family but either fieldaorbdenied you permissions:- You must have
traversepermpermission granted to you on the field that denied you access (fieldaorb). - You must have
readpermandwritepermpermissions explicitly granted to you on fieldc.
- You must have
- If you do not have
readpermandwritepermpermissions on the default column family:- You must have
traversepermpermission granted to you on either the default column family or fieldb. - You must have
readpermandwritepermpermissions explicitly granted to you on fieldc.
- You must have
The following are examples of commands that grant these permissions:
/opt/mapr/bin/maprcli table cf colperm set
-path <path to JSON table >
-cfname default
-name a.b
-traverseperm u:<user ID> | <existing ACE for this field> /opt/mapr/bin/maprcli table cf colperm set
-path <path to JSON table >
-cfname default
-name a.b.c
-readperm u:<user ID> | <existing ACE for this field>
-writeperm u:<user ID> | <existing ACE for this field>/opt/mapr/bin/maprcli table cf edit
-path <path to JSON table >
-cfname default
-traverseperm u:<user ID> | <existing ACE for this field> /opt/mapr/bin/maprcli table cf colperm set
-path <path to JSON table >
-cfname default
-name a.b.c
-readperm u:<user ID> | <existing ACE for this field>
-writeperm u:<user ID> | <existing ACE for this field> Granting
Read or Write Permission on Field c
To perform either read or write operations on field c, when it is in the
default column family, you must have either readperm or
writeperm access on field c:
- If you have the same permission (
readpermorwriteperm) on the default column family, then you have access to fieldc. - If you have the same permission (
readpermorwriteperm) on fieldb, then you have access to fieldc. You do not need any further permissions. Fieldcinherits yourreadpermorwritepermpermission from fieldb. - If you have the same permission (
readpermorwriteperm) on the default column family but either fieldaorbdenied you permission:- You must have
traversepermpermission granted to you on the field that denied you access (fieldaorb). - You must have
readpermorwritepermpermission explicitly granted to you on fieldc.
- You must have
- If you do not have the same permission (
readpermorwriteperm) on the default column family:- You must have the
traversepermpermission granted to you on either the default column family or fieldb. - You must have
readpermorwritepermpermission explicitly granted to you on fieldc.
- You must have the
The following example grants traverseperm permission:
/opt/mapr/bin/maprcli table cf colperm set
-path <path to JSON table>
-cfname default
-name a.b
-traverseperm u:<user ID> | <existing ACE for this field> The following example grants readperm permission:
/opt/mapr/bin/maprcli table cf colperm set
-path <path to JSON table>
-cfname default
-name a.b.c
-readperm u:<user ID> | <existing ACE for this field>