Describes how to set enforcement modes for security policies at the volume-level.
The system enforces data access controls during data operations. Data access controls are the ACEs defined in security policies and ACEs and POSIX mode bits directly defined on data objects. The enforcement mode tells the system which of these data access controls to evaluate and enforce during data operations.
| Enforcement Mode | Enforce Security Policies | Enforce Data ACEs and POSIX Mode Bits |
|---|---|---|
| PolicyAceAndDataAce (Default) | Yes | Yes |
| PolicyAceOnly | Yes | No |
| DataAceOnly | No | Yes |
| PolicyAceAuditAndDataAce (Permissive mode) | Performs checks, but does not fail; audits instead | Yes |
For detailed information about the enforcement mode options, see Volume-Level Security Policy Enforcement Mode.
associated with Enforcement Mode to display the Change
Enforcement Mode window.
/opt/mapr/bin/maprcli volume create -name <volName> -path <mountPath> -securitypolicy <policyName> -enforcementmode PolicyAceAndDataAce|PolicyAceOnly|DataAceOnly /opt/mapr/bin/maprcli volume modify -name <volName> -enforcementmode PolicyAceAndDataAce|PolicyAceOnly|DataAceOnly curl -k -X POST 'https://<hostname>:8443/rest/volume/create?name=<volName>&path=<mountPath>&securitypolicy=<policyName>&enforcementmode=PolicyAceAndDataAce|PolicyAceOnly|DataAceOnly' --user <username>:<pwd>curl -k -X POST 'https://<hostname>:8443/rest/volume/modify?name=<volName>&enforcementmode=PolicyAceAndDataAce|PolicyAceOnly|DataAceOnly' --user <username>:<pwd>volume create and
volume modify.