Authorization in MapR

Describes how flexible authorization systems restrict a user's scope.

Authorization restricts an authenticated user's capabilities on the system. Flexible authorization systems enable a system to grant a user a set of capabilities that enable the user to perform desired tasks, but prevents the use of any capabilities outside of that scope.

MapR supports Access Control Lists (ACLs) in a number of areas, including for regulating user privileges to the job queue and cluster. MapR also uses ACLs to control administrative access to volumes (administrative access is distinct from data access).

MapR also provides a more powerful authorization model known as Access Control Expressions. ACEs allow you to control access using powerful boolean logic expressions. ACEs can be used to control data access to MapR tables, files, directories, and volumes. The MapR file system also supports standard POSIX filesystem permission levels.

The Configuring MapR Security section contains procedures for setting up and modifying ACLs and ACEs for the cluster, the volumes on the cluster, the job queue, the MapR file system, and the natively stored MapR tables.