Enabling and Restricting Access to Tenant Volume and Data

Describes how to restrict access to tenant volumes in a multi-tenant environment.

In a multi-tenant environment, the tenant volume (share) can be accessed by all users on the tenant instance by default. To restrict access to specific users and/or groups:

  1. Log in to the cluster as the cluster administrator and set Access Control Expression (ACE)s on the volume using the volume commands.
    For example:
    /opt/mapr/bin/maprcli volume modify -name <volumename> -readAce "u:<user>|g:<group>" -writeAce "u:<user>|g:<group>"
    Here, value for <user> must be the UID of the user and value of <group> must be GID of the group on the tenant host.
    Tip: For more information, see maprcli volume modify command.
  2. Log in as the tenant admin and set permissions for data access.
    You can set permissions using: