Enabling and Restricting Access to Tenant Volume and Data

In a multi-tenant environment, the tenant volume (share) can be accessed by all users on the tenant instance by default. To restrict access to specific users and/or groups:

  1. Log in to the cluster as the cluster administrator and set ACEs on the volume using the volume commands.
    For example:
    maprcli volume modify -name <volumename> -readAce "u:<user>|g:<group>" -writeAce "u:<user>|g:<group>"
    Here, value for <user> must be the UID of the user and value of <group> must be GID of the group on the tenant host.
    Tip: For more information, see maprcli volume modify command.
  2. Log in as the tenant admin and set permissions for data access.
    You can set permissions using:
    • Linux commands such as chmod, chown, and so on.
    • Access control expressions, which can be set on files and directories in the volume. For more information, see Using ACEs for MapR Filesystem.