MapR 5.0 Documentation : Creating Volume-Level ACLs

MapR provides volumes as a way to organize data and manage cluster performance. For example, you might want to create a volume for each user, department, or project. You can then create a volume-level ACL that controls which users and groups have access to that volume, and what actions they may perform.

There are two ways to do this: from the MapR Control System (MCS) or from the command line.

From the MCS

  • For a new volume, click on the New Volume tab, as shown.

In the dialog box that opens, add a user or group as the Accountable Entity under Volume Setup.

In the Permissions pane, select permission levels from the pull-down menu next to each entry.


  • For an existing volume, click on Volumes in the navigation pane and select the checkbox next to the volume.

Next, click on the Modify Volume tab.

Select Properties from the dropdown menu.

Open the Permissions pane and click on Add Permission +. Add users or groups, then select permission levels.

From the Command Line

To create an ACL at the command line, use the acl set command to specify a list of authorized users (or groups) and the actions they are allowed to perform.

The syntax is:

maprcli acl set -type volume -name <volume name> [-user <username>:<action> -group <groupname>:<action>]

Include spaces between multiple entries, such as a list of usernames and their associated permission levels (or actions).
Each allowed action has a permission code associated with it. The codes are explained below.

Permission Code

Allowed Action


Dump or back up the volume


Restore or mirror the volume


Modify the volume's properties


Delete the volume

aAdministrator (can edit and view ACLs, but cannot perform volume operations)


Full control over the volume (this enables all volume-related administrative options with the exception of changing the volume ACLs)

Example Volume-level ACL

This example shows how to create an ACL for a volume named test-volume that allows full control over volume ACLs for user rjones. In addition, all users in the developers group are given permission to dump, restore, and modify volume properties.

maprcli acl set -type volume -name test-volume -user rjones:fc -group developers:dump,restore,m