The Access Control List (ACL) manages user access to encrypted data. ACL Management feature defines which users can run decryption tasks.
*Note: Roles are created and managed under Access Control > Role Management screen.
Access the ACL Management screen from the Access Control > ACL Management menu. The screen is depicted below:
Select the required module from Select Module drop-down and required cluster from Select Cluster drop-down.
*Note: On selecting RDBMS/RDS/Azure from the Select Module drop-down, the Select Connection drop-down appears in which currently SQL Server, RedShift, and DB2 for I connections are supported.
The screen is divided into two panels as described below:
Manage Roles: The top panel displays the roles associated with the selected module and cluster. It consists of information such as, Role ID, Role Name, and Role Description. Select a role to view or edit users assigned to it in the bottom panel.
To copy the current ACL to another cluster, select the desired cluster from the drop-down on the right side of the screen. Once the cluster is selected, click the Copy ACL to Cluster button. This functionality copies all the changes made in the current ACL to the selected cluster. For the operation to be successful, the clusters must have the same Groups/Users List.
Groups/Users List: The bottom panel of the screen lists down the users to whom certain role(s) is assigned or going to be assigned, based on selection made in the Manage Roles panel.
To search for a particular user/group, provide a value in the Filter by User/Group name textbox.
There are three different ways in which this list gets populated:
LDAP/LDAPS: When the cluster is configured with LDAP or LDAPS, the users list gets generated by selecting groups/users from the LDAP Object Browser.
The LDAP Object Browser uses object classes defined in Admin on the LDAP Object Class Management screen to internally search the tree. Its behaviour is defined in the Settings screen under LDAP Synchronization setting of Admin. When both LDAP/LDAPS and the Hadoop Control IDP are configured on a cluster, priority is given to LDAP/LDAPS users.
Hadoop Control IDP: When Hadoop Control IDP is installed on the cluster, the ACL user list shows all Linux users with permissions on the cluster.
Manual Entry: Users can be added manually in addition to (or independent of) LDAP and the Hadoop Control IDP.
Type the name of the user in the Enter User Name textbox and click the Add User button. The user gets listed in the panel. This textbox gets enabled only when a role is selected in the Manage Roles panel.
To save the groups/users selected in this panel along with the role into the ACL, click Save button.
To delete the user, check the checkbox corresponding to that user and click the Delete User button.