Patent attributes
A method for access control of data in a filesystem is provided. The method includes storing a map in a server, the map coupled to an agent, the map associating access control rules, filenames in a namespace in a first filesystem, and owners of files. The method includes determining a block filename in a namespace in a second filesystem, based on an I/O request from a data node to the second filesystem regarding a data block. The method includes determining a username of the I/O request and determining a filename in the namespace in the first filesystem, based on the block filename in the namespace in the second filesystem. The method includes applying to the data block and the username an access control rule that the map associates with an owner of a file having the filename in the namespace in the first filesystem.