hbase.rootdir is set to hdfs://CLU01/apps/hbase/data, and I do see HBase tables created under /apps/hbase/data/data/default HDFS directory.
How do I alter created tables to be stored under /dev HDFS directory? Actually, how do you generally deal with access rights for HBase tables: HDFS+HBase ACLs or HBase ACLs only?
For example: I've got a Dev team which I'd like to limit to work with /dev directory only, hence HDFS permissions are set. They are mainly working with HBase, so I had to adjust HBase ACLs for them as well (via Ranger), but since hbase.rootdir is set to hdfs://CLU01/apps/hbase/data my HDFS permissions with regards to /dev don't make sense. Does it make sense to move Dev HBase tables to /dev or HBase ACLs should be enough?
HBase, as a database, completely owns ALL of the files under its root directory. Users cannot and should not access the underlying files from HDFS. In a secure setup in HDFS and HBase, by default, the hbase user is the single owner of /apps/hbase/data, and that directory will have 700 as permissions.
However, HBase has it's own ACL model which is applicable at the namespace / table / column family / column / cell level. You can set HBase-level authorization to make it so that users can access only the data that they are supposed to access. HBase will enforce the authorization. Having HBase-level access to a table for a user will not give permissions at the HDFS level to the underlying data files.