Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

hbase access control

hbase access control

Is there any document to provide access control to hbase. I want to restrict some users only read only access and admin users to have all priveleges. we are using a non-secured hdp cluster

5 REPLIES 5

Re: hbase access control

Start the HBase shell. On the HBase Master host machine, execute the following command:

set ACL grant '$USER', '$permissions'

$permissions is zero or more letters from the set "RWCA": READ('R'), WRITE('W'), CREATE('C'), ADMIN('A').

e.g. grant 'username', 'RWXCA'

Re: hbase access control

Hi @Artem Ervits, ours is a non kerberized cluster. after adding the properties in hbas-site.xml as specified in the manual and i did this . but still not working. for the user aramasamy i gave only Read permissions. but that user is able to drop tables also. am i missing somethign here

hbase(main):011:0> grant '@dadmin', 'RWXCA'
0 row(s) in 0.1730 seconds
hbase(main):012:0> user_permission
User                                        Namespace,Table,Family,Qualifier:Permission
 @dadmin                                    hbase,hbase:acl,,: [Permission: actions=READ,WRITE,EXEC,CREATE,ADMIN]
hbase(main):013:0> grant '@aramasamy', 'R'
0 row(s) in 0.2610 seconds
hbase(main):014:0> user_permission
User                                        Namespace,Table,Family,Qualifier:Permission
 @dadmin                                    hbase,hbase:acl,,: [Permission: actions=READ,WRITE,EXEC,CREATE,ADMIN]
  @aramasamy                                 hbase,hbase:acl,,: [Permission: actions=READ]
Highlighted

Re: hbase access control

Hello Arun

If you are using Ambari just enable security in the first hbase page what it does it set up these properties.Looking at your screenshot I'm the user aramsamy has Read Access to table acl. Can you check if this property has been set and all hase cluster restarted.

<name>hbase.security.exec.permission.checks</name> <value>true</value>

Re: hbase access control

Please be aware that if you are not using Kerberos for authentication (secure cluster), your authorization controls can be subverted by any users who know what they are doing. If you want strongly enforced authorization, you must first have strong authentication.