Is there any document to provide access control to hbase. I want to restrict some users only read only access and admin users to have all priveleges. we are using a non-secured hdp cluster
Start the HBase shell. On the HBase Master host machine, execute the following command:
set ACL grant '$USER', '$permissions'
$permissions is zero or more letters from the set "RWCA": READ('R'), WRITE('W'), CREATE('C'), ADMIN('A').
e.g. grant 'username', 'RWXCA'
Hi @Artem Ervits, ours is a non kerberized cluster. after adding the properties in hbas-site.xml as specified in the manual and i did this . but still not working. for the user aramasamy i gave only Read permissions. but that user is able to drop tables also. am i missing somethign here
hbase(main):011:0> grant '@dadmin', 'RWXCA' 0 row(s) in 0.1730 seconds hbase(main):012:0> user_permission User Namespace,Table,Family,Qualifier:Permission @dadmin hbase,hbase:acl,,: [Permission: actions=READ,WRITE,EXEC,CREATE,ADMIN] hbase(main):013:0> grant '@aramasamy', 'R' 0 row(s) in 0.2610 seconds hbase(main):014:0> user_permission User Namespace,Table,Family,Qualifier:Permission @dadmin hbase,hbase:acl,,: [Permission: actions=READ,WRITE,EXEC,CREATE,ADMIN] @aramasamy hbase,hbase:acl,,: [Permission: actions=READ]
If you are using Ambari just enable security in the first hbase page what it does it set up these properties.Looking at your screenshot I'm the user aramsamy has Read Access to table acl. Can you check if this property has been set and all hase cluster restarted.
Please be aware that if you are not using Kerberos for authentication (secure cluster), your authorization controls can be subverted by any users who know what they are doing. If you want strongly enforced authorization, you must first have strong authentication.