Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
Celebrating as our community reaches 100,000 members! Thank you!
Solved Go to solution

restrict hbase users in ambari

Labels:
avatar
author-rank arunpoy
Guru

Created ‎12-07-2016 12:01 PM

By default hbase allows all users to drop hbase tables and delete rows. How to prevent the users from doing drop and delete from ambari. i remember using it through the property hbase.superuser. the above property has just hbase in its value. any thoughts

701 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
Former Member

Created ‎12-07-2016 01:09 PM

@ARUN

I do not see any option from ambari side to do that. However you should be able to set the ACL via HBase itself as described in: http://hbase.apache.org/0.94/book/hbase.accesscontrol.configuration.html

The "hbase:acl" table defines Access Control Lists which helps us in to limiting the privileges of users to hbase table.

You must set the ACLs for all those users who will be responsible for create/update/delete operations in HBase. As by default every once can access others table.

HBase ACLs support the following privileges:

a)Read

b)Write

c)Create tables

d)Administrator

Example:

1. Start the HBase shell. On the HBase Master host: 

hbase shell

2. Set ACLs using the HBase shell: 

grant '$USER', '$permissions'

Ranger:

You can also create Ranger policies by issuing grant/revoke commands via hbase shell.

As described in Page-25 in the following slide: http://www.slideshare.net/Hadoop_Summit/securing-hadoop-with-apache-ranger

.

View solution in original post

588 Views
1 REPLY 1

avatar
Former Member

Created ‎12-07-2016 01:09 PM

@ARUN

I do not see any option from ambari side to do that. However you should be able to set the ACL via HBase itself as described in: http://hbase.apache.org/0.94/book/hbase.accesscontrol.configuration.html

The "hbase:acl" table defines Access Control Lists which helps us in to limiting the privileges of users to hbase table.

You must set the ACLs for all those users who will be responsible for create/update/delete operations in HBase. As by default every once can access others table.

HBase ACLs support the following privileges:

a)Read

b)Write

c)Create tables

d)Administrator

Example:

1. Start the HBase shell. On the HBase Master host: 

hbase shell

2. Set ACLs using the HBase shell: 

grant '$USER', '$permissions'

Ranger:

You can also create Ranger policies by issuing grant/revoke commands via hbase shell.

As described in Page-25 in the following slide: http://www.slideshare.net/Hadoop_Summit/securing-hadoop-with-apache-ranger

.

589 Views
webinar banner
Announcements
Product Announcements
[ANNOUNCE] Cloudera on Public Cloud Runtime 7.2.18 is GA!
What's New @ Cloudera
Cloudera Operational Database (COD) supports enhancements to...
Community Announcements
March 2024 Community Highlights
Community Announcements
Celebrating 100,000 Members: A Journey of Growth and Connect...
Product Announcements
[ANNOUNCE] New Cloudera JDBC Connector for Apache Hive 2.6.2...
View More Announcements
meetups banner