Support Questions

Find answers, ask questions, and share your expertise

restrict hbase users in ambari

avatar

By default hbase allows all users to drop hbase tables and delete rows. How to prevent the users from doing drop and delete from ambari. i remember using it through the property hbase.superuser. the above property has just hbase in its value. any thoughts

1 ACCEPTED SOLUTION

avatar

@ARUN

I do not see any option from ambari side to do that. However you should be able to set the ACL via HBase itself as described in: http://hbase.apache.org/0.94/book/hbase.accesscontrol.configuration.html

The "hbase:acl" table defines Access Control Lists which helps us in to limiting the privileges of users to hbase table.

You must set the ACLs for all those users who will be responsible for create/update/delete operations in HBase. As by default every once can access others table.

HBase ACLs support the following privileges:

a)Read

b)Write

c)Create tables

d)Administrator

Example:

1. Start the HBase shell. On the HBase Master host:

hbase shell 

2. Set ACLs using the HBase shell:

grant '$USER', '$permissions'

Ranger:

You can also create Ranger policies by issuing grant/revoke commands via hbase shell.

As described in Page-25 in the following slide: http://www.slideshare.net/Hadoop_Summit/securing-hadoop-with-apache-ranger

.

View solution in original post

1 REPLY 1

avatar

@ARUN

I do not see any option from ambari side to do that. However you should be able to set the ACL via HBase itself as described in: http://hbase.apache.org/0.94/book/hbase.accesscontrol.configuration.html

The "hbase:acl" table defines Access Control Lists which helps us in to limiting the privileges of users to hbase table.

You must set the ACLs for all those users who will be responsible for create/update/delete operations in HBase. As by default every once can access others table.

HBase ACLs support the following privileges:

a)Read

b)Write

c)Create tables

d)Administrator

Example:

1. Start the HBase shell. On the HBase Master host:

hbase shell 

2. Set ACLs using the HBase shell:

grant '$USER', '$permissions'

Ranger:

You can also create Ranger policies by issuing grant/revoke commands via hbase shell.

As described in Page-25 in the following slide: http://www.slideshare.net/Hadoop_Summit/securing-hadoop-with-apache-ranger

.