Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

restrict hbase users in ambari

Labels:
avatar
author-rank arunpoy
Guru

Created ‎12-07-2016 12:01 PM

By default hbase allows all users to drop hbase tables and delete rows. How to prevent the users from doing drop and delete from ambari. i remember using it through the property hbase.superuser. the above property has just hbase in its value. any thoughts

941 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
Former Member

Created ‎12-07-2016 01:09 PM

@ARUN

I do not see any option from ambari side to do that. However you should be able to set the ACL via HBase itself as described in: http://hbase.apache.org/0.94/book/hbase.accesscontrol.configuration.html

The "hbase:acl" table defines Access Control Lists which helps us in to limiting the privileges of users to hbase table.

You must set the ACLs for all those users who will be responsible for create/update/delete operations in HBase. As by default every once can access others table.

HBase ACLs support the following privileges:

a)Read

b)Write

c)Create tables

d)Administrator

Example:

1. Start the HBase shell. On the HBase Master host: 

hbase shell

2. Set ACLs using the HBase shell: 

grant '$USER', '$permissions'

Ranger:

You can also create Ranger policies by issuing grant/revoke commands via hbase shell.

As described in Page-25 in the following slide: http://www.slideshare.net/Hadoop_Summit/securing-hadoop-with-apache-ranger

.

View solution in original post

828 Views
1 REPLY 1

avatar
Former Member

Created ‎12-07-2016 01:09 PM

@ARUN

I do not see any option from ambari side to do that. However you should be able to set the ACL via HBase itself as described in: http://hbase.apache.org/0.94/book/hbase.accesscontrol.configuration.html

The "hbase:acl" table defines Access Control Lists which helps us in to limiting the privileges of users to hbase table.

You must set the ACLs for all those users who will be responsible for create/update/delete operations in HBase. As by default every once can access others table.

HBase ACLs support the following privileges:

a)Read

b)Write

c)Create tables

d)Administrator

Example:

1. Start the HBase shell. On the HBase Master host: 

hbase shell

2. Set ACLs using the HBase shell: 

grant '$USER', '$permissions'

Ranger:

You can also create Ranger policies by issuing grant/revoke commands via hbase shell.

As described in Page-25 in the following slide: http://www.slideshare.net/Hadoop_Summit/securing-hadoop-with-apache-ranger

.

829 Views
Announcements
What's New @ Cloudera
Cloudera Operational Database supports assigning ODAdmin rol...
What's New @ Cloudera
Security-Enhanced Linux (SELinux) support in Cloudera Operat...
What's New @ Cloudera
[RELEASED] Cloudera Streams Messaging - Kubernetes Operator ...
What's New @ Cloudera
[RELEASED] Cloudera Streaming Analytics 1.14 for Cloudera Pu...
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
View More Announcements