Database Reference
In-Depth Information
2.
Set up the access control list as follows:
grant <user> <permissions>[ <table>[ <column family>[ <column
qualifier> ] ] ] #grants permissions
revoke <user> <permissions> [ <table> [ <column family> [ <column
qualifier> ] ] ] # revokes permissions
alter <table> {OWNER => <user>} # sets the table owner
user_permission <table> # displays existing permissions
Here, permissions can be deined as follows:
•
R
(read permissions): This is required for the
Get
,
Scan
, or
Exists
calls
•
W
(write permissions): This is required for the
Put
,
Delete
,
LockRow
,
UnlockRow
,
IncrementColumnValue
,
CheckAndDelete
, and
CheckAndPut
calls
•
C
(create permissions): This is required for the
Create
,
Alter
,
Drop
,
and
Bulk Load
calls
•
A
(admin permissions): This is required for the
Enable
,
Disable
,
Flush
,
Split
,
Snapshot
/
Restore
/
Clone
,
MajorCompact
,
Grant
,
Revoke
,
and
Shutdown
calls
•
E
(execute permission): To execute coprocessor endpoints
The following is an example where permissions are deined:
hbase> grant 'user1', 'RW', 'EmployeeTable'
Once authentication and authorization is enabled, restart the HBase cluster.
For encrypted communication, the following coniguration can also be added
to
hbase-site.xml
:
<property>
<name>hbase.rpc.protection</name>
<value>privacy</value>
</property>
We can use the Java code as follows;
Configuration conf = HBaseConfiguration.create();
conf.set("hbase.rpc.protection", "privacy");
HTable table = new HTable(conf, tablename);
Different conigurations are required for the different types of clients. The following
section only discusses the coniguration required for REST-based clients.