2.

Set up the access control list as follows:

grant <user> <permissions>[ <table>[ <column family>[ <column

qualifier> ] ] ] #grants permissions

revoke <user> <permissions> [ <table> [ <column family> [ <column

qualifier> ] ] ] # revokes permissions

alter <table> {OWNER => <user>} # sets the table owner

user_permission <table> # displays existing permissions

Here, permissions can be deined as follows:

• R (read permissions): This is required for the Get , Scan , or Exists calls

• W (write permissions): This is required for the Put , Delete , LockRow ,

UnlockRow , IncrementColumnValue , CheckAndDelete , and

CheckAndPut calls

• C (create permissions): This is required for the Create , Alter , Drop ,

and Bulk Load calls

• A (admin permissions): This is required for the Enable , Disable , Flush ,

Split , Snapshot / Restore / Clone , MajorCompact , Grant , Revoke ,

and Shutdown calls

• E (execute permission): To execute coprocessor endpoints

The following is an example where permissions are deined:

hbase> grant 'user1', 'RW', 'EmployeeTable'

Once authentication and authorization is enabled, restart the HBase cluster.

For encrypted communication, the following coniguration can also be added

to hbase-site.xml :

<property>

<name>hbase.rpc.protection</name>

<value>privacy</value>

</property>

We can use the Java code as follows;

Configuration conf = HBaseConfiguration.create();

conf.set("hbase.rpc.protection", "privacy");

HTable table = new HTable(conf, tablename);

Different conigurations are required for the different types of clients. The following

section only discusses the coniguration required for REST-based clients.