Hbase权限控制

Hbase的权限控制是通过AccessController Coprocessor协处理器框架实现的，可实现对用户的RWXCA的权限控制。

配置hbase-site.xml

CM主页→点击hbase(进入Hbase主页)→点击配置

1 点击左侧的Hbase服务范围启用Hbase权限控制，设置Hbase超级用户hbase.superuser

2 点击左侧的master在 hbase.coprocessor.master.classes里追加如下内容

org.apache.hadoop.hbase.security.access.AccessController

3 点击左侧的regionserver在hbase.coprocessor.region.classes里追加如下内容

org.apache.hadoop.hbase.security.token.TokenProvider,org.apache.hadoop.hbase.security.access.AccessController

配置文件附录:

hbase.security.authorization

true

hbase.coprocessor.master.classes

org.apache.hadoop.hbase.security.access.AccessController

hbase.coprocessor.region.classes

org.apache.hadoop.hbase.security.token.TokenProvider,org.apache.hadoop.hbase.security.access.AccessController

hbase.superuser hbase,root,administrator

1 管理员用户Hbase下对Hbase进行赋权

grant 'wcj','r'

grant 'wcj' ,w'

#授予用户shenl读、写表wcj的权限

grant 'shenl', 'RW', 'wcj'

#授予用户shenl对表wcj的列族f1的age只读权限

grant 'shenl', 'R', 'wcj', 'f1', 'age'

2 管理员用户Hbase下收回Hbase表的访问权限权限

revoke ‘R’ ‘wcj’

revoke ‘W’ ‘wcj’

3 管理员下hbase权限

user_permission ‘wcj’

1 hbase权限与常用命令对照表

ACLs

Permissions

Comment

READ('R')

Get, Scan, or Exists calls

R denotes read permissions

WRITE('W')

Put, Delete, LockRow, UnlockRow, IncrementColumnValue,

CheckAndDelete, CheckAndPut, Flush, & Compact

W denotes write permissions

EXEC('X')

denotes execute permissions, which is required to execute coprocessor endpoints

CREATE('C')

Create, Alter, & Drop

denotes create permissions

ADMIN('A')

Enable, Disable, Snapshot, Restore, Clone,Split, MajorCompact, Grant, Revoke, and Shutdown

denotes admin permissions

2 hbase权限命令

grant [[ [ ] ] ]

#grants permissions

revoke [ [ [ ] ] ]

# revokes permissions

user_permission # displaysexisting permissions

3现实版访问场景

Job Title

Scope

Permissions

Description

Senior Administrator

Global

Access, Create

Manages the cluster and gives access to Junior Administrators.

Junior Administrator

Global

Create

Creates tables and gives access to Table Administrators.

Table Administrator

Table

Access

Maintains a table from an operations point of view.

Data Analyst

Table

Read

Creates reports from HBase data.

Web Application

Table

Read, Write

Puts data into HBase and uses HBase data to perform operations.