Hbase权限配置、使用手册
1 Hbase权限控制简介
Hbase的权限控制是通过AccessController Coprocessor协处理器框架实现的,可实现对用户的RWXCA的权限控制。
2 配置
配置hbase-site.xml
CM主页→点击hbase(进入Hbase主页)→点击配置
1 点击左侧的Hbase服务范围启用Hbase权限控制,设置Hbase超级用户hbase.superuser
2 点击左侧的master在 hbase.coprocessor.master.classes里追加如下内容
org.apache.hadoop.hbase.security.access.AccessController
3 点击左侧的regionserver在hbase.coprocessor.region.classes里追加如下内容
org.apache.hadoop.hbase.security.token.TokenProvider,org.apache.hadoop.hbase.security.access.AccessController
配置文件附录:
<property>
<name>hbase.security.authorization</name>
<value>true</value>
</property>
<property>
<name>hbase.coprocessor.master.classes</name>
<value>org.apache.hadoop.hbase.security.access.AccessController</value>
</property>
<property>
<name>hbase.coprocessor.region.classes</name>
<value>org.apache.hadoop.hbase.security.token.TokenProvider,org.apache.hadoop.hbase.security.access.AccessController</value>
</property>
<property>
<name>hbase.superuser</name>
<value>hbase,root,administrator</value>
</property>
3 使用
3.1 hbase权限验证
1 管理员用户Hbase下对Hbase进行赋权
grant ‘wcj’,’r’
grant ‘wcj’ ,w’
#授予用户shenl读、写表wcj的权限
grant ‘shenl’, ‘RW’, ‘wcj’
#授予用户shenl对表wcj的列族f1的age只读权限
grant ‘shenl’, ‘R’, ‘wcj’, ‘f1’, ‘age’
2 管理员用户Hbase下收回Hbase表的访问权限权限
revoke ‘R’ ‘wcj’
revoke ‘W’ ‘wcj’
3 管理员下hbase权限
user_permission ‘wcj’
3.2 hbase权限介绍
1 hbase权限与常用命令对照表
|
ACLs |
Permissions |
Comment |
|
READ(‘R’) |
Get, Scan, or Exists calls |
R denotes read permissions |
|
WRITE(‘W’) |
Put, Delete, LockRow, UnlockRow, IncrementColumnValue, CheckAndDelete, CheckAndPut, Flush, & Compact |
W denotes write permissions |
|
EXEC(‘X’) |
denotes execute permissions, which is required to execute coprocessor endpoints |
|
|
CREATE(‘C’) |
Create, Alter, & Drop |
denotes create permissions |
|
ADMIN(‘A’) |
Enable, Disable, Snapshot, Restore, Clone,Split, MajorCompact, Grant, Revoke, and Shutdown |
denotes admin permissions |
2 hbase权限命令
grant <user> <permissions>[<table>[ <column family>[ <column qualifier> ] ] ]
#grants permissions
revoke <user> <permissions> [<table> [ <column family> [ <column qualifier> ] ] ]
# revokes permissions
user_permission <table> # displaysexisting permissions
3现实版访问场景
|
Job Title |
Scope |
Permissions |
Description |
|
Senior Administrator |
Global |
Access, Create |
Manages the cluster and gives access to Junior Administrators. |
|
Junior Administrator |
Global |
Create |
Creates tables and gives access to Table Administrators. |
|
Table Administrator |
Table |
Access |
Maintains a table from an operations point of view. |
|
Data Analyst |
Table |
Read |
Creates reports from HBase data. |
|
Web Application |
Table |
Read, Write |
Puts data into HBase and uses HBase data to perform operations. |
4 问题总结
今天的文章Hbase权限控制分享到此就结束了,感谢您的阅读。
版权声明:本文内容由互联网用户自发贡献,该文观点仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 举报,一经查实,本站将立刻删除。
如需转载请保留出处:https://bianchenghao.cn/13213.html
