Hbase權限配置、使用手冊

1 Hbase權限控制簡介

Hbase的權限控制是通過AccessController Coprocessor協處理器框架實現的，可實現對用戶的RWXCA的權限控制。

2 配置

配置hbase-site.xml

CM主頁→點擊hbase(進入Hbase主頁)→點擊配置

1 點擊左側的Hbase服務范圍啟用Hbase權限控制，設置Hbase超級用戶hbase.superuser

?

2 點擊左側的master在 hbase.coprocessor.master.classes里追加如下內容

org.apache.hadoop.hbase.security.access.AccessController

3 點擊左側的regionserver在hbase.coprocessor.region.classes里追加如下內容

org.apache.hadoop.hbase.security.token.TokenProvider,org.apache.hadoop.hbase.security.access.AccessController

?

配置文件附錄:

<property>

<name>hbase.security.authorization</name>

<value>true</value>

</property>

<property>

<name>hbase.coprocessor.master.classes</name>

<value>org.apache.hadoop.hbase.security.access.AccessController</value>

</property>

<property>

<name>hbase.coprocessor.region.classes</name>

<value>org.apache.hadoop.hbase.security.token.TokenProvider,org.apache.hadoop.hbase.security.access.AccessController</value>

</property>

<property>
<name>hbase.superuser</name>
<value>hbase,root,administrator</value>
</property>

3 使用

3.1 hbase權限驗證

1 管理員用戶Hbase下對Hbase進行賦權

grant 'wcj','r'

grant 'wcj' ,w'

#授予用戶shenl讀、寫表wcj的權限

grant 'shenl', 'RW', 'wcj'

#授予用戶shenl對表wcj的列族f1的age只讀權限

grant 'shenl', 'R', 'wcj', 'f1', 'age'

2 管理員用戶Hbase下收回Hbase表的訪問權限權限

revoke ‘R’ ‘wcj’

revoke ‘W’ ‘wcj’

3 管理員下hbase權限

user_permission ‘wcj’

?

3.2 hbase權限介紹

1 hbase權限與常用命令對照表

ACLs	Permissions	Comment
READ('R')	Get, Scan, or Exists calls	R denotes read permissions
WRITE('W')	Put, Delete, LockRow, UnlockRow, IncrementColumnValue, CheckAndDelete, CheckAndPut, Flush, & Compact	W denotes write permissions
EXEC('X')		denotes execute permissions, which is required to execute coprocessor endpoints
CREATE('C')	Create, Alter, & Drop	denotes create permissions
ADMIN('A')	Enable, Disable, Snapshot, Restore, Clone,Split, MajorCompact, Grant, Revoke, and Shutdown	denotes admin permissions

2 hbase權限命令

grant <user> <permissions>[<table>[ <column family>[ <column qualifier> ] ] ]

#grants permissions

revoke <user> <permissions> [<table> [ <column family> [ <column qualifier> ] ] ]

# revokes permissions

user_permission <table> # displaysexisting permissions

3現實版訪問場景

Job Title	Scope	Permissions	Description
Senior Administrator	Global	Access, Create	Manages the cluster and gives access to Junior Administrators.
Junior Administrator	Global	Create	Creates tables and gives access to Table Administrators.
Table Administrator	Table	Access	Maintains a table from an operations point of view.
Data Analyst	Table	Read	Creates reports from HBase data.
Web Application	Table	Read, Write	Puts data into HBase and uses HBase data to perform operations.

4 問題總結

總結

以上是生活随笔為你收集整理的Hbase权限控制的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。