ACL Security Configuration
Function Description
Access rights control is mature in relational databases. HBase provides a simple access rights control feature. This feature is simply implemented in read (R), write (W), creation (C), execution (X), and administration (A) operations. In common mode, this feature is supported only when HBase permission management is enabled.
The Access Control List (ACL) method is defined in the org.apache.hadoop.hbase.security.access.AccessControlClient tool class.
Sample Code
The following code snippets are in the grantACL method in the HBaseExample class of the com.huawei.bigdata.hbase.examples packet.
public void grantACL() { LOG.info("Entering grantACL."); String user = "usertest"; String permissions = "RW"; String familyName = "info"; String qualifierName = "name"; Table mt = null; Admin hAdmin = null; try { // Create ACL Instance mt = conn.getTable(AccessControlLists.ACL_TABLE_NAME); Permission perm = new Permission(Bytes.toBytes(permissions)); hAdmin = conn.getAdmin(); HTableDescriptor ht = hAdmin.getTableDescriptor(tableName); // Judge whether the table exists if (hAdmin.tableExists(mt.getName())) { // Judge whether ColumnFamily exists if (ht.hasFamily(Bytes.toBytes(familyName))) { // grant permission AccessControlClient.grant(conn, tableName, user, Bytes.toBytes(familyName), (qualifierName == null ? null : Bytes.toBytes(qualifierName)), perm.getActions()); } else { // grant permission AccessControlClient.grant(conn, tableName, user, null, null, perm.getActions()); } } LOG.info("Grant ACL successfully."); } catch (Throwable e) { LOG.error("Grant ACL failed ", e); } finally { if (mt != null) { try { // Close mt.close(); } catch (IOException e) { LOG.error("Close table failed ", e); } } if (hAdmin != null) { try { // Close Admin Object hAdmin.close(); } catch (IOException e) { LOG.error("Close admin failed ", e); } } } LOG.info("Exiting grantACL."); }
Shell command format:
Command line interface # Grant permissions. grant <user> <permissions>[ <table>[ <column family>[ <column qualifier> ] ] ] # Cancel permission granting. revoke <user> <permissions> [ <table> [ <column family> [ <column qualifier> ] ] ] # Set a table owner. alter <table> {owner => <user>} # Display a permission list. user_permission <table> # displays existing permissions
Example:
grant 'user1', 'RWC' grant 'user2', 'RW', 'tableA' user_permission 'tableA'
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.