Configuring HBase ACL Security Policies

Function Description

Access rights control is mature in relational databases. HBase provides a simple access rights control feature. This feature is simply implemented in read (R), write (W), creation (C), execution (X), and administration (A) operations. In common mode, this feature is supported only when HBase permission management is enabled.

The Access Control List (ACL) method is defined in the org.apache.hadoop.hbase.security.access.AccessControlClient tool class.

Sample Code

The following code snippets are in the grantACL method in the HBaseExample class of the com.huawei.bigdata.hbase.examples packet.

public void grantACL() {
    LOG.info("Entering grantACL.");

    String user = "usertest";
    String permissions = "RW";

    String familyName = "info";
    String qualifierName = "name";

    Table mt = null;
    Admin hAdmin = null;
    try {
        // Create ACL Instance
        mt = conn.getTable(AccessControlLists.ACL_TABLE_NAME);

        Permission perm = new Permission(Bytes.toBytes(permissions));

        hAdmin = conn.getAdmin();
        HTableDescriptor ht = hAdmin.getTableDescriptor(tableName);

        // Judge whether the table exists
        if (hAdmin.tableExists(mt.getName())) {
            // Judge whether ColumnFamily exists
            if (ht.hasFamily(Bytes.toBytes(familyName))) {
                // grant permission
                AccessControlClient.grant(conn, tableName, user, Bytes.toBytes(familyName),
                        (qualifierName == null ? null : Bytes.toBytes(qualifierName)), perm.getActions());
            } else {
                // grant permission
                AccessControlClient.grant(conn, tableName, user, null, null, perm.getActions());
            }
        }
        LOG.info("Grant ACL successfully.");
    } catch (Throwable e) {
        LOG.error("Grant ACL failed ", e);
    } finally {
        if (mt != null) {
            try {
                // Close
                mt.close();
            } catch (IOException e) {
                LOG.error("Close table failed ", e);
            }
        }

        if (hAdmin != null) {
            try {
                // Close Admin Object
                hAdmin.close();
            } catch (IOException e) {
                LOG.error("Close admin failed ", e);
            }
        }
    }
    LOG.info("Exiting grantACL.");
}

Shell command format:

Command line interface
# Grant permissions.
grant <user> <permissions>[ <table>[ <column family>[ <column qualifier> ] ] ] 
           
# Cancel permission granting.
revoke <user> <permissions> [ <table> [ <column family> [ <column qualifier> ] ] ] 
           
# Set a table owner.
alter <table> {owner => <user>} 
           
# Display a permission list.
user_permission <table>  # displays existing permissions

Example:

grant 'user1', 'RWC' 
grant 'user2', 'RW', 'tableA'
user_permission 'tableA'

Parent topic: Developing an HBase Application

Previous topic: HBase Multi-Point Region Splitting

Next topic: Commissioning an HBase Application

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel

For any further questions, feel free to contact us through the chatbot.

Chatbot