Hbase权限控制
Posted ShenLiang2025
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Hbase权限控制相关的知识,希望对你有一定的参考价值。
Hbase权限配置、使用手册
1 Hbase权限控制简介
Hbase的权限控制是通过AccessController Coprocessor协处理器框架实现的,可实现对用户的RWXCA的权限控制。
2 配置
配置hbase-site.xml
CM主页→点击hbase(进入Hbase主页)→点击配置
1 点击左侧的Hbase服务范围启用Hbase权限控制,设置Hbase超级用户hbase.superuser
2 点击左侧的master在 hbase.coprocessor.master.classes里追加如下内容
org.apache.hadoop.hbase.security.access.AccessController
3 点击左侧的regionserver在hbase.coprocessor.region.classes里追加如下内容
org.apache.hadoop.hbase.security.token.TokenProvider,org.apache.hadoop.hbase.security.access.AccessController
配置文件附录:
<property>
<name>hbase.security.authorization</name>
<value>true</value>
</property>
<property>
<name>hbase.coprocessor.master.classes</name>
<value>org.apache.hadoop.hbase.security.access.AccessController</value>
</property>
<property>
<name>hbase.coprocessor.region.classes</name>
<value>org.apache.hadoop.hbase.security.token.TokenProvider,org.apache.hadoop.hbase.security.access.AccessController</value>
</property>
<property>
<name>hbase.superuser</name>
<value>hbase,root,administrator</value>
</property>
3 使用
3.1 hbase权限验证
1 管理员用户Hbase下对Hbase进行赋权
grant 'wcj','r'
grant 'wcj' ,w'
#授予用户shenl读、写表wcj的权限
grant 'shenl', 'RW', 'wcj'
#授予用户shenl对表wcj的列族f1的age只读权限
grant 'shenl', 'R', 'wcj', 'f1', 'age'
2 管理员用户Hbase下收回Hbase表的访问权限权限
revoke ‘R’ ‘wcj’
revoke ‘W’ ‘wcj’
3 管理员下hbase权限
user_permission ‘wcj’
3.2 hbase权限介绍
1 hbase权限与常用命令对照表
| ACLs | Permissions | Comment |
| READ('R') | Get, Scan, or Exists calls | R denotes read permissions |
| WRITE('W') | Put, Delete, LockRow, UnlockRow, IncrementColumnValue, CheckAndDelete, CheckAndPut, Flush, & Compact | W denotes write permissions |
| EXEC('X') | denotes execute permissions, which is required to execute coprocessor endpoints | |
| CREATE('C') | Create, Alter, & Drop | denotes create permissions |
| ADMIN('A') | Enable, Disable, Snapshot, Restore, Clone,Split, MajorCompact, Grant, Revoke, and Shutdown | denotes admin permissions |
2 hbase权限命令
grant <user> <permissions>[<table>[ <column family>[ <column qualifier> ] ] ]
#grants permissions
revoke <user> <permissions> [<table> [ <column family> [ <column qualifier> ] ] ]
# revokes permissions
user_permission <table> # displaysexisting permissions
3现实版访问场景
| Job Title | Scope | Permissions | Description |
| Senior Administrator | Global | Access, Create | Manages the cluster and gives access to Junior Administrators. |
| Junior Administrator | Global | Create | Creates tables and gives access to Table Administrators. |
| Table Administrator | Table | Access | Maintains a table from an operations point of view. |
| Data Analyst | Table | Read | Creates reports from HBase data. |
| Web Application | Table | Read, Write | Puts data into HBase and uses HBase data to perform operations. |
4 问题总结
以上是关于Hbase权限控制的主要内容,如果未能解决你的问题,请参考以下文章