hbase權限管理

時間 2019-11-30

標籤 hbase 權限管理欄目 Hadoop 简体版

原文原文鏈接

給用戶分配對每一個表的操做權限，有RWXCA五種，對應READ, WRITE, EXEC, CREATE, ADMINspa

hbase(main):222:0> help "grant" ci

Grant users specific rights.it

Syntax: grant <user or @group>, <permissions> [, <table> [, <column family> [, <column qualifier>]]] io

Syntax: grant <user or @group>, <permissions>, <@namespace>table

permissions is either zero or more letters from the set "RWXCA". READ('R'), WRITE('W'), EXEC('X'), CREATE('C'), ADMIN('A')權限

Note: Groups and users are granted access in the same way, but groups are prefixed with an '@' character. Tables and namespaces are specified the same way, but namespaces are prefixed with an '@' character.namespaces

For example:tab

hbase> grant 'bobsmith', 'RWXCA' ant

hbase> grant '@admins', 'RWXCA' co

hbase> grant 'bobsmith', 'RWXCA', '@ns1'

hbase> grant 'bobsmith', 'RW', 't1', 'f1', 'col1'

hbase> grant 'bobsmith', 'RW', 'ns1:t1', 'f1', 'col1'

查看權限

hbase(main):220:0> help "user_permission"

Show all permissions for the particular user. Syntax : user_permission <table>

Note: A namespace must always precede with '@' character.

For example:

hbase> user_permission

hbase> user_permission '@ns1'

hbase> user_permission '@.*'

hbase> user_permission '@^[a-c].*'

hbase> user_permission 'table1'

hbase> user_permission 'namespace1:table1'

hbase> user_permission '.*'

hbase> user_permission '^[A-C].*'

收回權限

hbase(main):221:0> help "revoke"

Revoke a user's access rights.

Syntax:

revoke <user or @group> [, <table> [, <column family> [, <column qualifier>]]]

Syntax:

revoke <user or @group>, <@namespace>

Note: Groups and users access are revoked in the same way, but groups are prefixed with an '@' character. Tables and namespaces are specified the same way, but namespaces are prefixed with an '@' character.

For example:

hbase> revoke 'bobsmith'

hbase> revoke '@admins'

hbase> revoke 'bobsmith', '@ns1'

hbase> revoke 'bobsmith', 't1', 'f1', 'col1'

hbase> revoke 'bobsmith', 'ns1:t1', 'f1', 'col1'