Configure HBase ACLs
HBase supports Access Control Lists (ACLs) to limit the privileges of users on the system. Before you can use ACLs, you need to perform the steps to enable ACLs.
HBase ACLs support the following privileges:
Read
Write
Execute
Create tables
Administrator
The possible scopes are:
Superuser
Global
Namespace
Table
ColumnFamily
Cell
Once you enable the use of ACLs, you can grant and remove privileges from users by using
the grant
and revoke
commands from the HBase shell. The
following example grants user jfoo
read privileges from column family
cf1
of table mytable
:
hbase(main):001:0> grant 'jfoo' 'R' 'mytable','cf1'
This example removes user kbar
's administrative privileges on the
cluster:
hbase(main):001:0> revoke 'kbar' 'A'