ACL安全配置
功能简介
访问权限控制,在关系型数据库中是一个已经很成熟的技术,HBase实现了一个较为简单的特性。这些特性归纳为读(R)、写(W)、创建(C)、执行(X)和管理(A)等。
ACL的方法定义在工具类org.apache.hadoop.hbase.security.access.AccessControlClient中。
当前版本在FusionInsight界面也支持对列进行权限分配。
代码样例
public void grantACL() {
LOG.info("Entering grantACL.");
String user = "huawei";
String permissions = "RW";
String familyName = "info";
String qualifierName = "name";
Table mt = null;
Admin hAdmin = null;
try {
// Create ACL Instance
mt = conn.getTable(AccessControlLists.ACL_TABLE_NAME);
Permission perm = new Permission(Bytes.toBytes(permissions));
hAdmin = conn.getAdmin();
HTableDescriptor ht = hAdmin.getTableDescriptor(tableName);
// Judge whether the table exists
if (hAdmin.tableExists(mt.getName())) {
// Judge whether ColumnFamily exists
if (ht.hasFamily(Bytes.toBytes(familyName))) {
// grant permission
AccessControlClient.grant(conn, tableName, user, null, null, perm.getActions());
}
}
LOG.info("Grant ACL successfully.");
} catch (Exception e) {
LOG.error("Grant ACL failed " ,e);
} finally {
if (mt != null) {
try {
// Close
mt.close();
} catch (IOException e) {
LOG.error("Close table failed " ,e);
}
}
if (hAdmin != null) {
try {
// Close Admin Object
hAdmin.close();
} catch (IOException e) {
LOG.error("Close admin failed " ,e);
}
}
}
LOG.info("Exiting grantACL.");
}
命令方式:
命令行
# 赋权
grant <user> <permissions>[ <table>[ <column family>[ <column qualifier> ] ] ]
# 撤销权限
revoke <user> <permissions> [ <table> [ <column family> [ <column qualifier> ] ] ]
# 设置表所有者
alter <table> {owner => <user>}
# 显示权限列表
user_permission <table> # displays existing permissions
例如:
grant 'user1', 'RWC'
grant 'user2', 'RW', 'tableA'