CentOS HBase如何进行权限控制

<code><configuration><property><name>hbase.security.enabled</name><value>true</value></property><property><name>hbase.master.kerberos.principal</name><value>hbase/_HOST@YOUR_REALM.COM</value></property><property><name>hbase.regionserver.kerberos.principal</name><value>hbase/_HOST@YOUR_REALM.COM</value></property><property><name>hbase.security.authentication</name><value>kerberos</value></property><property><name>hbase.security.authorization</name><value>true</value></property></configuration></code>

<code>sudo yum install krb5-workstation</code>

<code>[libdefaults]
    default_realm = YOUR_REALM.COM

[realms]
    YOUR_REALM.COM = {
        kdc = kdc.yourdomain.com:88
        admin_server = kdc.yourdomain.com:749
    }

[domain_realm]
    .yourdomain.com = YOUR_REALM.COM
    yourdomain.com = YOUR_REALM.COM</code>

<code>kinit your_username@YOUR_REALM.COM</code>

<code>hbase shell</code>

<code># 赋予用户对表的读权限
grant 'user1', 'R', 'table_name'

# 赋予用户对表的写权限
grant 'user1', 'W', 'table_name'

# 赋予用户对表的完全控制权限
grant 'user1', 'RWXCA', 'table_name'

# 撤销用户的权限
revoke 'user1', 'R', 'table_name'</code>

<code><configuration><property><name>hbase.security.authorization</name><value>true</value></property><property><name>hbase.security.authenticator</name><value>org.apache.hadoop.hbase.security.token.TokenAuthenticationProvider</value></property><property><name>hbase.security.authorization.provider</name><value>org.apache.hadoop.hbase.security.access.AccessController</value></property></configuration></code>

<code><configuration><property><name>hbase.security.audit.log.enabled</name><value>true</value></property><property><name>hbase.security.audit.log.file</name><value>/var/log/hbase/audit.log</value></property></configuration></code>

<code>sudo systemctl restart hbase-master
sudo systemctl restart hbase-regionserver</code>