HBase
To enable the Ranger HBase plugin, perform the steps described below.
Navigate to the HBase service.
Click on the Config tab and navigate to advanced ranger-hbase-plugin-properties. Refer to the Ranger HBase Properties table for information on modifying these properties.
Make sure to select the Enable Ranger for HBase checkbox.
When you select the checkbox, a warning dialog popup will be opened.
Click on the Apply button to save the changes.
Ambari will display a Restart indicator. Restart the Ranger HBase component.
Table 4.3. Ranger HBase Properties
Configuration Property Name Description Default Value Example Value Required Enable Ranger for HBASE Flag used to enable/disable HBase functionality for Ranger. FALSE Yes Audit to HDFS Flag used to enable/disable HBase audit logging. If HBase audit logging is turned off, it will not log any access control to HBase. FALSE Yes Audit to DB Flag to enable/disable database audit logging. If the database audit logging is turned off, it will not log any access control to the database. Policy User for HBASE Ranger repository config password Ranger repository config user Should HBase GRANT/REVOKE update XA policies? Checbox that provides the ability for the XA Agent to update the policies based on the grant/revoke commands from the HBase client. TRUE TRUE Yes common.name.
for.certificate
SSL_KEYSTORE_
FILE_PATH
Java Keystore path where the SSL key for the plugin is stored. This is only used if SSL is enabled between the Policy Admin Tool and plugin. If SSL is not enabled, leave the default value as is - do not set as EMPTY if SSL is not used. /etc/hbase/conf/ranger-plugin-truststore.jks /etc/hbase/conf/ranger-plugin-truststore.jks Yes, if SSL is enabled SSL_KEYSTORE_
PASSWORD
Password associated with the SSL Keystore. This is only used if SSL is enabled between the Policy Admin Tool and plugin. If SSL is not enabled, leave the default value as is - do not set as EMPTY if SSL is not enabled. myKeyFilePassword MyKeyFilePassword Yes, if SSL is enabled SSL_KEYSTORE_
FILE_PATH
Java Keystore path where the trsuted certificates are stored for verifying SSL connection to the Policy Admin Tool. This is used only if SSL is enabled between the Policy Admin Tool and plugin. If SSL is not enabled, leave the default value as is - do not set as EMPTY. /etc/hbase/conf/ranger-plugin-truststore.jks /etc/hbase/conf/ranger-plugin-truststore.jks Yes, if SSL is enabled SSL_TRUSTSTORE_
PASSWORD
Password associated with the Truststore file. This is used only if SSL is enabled between the Policy Admin tool and plugin. If SSL is not enabled, leave the default value as is - do not set as EMPTY. changeit changeit Yes, if SSL is enabled.