HBase
ZooKeeper Usage:
/hbase-unsecure
- Default znode for unsecured clusters/hbase-secure
- Default znode used for secured clusters
Default ACLs:
/hbase-unsecure
-world:hbase:cdrwa
All children ZNodes are also world cdrwa
Open for global read, write protected:
world:anyone:r
,sasl:hbase:cdrwa
/hbase-secure
/hbase-secure/master
/hbase-secure/meta-region-server
/hbase-secure/hbaseid
/hbase-secure/table
/hbase-secure/rs
No global read, r/w protected:
sasl:hbase:cdrwa
:/hbase-secure/acl
/hbase-secure/namespace
/hbase-secure/backup-masters
/hbase-secure/online-snapshot
/hbase-secure/draining
/hbase-secure/replication
/hbase-secure/region-in-transition
/hbase-secure/splitWAL
/hbase-secure/table-lock
/hbase-secure/recovering-regions
/hbase-secure/running
/hbase-secure/tokenauth
Security Best Practice ACLs/Permissions and Required Steps:
HBase code determines which ACL to enforce based on the configured security mode of the cluster/hbase. Users are not expected to perform any modification of ZooKeeper ACLs on ZNodes and users should not alter any ACLs by hand.