HBase
ZooKeeper Usage:
/hbase-unsecure- Default znode for unsecured clusters/hbase-secure- Default znode used for secured clusters
Default ACLs:
/hbase-unsecure-world:hbase:cdrwaAll children ZNodes are also world cdrwa
Open for global read, write protected:
world:anyone:r,sasl:hbase:cdrwa/hbase-secure/hbase-secure/master/hbase-secure/meta-region-server/hbase-secure/hbaseid/hbase-secure/table/hbase-secure/rs
No global read, r/w protected:
sasl:hbase:cdrwa:/hbase-secure/acl/hbase-secure/namespace/hbase-secure/backup-masters/hbase-secure/online-snapshot/hbase-secure/draining/hbase-secure/replication/hbase-secure/region-in-transition/hbase-secure/splitWAL/hbase-secure/table-lock/hbase-secure/recovering-regions/hbase-secure/running/hbase-secure/tokenauth
Security Best Practice ACLs/Permissions and Required Steps:
HBase code determines which ACL to enforce based on the configured security mode of the cluster/hbase. Users are not expected to perform any modification of ZooKeeper ACLs on ZNodes and users should not alter any ACLs by hand.