To configure HBase security, complete the following tasks:
- Configure HBase Authentication: You must establish a mechanism for HBase servers and clients to securely identify themselves with HDFS, ZooKeeper, and
each other. This ensures that hosts are who they claim to be.
The following sections describe how to use Apache HBase and CDH 5 with Kerberos security:
- Configure HBase Authorization: You must establish rules for the resources that clients are allowed to access. For more information, see Configuring HBase Authorization.
Using the Hue HBase App
Hue includes an HBase App that allows you to interact with HBase through a Thrift proxy server. Because Hue sits between the Thrift server and the client, the Thrift server assumes that all HBase operations come from the hue user and not the client. To ensure that users in Hue are only allowed to perform HBase operations assigned to their own credentials, and not those of the hue user, you must enable HBase impersonation. For more information about the how to enable doAs Impersonation for the HBase Browser Application, see Enabling the HBase Browser Application with doAs Impersonation.