Ranger-HBase Plugin
Describes how the Ranger HBase plugin enforces authorization.
Ranger HBase Plugin is enabled in master which helps in authorization of the column-oriented database management system.
Ranger HBase Plugin Enforcement Example
Prerequisite
-
Create a sample table called "data", with two column families, and add some rows to the table with hbase user.
- create 'Testtable1', 'personal', 'medical','finance'
- put 'Testtable1', '1', 'personal:fname', 'Mike'
- get 'Testtable1','1','personal:fname'
- Create external user 'externaluser2'
Access Enforcement steps
-
Let's try to access the 'Testtable1' table using 'externaluser2', he will be denied as he don't have permission to access it.
-
Lets create a policy in ranger-hive for the user
- Resource : [HBase Table=Testtable1, Column-family=*, Column=*]
- allow policy item : [user='externaluser2', permission=read]
-
Let's try to access the vehicle.cars table using 'externaluser2', he will be allowed as he gets permission to access it.
- You can check the logs related to these actions, using tab.
| Permission | Action |
|---|---|
| Read (R) | can read data at the given scope |
| Write (W) | can write data at the given scope |
| Execute (X) | can execute coprocessor endpoints at the given scope |
| Create (C) | can create tables or drop tables (even those they did not create) at the given scope |
| Admin (A) | can perform cluster operations such as balancing the cluster or assigning regions at the given scope |
