diff --git src/main/docbkx/security.xml src/main/docbkx/security.xml index 9e6a57c..4807b98 100644 --- src/main/docbkx/security.xml +++ src/main/docbkx/security.xml @@ -454,6 +454,7 @@ HColumnDescriptor#setCompressTags(boolean compressTags) Put#add(byte[] family, byte [] qualifier, byte [] value, Tag[] tag) Put#add(byte[] family, byte[] qualifier, long ts, byte[] value, Tag[] tag) ]]> + Some of the feature developed using tags are Cell level ACLs and Visibility labels. These are some features that use tags framework and allows users to gain better security features on cell level. @@ -465,6 +466,7 @@ Put#add(byte[] family, byte[] qualifier, long ts, byte[] value, Tag[] tag) linkend="hbase.visibility.labels">Visibility labels +
Access Control @@ -631,6 +633,7 @@ Put#add(byte[] family, byte[] qualifier, long ts, byte[] value, Tag[] tag) Permissions can be granted in any of the following scopes, though CREATE and ADMIN permissions are effective only at table scope. + Table @@ -684,6 +687,637 @@ Put#add(byte[] family, byte[] qualifier, long ts, byte[] value, Tag[] tag) table attribute. Only a single user principal can own a table at a given time. A table owner will have all permissions over a given table.
+
+ Access Control Matrix + The following matrix shows the minimum permission set required to perform operations in + HBase. Before using the table, read through the information about how to interpret it. + + Interpreting the ACL Matrix Table + The following conventions are used in the ACL Matrix table: + + Scopes + + Possible scopes are the following: + + Global + Table + Column Qualifier (CF) + Column Family (CQ) + Namespace (NS) + + If a user has Admin on a Column Family, he can grant permissions on that Column + Family to other users. He could not grant permissions at the table level. Thus, if + you see scopes expressed like Table|CF|CQ, this means that if a + user has the required permission at the given scope, he can perform that operation at + the same scope. + + + + Permissions + + Possible permissions include the following: + + Superuser - a special user that belongs to group "supergroup" and has + unlimited access + Admin (A) + Create (C) + Write (W) + Read (R) + Execute (X) + + + + + + + Implicit ACLs + For the sake of simplicity, the ACL matrix does not list implicit ACLs. The following + examples show what is meant by "implicit ACLs": + + A combination of GLOBAL and ADMIN implicitly has all permissions in all scopes. + A user with a permission granted at GLOBAL scope automatically has the + permission at all other scopes. For instance, a user with GLOBAL CREATE also has TABLE + CREATE, but not vice versa. Thus, in this matrix, GLOBAL is implied and only listed + if GLOBAL is the minimum required scope. + A user with a permission of ADMIN automatically has CREATE and WRITE + permissions. + A user with WRITE permission at a given scope automatically has READ + permission at that scope. + A user with WRITE permission at a given scope does not automatically + have CREATE permission at that scope. + + + + The following table is sorted by the interface that provides each operation. In case the + table goes out of date, the unit tests which check for accuracy of permissions can be found + in + hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java, + and the access controls themselves can be examined in + hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java. + + + ACL Matrix + + + + Interface + Operation + Minimum Scope + Minimum Permission + + + + + + + Master + + + createTable + + + Global + + + A + + + + + modifyTable + + + Table + + + A|CW + + + + + deleteTable + + + Table + + + A|CW + + + + + truncateTable + + + Table + + + A|CW + + + + + addColumn + + + Table + + + A|CW + + + + + modifyColumn + + + Table + + + A|CW + + + + + deleteColumn + + + Table + + + A|CW + + + + + disableTable + + + Table + + + A|CW + + + + + disableAclTable + + + None + + + Not allowed + + + + + enableTable + + + Table + + + A|CW + + + + + move + + + Global + + + A + + + + + assign + + + Global + + + A + + + + + unassign + + + Global + + + A + + + + + regionOffline + + + Global + + + A + + + + + balance + + + Global + + + A + + + + + balanceSwitch + + + Global + + + A + + + + + shutdown + + + Global + + + A + + + + + stopMaster + + + Global + + + A + + + + + snapshot + + + Global + + + A + + + + + clone + + + Global + + + A + + + + + restore + + + Global + + + A + + + + + deleteSnapshot + + + Global + + + A + + + + + createNamespace + + + Global + + + A + + + + + deleteNamespace + + + Namespace + + + A + + + + + modifyNamespace + + + Namespace + + + A + + + + + flushTable + + + Table + + + A|CW + + + + + getTableDescriptors + + + Global|Table + + + A + + + + + mergeRegions + + + Global + + + A + + + + Region + + preOpen + Global + A + + + + openRegion + + + Global + + + A + + + + preClose + Global + A + + + + closeRegion + + + Global + + + A + + + + preStopRegionServer + Global + A + + + + stopRegionServer + + + Global + + + A + + + + + mergeRegions + + + Global + + + A + + + + append + Table + W + + + delete + Table|CF|CQ + W + + + exists + Table|CF|CQ + R + + + get + Table|CF|CQ + R + + + getClosestRowBefore + Table|CF|CQ + R + + + increment + Table|CF|CQ + W + + + put + Table|CF|CQ + W + + + + flush + + + Global + + + A|CW + + + + + split + + + Global + + + A + + + + + compact + + + Global + + + A|CW + + + + bulkLoadHFile + Table + W + + + prepareBulkLoad + Table + CW + + + cleanupBulkLoad + Table + W + + + checkAndDelete + Table|CF|CQ + RW + + + checkAndPut + Table|CF|CQ + RW + + + incrementColumnValue + Table|CF|CQ + RW + + + ScannerClose + Table + R + + + ScannerNext + Table + R + + + ScannerOpen + Table|CQ|CF + R + + + + Endpoint + + + invoke + + Endpoint + + X + + + + + AccessController + + + grant + + Global|Table|NS + + A + + + + + revoke + + Global|Table|NS + + A + + + + + userPermissions + + + Global|Table|NS + + + A + + + + + checkPermissions + + + Global|Table|NS + + + A + + + + +
+
Server-side Configuration for Access Control