diff --git src/main/docbkx/security.xml src/main/docbkx/security.xml index 9e6a57c..8eda69a 100644 --- src/main/docbkx/security.xml +++ src/main/docbkx/security.xml @@ -454,6 +454,7 @@ HColumnDescriptor#setCompressTags(boolean compressTags) Put#add(byte[] family, byte [] qualifier, byte [] value, Tag[] tag) Put#add(byte[] family, byte[] qualifier, long ts, byte[] value, Tag[] tag) ]]> + Some of the feature developed using tags are Cell level ACLs and Visibility labels. These are some features that use tags framework and allows users to gain better security features on cell level. @@ -465,6 +466,7 @@ Put#add(byte[] family, byte[] qualifier, long ts, byte[] value, Tag[] tag) linkend="hbase.visibility.labels">Visibility labels +
Access Control @@ -631,6 +633,7 @@ Put#add(byte[] family, byte[] qualifier, long ts, byte[] value, Tag[] tag) Permissions can be granted in any of the following scopes, though CREATE and ADMIN permissions are effective only at table scope. + Table @@ -684,6 +687,650 @@ Put#add(byte[] family, byte[] qualifier, long ts, byte[] value, Tag[] tag) table attribute. Only a single user principal can own a table at a given time. A table owner will have all permissions over a given table.
+
+ Access Control Matrix + The following matrix shows the minimum permission set required to perform operations in + HBase. Before using the table, read through the information about how to interpret it. + + Interpreting the ACL Matrix Table + The following conventions are used in the ACL Matrix table: + + Scopes + + Permissions are evaluated starting at the widest scope and working to the + narrowest scope. A scope corresponds to a level of the data model. From broadest to + narrowest, the scopes are as follows:: + + Global + Namespace (NS) + Table + Column Qualifier (CF) + Column Family (CQ) + Cell + + For instance, a permission granted at table level dominates any grants done at the + ColumnFamily, ColumnQualifier, or cell level. The user can do what that grant implies + at any location in the table. A permission granted at global scope dominates all: the + user is always allowed to take that action everywhere. + + + + Permissions + + Possible permissions include the following: + + Superuser - a special user that belongs to group "supergroup" and has + unlimited access + Admin (A) + Create (C) + Write (W) + Read (R) + Execute (X) + + + + + + For the most part, permissions work in an expected way, with the following caveats: + + + Having Write permission does not imply Read permission. It is possible and sometimes + desirable for a user to be able to write data that same user cannot read. One such example + is a log-writing process. + + + Admin is a superset of Create, so a user with Admin permissions does not also need + Create permissions to perform an action such as creating a table. + + + The hbase:meta table is readable by every user, regardless + of the user's other grants or restrictions. This is a requirement for HBase to + function correctly. + + + Users with Create or Admin permissions are granted Write permission on meta regions, + so the table operations they are allowed to perform can complete, even if technically + the bits can be granted separately in any possible combination. + + + CheckAndPut and CheckAndDelete operations will fail if the user does not have both + Write and Read permission. + + + Increment and Append operations do not require Read access. + + + + The following table is sorted by the interface that provides each operation. In case the + table goes out of date, the unit tests which check for accuracy of permissions can be found + in + hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java, + and the access controls themselves can be examined in + hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java. + + + ACL Matrix + + + + Interface + Operation + Minimum Scope + Minimum Permission + + + + + + + Master + + + createTable + + + Global + + + A + + + + + modifyTable + + + Table + + + A|CW + + + + + deleteTable + + + Table + + + A|CW + + + + + truncateTable + + + Table + + + A|CW + + + + + addColumn + + + Table + + + A|CW + + + + + modifyColumn + + + Table + + + A|CW + + + + + deleteColumn + + + Table + + + A|CW + + + + + disableTable + + + Table + + + A|CW + + + + + disableAclTable + + + None + + + Not allowed + + + + + enableTable + + + Table + + + A|CW + + + + + move + + + Global + + + A + + + + + assign + + + Global + + + A + + + + + unassign + + + Global + + + A + + + + + regionOffline + + + Global + + + A + + + + + balance + + + Global + + + A + + + + + balanceSwitch + + + Global + + + A + + + + + shutdown + + + Global + + + A + + + + + stopMaster + + + Global + + + A + + + + + snapshot + + + Global + + + A + + + + + clone + + + Global + + + A + + + + + restore + + + Global + + + A + + + + + deleteSnapshot + + + Global + + + A + + + + + createNamespace + + + Global + + + A + + + + + deleteNamespace + + + Namespace + + + A + + + + + modifyNamespace + + + Namespace + + + A + + + + + flushTable + + + Table + + + A|CW + + + + + getTableDescriptors + + + Global|Table + + + A + + + + + mergeRegions + + + Global + + + A + + + + Region + + preOpen + Global + A + + + + openRegion + + + Global + + + A + + + + preClose + Global + A + + + + closeRegion + + + Global + + + A + + + + preStopRegionServer + Global + A + + + + stopRegionServer + + + Global + + + A + + + + + mergeRegions + + + Global + + + A + + + + append + Table + W + + + delete + Table|CF|CQ + W + + + exists + Table|CF|CQ + R + + + get + Table|CF|CQ + R + + + getClosestRowBefore + Table|CF|CQ + R + + + increment + Table|CF|CQ + W + + + put + Table|CF|CQ + W + + + + flush + + + Global + + + A|CW + + + + + split + + + Global + + + A + + + + + compact + + + Global + + + A|CW + + + + bulkLoadHFile + Table + W + + + prepareBulkLoad + Table + CW + + + cleanupBulkLoad + Table + W + + + checkAndDelete + Table|CF|CQ + RW + + + checkAndPut + Table|CF|CQ + RW + + + incrementColumnValue + Table|CF|CQ + RW + + + ScannerClose + Table + R + + + ScannerNext + Table + R + + + ScannerOpen + Table|CQ|CF + R + + + + Endpoint + + + invoke + + Endpoint + + X + + + + + AccessController + + + grant + + Global|Table|NS + + A + + + + + revoke + + Global|Table|NS + + A + + + + + userPermissions + + + Global|Table|NS + + + A + + + + + checkPermissions + + + Global|Table|NS + + + A + + + + +
+
Server-side Configuration for Access Control