vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/mrs/component-operation-guide-lts/mrs_01_1857.html
Yang, Tong 3f5759eed2 MRS comp-lts 2.0.38.SP20 version 
Reviewed-by: Hasko, Vladimir <vladimir.hasko@t-systems.com>
Co-authored-by: Yang, Tong <yangtong2@huawei.com>
Co-committed-by: Yang, Tong <yangtong2@huawei.com>
2023-01-19 17:08:45 +00:00

151 lines
29 KiB
HTML
Raw Blame History

<a name="mrs_01_1857"></a><a name="mrs_01_1857"></a>
<h1 class="topictitle1">Adding a Ranger Access Permission Policy for HBase</h1>
<div id="body8662426"><div class="section" id="mrs_01_1857__en-us_topic_0000001173949136_section1861148182711"><h4 class="sectiontitle">Scenario</h4><p id="mrs_01_1857__en-us_topic_0000001173949136_p757895715271">Ranger administrators can use Ranger to configure permissions on HBase tables, column families, and columns for HBase users.</p>
</div>
<div class="section" id="mrs_01_1857__en-us_topic_0000001173949136_section11493172153315"><h4 class="sectiontitle">Prerequisites</h4><ul id="mrs_01_1857__en-us_topic_0000001173949136_ul5357197143515"><li id="mrs_01_1857__en-us_topic_0000001173949136_li735717193519">The Ranger service has been installed and is running properly.</li><li id="mrs_01_1857__en-us_topic_0000001173949136_li1516017214353">You have created users, user groups, or roles for which you want to configure permissions.</li></ul>
</div>
<div class="section" id="mrs_01_1857__en-us_topic_0000001173949136_section747294016257"><h4 class="sectiontitle">Procedure</h4><ol id="mrs_01_1857__en-us_topic_0000001173949136_ol1065893219380"><li id="mrs_01_1857__en-us_topic_0000001173949136_li113985310516"><span>Log in to the Ranger management page.</span></li><li id="mrs_01_1857__en-us_topic_0000001173949136_li18658932173820"><span>On the home page, click the component plug-in name in the <strong id="mrs_01_1857__en-us_topic_0000001173949136_b164181913112312">HBASE</strong> area, for example, <strong id="mrs_01_1857__en-us_topic_0000001173949136_b242331317232">HBase</strong>.</span></li><li id="mrs_01_1857__en-us_topic_0000001173949136_li1955384410387"><span>Click <strong id="mrs_01_1857__en-us_topic_0000001173949136_b55342169237">Add New Policy</strong> to add an HBase permission control policy.</span></li><li id="mrs_01_1857__en-us_topic_0000001173949136_li139634483403"><span>Configure the parameters listed in the table below based on the service demands.</span><p>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="mrs_01_1857__en-us_topic_0000001173949136_table4469841184115" frame="border" border="1" rules="all"><caption><b>Table 1 </b>HBase permission parameters</caption><thead align="left"><tr id="mrs_01_1857__en-us_topic_0000001173949136_row2469841104115"><th align="left" class="cellrowborder" valign="top" width="17.34%" id="mcps1.3.3.2.4.2.1.2.3.1.1"><p id="mrs_01_1857__en-us_topic_0000001173949136_p846954194111">Parameter</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="82.66%" id="mcps1.3.3.2.4.2.1.2.3.1.2"><p id="mrs_01_1857__en-us_topic_0000001173949136_p1346904194117">Description</p>
</th>
</tr>
</thead>
<tbody><tr id="mrs_01_1857__en-us_topic_0000001173949136_row1469174110419"><td class="cellrowborder" valign="top" width="17.34%" headers="mcps1.3.3.2.4.2.1.2.3.1.1 "><p id="mrs_01_1857__en-us_topic_0000001173949136_p1469114120417">Policy Name</p>
</td>
<td class="cellrowborder" valign="top" width="82.66%" headers="mcps1.3.3.2.4.2.1.2.3.1.2 "><p id="mrs_01_1857__en-us_topic_0000001173949136_p546954144118">Policy name, which can be customized and must be unique in the service.</p>
</td>
</tr>
<tr id="mrs_01_1857__en-us_topic_0000001173949136_row1731584132218"><td class="cellrowborder" valign="top" width="17.34%" headers="mcps1.3.3.2.4.2.1.2.3.1.1 "><p id="mrs_01_1857__en-us_topic_0000001173949136_p1031644172220">Policy Conditions</p>
</td>
<td class="cellrowborder" valign="top" width="82.66%" headers="mcps1.3.3.2.4.2.1.2.3.1.2 "><p id="mrs_01_1857__en-us_topic_0000001173949136_p113161841221">IP address filtering policy, which can be customized. You can enter one or more IP addresses or IP address segments. The IP address can contain the wildcard character (*), for example, <strong id="mrs_01_1857__en-us_topic_0000001173949136_b14948525161114">192.168.1.10</strong>,<strong id="mrs_01_1857__en-us_topic_0000001173949136_b3948425131118">192.168.1.20</strong>, or <strong id="mrs_01_1857__en-us_topic_0000001173949136_b13948625101119">192.168.1.*</strong>.</p>
</td>
</tr>
<tr id="mrs_01_1857__en-us_topic_0000001173949136_row6691336665"><td class="cellrowborder" valign="top" width="17.34%" headers="mcps1.3.3.2.4.2.1.2.3.1.1 "><p id="mrs_01_1857__en-us_topic_0000001173949136_p196910112228">Policy Label</p>
</td>
<td class="cellrowborder" valign="top" width="82.66%" headers="mcps1.3.3.2.4.2.1.2.3.1.2 "><p id="mrs_01_1857__en-us_topic_0000001173949136_p5695112225">A label specified for the current policy. You can search for reports and filter policies based on labels.</p>
</td>
</tr>
<tr id="mrs_01_1857__en-us_topic_0000001173949136_row104697417417"><td class="cellrowborder" valign="top" width="17.34%" headers="mcps1.3.3.2.4.2.1.2.3.1.1 "><p id="mrs_01_1857__en-us_topic_0000001173949136_p1598819376474">HBase Table</p>
</td>
<td class="cellrowborder" valign="top" width="82.66%" headers="mcps1.3.3.2.4.2.1.2.3.1.2 "><p id="mrs_01_1857__en-us_topic_0000001173949136_p48741418389">Name of a table to which the policy applies.</p>
<p id="mrs_01_1857__en-us_topic_0000001173949136_p371393301720">The value can contain wildcard (*). For example,<strong id="mrs_01_1857__en-us_topic_0000001173949136_b185693503240"> table1:*</strong> indicates all tables in <strong id="mrs_01_1857__en-us_topic_0000001173949136_b6574165011248">table1</strong>.</p>
<p id="mrs_01_1857__en-us_topic_0000001173949136_p144739142518">The <span class="parmname" id="mrs_01_1857__en-us_topic_0000001173949136_parmname39865591819"><b>Include</b></span> policy applies to the current input object, and the <span class="parmname" id="mrs_01_1857__en-us_topic_0000001173949136_parmname15987195914117"><b>Exclude</b></span> policy applies to objects other than the current input object.</p>
<div class="note" id="mrs_01_1857__en-us_topic_0000001173949136_note2273194813387"><span class="notetitle"> NOTE: </span><div class="notebody"><p id="mrs_01_1857__en-us_topic_0000001173949136_p024545420387">The value of <strong id="mrs_01_1857__en-us_topic_0000001173949136_b483011924410">hbase.rpc.protection</strong> of the HBase service plug-in on Ranger must be the same as that of <strong id="mrs_01_1857__en-us_topic_0000001173949136_b10472161210452">hbase.rpc.protection</strong> on the HBase server. For details, see <a href="mrs_01_2355.html">When an HBase Policy Is Added or Modified on Ranger, Wildcard Characters Cannot Be Used to Search for Existing HBase Tables</a>.</p>
</div></div>
</td>
</tr>
<tr id="mrs_01_1857__en-us_topic_0000001173949136_row18148183261417"><td class="cellrowborder" valign="top" width="17.34%" headers="mcps1.3.3.2.4.2.1.2.3.1.1 "><p id="mrs_01_1857__en-us_topic_0000001173949136_p714912322149">HBase Column-family</p>
</td>
<td class="cellrowborder" valign="top" width="82.66%" headers="mcps1.3.3.2.4.2.1.2.3.1.2 "><p id="mrs_01_1857__en-us_topic_0000001173949136_p03408216150">Name of the column families to which the policy applies.</p>
<p id="mrs_01_1857__en-us_topic_0000001173949136_p7607204543712">The <span class="parmname" id="mrs_01_1857__en-us_topic_0000001173949136_parmname0316162010510"><b>Include</b></span> policy applies to the current input object, and the <span class="parmname" id="mrs_01_1857__en-us_topic_0000001173949136_parmname1932319201759"><b>Exclude</b></span> policy applies to objects other than the current input object.</p>
</td>
</tr>
<tr id="mrs_01_1857__en-us_topic_0000001173949136_row20149173241416"><td class="cellrowborder" valign="top" width="17.34%" headers="mcps1.3.3.2.4.2.1.2.3.1.1 "><p id="mrs_01_1857__en-us_topic_0000001173949136_p314923214146">HBase Column</p>
</td>
<td class="cellrowborder" valign="top" width="82.66%" headers="mcps1.3.3.2.4.2.1.2.3.1.2 "><p id="mrs_01_1857__en-us_topic_0000001173949136_p61490323147">Name of the column to which the policy applies.</p>
<p id="mrs_01_1857__en-us_topic_0000001173949136_p3411194573917">The <span class="parmname" id="mrs_01_1857__en-us_topic_0000001173949136_parmname211732415512"><b>Include</b></span> policy applies to the current input object, and the <span class="parmname" id="mrs_01_1857__en-us_topic_0000001173949136_parmname161234241054"><b>Exclude</b></span> policy applies to objects other than the current input object.</p>
</td>
</tr>
<tr id="mrs_01_1857__en-us_topic_0000001173949136_row1069716327195"><td class="cellrowborder" valign="top" width="17.34%" headers="mcps1.3.3.2.4.2.1.2.3.1.1 "><p id="mrs_01_1857__en-us_topic_0000001173949136_p15697173210192">Description</p>
</td>
<td class="cellrowborder" valign="top" width="82.66%" headers="mcps1.3.3.2.4.2.1.2.3.1.2 "><p id="mrs_01_1857__en-us_topic_0000001173949136_p1869773261914">Policy description.</p>
</td>
</tr>
<tr id="mrs_01_1857__en-us_topic_0000001173949136_row12469141164113"><td class="cellrowborder" valign="top" width="17.34%" headers="mcps1.3.3.2.4.2.1.2.3.1.1 "><p id="mrs_01_1857__en-us_topic_0000001173949136_p898812379471">Audit Logging</p>
</td>
<td class="cellrowborder" valign="top" width="82.66%" headers="mcps1.3.3.2.4.2.1.2.3.1.2 "><p id="mrs_01_1857__en-us_topic_0000001173949136_p18988437174719">Whether to audit the policy.</p>
</td>
</tr>
<tr id="mrs_01_1857__en-us_topic_0000001173949136_row29973720471"><td class="cellrowborder" valign="top" width="17.34%" headers="mcps1.3.3.2.4.2.1.2.3.1.1 "><p id="mrs_01_1857__en-us_topic_0000001173949136_p11995376471">Allow Conditions</p>
</td>
<td class="cellrowborder" valign="top" width="82.66%" headers="mcps1.3.3.2.4.2.1.2.3.1.2 "><p id="mrs_01_1857__en-us_topic_0000001173949136_p18991137164717">Policy allowed condition. You can configure permissions and exceptions allowed by the policy.</p>
<p id="mrs_01_1857__en-us_topic_0000001173949136_p1819113143111">In the <strong id="mrs_01_1857__en-us_topic_0000001173949136_b103722321110">Select Role</strong>, <strong id="mrs_01_1857__en-us_topic_0000001173949136_b9377153216119">Select Group</strong>, and <strong id="mrs_01_1857__en-us_topic_0000001173949136_b03771632141112">Select User</strong> columns, select the role, user group, or user to which the permission is to be granted, click <strong id="mrs_01_1857__en-us_topic_0000001173949136_b173771232111114">Add Conditions</strong>, add the IP address range to which the policy applies, and click <strong id="mrs_01_1857__en-us_topic_0000001173949136_b103774329117">Add Permissions</strong> to add the corresponding permission.</p>
<ul id="mrs_01_1857__en-us_topic_0000001173949136_ul183931610151418"><li id="mrs_01_1857__en-us_topic_0000001173949136_li2039341013144"><strong id="mrs_01_1857__en-us_topic_0000001173949136_b15362529171514">Read</strong>: permission to read data</li><li id="mrs_01_1857__en-us_topic_0000001173949136_li691217172146"><strong id="mrs_01_1857__en-us_topic_0000001173949136_b1199693414156">Write</strong>: permission to write data</li><li id="mrs_01_1857__en-us_topic_0000001173949136_li8597132031418"><strong id="mrs_01_1857__en-us_topic_0000001173949136_b917004071515">Create</strong>: permission to create data</li><li id="mrs_01_1857__en-us_topic_0000001173949136_li1046411237167"><strong id="mrs_01_1857__en-us_topic_0000001173949136_b181310430158">Admin</strong>: permission to manage data</li><li id="mrs_01_1857__en-us_topic_0000001173949136_li42499744316"><strong id="mrs_01_1857__en-us_topic_0000001173949136_b13291837142016">Select/Deselect All</strong>: Select or deselect all.</li></ul>
<p id="mrs_01_1857__en-us_topic_0000001173949136_p1947092722612">If users or user groups in the current condition need to manage this policy, select <strong id="mrs_01_1857__en-us_topic_0000001173949136_b32731448152615">Delegate Admin</strong>. These users or user groups will become the agent administrators. The agent administrators can update and delete this policy and create sub-policies based on the original policy.</p>
<p id="mrs_01_1857__en-us_topic_0000001173949136_p1455931125418">To add multiple permission control rules, click <span><img id="mrs_01_1857__en-us_topic_0000001173949136_image39121143141112" src="en-us_image_0000001295739996.png"></span>. To delete a permission control rule, click <span><img id="mrs_01_1857__en-us_topic_0000001173949136_image9311372338" src="en-us_image_0000001348739829.png"></span>.</p>
<p id="mrs_01_1857__en-us_topic_0000001173949136_p830416219359">Exclude from Allow Conditions: policy exception conditions</p>
</td>
</tr>
<tr id="mrs_01_1857__en-us_topic_0000001173949136_row387122619275"><td class="cellrowborder" valign="top" width="17.34%" headers="mcps1.3.3.2.4.2.1.2.3.1.1 "><p id="mrs_01_1857__en-us_topic_0000001173949136_p138832692710">Deny All Other Accesses</p>
</td>
<td class="cellrowborder" valign="top" width="82.66%" headers="mcps1.3.3.2.4.2.1.2.3.1.2 "><p id="mrs_01_1857__en-us_topic_0000001173949136_p144192211564">Whether to reject all other access requests.</p>
<ul id="mrs_01_1857__en-us_topic_0000001173949136_ul1869410255564"><li id="mrs_01_1857__en-us_topic_0000001173949136_li16941255562"><strong id="mrs_01_1857__en-us_topic_0000001173949136_b13298555101516">True</strong>: All other access requests are rejected.</li><li id="mrs_01_1857__en-us_topic_0000001173949136_li1769402595615"><strong id="mrs_01_1857__en-us_topic_0000001173949136_b98681327359">False</strong>: <strong id="mrs_01_1857__en-us_topic_0000001173949136_b3874122714514">Deny Conditions</strong> can be configured.</li></ul>
</td>
</tr>
<tr id="mrs_01_1857__en-us_topic_0000001173949136_row899937184718"><td class="cellrowborder" valign="top" width="17.34%" headers="mcps1.3.3.2.4.2.1.2.3.1.1 "><p id="mrs_01_1857__en-us_topic_0000001173949136_p5991537154719">Deny Conditions</p>
</td>
<td class="cellrowborder" valign="top" width="82.66%" headers="mcps1.3.3.2.4.2.1.2.3.1.2 "><p id="mrs_01_1857__en-us_topic_0000001173949136_p1799337194719">Policy rejection condition, which is used to configure the permissions and exceptions to be denied in the policy. The configuration method is similar to that of <strong id="mrs_01_1857__en-us_topic_0000001173949136_b54276209285">Allow Conditions</strong>.</p>
<p id="mrs_01_1857__en-us_topic_0000001173949136_p16280440151113">The priority of <strong id="mrs_01_1857__en-us_topic_0000001173949136_b136591323172815">Deny Conditions</strong> is higher than that of allowed conditions configured in <strong id="mrs_01_1857__en-us_topic_0000001173949136_b76651237284">Allow Conditions</strong>.</p>
<p id="mrs_01_1857__en-us_topic_0000001173949136_p10996114819815"><strong id="mrs_01_1857__en-us_topic_0000001173949136_b4350164111213">Exclude from Deny Conditions</strong>: exception rules excluded from the denied conditions</p>
</td>
</tr>
</tbody>
</table>
</div>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="mrs_01_1857__en-us_topic_0000001173949136_t873a9c44357b40cd98cb948ce9438d93" frame="border" border="1" rules="all"><caption><b>Table 2 </b>Setting permissions</caption><thead align="left"><tr id="mrs_01_1857__en-us_topic_0000001173949136_r22d8abe0340447d689b9e0e015272547"><th align="left" class="cellrowborder" valign="top" width="30.259999999999998%" id="mcps1.3.3.2.4.2.2.2.3.1.1"><p id="mrs_01_1857__en-us_topic_0000001173949136_ac6fb62376c174fb5a3fc46f3ac6455d4">Task</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="69.74000000000001%" id="mcps1.3.3.2.4.2.2.2.3.1.2"><p id="mrs_01_1857__en-us_topic_0000001173949136_aa62388fc922c4b9d9bf078faefd25db3">Role Authorization</p>
</th>
</tr>
</thead>
<tbody><tr id="mrs_01_1857__en-us_topic_0000001173949136_row62954416143450"><td class="cellrowborder" valign="top" width="30.259999999999998%" headers="mcps1.3.3.2.4.2.2.2.3.1.1 "><p id="mrs_01_1857__en-us_topic_0000001173949136_p39209373143450">Setting the HBase administrator permission</p>
</td>
<td class="cellrowborder" valign="top" width="69.74000000000001%" headers="mcps1.3.3.2.4.2.2.2.3.1.2 "><ol type="a" id="mrs_01_1857__en-us_topic_0000001173949136_ol9811840103417"><li id="mrs_01_1857__en-us_topic_0000001173949136_li3811140173416">On the home page, click the component plug-in name in the <strong id="mrs_01_1857__en-us_topic_0000001173949136_b178230356288">HBase</strong> area, for example, <strong id="mrs_01_1857__en-us_topic_0000001173949136_b0829735112812">HBase</strong>.</li><li id="mrs_01_1857__en-us_topic_0000001173949136_li13360163663816">Select the policy whose <strong id="mrs_01_1857__en-us_topic_0000001173949136_b18971039162818">Policy Name</strong> is <strong id="mrs_01_1857__en-us_topic_0000001173949136_b49771399282">all - table, column-family, column</strong> and click <span><img id="mrs_01_1857__en-us_topic_0000001173949136_image262417334017" src="en-us_image_0000001296059808.png"></span> to edit the policy.</li><li id="mrs_01_1857__en-us_topic_0000001173949136_li1369322054013">In the <strong id="mrs_01_1857__en-us_topic_0000001173949136_b1050264817288">Allow Conditions</strong> area, select a user from the <strong id="mrs_01_1857__en-us_topic_0000001173949136_b650313489281">Select User</strong> drop-down list.</li></ol>
</td>
</tr>
<tr id="mrs_01_1857__en-us_topic_0000001173949136_r5dfed8c26b5f4a208625be1492d26005"><td class="cellrowborder" valign="top" width="30.259999999999998%" headers="mcps1.3.3.2.4.2.2.2.3.1.1 "><p id="mrs_01_1857__en-us_topic_0000001173949136_a41b42dfe116b448e9c83482bba5070b3">Setting the permission for users to create tables</p>
</td>
<td class="cellrowborder" valign="top" width="69.74000000000001%" headers="mcps1.3.3.2.4.2.2.2.3.1.2 "><ol type="a" id="mrs_01_1857__en-us_topic_0000001173949136_o637a274405c540a28eb3e2d9087eae63"><li id="mrs_01_1857__en-us_topic_0000001173949136_li775214818254">In <strong id="mrs_01_1857__en-us_topic_0000001173949136_b3161165242812">HBase Table</strong>, specify a table name.</li><li id="mrs_01_1857__en-us_topic_0000001173949136_li1175211483251">In the <strong id="mrs_01_1857__en-us_topic_0000001173949136_b367213546286">Allow Conditions</strong> area, select a user from the <strong id="mrs_01_1857__en-us_topic_0000001173949136_b1167365416289">Select User</strong> drop-down list.</li><li id="mrs_01_1857__en-us_topic_0000001173949136_li575244820258">Click <strong id="mrs_01_1857__en-us_topic_0000001173949136_b3545956132813">Add Permissions</strong> and select <strong id="mrs_01_1857__en-us_topic_0000001173949136_b185454566284">Create</strong>.</li><li id="mrs_01_1857__en-us_topic_0000001173949136_li864784925511">This user hase the following permissions:<p id="mrs_01_1857__en-us_topic_0000001173949136_p189268585552"><a name="mrs_01_1857__en-us_topic_0000001173949136_li864784925511"></a><a name="en-us_topic_0000001173949136_li864784925511"></a>create table</p>
<p id="mrs_01_1857__en-us_topic_0000001173949136_p10926258205511">drop table</p>
<p id="mrs_01_1857__en-us_topic_0000001173949136_p1792615587556">truncate table</p>
<p id="mrs_01_1857__en-us_topic_0000001173949136_p8926115819554">alter table</p>
<p id="mrs_01_1857__en-us_topic_0000001173949136_p292613587556">enable table</p>
<p id="mrs_01_1857__en-us_topic_0000001173949136_p13926195835515">flush table</p>
<p id="mrs_01_1857__en-us_topic_0000001173949136_p1992615813558">flush region</p>
<p id="mrs_01_1857__en-us_topic_0000001173949136_p199261588552">compact</p>
<p id="mrs_01_1857__en-us_topic_0000001173949136_p492665819555">disable</p>
<p id="mrs_01_1857__en-us_topic_0000001173949136_p125451551331">enable</p>
<p id="mrs_01_1857__en-us_topic_0000001173949136_p1874515448539">desc</p>
</li></ol>
</td>
</tr>
<tr id="mrs_01_1857__en-us_topic_0000001173949136_ra5f354c6849d44edbeed327936919363"><td class="cellrowborder" valign="top" width="30.259999999999998%" headers="mcps1.3.3.2.4.2.2.2.3.1.1 "><p id="mrs_01_1857__en-us_topic_0000001173949136_a6c2cafda8f5b409ba74b68582842934f">Setting the permission for users to write data to tables</p>
</td>
<td class="cellrowborder" valign="top" width="69.74000000000001%" headers="mcps1.3.3.2.4.2.2.2.3.1.2 "><ol type="a" id="mrs_01_1857__en-us_topic_0000001173949136_ob98db7ec463946fab48b32af2a41711a"><li id="mrs_01_1857__en-us_topic_0000001173949136_li206861947290">In <strong id="mrs_01_1857__en-us_topic_0000001173949136_b933245972815">HBase Table</strong>, specify a table name.</li><li id="mrs_01_1857__en-us_topic_0000001173949136_li1268784714915">In the <strong id="mrs_01_1857__en-us_topic_0000001173949136_b164861800293">Allow Conditions</strong> area, select a user from the <strong id="mrs_01_1857__en-us_topic_0000001173949136_b164877011298">Select User</strong> drop-down list.</li><li id="mrs_01_1857__en-us_topic_0000001173949136_li1968717476912">Click <strong id="mrs_01_1857__en-us_topic_0000001173949136_b67851111296">Add Permissions</strong> and select <strong id="mrs_01_1857__en-us_topic_0000001173949136_b1878611132910">Write</strong>.</li><li id="mrs_01_1857__en-us_topic_0000001173949136_li1478803814520">The user has the <strong id="mrs_01_1857__en-us_topic_0000001173949136_b1175812112420">put</strong>, <strong id="mrs_01_1857__en-us_topic_0000001173949136_b25521239423">delete</strong>, <strong id="mrs_01_1857__en-us_topic_0000001173949136_b6136202504215">append</strong>, <strong id="mrs_01_1857__en-us_topic_0000001173949136_b956219269421">incr</strong> and <strong id="mrs_01_1857__en-us_topic_0000001173949136_b16632128134211">bulkload</strong> operation permissions.</li></ol>
</td>
</tr>
<tr id="mrs_01_1857__en-us_topic_0000001173949136_r6c36edec31fa430c91f7ad84f3e9a0ff"><td class="cellrowborder" valign="top" width="30.259999999999998%" headers="mcps1.3.3.2.4.2.2.2.3.1.1 "><p id="mrs_01_1857__en-us_topic_0000001173949136_adaee6dab764348d083aca4da79c6e99b">Setting the permission for users to read data from tables</p>
</td>
<td class="cellrowborder" valign="top" width="69.74000000000001%" headers="mcps1.3.3.2.4.2.2.2.3.1.2 "><ol type="a" id="mrs_01_1857__en-us_topic_0000001173949136_oa30fe88c86374c54947cf54944c691b6"><li id="mrs_01_1857__en-us_topic_0000001173949136_li035451241919">In <strong id="mrs_01_1857__en-us_topic_0000001173949136_b8703164132915">HBase Table</strong>, specify a table name.</li><li id="mrs_01_1857__en-us_topic_0000001173949136_li7354181211196">In the <strong id="mrs_01_1857__en-us_topic_0000001173949136_b168011558295">Allow Conditions</strong> area, select a user from the <strong id="mrs_01_1857__en-us_topic_0000001173949136_b178021657294">Select User</strong> drop-down list.</li><li id="mrs_01_1857__en-us_topic_0000001173949136_li2354161251911">Click <strong id="mrs_01_1857__en-us_topic_0000001173949136_b1513920792915">Add Permissions</strong> and select <strong id="mrs_01_1857__en-us_topic_0000001173949136_b51401776295">Read</strong>.</li><li id="mrs_01_1857__en-us_topic_0000001173949136_li185929571547">This user hase the <strong id="mrs_01_1857__en-us_topic_0000001173949136_b10644651144219">get</strong> and <strong id="mrs_01_1857__en-us_topic_0000001173949136_b42275593424">scan</strong> permissions.</li></ol>
</td>
</tr>
<tr id="mrs_01_1857__en-us_topic_0000001173949136_r95be17dbfe5646919d7299c1e229900e"><td class="cellrowborder" valign="top" width="30.259999999999998%" headers="mcps1.3.3.2.4.2.2.2.3.1.1 "><p id="mrs_01_1857__en-us_topic_0000001173949136_ad1db0bbdb9ec47cd95f0101bcc3f8699">Setting the permission for users to manage namespaces or tables</p>
</td>
<td class="cellrowborder" valign="top" width="69.74000000000001%" headers="mcps1.3.3.2.4.2.2.2.3.1.2 "><ol type="a" id="mrs_01_1857__en-us_topic_0000001173949136_o4fec88099543498580262f53621ac547"><li id="mrs_01_1857__en-us_topic_0000001173949136_li1952454211196">In <strong id="mrs_01_1857__en-us_topic_0000001173949136_b205561311102911">HBase Table</strong>, specify a table name.</li><li id="mrs_01_1857__en-us_topic_0000001173949136_li052464261919">In the <strong id="mrs_01_1857__en-us_topic_0000001173949136_b104591213132916">Allow Conditions</strong> area, select a user from the <strong id="mrs_01_1857__en-us_topic_0000001173949136_b6460201320294">Select User</strong> drop-down list.</li><li id="mrs_01_1857__en-us_topic_0000001173949136_li052474211199">Click <strong id="mrs_01_1857__en-us_topic_0000001173949136_b05871316182915">Add Permissions</strong> and select <strong id="mrs_01_1857__en-us_topic_0000001173949136_b059311162291">Admin</strong>.</li><li id="mrs_01_1857__en-us_topic_0000001173949136_li1399405204910">The user has the <strong id="mrs_01_1857__en-us_topic_0000001173949136_b63731513124313">rsgroup</strong>, <strong id="mrs_01_1857__en-us_topic_0000001173949136_b05264156432">peer</strong>, <strong id="mrs_01_1857__en-us_topic_0000001173949136_b5233171794314">assign</strong> and <strong id="mrs_01_1857__en-us_topic_0000001173949136_b43910205435">balance</strong> operation permissions.</li></ol>
</td>
</tr>
<tr id="mrs_01_1857__en-us_topic_0000001173949136_rd18a916a62e0438291e70f9ddf14c7e7"><td class="cellrowborder" valign="top" width="30.259999999999998%" headers="mcps1.3.3.2.4.2.2.2.3.1.1 "><p id="mrs_01_1857__en-us_topic_0000001173949136_acbb7239ce1a54b668354ecfc89b0b91a">Setting the permission for reading data from or writing data to columns</p>
</td>
<td class="cellrowborder" valign="top" width="69.74000000000001%" headers="mcps1.3.3.2.4.2.2.2.3.1.2 "><ol type="a" id="mrs_01_1857__en-us_topic_0000001173949136_o72c9dd86625646509cffe6de230c4c75"><li id="mrs_01_1857__en-us_topic_0000001173949136_li148212610222">In <strong id="mrs_01_1857__en-us_topic_0000001173949136_b12813172120298">HBase Table</strong>, specify a table name.</li><li id="mrs_01_1857__en-us_topic_0000001173949136_li960914339223">In <strong id="mrs_01_1857__en-us_topic_0000001173949136_b815802312294">HBase Column-family</strong>, specify the column family name.</li><li id="mrs_01_1857__en-us_topic_0000001173949136_li1777414132314">In the <strong id="mrs_01_1857__en-us_topic_0000001173949136_b11259172712913">Allow Conditions</strong> area, select a user from the <strong id="mrs_01_1857__en-us_topic_0000001173949136_b1526582711294">Select User</strong> drop-down list.</li><li id="mrs_01_1857__en-us_topic_0000001173949136_li1395711711239">Click <strong id="mrs_01_1857__en-us_topic_0000001173949136_b203851630192915">Add Permissions</strong> and select <strong id="mrs_01_1857__en-us_topic_0000001173949136_b8391130172911">Read</strong> and <strong id="mrs_01_1857__en-us_topic_0000001173949136_b13922030152916">Write</strong>.</li></ol>
</td>
</tr>
</tbody>
</table>
</div>
<div class="note" id="mrs_01_1857__en-us_topic_0000001173949136_note1850774416434"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="mrs_01_1857__en-us_topic_0000001173949136_p814921111116">If a user performs the <strong id="mrs_01_1857__en-us_topic_0000001173949136_b16625105865611">desc</strong> operation in <strong id="mrs_01_1857__en-us_topic_0000001173949136_b146083225710">hbase shell</strong>, the user must be granted the read permission on the <strong id="mrs_01_1857__en-us_topic_0000001173949136_b176913118577">hbase:qouta</strong> table.</p>
</div></div>
</p></li><li id="mrs_01_1857__en-us_topic_0000001173949136_li1171204215226"><span>(Optional) Add the validity period of the policy. Click <strong id="mrs_01_1857__en-us_topic_0000001173949136_b97857332292">Add Validity period</strong> in the upper right corner of the page, set <strong id="mrs_01_1857__en-us_topic_0000001173949136_b1978683392917">Start Time</strong> and <strong id="mrs_01_1857__en-us_topic_0000001173949136_b2787113310299">End Time</strong>, and select <strong id="mrs_01_1857__en-us_topic_0000001173949136_b12788033182913">Time Zone</strong>. Click <strong id="mrs_01_1857__en-us_topic_0000001173949136_b0673153742920">Save</strong>. To add multiple policy validity periods, click <span><img id="mrs_01_1857__en-us_topic_0000001173949136_en-us_topic_0241932507_image15741956174617" src="en-us_image_0000001296219440.png"></span>. To delete a policy validity period, click <span><img id="mrs_01_1857__en-us_topic_0000001173949136_en-us_topic_0241932507_image9741115619467" src="en-us_image_0000001349259105.png"></span>.</span></li><li id="mrs_01_1857__en-us_topic_0000001173949136_li18337132412418"><span>Click <strong id="mrs_01_1857__en-us_topic_0000001173949136_b4825348182913">Add</strong> to view the basic information about the policy in the policy list. After the policy takes effect, check whether the related permissions are normal.</span><p><p id="mrs_01_1857__en-us_topic_0000001173949136_en-us_topic_0241932507_p63219632216">To disable a policy, click <span><img id="mrs_01_1857__en-us_topic_0000001173949136_en-us_topic_0241932507_image1876104732217" src="en-us_image_0000001349059649.png"></span> to edit the policy and set the policy to <strong id="mrs_01_1857__en-us_topic_0000001173949136_b1552203412510">Disabled</strong>.</p>
<p id="mrs_01_1857__en-us_topic_0000001173949136_en-us_topic_0241932507_p1156483182316">If a policy is no longer used, click <span><img id="mrs_01_1857__en-us_topic_0000001173949136_en-us_topic_0241932507_image79841567249" src="en-us_image_0000001295740000.png"></span> to delete it.</p>
</p></li></ol>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="mrs_01_1849.html">Using Ranger</a></div>
</div>
</div>
View Git Blame Copy Permalink