给用户分配对每个表的操作权限,有RWXCA五种,对应READ, WRITE, EXEC, CREATE, ADMIN
hbase(main):222:0> help "grant"
Grant users specific rights.
Syntax: grant <user or @group>, <permissions> [, <table> [, <column family> [, <column qualifier>]]]
Syntax: grant <user or @group>, <permissions>, <@namespace>
permissions is either zero or more letters from the set "RWXCA". READ('R'), WRITE('W'), EXEC('X'), CREATE('C'), ADMIN('A')
Note: Groups and users are granted access in the same way, but groups are prefixed with an '@' character. Tables and namespaces are specified the same way, but namespaces are prefixed with an '@' character.
For example:
hbase> grant 'bobsmith', 'RWXCA'
hbase> grant '@admins', 'RWXCA'
hbase> grant 'bobsmith', 'RWXCA', '@ns1'
hbase> grant 'bobsmith', 'RW', 't1', 'f1', 'col1'
hbase> grant 'bobsmith', 'RW', 'ns1:t1', 'f1', 'col1'
查看权限
hbase(main):220:0> help "user_permission"
Show all permissions for the particular user. Syntax : user_permission <table>
Note: A namespace must always precede with '@' character.
For example:
hbase> user_permission
hbase> user_permission '@ns1'
hbase> user_permission '@.*'
hbase> user_permission '@^[a-c].*'
hbase> user_permission 'table1'
hbase> user_permission 'namespace1:table1'
hbase> user_permission '.*'
hbase> user_permission '^[A-C].*'
收回权限
hbase(main):221:0> help "revoke"
Revoke a user's access rights.
Syntax:
revoke <user or @group> [, <table> [, <column family> [, <column qualifier>]]]
Syntax:
revoke <user or @group>, <@namespace>
Note: Groups and users access are revoked in the same way, but groups are prefixed with an '@' character. Tables and namespaces are specified the same way, but namespaces are prefixed with an '@' character.
For example:
hbase> revoke 'bobsmith'
hbase> revoke '@admins'
hbase> revoke 'bobsmith', '@ns1'
hbase> revoke 'bobsmith', 't1', 'f1', 'col1'
hbase> revoke 'bobsmith', 'ns1:t1', 'f1', 'col1'