Configure HBase ACLs

HBase supports Access Control Lists (ACLs) to limit the privileges of users on the system. Before you can use ACLs, you need to perform the steps to enable ACLs.

HBase ACLs support the following privileges:

  • Read
  • Write
  • Execute
  • Create tables
  • Administrator
The possible scopes are:
  • Superuser
  • Global
  • Namespace
  • Table
  • ColumnFamily
  • Cell
For information about each scope, see Understanding Access Levels.

Once you enable the use of ACLs, you can grant and remove privileges from users by using the grant and revoke commands from the HBase shell. The following example grants user jfoo read privileges from column family cf1 of table mytable:

hbase(main):001:0> grant 'jfoo' 'R' 'mytable','cf1'

This example removes user kbar's administrative privileges on the cluster:

hbase(main):001:0> revoke 'kbar' 'A'