Ranger配置HBase权限并简单测试

作者: sysit 分类: d 发表于 2021-07-14 189人围观

## 1. 开启HBase Plugin

![title](/api/file/getImage?fileId=5a327e043cd7c9450c0006f8)

## 2. Ranger权限配置

* hbase 用户默认是能创建成功的

```
hbase(main):001:0> whoami
hbase (auth:SIMPLE)
    groups: hadoop

hbase(main):002:0> create 't1',{NAME =>'f1', VERSIONS => 2},{NAME =>'f2' , VERSIONS => 2}
0 row(s) in 1.4740 seconds

=> Hbase::Table - t1
```

* 使用hdp1用户报错

```
hbase(main):007:0> create 't1',{NAME =>'f1', VERSIONS => 2},{NAME =>'f2' , VERSIONS => 2}

ERROR: org.apache.hadoop.hbase.security.AccessDeniedException: Insufficient permissions for user 'hdp1' (action=create)
```

* 对hdp1用户授权

![title](/api/file/getImage?fileId=60ee9710e0dda66a8a00d602)

![title](/api/file/getImage?fileId=60ee9747e0dda66a8a00d603)

![title](/api/file/getImage?fileId=60ee978ce0dda66a8a00d604)

![title](/api/file/getImage?fileId=60ee97c2e0dda66a8a00d605)

* 测试对t2的操作

```
hbase(main):001:0> whoami
hdp1 (auth:SIMPLE)
    groups: hdp1

hbase(main):003:0> create 't2',{NAME =>'f1', VERSIONS => 2},{NAME =>'f2' , VERSIONS => 2}
0 row(s) in 1.2530 seconds

=> Hbase::Table - t2

hbase(main):004:0> create 't3',{NAME =>'f1', VERSIONS => 2},{NAME =>'f2' , VERSIONS => 2}

ERROR: org.apache.hadoop.hbase.security.AccessDeniedException: Insufficient permissions for user 'hdp1' (action=create)

hbase(main):009:0> list
TABLE                                                                                                                            
t1                                                                                                                               
t2                                                                                                                               
2 row(s) in 0.0030 seconds

=> ["t1", "t2"]

hbase(main):005:0> disable 't2'
0 row(s) in 2.3330 seconds

hbase(main):006:0> drop 't2'
0 row(s) in 1.2500 seconds

hbase(main):007:0> list
TABLE                                                                                                                            
t1                                                                                                                               
1 row(s) in 0.0180 seconds

=> ["t1"]
```

> 上面只能对t2表做操作

* 注意文件权限，特别需要/user/hdp1的权限

```
[hdfs@node3 ~]$ hdfs dfs -ls /
Found 10 items
drwxrwxrwx   - yarn   hadoop          0 2017-11-28 15:49 /app-logs
drwxr-xr-x   - hdfs   hdfs            0 2017-11-28 16:14 /apps
drwxr-xr-x   - yarn   hadoop          0 2017-11-28 15:48 /ats
drwxr-xr-x   - hdfs   hdfs            0 2017-11-28 15:48 /hdp
drwxr-xr-x   - mapred hdfs            0 2017-11-28 15:48 /mapred
drwxrwxrwx   - mapred hadoop          0 2017-11-28 15:48 /mr-history
drwxr-xr-x   - hdfs   hdfs            0 2017-12-14 10:22 /ranger
drwxrwxrwx   - hdfs   hdfs            0 2017-11-28 16:16 /tmp
drwxr-xr-x   - hdfs   hdfs            0 2017-12-14 14:56 /user
drwxr-xr-x   - hdfs   hdfs            0 2017-11-28 16:14 /webhdfs
[hdfs@node3 ~]$ hdfs dfs -ls /apps
Found 2 items
drwxr-xr-x   - hdfs hdfs          0 2017-11-28 15:20 /apps/hbase
drwxr-xr-x   - hdfs hdfs          0 2017-11-28 16:14 /apps/hive
[hdfs@node3 ~]$ hdfs dfs -ls /user/hbase
[hdfs@node3 ~]$ hdfs dfs -ls /user/
Found 7 items
drwxrwx---   - ambari-qa hdfs          0 2017-11-28 16:15 /user/ambari-qa
drwxr-xr-x   - hbase     hdfs          0 2017-11-28 15:20 /user/hbase
drwxr-xr-x   - hcat      hdfs          0 2017-11-28 16:14 /user/hcat
drwx------   - hdfs      hdfs          0 2017-12-14 15:09 /user/hdfs
drwx------   - hdp1      hdp1          0 2017-12-14 14:55 /user/hdp1
drwx------   - hdp2      hdp2          0 2017-12-14 16:11 /user/hdp2
drwxr-xr-x   - hive      hdfs          0 2017-11-28 16:14 /user/hive
[hdfs@node3 ~]$ hdfs dfs -chmod 700 /apps/hbase
[hdfs@node3 ~]$ hdfs dfs -chmod 700 /user/hbase
[hdfs@node3 ~]$ hdfs dfs -ls -d /apps/hbase
drwx------   - hdfs hdfs          0 2017-11-28 15:20 /apps/hbase
[hdfs@node3 ~]$ hdfs dfs -ls -d /user/hbase
drwx------   - hbase hdfs          0 2017-11-28 15:20 /user/hbase
```

如果觉得我的文章对您有用，请随意赞赏。您的支持将鼓励我继续创作！