Enabling HBase Access Control

About this task

Procedure

  1. On the HBase Region Server, edit the /opt/mapr/hbase/hbase-<version>/conf/hbase-site.xml file and add the following section: 
    <property>
    <name>hbase.coprocessor.region.classes</name>
    <value>org.apache.hadoop.hbase.security.token.TokenProvider,org.apache.hadoop.hbase.security.access.AccessController</value>
</property>
<property>
    <name>hbase.superuser</name>
    <value><admin1>,<admin2>,@<group1>,...</value> <!-- group names are
prefixed with '@' -->
  </property>
<property>
    <name>hbase.rpc.engine</name>
    <value>org.apache.hadoop.hbase.ipc.SecureRpcEngine</value>
</property>
  2. On the HBase Master, edit the /opt/mapr/hbase/hbase-<version>/conf/hbase-site.xml file and add the following section: 
    <property>
    <name>hbase.rpc.engine</name>
    <value>org.apache.hadoop.hbase.ipc.SecureRpcEngine</value>
</property>
<property>
    <name>hbase.coprocessor.master.classes</name>
    <value>org.apache.hadoop.hbase.security.access.AccessController</value>
</property>
<property>
    <name>hbase.superuser</name>
    <value><admin1>,<admin2>,@<group1>,...</value> <!-- group names are
prefixed with '@' -->
  </property>
  3. On every HBase client node, edit the /opt/mapr/hbase/hbase-<version>/conf/hbase-site.xml file and add the following section: 
    <property>
    <name>hbase.rpc.engine</name>
    <value>org.apache.hadoop.hbase.ipc.SecureRpcEngine</value>
</property>
  4. Restart HBase on every node.