hbase-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gary Helmling <ghelml...@gmail.com>
Subject Re: restrict clients
Date Tue, 12 Feb 2013 04:05:43 GMT
You can also use the service-level authorization support to control which
users/groups are allowed to connect at all.  It's configured via
hbase-policy.xml in the conf/ directory and functions similarly to the HDFS
implementation:
http://hadoop.apache.org/docs/r1.0.4/service_level_auth.html

But with ACLs already controlling who has read access, you can get
finer-grained support with ACLs directly.

If you want to control which hosts can connect to the cluster at all, start
with iptables, as Mike suggests.


On Mon, Feb 11, 2013 at 7:36 PM, Anoop Sam John <anoopsj@huawei.com> wrote:

> HBase supports Kerberos based authentication. Only those client nodes with
> a valid Kerberos ticket can connect with the HBase cluster.
>
> -Anoop-
> ________________________________________
> From: Rita [rmorgan466@gmail.com]
> Sent: Monday, February 11, 2013 6:37 PM
> To: user@hbase.apache.org
> Subject: Re: restrict clients
>
> Hi,
>
> I am looking for more than an ACL. I want to control what clients can
> connect to the hbase cluster. Is that possible?
>
>
> On Fri, Feb 8, 2013 at 10:36 AM, Stas Maksimov <maksimov@gmail.com> wrote:
>
> > Hi Rita,
> >
> > As far as I know ACL is on a user basis. Here's a link for you:
> > http://hbase.apache.org/book/hbase.accesscontrol.configuration.html
> >
> > Thanks,
> > Stas
> >
> >
> > On 8 February 2013 15:20, Rita <rmorgan466@gmail.com> wrote:
> >
> > > Hi,
> > >
> > > In an enterprise deployment, how can I restrict who can access the
> data?
> > > For example, I want only certain servers able to GET,PUT data everyone
> > else
> > > should be denied. Is this possible?
> > >
> > >
> > >
> > > --
> > > --- Get your facts first, then you can distort them as you please.--
> > >
> >
>
>
>
> --
> --- Get your facts first, then you can distort them as you please.--
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message