...
Label | Description |
Policy Name | Enter an appropriate policy name. This name is cannot be duplicated for same Service type (Hbase). This field is mandatory. |
Hbase Table | Select the appropriate databasetable. Multiple tables can be selected for a particular policy. This field is mandatory |
Hbase column-family | For the selected table, select column families for the which the policy will be applicable |
Hbase column | For the selected table and CFcolumn family, select columns for the which the policy will be applicable |
Audit Logging | Choose whether the particular policy will be audited or not. |
Group permission | From a user group list, pick a particular group and choose permissions for that group. Choosing admin permission will designate the group as admin for the chosen resource |
User Permission | From a user list, pick a particular group user and choose permissions for that groupuser. Choosing admin permission will designate the user as admin for the chosen resource |
Enable/Disable | By default the policy is enabled.You can disable a policy to restrict user/group access for that policy. |
Note |
---|
Wildcards: Wildcards can be included in resource path.’*’ indicates zero or more occurs of characters.’?‘ indicates single character. You can use wildcards in the table name, column name, column families. for e.g table name as *, column family as ? and column name as ?. |
Permission | Description |
Read | Allows user to perform a read operation |
Write | Allows user to perform a write operation |
Create | Allows user to perform a create operation |
Admin | This gives the delegated admin access to user |
Note |
---|
GRANT: HBase GRANT is a command used to provide access or privileges on Hbase database tables to the users. |
Code Block |
---|
Syntax: grant '<user-or-group>','<permissions>','<table>' i.e : grant 'mark’' , 'RW' , 'testtable2' |
Note |
---|
This will create a policy and give read and write access to user1 on testtable2 .Similarly we can grant create and admin writes |
Edit / Delete / Revoke HBASE Policies
- You can edit/delete a policy from the HBASE Policy Listing page by clicking on the edit/delete button next to policy row.
...
Label | Description |
Policy name | Enter an appropriate policy name. This name is cannot be duplicated across the systemin the same Service type (Knox). |
Knox topology | Enter an appropriate Topology Name |
Knox service | Enter an appropriate Service Name |
Audit Logging | Choose whether the particular policy will be audited or not. |
User Group permissions | From a user list, pick a particular group and choose permissions for that group. Choosing admin permission will designate the user as admin for the chosen resource |
User Group permissions | From a user group user list, pick a particular group user and choose permissions for that group. Choosing admin permission will designate the group as admin for chosen resourceuser. |
Enable/disable | By default the policy is enabled. You can disable a policy to restrict user/group access for that policy. |
Include/Exclude | The include flag means it will consider the values entered in the field. The default value is set as include. The exclude Flag will exclude all the table names or column names entered in that particular field. |
Note |
---|
Wildcards: Wildcards can be included in resource path.’*’ indicates zero or more occurs of characters.’?‘ indicates single character. You can use wildcards in the 'topology name', 'service name'. for e.g topology name as *, service name as ?. |
Permission | Description |
IP Address Range | Specify ip address range |
Allow | Allow permission allows users to access topology that is specified in topology name |
...
You can edit/delete a policy from the KNOX Policy Listing page by clicking on the edit/delete button next to policy row.
STORM
Adding STORM Policies
You can add a new policy from the STORM Policy Listing Page. On add , the policy should be listed in the table below. You can search a Policy by ‘Policy Name’, ‘Topology Name’ and ‘Groups’.
...