revoke
Contents
Definition
Revokes a user access rights.
IMPORTANT
Notice, that this command can be executed only by users with
|
Usage
revoke '<user_name>' | '@<group_name>' [,
'@<namespace_name>'] | [, '[<namespace_name>:]<table_name>' [, '<column_family>' [, '<column_qualifier>']]]
Parameter | Description |
---|---|
user_name |
A user name |
group_name |
A users group name |
namespace_name |
A namespace name |
table_name |
A table name |
column_family |
A column family name |
column_qualifier |
A column qualifier |
NOTE
A namespace and a group name should be preceded with the @ character.
|
Examples
Revoking rights on the specified table column
hbase(main):011:0> user_permission 'ns1:temp2' User Namespace,Table,Family,Qualifier:Permission dasha ns1,ns1:temp2,,: [Permission: actions=READ,WRITE,EXEC,CREATE,ADMIN] dasha ns1,ns1:temp2,cf1,c1: [Permission: actions=READ,WRITE] 2 row(s) Took 0.0315 seconds hbase(main):001:0> revoke 'dasha', 'ns1:temp2', 'cf1', 'c1' Took 0.5811 seconds hbase(main):003:0> user_permission 'ns1:temp2' User Namespace,Table,Family,Qualifier:Permission dasha ns1,ns1:temp2,,: [Permission: actions=READ,WRITE,EXEC,CREA TE,ADMIN] 1 row(s) Took 0.0458 seconds
Revoking rights on the specified table
hbase(main):003:0> user_permission 'ns1:temp2' User Namespace,Table,Family,Qualifier:Permission dasha ns1,ns1:temp2,,: [Permission: actions=READ,WRITE,EXEC,CREA TE,ADMIN] 1 row(s) Took 0.0458 seconds hbase(main):008:0> revoke 'dasha', 'ns1:temp2' Took 0.0295 seconds hbase(main):009:0> user_permission 'ns1:temp2' User Namespace,Table,Family,Qualifier:Permission 0 row(s) Took 0.0374 seconds
Revoking rights on the specified namespace
hbase(main):010:0> user_permission '@ns1' User Namespace,Table,Family,Qualifier:Permission dasha ns1,,,: [Permission: actions=READ,WRITE,EXEC,CREATE,ADMIN] 1 row(s) Took 0.0419 seconds hbase(main):004:0> revoke 'dasha', '@ns1' Took 0.0268 seconds hbase(main):006:0> user_permission '@ns1' User Namespace,Table,Family,Qualifier:Permission 0 row(s) Took 0.0355 seconds
Revoking rights without using namespaces and tables
hbase(main):011:0> revoke 'dasha' Took 0.0125 seconds hbase(main):012:0> user_permission User Namespace,Table,Family,Qualifier:Permission ERROR: org.apache.hadoop.hbase.security.AccessDeniedException: Insufficient permissions for user 'dasha' (global, action=ADMIN) at org.apache.hadoop.hbase.security.access.AccessChecker.requireGlobalPermission(AccessChecker.java:158) at org.apache.hadoop.hbase.security.access.AccessChecker.requirePermission(AccessChecker.java:129) at org.apache.hadoop.hbase.security.access.AccessController.getUserPermissions(AccessController.java:2182) at org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos$AccessControlService$1.getUserPermissions(AccessControlProtos.java:10039) at org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos$AccessControlService.callMethod(AccessControlProtos.java:10197) at org.apache.hadoop.hbase.regionserver.HRegion.execService(HRegion.java:8049) at org.apache.hadoop.hbase.regionserver.RSRpcServices.execServiceOnRegion(RSRpcServices.java:2409) at org.apache.hadoop.hbase.regionserver.RSRpcServices.execService(RSRpcServices.java:2391) at org.apache.hadoop.hbase.shaded.protobuf.generated.ClientProtos$ClientService$2.callBlockingMethod(ClientProtos.java:42010) at org.apache.hadoop.hbase.ipc.RpcServer.call(RpcServer.java:413) at org.apache.hadoop.hbase.ipc.CallRunner.run(CallRunner.java:130) at org.apache.hadoop.hbase.ipc.RpcExecutor$Handler.run(RpcExecutor.java:324) at org.apache.hadoop.hbase.ipc.RpcExecutor$Handler.run(RpcExecutor.java:304) Show all permissions for the particular user. Syntax : user_permission <table> Note: A namespace must always precede with '@' character. For example: hbase> user_permission hbase> user_permission '@ns1' hbase> user_permission '@.*' hbase> user_permission '@^[a-c].*' hbase> user_permission 'table1' hbase> user_permission 'namespace1:table1' hbase> user_permission '.*' hbase> user_permission '^[A-C].*' Took 0.5466 seconds