revoke
Contents
Definition
Revokes a user access rights.
|
IMPORTANT
Notice, that this command can be executed only by users with |
Usage
revoke '<user_name>' | '@<group_name>' [,
'@<namespace_name>'] | [, '[<namespace_name>:]<table_name>' [, '<column_family>' [, '<column_qualifier>']]]| Parameter | Description |
|---|---|
user_name |
A user name |
group_name |
A users group name |
namespace_name |
A namespace name |
table_name |
A table name |
column_family |
A column family name |
column_qualifier |
A column qualifier |
|
NOTE
A namespace and a group name should be preceded with the @ character.
|
Examples
Revoking rights on the specified table column
hbase(main):011:0> user_permission 'ns1:temp2'
User Namespace,Table,Family,Qualifier:Permission
dasha ns1,ns1:temp2,,: [Permission: actions=READ,WRITE,EXEC,CREATE,ADMIN]
dasha ns1,ns1:temp2,cf1,c1: [Permission: actions=READ,WRITE]
2 row(s)
Took 0.0315 seconds
hbase(main):001:0> revoke 'dasha', 'ns1:temp2', 'cf1', 'c1'
Took 0.5811 seconds
hbase(main):003:0> user_permission 'ns1:temp2'
User Namespace,Table,Family,Qualifier:Permission
dasha ns1,ns1:temp2,,: [Permission: actions=READ,WRITE,EXEC,CREA
TE,ADMIN]
1 row(s)
Took 0.0458 seconds
Revoking rights on the specified table
hbase(main):003:0> user_permission 'ns1:temp2'
User Namespace,Table,Family,Qualifier:Permission
dasha ns1,ns1:temp2,,: [Permission: actions=READ,WRITE,EXEC,CREA
TE,ADMIN]
1 row(s)
Took 0.0458 seconds
hbase(main):008:0> revoke 'dasha', 'ns1:temp2'
Took 0.0295 seconds
hbase(main):009:0> user_permission 'ns1:temp2'
User Namespace,Table,Family,Qualifier:Permission
0 row(s)
Took 0.0374 seconds
Revoking rights on the specified namespace
hbase(main):010:0> user_permission '@ns1' User Namespace,Table,Family,Qualifier:Permission dasha ns1,,,: [Permission: actions=READ,WRITE,EXEC,CREATE,ADMIN] 1 row(s) Took 0.0419 seconds hbase(main):004:0> revoke 'dasha', '@ns1' Took 0.0268 seconds hbase(main):006:0> user_permission '@ns1' User Namespace,Table,Family,Qualifier:Permission 0 row(s) Took 0.0355 seconds
Revoking rights without using namespaces and tables
hbase(main):011:0> revoke 'dasha'
Took 0.0125 seconds
hbase(main):012:0> user_permission
User Namespace,Table,Family,Qualifier:Permission
ERROR: org.apache.hadoop.hbase.security.AccessDeniedException: Insufficient permissions for user 'dasha' (global, action=ADMIN)
at org.apache.hadoop.hbase.security.access.AccessChecker.requireGlobalPermission(AccessChecker.java:158)
at org.apache.hadoop.hbase.security.access.AccessChecker.requirePermission(AccessChecker.java:129)
at org.apache.hadoop.hbase.security.access.AccessController.getUserPermissions(AccessController.java:2182)
at org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos$AccessControlService$1.getUserPermissions(AccessControlProtos.java:10039)
at org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos$AccessControlService.callMethod(AccessControlProtos.java:10197)
at org.apache.hadoop.hbase.regionserver.HRegion.execService(HRegion.java:8049)
at org.apache.hadoop.hbase.regionserver.RSRpcServices.execServiceOnRegion(RSRpcServices.java:2409)
at org.apache.hadoop.hbase.regionserver.RSRpcServices.execService(RSRpcServices.java:2391)
at org.apache.hadoop.hbase.shaded.protobuf.generated.ClientProtos$ClientService$2.callBlockingMethod(ClientProtos.java:42010)
at org.apache.hadoop.hbase.ipc.RpcServer.call(RpcServer.java:413)
at org.apache.hadoop.hbase.ipc.CallRunner.run(CallRunner.java:130)
at org.apache.hadoop.hbase.ipc.RpcExecutor$Handler.run(RpcExecutor.java:324)
at org.apache.hadoop.hbase.ipc.RpcExecutor$Handler.run(RpcExecutor.java:304)
Show all permissions for the particular user.
Syntax : user_permission <table>
Note: A namespace must always precede with '@' character.
For example:
hbase> user_permission
hbase> user_permission '@ns1'
hbase> user_permission '@.*'
hbase> user_permission '@^[a-c].*'
hbase> user_permission 'table1'
hbase> user_permission 'namespace1:table1'
hbase> user_permission '.*'
hbase> user_permission '^[A-C].*'
Took 0.5466 seconds