This topic describes how to manage permissions of users in Lindorm Insight of an ApsaraDB for HBase cluster.

Permissions levels

An ApsaraDB for HBase Performance-enhanced Edition cluster has three permissions levels: global, namespace, and table. These three levels overlap with each other.

For example, if User 1 is granted the global read and write permissions, User 1 has the read and write permissions on all tables in all namespaces. If User 2 is granted the read and write permissions on Namespace 1, User 2 has the read and write permissions on all tables in Namespace 1, including newly created tables in Namespace 1.
Note Only the users with the ADMIN permissions at global level can create and delete namespaces.

Types of permissions

The following table describes different types of permissions and the statements that you can execute with the corresponding permissions.

TypeDescriptionStatement
WRITEOperations related to writing data to tables in Lindorm. PUT, BATCH, DELETE, INCREMENT, APPEND, and CHECKANDMUTATE
READOperations related to reading data from tables in Lindorm. GET, SCAN, and EXIST
Operations related to reading the descriptor and namespace information of tables in Lindorm. GETTABLEDESCRIPTOR, LISTTABLES, and LISTNAMESPACEDESCRIPTORS
ADMINData Definition Language (DDL) operations other than those related to deleting tables or table data. CREATETABLE, ENABLETABLE, and DISABLETABLE
DDL operations related to namespaces. CREATENAMESPACE
TRASHOperations that can prevent users from accidentally deleting tables or table data. TRUNCATETABLE and DELETETABLE
SYSTEMO&M operations. The permissions are required if you use Big DataHub Service (LTS) to migrate and synchronize data that is stored in Lindorm. COMPACT and FLUSH

Grant permissions to a user

Grant permissions on global resources to a user

  1. In the left-side navigation pane of the cluster management system, choose Data Management > User Manager.
  2. Choose More > Grant Global Permission in the Actions column that corresponds to the user to which you want to grant permissions.
    Grant permissions on global resources
  3. In the Grant Global Permission dialog box, select the required permissions for Permissions.
  4. Click OK.

Grant permissions on a namespace to a user

  1. In the left-side navigation pane of the cluster management system, choose Data Management > User Manager.
  2. Choose More > Grant Namespace Permission in the Actions column that corresponds to the user to which you want to grant permissions.
    Grant permissions on a namespace
  3. In the Grant Namespace Permission dialog box, select a namespace from the namespace drop-down list and select the required permissions.
    Grant permissions on a namespace to a user
  4. Click OK.

Revoke permissions

Revoke permissions on global resources from a specified user

  1. In the left-side navigation pane of the cluster management system, choose Data Management > User Manager.
  2. Choose More > Revoke Global Permission in the Actions column that corresponds to the user from which you want to revoke permissions.
    Revoke permissions
  3. In the Revoke Global Permission dialog box, select the permissions that you want to revoke for Permissions.
  4. Click OK.

Revoke permissions on a namespace from a specified user

  1. In the left-side navigation pane of the cluster management system, choose Data Management > User Manager.
  2. Choose More > Revoke Namespace Permission in the Actions column that corresponds to the user from which you want to revoke permissions.
    Revoke permissions on a namespace
  3. In the Revoke Namespace Permission dialog box, select a namespace from the namespace drop-down list and select the permissions that you want to revoke.
    Revoke permissions on a namespace
  4. Click OK.