The Ranger introduction topic describes how to start a Ranger cluster in the EMR console and the preparations. This topic describes how to integrate HBase with Ranger.

Integrate HBase in Ranger

Enable HBase Plugin

  1. On the Cluster Management page, click Clusters and Services in the Actions column for the cluster that you want to operate.
  2. In the Services list, click RANGER and click the Configuration tab to go to the Configuration tab page.
  3. On the Configuration tab page, select EnableHBase from the Actions drop-down list.
    Enable HBase PLUGIN
  4. Click View Operation Logs to view the status of operations.View the status of operations

Add HBase Service in Ranger UI

For access to Ranger UI, see Ranger introduction.

Add the HBase service in Ranger UI.


Add HBase service

Note ${id}: You can log on to the host and run the host command. The number in hostname is the value of ${id}.

Restart HBase

Restart HBase for the preceding procedures to take effect. Perform the following steps.

  1. On the Ranger page, click RANGER. From the drop-down list, select HBase.
  2. From the Actions drop-down list, select RESTART All Components.
  3. Click View Operation Logs to view the status of operations.

Set Administrator Account

You need to set permissions of the administrator accounts (administrator permissions) for running administrative commands such as balance/compaction/flush/split.


Set the administrator account

Click the Edit icon in the Action column of the policy that you want to set users for. Add user accounts in the Users column as needed. You can also modify the permissions. For example, only retain the default admin permissions. You need to set hbase as the administrator account.

If you use Phoenix, you also need to add the following policies in HBase for Ranger.
Table SYSTEM. *
Column Family *
Column *
Groups public
Permissions ReadWrite, Create, Admin

Add permission policies

Permission configuration examples

After HBase is integrated into Ranger, you can perform permission configurations. For example, grant user test the Create/Write/Read permissions on the foo_ns:test table.


Permission configuration examples

Click emr-hbase as shown in this figure to go to the configurations page. Configure permissions.


Configure permissions

It takes about one minute to synchronize the user and group information of the cluster.

Follow the steps as shown in the figure to complete the adding of the policy. Then user test can access the foo_ns:test table.

Note A policy will not take effect until it has been added over one minute.