This topic describes how to manage permissions of users in Lindorm Insight of an ApsaraDB for HBase cluster.
Permissions levels
An ApsaraDB for HBase Performance-enhanced Edition cluster has three permissions levels: global, namespace, and table. These three levels overlap with each other.
For example, if User 1 is granted the global read and write permissions, User 1 has the read and write permissions on all tables in all namespaces. If User 2 is granted the read and write permissions on Namespace 1, User 2 has the read and write permissions on all tables in Namespace 1, including newly created tables in Namespace 1.
Note Only the users with the ADMIN permissions at global level can create and delete namespaces.
Types of permissions
The following table describes different types of permissions and the statements that you can execute with the corresponding permissions.
Type | Description | Statement |
---|---|---|
WRITE | Operations related to writing data to tables in Lindorm. | PUT, BATCH, DELETE, INCREMENT, APPEND, and CHECKANDMUTATE |
READ | Operations related to reading data from tables in Lindorm. | GET, SCAN, and EXIST |
Operations related to reading the descriptor and namespace information of tables in Lindorm. | GETTABLEDESCRIPTOR, LISTTABLES, and LISTNAMESPACEDESCRIPTORS | |
ADMIN | Data Definition Language (DDL) operations other than those related to deleting tables or table data. | CREATETABLE, ENABLETABLE, and DISABLETABLE |
DDL operations related to namespaces. | CREATENAMESPACE | |
TRASH | Operations that can prevent users from accidentally deleting tables or table data. | TRUNCATETABLE and DELETETABLE |
SYSTEM | O&M operations. The permissions are required if you use Big DataHub Service (LTS) to migrate and synchronize data that is stored in Lindorm. | COMPACT and FLUSH |
Grant permissions to a user
Grant permissions on global resources to a user
- In the left-side navigation pane of the cluster management system, choose .
- Choose Actions column that corresponds to the user to which you want to grant permissions. in the
- In the Grant Global Permission dialog box, select the required permissions for Permissions.
- Click OK.
Grant permissions on a namespace to a user
- In the left-side navigation pane of the cluster management system, choose .
- Choose Actions column that corresponds to the user to which you want to grant permissions. in the
- In the Grant Namespace Permission dialog box, select a namespace from the namespace drop-down list and select the required permissions.
- Click OK.
Revoke permissions
Revoke permissions on global resources from a specified user
- In the left-side navigation pane of the cluster management system, choose .
- Choose Actions column that corresponds to the user from which you want to revoke permissions. in the
- In the Revoke Global Permission dialog box, select the permissions that you want to revoke for Permissions.
- Click OK.
Revoke permissions on a namespace from a specified user
- In the left-side navigation pane of the cluster management system, choose .
- Choose Actions column that corresponds to the user from which you want to revoke permissions. in the
- In the Revoke Namespace Permission dialog box, select a namespace from the namespace drop-down list and select the permissions that you want to revoke.
- Click OK.