You can also use the service-level authorization support to control which users/groups are allowed to connect at all. It's configured via hbase-policy.xml in the conf/ directory and functions similarly to the HDFS implementation: http://hadoop.apache.org/docs/r1.0.4/service_level_auth.html
But with ACLs already controlling who has read access, you can get finer-grained support with ACLs directly. If you want to control which hosts can connect to the cluster at all, start with iptables, as Mike suggests. On Mon, Feb 11, 2013 at 7:36 PM, Anoop Sam John <anoo...@huawei.com> wrote: > HBase supports Kerberos based authentication. Only those client nodes with > a valid Kerberos ticket can connect with the HBase cluster. > > -Anoop- > ________________________________________ > From: Rita [rmorgan...@gmail.com] > Sent: Monday, February 11, 2013 6:37 PM > To: user@hbase.apache.org > Subject: Re: restrict clients > > Hi, > > I am looking for more than an ACL. I want to control what clients can > connect to the hbase cluster. Is that possible? > > > On Fri, Feb 8, 2013 at 10:36 AM, Stas Maksimov <maksi...@gmail.com> wrote: > > > Hi Rita, > > > > As far as I know ACL is on a user basis. Here's a link for you: > > http://hbase.apache.org/book/hbase.accesscontrol.configuration.html > > > > Thanks, > > Stas > > > > > > On 8 February 2013 15:20, Rita <rmorgan...@gmail.com> wrote: > > > > > Hi, > > > > > > In an enterprise deployment, how can I restrict who can access the > data? > > > For example, I want only certain servers able to GET,PUT data everyone > > else > > > should be denied. Is this possible? > > > > > > > > > > > > -- > > > --- Get your facts first, then you can distort them as you please.-- > > > > > > > > > -- > --- Get your facts first, then you can distort them as you please.-- >
