In this article we will look into HBase Authorization, different access levels and its scopes.

Here are the list of Access levels.

HBase access Levels

Permissions Description
Read (R) Users have read permission on the given scope
Write (W) Can insert or delete data on tables or column on given scope
Execute (X) Can execute coprocessor end points at given scope
Create (C) Can create tables at the given scope
Admin (A) Can have privilege to manage other users.

For granting the permission for users and groups are defined here.

You can grant permission on global, table, namespace column family or cell level.

HBase grant permission

HBase shell Commands Description
grant 'boopathi', 'RWCA' Grant permission for user 'boopathi' with all access globally.
grant 'boopathi', 'RW', 'table' User with this permission can manage data on the specified table only.
grant 'boopathi', 'RWCA', '@namespace' Grant permission for user boopathi on specified 'namespace' only. In this case user can perform all operation on the given namespace.
grant 'boopathi', 'RW', 'namespace:table' Granting permission Read and Write permission for user on table, which is present inside namespace. Here you will not give '@' prefix with namesapce.
grant '@grp-name', 'RWXC' Grant permission for groups here. It will be easy to manage, in case of groups. This is given on global scope.
grant '@grp-name', 'RWXC', '@namespace' Grant permission for groups on specified namespace.
grant '@grp-name', 'RW', 'namespace:table' Grant permission for group on table in namespace.

When you give permission on the group level, keep in mind that, always give prefix with ‘@‘ char. and check it after given permission. It should result with ‘@‘ on the result also. Refer  the below image.


We have seen the commands to grant permission for users and groups on different level. Now let’s look into viewing the permission, that we have given earlier.

HBase get permission details

HBase Shell Commands Description
user_permission List all the user and the permission on the global scope.
user_permission '@namespace' List all the user in the specified namespace.
user_permission 'namespace:table' List all users, who have permissions on the table in the namespace
user_permission 'table' List all the users, who have permission on the table.


So far we have seen on granting and viewing the access, let see about revoking the access for users and groups.


HBase Revoke Access

HBase shell Commands Description
revoke 'boopathi' Revoke all the access of the user on the global level.
revoke 'boopathi', 'table' Revoke all the access of the user on the table he has.
revoke 'boopathi', '@namespace' Revoke permissions on the specified namespace level.
revoke 'boopathi', 'namespace:table' Revoke permission on table in namespace.

1 Comment

Leave a Reply

Your email address will not be published. Required fields are marked *

clear formPost comment