:original_name: mrs_01_1608.html
.. _mrs_01_1608:
Creating HBase Roles
====================
Scenario
--------
This section guides the system administrator to create and configure an HBase role on Manager. The HBase role can set HBase administrator permissions and read (R), write (W), create (C), execute (X), or manage (A) permissions for HBase tables and column families.
Users can create a table, query/delete/insert/update data, and authorize others to access HBase tables after they set the corresponding permissions for the specified databases or tables on HDFS.
.. note::
- HBase roles can be created in security mode, but cannot be created in normal mode.
- If the current component uses Ranger for permission control, you need to configure related policies based on Ranger for permission management. For details, see :ref:`Adding a Ranger Access Permission Policy for HBase `.
Prerequisites
-------------
- The system administrator has understood the service requirements.
- You have logged in to Manager.
Procedure
---------
#. On Manager, choose **System** > **Permission** > **Role**.
#. On the displayed page, click **Create Role** and enter a **Role Name** and **Description**.
#. Set **Permission**. For details, see :ref:`Table 1 `.
HBase permissions:
- HBase Scope: Authorizes HBase tables. The minimum permission is read (R) and write (W) for columns.
- HBase administrator permission: HBase administrator permissions.
.. note::
Users have the read (R), write (W), create (C), execute (X), and administrate (A) permissions for the tables created by themselves.
.. _mrs_01_1608__en-us_topic_0000001173470652_t873a9c44357b40cd98cb948ce9438d93:
.. table:: **Table 1** Setting a role
+-------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Task | Role Authorization |
+=========================================================================+=========================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================+
| Setting the HBase administrator permission | In **Configure Resource Permission**, choose *Name of the desired cluster* > **HBase** and select **HBase Administrator Permission**. |
+-------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Setting the permission for users to create tables | a. In **Configure Resource Permission**, choose *Name of the desired cluster* > **HBase** > **HBase Scope**. |
| | b. Click **global**. |
| | c. In the **Permission** column of the specified namespace, select **Create** and **Execute**. For example, select **Create** and **Execute** for the default namespace **default**. |
+-------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Setting the permission for users to write data to tables | a. In **Configure Resource Permission**, choose *Name of the desired cluster* > **HBase** > **HBase Scope** > **global**. |
| | b. In the **Permission** column of the specified namespace, select **Write**. For example, select **Write** for the default namespace **default**. By default, HBase sub-objects inherit the permission from the parent object. |
+-------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Setting the permission for users to read data from tables | a. In **Configure Resource Permission**, choose *Name of the desired cluster* > **HBase** > **HBase Scope** > **global**. |
| | b. In the **Permission** column of the specified namespace, select **Read**. For example, select **Read** for the default namespace **default**. By default, HBase sub-objects inherit the permission from the parent object. |
+-------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Setting the permission for users to manage namespaces or tables | a. In **Configure Resource Permission**, choose *Name of the desired cluster* > **HBase** > **HBase Scope** > **global**. |
| | b. In the **Permission** column of the specified namespace, select **Manage**. For example, select **Manage** for the default namespace **default**. |
+-------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Setting the permission for reading data from or writing data to columns | a. In **Configure Resource Permission**, select *Name of the desired cluster* > **HBase** > **HBase Scope** > **global** and click the specified namespace to display the tables in the namespace. |
| | |
| | b. Click a table. |
| | |
| | c. Click a column family. |
| | |
| | d. Confirm whether you want to create a role? |
| | |
| | - If yes, enter the column name in the **Resource Name** text box. Use commas (,) to separate multiple columns. Select **Read** or **Write**. If there are no columns with the same name in the HBase table, a newly created column with the same name as the existing column has the same permission as the existing one. The column permission is set successfully. |
| | - If no, modify the column permission of the existing HBase role. The columns for which the permission has been separately set are displayed in the table. Go to :ref:`5 `. |
| | |
| | e. .. _mrs_01_1608__en-us_topic_0000001173470652_lc2f15302f1854175993f36524c25bf26: |
| | |
| | To add column permissions for a role, enter the column name in the **Resource Name** text box and set the column permissions. To modify column permissions for a role, enter the column name in the **Resource Name** text box and set the column permissions. Alternatively, you can directly modify the column permissions in the table. If the column permissions are modified in the table and column permissions with the same name are added, the settings cannot be saved. You are advised to modify the column permission of a role directly in the table. The search function is supported. |
+-------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
#. Click **OK**, and return to the **Role** page.