Reply
Highlighted
Explorer
Posts: 15
Registered: ‎04-28-2016

HBase ignores permissions on table

Hello,

 

I'm not sure if I understand correctly HBase ACL system.

 

We have a kerberos-enabled system and we'd like to manage the access to HBase tables by Linux groups.

 

I have following user_permissions on table:

 

 

 

hbase(main):001:0> user_permission 'test_table'                  
User Namespace,Table,Family,Qualifier:Permission @hbase default,test_table,,: [Permission: actions=READ,WRITE,EXEC,CREATE,ADMIN] 1 row(s) in 0.4190 seconds

AFAIK this means that only members of the group "hbase" can access the table "test".

 

However, making a kinit with an unpriviledged user, i.e. user that is not a member of the "hbase" group, I am still able to scan the table. Why?

 

[root@localhost ~]# kinit -kt ordinaryuser.keytab ordinaryuser
[root@localhost ~]# hbase shell
Type "exit<RETURN>" to leave the HBase Shell
Version 1.2.0-cdh5.13.3, rUnknown, Sat Mar 17 04:43:46 PDT 2018

hbase(main):001:0> scan 'test_table'
ROW                                                  COLUMN+CELL                                                                                                                                               
 1                                                   column=data:col1, timestamp=1539871260387, value=val1                                                                                                     
1 row(s) in 0.3090 seconds

 

The user has following Linux groups:

 

 

[root@localhost ~]# groups ordinaryuser
ordinaryuser : ordinaryuser hadoop sqoop oozie hue hbase_hue

 

How can I prevent the ordinaryuser from reading the table?

 

Thanks in advance

 

Announcements