10-18-2018 07:42 AM
I'm not sure if I understand correctly HBase ACL system.
We have a kerberos-enabled system and we'd like to manage the access to HBase tables by Linux groups.
I have following user_permissions on table:
hbase(main):001:0> user_permission 'test_table'
User Namespace,Table,Family,Qualifier:Permission @hbase default,test_table,,: [Permission: actions=READ,WRITE,EXEC,CREATE,ADMIN] 1 row(s) in 0.4190 seconds
AFAIK this means that only members of the group "hbase" can access the table "test".
However, making a kinit with an unpriviledged user, i.e. user that is not a member of the "hbase" group, I am still able to scan the table. Why?
[root@localhost ~]# kinit -kt ordinaryuser.keytab ordinaryuser [root@localhost ~]# hbase shell Type "exit<RETURN>" to leave the HBase Shell Version 1.2.0-cdh5.13.3, rUnknown, Sat Mar 17 04:43:46 PDT 2018 hbase(main):001:0> scan 'test_table' ROW COLUMN+CELL 1 column=data:col1, timestamp=1539871260387, value=val1 1 row(s) in 0.3090 seconds
The user has following Linux groups:
[root@localhost ~]# groups ordinaryuser ordinaryuser : ordinaryuser hadoop sqoop oozie hue hbase_hue
How can I prevent the ordinaryuser from reading the table?
Thanks in advance