https://community.cloudera.com/t5/Support-Questions/HBase-Insufficient-Permissions-with-Kerberos/m-p/87932#M55210 <P>Thank you for confirming the details,<BR /><BR />Does the subject part of your klist output match the added username in the HBase Superusers configuration precisely?<BR /><BR />If your user is in a different realm than the cluster services, is the realm name present as part of HDFS -&gt; Configuration -&gt; 'Trusted Realms'?<BR /><BR />Are all commands done as the superuser failing? What HBase shell command/operation specifically is leading to your quoted error?<BR /><BR />As to adding groups, it can be done in the same field, except you need to add an '@' prefix to the name. For ex. if your group is cluster_administrators, then add it in as '@cluster_administrators' in the HBase Superusers config. When using usernames, the @ must not be specified. Both approaches should work though.</P><P>&nbsp;</P><P>P.s. If you'll be relying on groups, ensure all cluster hosts return consistent group lookup output for id &lt;user&gt; commands, as the authorization check is distributed across the cluster roles for HBase.</P> Mon, 18 Mar 2019 10:27:28 GMT Harsh J 2019-03-18T10:27:28Z