question Security features not available in HBase (Kerberized cluster) in Archives of Support Questions (Read Only)

Security features not available in HBase (Kerberized cluster)

nshetty — Thu, 11 Aug 2016 19:06:15 GMT

Error "DISABLED: Security features are not available" is thrown

hbase(main):002:0> user_permission 'TABLE_NAME'
User              
                                                                        
   
Namespace,Table,Family,Qualifier:Permission                             
                                                                        
                                                                        
                                                       

ERROR: DISABLED: Security features are not available

Here is some help for this command:
Show all permissions for the particular user.
Syntax : user_permission <table>

Note: A namespace must always precede with '@' character.

For example:

    hbase> user_permission
    hbase> user_permission '@ns1'
    hbase> user_permission '@.*'
    hbase> user_permission '@^[a-c].*'
    hbase> user_permission 'table1'
    hbase> user_permission 'namespace1:table1'
    hbase> user_permission '.*'
    hbase> user_permission '^[A-C].*'

Below configuraton is set in hbase-site.xml

<property>
      <name>hbase.coprocessor.region.classes</name>
 
     
<value>org.apache.hadoop.hbase.security.access.AccessController,org.apache.hadoop.hbase.security.token.TokenProvider,org.apache.hadoop.hbase.security.access.SecureBulkLoadEndpoint</value>
    </property>

    <property>
      <name>hbase.coprocessor.regionserver.classes</name>
      <value>org.apache.hadoop.hbase.security.access.AccessController</value>
    </property>
       <property>
      <name>hbase.coprocessor.master.classes</name>
      <value>org.apache.hadoop.hbase.security.access.AccessController</value>
    </property>

      <property>
      <name>hbase.security.authorization</name>
      <value>true</value>
    </property>

        <property>
      <name>hbase.security.authentication</name>
      <value>kerberos</value>
    </property>

        <property>
      <name>hbase.master.kerberos.principal</name>
      <value>hbase/_HOST@HWX.VIBGYOR.COM</value>
    </property>

    <property>
      <name>hbase.master.keytab.file</name>
      <value>/etc/security/keytabs/hbase.service.keytab</value>
    </property>

Re: Security features not available in HBase (Kerberized cluster)

asinghal — Thu, 11 Aug 2016 20:18:57 GMT

It seems your hbase:acl table is not created.

can you check hbase-site.xml at master side as well it should have:-

       <property>      
<name>hbase.coprocessor.master.classes</name>    
  <value>org.apache.hadoop.hbase.security.access.AccessController</value>  
  </property>

try restarting your cluster as postStartMaster step should create this table, once you are able to do scan 'hbase:acl' , you will not see above error "ERROR: DISABLED:Security features are not available"

Re: Security features not available in HBase (Kerberized cluster)

rchintaguntla — Thu, 11 Aug 2016 20:25:00 GMT

Got the logs from @nshetty and checked somehow the hbase:acl table is not created because earlier hbase:acl znode is present but the table is not present. Once after deleting the hbase:acl table znode and restarting the service it's working fine.