Archives of Support Questions (Read Only)

Hi, I am running a simple Training cluster (non kerberized) on CDH 5.14.4. I was asked to enable HBase simple authorization just to prevent users accidently overwriting with each others HBase tables. However I've found that after enabling hbase simple authorization following the guide: https://www.cloudera.com/documentation/enterprise/5-14-x/topics/cdh_sg_hbase_authorization.html . and attempting to add some group permissions that I still get access denied errors even though the group exists locally on the active namenode and the group appears to be mapped correctly (appears in whoami as user)

eg.

on the active namenode:

> id user1

uid=10099(user1) gid=10099(user1) groups=10000(admin),10099(user1)

> sudo -u hbase hbase shell

hbase(main):001:0> user_permission

@Former Member               hbase,hbase:acl,,: [Permission: actions=READ,WRITE,EXEC,CREATE,ADMIN]

hbase(main):001:0> exit

(as user1) > hbase shell

hbase(main):001:0> whoami

user1 (auth:SIMPLE)
    groups: user1, admin

hbase(main):001:0> user_permission

User                  Namespace,Table,Family,Qualifier:Permission

ERROR: org.apache.hadoop.hbase.security.AccessDeniedException: Insufficient permissions for user 'user1' (global, action=ADMIN)
        at org.apache.hadoop.hbase.security.access.AccessController.requireGlobalPermission(AccessController.java:546)
        at org.apache.hadoop.hbase.security.access.AccessController.requirePermission(AccessController.java:522)
        at org.apache.hadoop.hbase.security.access.AccessController.getUserPermissions(AccessController.java:2335)
        at org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos$AccessControlService$1.getUserPermissions(AccessControlProtos.java:9949)
        at org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos$AccessControlService.callMethod(AccessControlProtos.java:10107)
        at org.apache.hadoop.hbase.regionserver.HRegion.execService(HRegion.java:7996)
        at org.apache.hadoop.hbase.regionserver.RSRpcServices.execServiceOnRegion(RSRpcServices.java:1986)
        at org.apache.hadoop.hbase.regionserver.RSRpcServices.execService(RSRpcServices.java:1968)
        at org.apache.hadoop.hbase.protobuf.generated.ClientProtos$ClientService$2.callBlockingMethod(ClientProtos.java:33652)
        at org.apache.hadoop.hbase.ipc.RpcServer.call(RpcServer.java:2191)
        at org.apache.hadoop.hbase.ipc.CallRunner.run(CallRunner.java:112)
        at org.apache.hadoop.hbase.ipc.RpcExecutor$Handler.run(RpcExecutor.java:183)
        at org.apache.hadoop.hbase.ipc.RpcExecutor$Handler.run(RpcExecutor.java:163)