Cloudera Community

Archives of Support Questions (Read Only)

This is an archived board for historical reference. Information and links may no longer be available or relevant
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
This board is archived and read-only for historical reference. To ask a new question, please post a new topic on the appropriate active board.
Solved Go to solution

Is there a way a user other than hbase can export snapshots in a secure cluster?

Labels:
avatar
author-rank aervits
Master Mentor

Created ‎05-09-2016 06:10 PM

I gave user admin rights but that does not have any impact on user being able to copy export snapshots

hbase(main):001:0> user_permission 'vagrant'
User                           Namespace,Table,Family,Qualifier:Permission
 vagrant                       default,vagrant,,: [Permission: actions=READ,WRITE,EXEC,CREATE,ADMIN]

still getting

Caused by: org.apache.hadoop.ipc.RemoteException(org.apache.hadoop.security.AccessControlException): Permission denied: user=vagrant, access=EXECUTE, inode="/apps/hbase/data/.hbase-snapshot/vagrantsnap":hbase:hdfs:drwx------

would labels and scopes help in this case? What are my options at this point?

3,154 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank tyu
Master Collaborator

Created ‎05-12-2016 04:19 PM

Please also refer to

http://hbase.apache.org/book.html#appendix_acl_matrix

View solution in original post

2,465 Views
0 Kudos
2 REPLIES 2

avatar
author-rank sunile_manjee author-rank
Master Guru

Created ‎05-11-2016 04:14 AM

@Artem Ervits Per hbase documentation:

14.8.7. Snapshots operations and ACLs

If you are using security with the AccessController Coprocessor (See Section 8.2, “Access Control”), only a global administrator can take, clone, or restore a snapshot, and these actions do not capture the ACL rights. This means that restoring a table preserves the ACL rights of the existing table, while cloning a table creates a new table that has no ACL rights until the administrator adds them.

2,465 Views
0 Kudos

avatar
author-rank tyu
Master Collaborator

Created ‎05-12-2016 04:19 PM

Please also refer to

http://hbase.apache.org/book.html#appendix_acl_matrix

2,466 Views
0 Kudos
Announcements
Community Announcements
Testing the tags to new post
What's New @ Cloudera
Cloudera Real time Monitoring for 7.1.9+ and 7.2.18+ with Cl...
What's New @ Cloudera
Announcing Cloudera Streaming Analytics 1.17: Python UDFs, S...
Community Announcements
Content Update: Evolving Our Community Content for Better, A...
Community Announcements
Product Name Updates — Community Label Changes & Notificatio...
View More Announcements