Community Articles
Find and share helpful community-sourced technical articles.
Labels (1)
Rising Star

We tried 3 scenarios and all failed.

1) Creating Hive Table on HBase. (proper hive/hbase polices for user)

hive> CREATE TABLE hbase_table_1(key int, value string) STORED BY 'org.apache.hadoop.hive.hbase.HBaseStorageHandler' WITH SERDEPROPERTIES ("hbase.columns.mapping" = ":key,cf1:val") TBLPROPERTIES ("" = "xyz", "hbase.mapred.output.outputtable" = "xyz"); FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. MetaException( Insufficient permissions for user 'abc@ABC.COM' (action=create) at org.apache.ranger.authorization.hbase.AuthorizationSession.publishResults( at org.apache.ranger.authorization.hbase.RangerAuthorizationCoprocessor.authorizeAccess( at org.apache.ranger.authorization.hbase.RangerAuthorizationCoprocessor.requirePermission( at org.apache.ranger.authorization.hbase.RangerAuthorizationCoprocessor.preCreateTable( at org.apache.ranger.authorization.hbase.RangerAuthorizationCoprocessor.preCreateTable( at org.apache.hadoop.hbase.master.MasterCoprocessorHost$ at org.apache.hadoop.hbase.master.MasterCoprocessorHost.execOperation( at org.apache.hadoop.hbase.master.MasterCoprocessorHost.preCreateTable( at org.apache.hadoop.hbase.master.HMaster.createTable( at org.apache.hadoop.hbase.master.MasterRpcServices.createTable( at org.apache.hadoop.hbase.protobuf.generated.MasterProtos$MasterService$2.callBlockingMethod( at at at org.apache.hadoop.hbase.ipc.RpcExecutor.consumerLoop( at org.apache.hadoop.hbase.ipc.RpcExecutor$ at

2) Create Table directly on Hbase

hbase(main):001:0> create 'emp', 'personal', 'professional' ERROR: Insufficient permissions for user 'abc@ABC.COM' (action=create)

3) Using Grant from HBase Shell hbase(main):001:0> grant 'abc', 'RWCA' ERROR: org.apache.hadoop.hbase.coprocessor.CoprocessorException: SSLContext must not be null at org.apache.ranger.authorization.hbase.RangerAuthorizationCoprocessor.grant( at org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos$AccessControlService$1.grant( at org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos$AccessControlService.callMethod( at org.apache.hadoop.hbase.regionserver.HRegion.execService( at org.apache.hadoop.hbase.regionserver.RSRpcServices.execServiceOnRegion( at org.apache.hadoop.hbase.regionserver.RSRpcServices.execService( at org.apache.hadoop.hbase.protobuf.generated.ClientProtos$ClientService$2.callBlockingMethod( at at at org.apache.hadoop.hbase.ipc.RpcExecutor.consumerLoop( at org.apache.hadoop.hbase.ipc.RpcExecutor$ at

The easy solution we tried is to disable SSL and it worked. We also tried creating different policies and policy on namespace 'default:*' worked and users were ONLY able to create the TABLE. They were NOT able to scan the table and issue (3) still had same problem.

" ERROR: Insufficient permissions for user abc@ABC.COM',action: scannerOpen, tableName:hello1, family:col1. "

Regional Servers were playing a important role here on Ranger Policies. While HBase Master was able to wirte to Policy Cache the cache for Regional Servers was 0 bytes.(communication blocked)

We distributed the keystore and truststore from HBase Master to all the worker nodes running Regional Server and restarted Hbase and this solved the issue.

How to do?

Ambari-Hbase-Config- Filter "SSL"

1) xasecure.policymgr.clientssl.keystore - Find the /path/ and distribute it to all the machines (keep the path/file name same)

2) xasecure.policymgr.clientssl.truststore - - Find the /path/ and distribute it to all the machines (keep the path/file name same)

Hope this will help.

Thanks Mayank


Thanks Mayank. Just wanted to add one thing to clarify for others who might have this problem, because I was wasting some time on this myself:

To solve the SSLContext must not be null error, you correctly stated "distribute keystore and truststore file to all machines". I happened to only distribute them to all HBase Master nodes, but it's important to also deploy the same keystores to all region server machines.

Take a Tour of the Community
Don't have an account?
Your experience may be limited. Sign in to explore more.
Version history
Last update:
‎10-05-2016 07:46 PM
Updated by:
Top Kudoed Authors