Posts: 22
Registered: ‎04-28-2016

HBase ignores permissions on table



I'm not sure if I understand correctly HBase ACL system.


We have a kerberos-enabled system and we'd like to manage the access to HBase tables by Linux groups.


I have following user_permissions on table:




hbase(main):001:0> user_permission 'test_table'                  
User Namespace,Table,Family,Qualifier:Permission @hbase default,test_table,,: [Permission: actions=READ,WRITE,EXEC,CREATE,ADMIN] 1 row(s) in 0.4190 seconds

AFAIK this means that only members of the group "hbase" can access the table "test".


However, making a kinit with an unpriviledged user, i.e. user that is not a member of the "hbase" group, I am still able to scan the table. Why?


[root@localhost ~]# kinit -kt ordinaryuser.keytab ordinaryuser
[root@localhost ~]# hbase shell
Type "exit<RETURN>" to leave the HBase Shell
Version 1.2.0-cdh5.13.3, rUnknown, Sat Mar 17 04:43:46 PDT 2018

hbase(main):001:0> scan 'test_table'
ROW                                                  COLUMN+CELL                                                                                                                                               
 1                                                   column=data:col1, timestamp=1539871260387, value=val1                                                                                                     
1 row(s) in 0.3090 seconds


The user has following Linux groups:



[root@localhost ~]# groups ordinaryuser
ordinaryuser : ordinaryuser hadoop sqoop oozie hue hbase_hue


How can I prevent the ordinaryuser from reading the table?


Thanks in advance