Support Questions
Find answers, ask questions, and share your expertise
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

HBase ignores permissions on table


HBase ignores permissions on table




I'm not sure if I understand correctly HBase ACL system.


We have a kerberos-enabled system and we'd like to manage the access to HBase tables by Linux groups.


I have following user_permissions on table:




hbase(main):001:0> user_permission 'test_table'                  
User Namespace,Table,Family,Qualifier:Permission @hbase default,test_table,,: [Permission: actions=READ,WRITE,EXEC,CREATE,ADMIN] 1 row(s) in 0.4190 seconds

AFAIK this means that only members of the group "hbase" can access the table "test".


However, making a kinit with an unpriviledged user, i.e. user that is not a member of the "hbase" group, I am still able to scan the table. Why?


[root@localhost ~]# kinit -kt ordinaryuser.keytab ordinaryuser
[root@localhost ~]# hbase shell
Type "exit<RETURN>" to leave the HBase Shell
Version 1.2.0-cdh5.13.3, rUnknown, Sat Mar 17 04:43:46 PDT 2018

hbase(main):001:0> scan 'test_table'
ROW                                                  COLUMN+CELL                                                                                                                                               
 1                                                   column=data:col1, timestamp=1539871260387, value=val1                                                                                                     
1 row(s) in 0.3090 seconds


The user has following Linux groups:



[root@localhost ~]# groups ordinaryuser
ordinaryuser : ordinaryuser hadoop sqoop oozie hue hbase_hue


How can I prevent the ordinaryuser from reading the table?


Thanks in advance