Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here. Want to know more about what has changed? Check out the Community News blog.

HBase ignores permissions on table

Highlighted

HBase ignores permissions on table

Explorer

Hello,

 

I'm not sure if I understand correctly HBase ACL system.

 

We have a kerberos-enabled system and we'd like to manage the access to HBase tables by Linux groups.

 

I have following user_permissions on table:

 

 

 

hbase(main):001:0> user_permission 'test_table'                  
User Namespace,Table,Family,Qualifier:Permission @hbase default,test_table,,: [Permission: actions=READ,WRITE,EXEC,CREATE,ADMIN] 1 row(s) in 0.4190 seconds

AFAIK this means that only members of the group "hbase" can access the table "test".

 

However, making a kinit with an unpriviledged user, i.e. user that is not a member of the "hbase" group, I am still able to scan the table. Why?

 

[root@localhost ~]# kinit -kt ordinaryuser.keytab ordinaryuser
[root@localhost ~]# hbase shell
Type "exit<RETURN>" to leave the HBase Shell
Version 1.2.0-cdh5.13.3, rUnknown, Sat Mar 17 04:43:46 PDT 2018

hbase(main):001:0> scan 'test_table'
ROW                                                  COLUMN+CELL                                                                                                                                               
 1                                                   column=data:col1, timestamp=1539871260387, value=val1                                                                                                     
1 row(s) in 0.3090 seconds

 

The user has following Linux groups:

 

 

[root@localhost ~]# groups ordinaryuser
ordinaryuser : ordinaryuser hadoop sqoop oozie hue hbase_hue

 

How can I prevent the ordinaryuser from reading the table?

 

Thanks in advance