How is authorization managed with service account and keytab. How is access managed with them.
We can access hbase with phoenix from outside tool. In this case how is access managed as from documentation I found that we only need to give principal name and keytab for authentication.
because when I tried to connect to phoenix using sqlline I needed to change the user I was running sqlline as .
So how will Phoenix driver get which user have access to hbase from principal and keytab.
Remember that Kerberos is only controlling authentication. HBase later applies authorization to incoming requests.
By default, any user with valid credentials can access HBase. HBase can be configured to enforce access control given the ACLs "RWXCA".
ACLs are configured on the "shortname" for a Kerberos principal (e.g. "josh" given a principal "josh@HORTONWORKS.COM").