Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

How does authorization works in hbase with user groups and service account

Highlighted

How does authorization works in hbase with user groups and service account

New Contributor

How is authorization managed with service account and keytab. How is access managed with them.

We can access hbase with phoenix from outside tool. In this case how is access managed as from documentation I found that we only need to give principal name and keytab for authentication.

because when I tried to connect to phoenix using sqlline I needed to change the user I was running sqlline as .

So how will Phoenix driver get which user have access to hbase from principal and keytab.

1 REPLY 1

Re: How does authorization works in hbase with user groups and service account

Remember that Kerberos is only controlling authentication. HBase later applies authorization to incoming requests.

By default, any user with valid credentials can access HBase. HBase can be configured to enforce access control given the ACLs "RWXCA".

https://hbase.apache.org/book.html#hbase.accesscontrol.configuration

ACLs are configured on the "shortname" for a Kerberos principal (e.g. "josh" given a principal "josh@HORTONWORKS.COM").

Don't have an account?
Coming from Hortonworks? Activate your account here