Support Questions

aervits · ‎05-09-2016

I gave user admin rights but that does not have any impact on user being able to copy export snapshots

hbase(main):001:0> user_permission 'vagrant'
User                           Namespace,Table,Family,Qualifier:Permission
 vagrant                       default,vagrant,,: [Permission: actions=READ,WRITE,EXEC,CREATE,ADMIN]

still getting

Caused by: org.apache.hadoop.ipc.RemoteException(org.apache.hadoop.security.AccessControlException): Permission denied: user=vagrant, access=EXECUTE, inode="/apps/hbase/data/.hbase-snapshot/vagrantsnap":hbase:hdfs:drwx------

would labels and scopes help in this case? What are my options at this point?

tyu · ‎05-12-2016

Please also refer to

http://hbase.apache.org/book.html#appendix_acl_matrix

View solution in original post

sunile_manjee · ‎05-11-2016

@Artem Ervits Per hbase documentation:

14.8.7. Snapshots operations and ACLs

If you are using security with the AccessController Coprocessor (See Section 8.2, “Access Control”), only a global administrator can take, clone, or restore a snapshot, and these actions do not capture the ACL rights. This means that restoring a table preserves the ACL rights of the existing table, while cloning a table creates a new table that has no ACL rights until the administrator adds them.

tyu · ‎05-12-2016

Please also refer to

http://hbase.apache.org/book.html#appendix_acl_matrix

Cloudera Community

Support Questions

Is there a way a user other than hbase can export snapshots in a secure cluster?

14.8.7. Snapshots operations and ACLs

Connecting to Kerberos secured HBase cluster from ...

Connect to secure Hbase cluster in Java applicatio...

Hbase security model part1

HBase Snapshot

Troubleshooting tips for running job on secure hba...

Enable phoenix access from Zeppelin in secure clus...

Hortonworks Secure Cluster with Isilon OneFS

User credentials security

How to Manage Users and Security Policies via Rang...

Connecting to HBase in a Kerberos Enabled Cluster