Support Questions

Find answers, ask questions, and share your expertise
Check out our newest addition to the community, the Cloudera Data Analytics (CDA) group hub.

Is there a way a user other than hbase can export snapshots in a secure cluster?


I gave user admin rights but that does not have any impact on user being able to copy export snapshots

hbase(main):001:0> user_permission 'vagrant'
User                           Namespace,Table,Family,Qualifier:Permission
 vagrant                       default,vagrant,,: [Permission: actions=READ,WRITE,EXEC,CREATE,ADMIN]

still getting

Caused by: org.apache.hadoop.ipc.RemoteException( Permission denied: user=vagrant, access=EXECUTE, inode="/apps/hbase/data/.hbase-snapshot/vagrantsnap":hbase:hdfs:drwx------

would labels and scopes help in this case? What are my options at this point?


Super Collaborator

Super Guru

@Artem Ervits Per hbase documentation:

14.8.7. Snapshots operations and ACLs

If you are using security with the AccessController Coprocessor (See Section 8.2, “Access Control”), only a global administrator can take, clone, or restore a snapshot, and these actions do not capture the ACL rights. This means that restoring a table preserves the ACL rights of the existing table, while cloning a table creates a new table that has no ACL rights until the administrator adds them.

Super Collaborator
Take a Tour of the Community
Don't have an account?
Your experience may be limited. Sign in to explore more.