Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

Is there a way a user other than hbase can export snapshots in a secure cluster?

Labels:
avatar
author-rank aervits
Master Mentor

Created ‎05-09-2016 06:10 PM

I gave user admin rights but that does not have any impact on user being able to copy export snapshots

hbase(main):001:0> user_permission 'vagrant'
User                           Namespace,Table,Family,Qualifier:Permission
 vagrant                       default,vagrant,,: [Permission: actions=READ,WRITE,EXEC,CREATE,ADMIN]

still getting

Caused by: org.apache.hadoop.ipc.RemoteException(org.apache.hadoop.security.AccessControlException): Permission denied: user=vagrant, access=EXECUTE, inode="/apps/hbase/data/.hbase-snapshot/vagrantsnap":hbase:hdfs:drwx------

would labels and scopes help in this case? What are my options at this point?

2,247 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank tyu
Master Collaborator

Created ‎05-12-2016 04:19 PM

Please also refer to

http://hbase.apache.org/book.html#appendix_acl_matrix

View solution in original post

1,558 Views
0 Kudos
2 REPLIES 2

avatar
author-rank sunile_manjee author-rank
Master Guru

Created ‎05-11-2016 04:14 AM

@Artem Ervits Per hbase documentation:

14.8.7. Snapshots operations and ACLs

If you are using security with the AccessController Coprocessor (See Section 8.2, “Access Control”), only a global administrator can take, clone, or restore a snapshot, and these actions do not capture the ACL rights. This means that restoring a table preserves the ACL rights of the existing table, while cloning a table creates a new table that has no ACL rights until the administrator adds them.

1,558 Views
0 Kudos

avatar
author-rank tyu
Master Collaborator

Created ‎05-12-2016 04:19 PM

Please also refer to

http://hbase.apache.org/book.html#appendix_acl_matrix

1,559 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements