"After tracing all the calls, it seems that it is caused by ODBC driver sending out Avatica Http request with content-type set to "application/x-www-form-urlencoded”, even though the content is NOT urlencoded at all. But, when the request passes through Knox, it comes out as urlencoded. The PQS seems not able to parse urlencoded content. It seems to take the input as it is." This sounds like a bug in the ODBC driver. I'll have to see what I can find... "Then How can PQS impersonate as the authenticated user to call HBase so that Ranger can control the access by that user? Since PQS runs as "hbase" and it calls PQS as "hbase", ranger control cannot be used." This is a factor of impersonation from PQS to HBase (really, Phoenix) only being configured when Kerberos authentication is enabled. My answer to your other question on https://community.hortonworks.com/questions/83203/how-to-access-hbase-through-odbc-then-phoenix-quer.html already covered this. "How can Knox pass the authenticated user to PQS along with the proxy-ed HTTP request?" There is some on-going work which would help enable this in Avatica https://issues.apache.org/jira/browse/CALCITE-1539 ... View more

"How to have PQS turn on HTTP Basic authentication to authenticate the calls from ODBC?" This is not supported by PQS, but the code exists in Avatica to support it. http://calcite.apache.org/avatica/docs/security.html#http-basic-authentication Your only route presently is to modify Phoenix to support this. "How to turn on httpS on PQS to secure the connection?" This presently is not supported by PQS. "How to impersonate the calls from PQS to HBase with the authenticated user?" This is only supported via SPNEGO authentication in PQS. http://calcite.apache.org/avatica/docs/security.html#impersonation Again, you can modify Phoenix to support this but there is no out of the box solution. -- You can consider the use of Apache Knox to sit between the ODBC driver and PQS which would provide TLS and configurable authentication. https://issues.apache.org/jira/browse/KNOX-817 https://issues.apache.org/jira/browse/KNOX-844 ... View more

Did you include the proper hbase-site.xml on the classpath of your application? ... View more

The HBase user probably can't read "/root" (unless you're running HBase as root which is a really bad idea if you are..). Just copy the jar in to the lib directory for the HBase installation. ... View more