Announcements
Check out our newest addition to the community, the Cloudera Data Analytics (CDA) group hub.
Evan
New Contributor

Re: HBase simple authorization group permissions n...

by New Contributor in Support Questions
‎08-23-2018 05:12 PM
‎08-23-2018 05:12 PM
That worked, thanks very much.   I'd missed this difference between HBase and HDFS. ... View more

HBase simple authorization group permissions not w...

by New Contributor in Support Questions
‎08-22-2018 04:35 PM
‎08-22-2018 04:35 PM
Hi, I am running a simple Training cluster (non kerberized) on CDH 5.14.4. I was asked to enable HBase simple authorization just to prevent users accidently overwriting with each others HBase tables. However I've found that after enabling hbase simple authorization following the guide: https://www.cloudera.com/documentation/enterprise/5-14-x/topics/cdh_sg_hbase_authorization.html . and attempting to add some group permissions that I still get access denied errors even though the group exists locally on the active namenode and the group appears to be mapped correctly (appears in whoami as user)   eg.   on the active namenode: > id user1 uid=10099(user1) gid=10099(user1) groups=10000(admin),10099(user1) > sudo -u hbase hbase shell hbase(main):001:0> user_permission @admin               hbase,hbase:acl,,: [Permission: actions=READ,WRITE,EXEC,CREATE,ADMIN] hbase(main):001:0> exit (as user1) > hbase shell hbase(main):001:0> whoami user1 (auth:SIMPLE)     groups: user1, admin hbase(main):001:0> user_permission User                  Namespace,Table,Family,Qualifier:Permission ERROR: org.apache.hadoop.hbase.security.AccessDeniedException: Insufficient permissions for user 'user1' (global, action=ADMIN)         at org.apache.hadoop.hbase.security.access.AccessController.requireGlobalPermission(AccessController.java:546)         at org.apache.hadoop.hbase.security.access.AccessController.requirePermission(AccessController.java:522)         at org.apache.hadoop.hbase.security.access.AccessController.getUserPermissions(AccessController.java:2335)         at org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos$AccessControlService$1.getUserPermissions(AccessControlProtos.java:9949)         at org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos$AccessControlService.callMethod(AccessControlProtos.java:10107)         at org.apache.hadoop.hbase.regionserver.HRegion.execService(HRegion.java:7996)         at org.apache.hadoop.hbase.regionserver.RSRpcServices.execServiceOnRegion(RSRpcServices.java:1986)         at org.apache.hadoop.hbase.regionserver.RSRpcServices.execService(RSRpcServices.java:1968)         at org.apache.hadoop.hbase.protobuf.generated.ClientProtos$ClientService$2.callBlockingMethod(ClientProtos.java:33652)         at org.apache.hadoop.hbase.ipc.RpcServer.call(RpcServer.java:2191)         at org.apache.hadoop.hbase.ipc.CallRunner.run(CallRunner.java:112)         at org.apache.hadoop.hbase.ipc.RpcExecutor$Handler.run(RpcExecutor.java:183)         at org.apache.hadoop.hbase.ipc.RpcExecutor$Handler.run(RpcExecutor.java:163)     ... View more
Labels:
Contact Me
Online
Offline
Last Visited
‎12-05-2018 06:19 PM
Public Statistics
Date Registered ‎08-22-2018 04:37 PM
Last Visited ‎12-05-2018 06:19 PM
Total Messages Posted 2