Cloudera Community
damonj74
user rank
Explorer

Re: After creating an encryption zone for HBase, I...

by Explorer in Support Questions
‎03-08-2017 03:57 AM
‎03-08-2017 03:57 AM
Understood, thanks. I guess I was confusing authorization with information hiding. Authorization still needs to be put in place on HBase to completely block unauthorized user access to data if the hbase user has access at the HDFS level. ... View more

After creating an encryption zone for HBase, I can...

by Explorer in Support Questions
‎03-07-2017 05:22 AM
1 Kudo
‎03-07-2017 05:22 AM
1 Kudo
I am currently in the process of trying to encrypt data in HBase by creating an HDFS encryption zone for the /apps/hbase directory as stated here: https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.4.0/bk_Security_Guide/content/hbase-with-hdfs-encr.html I was able to successfully make the zone and I can access files in it (via HDFS) with my designated user "hbase", which I added a policy for in Ranger. However, if I create a random user "myuser" and access the hbase tables via hbase shell, I can see all of the data. If I try to access the data via HDFS I cannot access the files. Why can the user without access to the encrypted key see the data (unencrypted) in HBase via hbase shell? Thanks. HDP 2.4 ... View more
Contact Me
Online
Offline
Last Visited
‎04-23-2018 10:26 PM
Community Statistics
Member Since ‎03-07-2017 05:08 AM
Last Visited ‎04-23-2018 10:26 PM
Posts 8
Kudos received 2