[jira] [Created] (PHOENIX-3580) Phoenix user rights issues

Mon, 09 Jan 2017 04:20:07 -0800 

wuwanru created PHOENIX-3580:
--------------------------------

             Summary: Phoenix user rights issues
                 Key: PHOENIX-3580
                 URL: https://issues.apache.org/jira/browse/PHOENIX-3580
             Project: Phoenix
          Issue Type: Bug
    Affects Versions: 4.8.2
         Environment: Hortonworks 2.3.4;
hbase 1.1.2
spark 1.5.2
phoenix 4.8.2
centos 6.5
3 nodes(Cpu:2 cores,memory 16G)
            Reporter: wuwanru
             Fix For: 4.8.2


I have modified the ‘phoenix.schema.isNamespaceMappingEnabled’ property to 
true,restart hbase, used hbase user to create a schema A in phoenix sqlline 
,used hbase user to give the user A [RWXCA] permissions for the namespace A 
,then I have used user A to use sqline to enter in the Phoenix Shell, I got the 
error: Setting property: [incremental, false] Setting property: [isolation, 
TRANSACTION_READ_COMMITTED] issuing: !connect jdbc:phoenix:localhost none none 
org.apache.phoenix.jdbc.PhoenixDriver Connecting to jdbc:phoenix:localhost 
SLF4J: Class path contains multiple SLF4J bindings. SLF4J: Found binding in 
[jar:file:/usr/hdp/2.3.4.0-3485/phoenix/phoenix-4.8.2-HBase-1.1-client.jar!/org/slf4j/impl/StaticLoggerBinder.class]
 SLF4J: Found binding in 
[jar:file:/usr/hdp/2.3.4.0-3485/hadoop/lib/slf4j-log4j12-1.7.10.jar!/org/slf4j/impl/StaticLoggerBinder.class]
 SLF4J: See http://www.slf4j.org/codes.html#multiple_bindings for an 
explanation. 16/12/23 00:28:32 WARN util.NativeCodeLoader: Unable to load 
native-hadoop library for your platform... using builtin-java classes where 
applicable 16/12/23 00:28:34 WARN shortcircuit.DomainSocketFactory: The 
short-circuit local reads feature cannot be used because libhadoop cannot be 
loaded. Error: org.apache.hadoop.hbase.security.AccessDeniedException: 
Insufficient permissions (user=wwr, scope=SYSTEM, 
params=[namespace=SYSTEM],action=ADMIN) at 
org.apache.hadoop.hbase.security.access.AccessController.requireNamespacePermission(AccessController.java:588)
 at 
org.apache.hadoop.hbase.security.access.AccessController.preGetNamespaceDescriptor(AccessController.java:1321)
 at 
org.apache.hadoop.hbase.master.MasterCoprocessorHost$7.call(MasterCoprocessorHost.java:167)
 at 
org.apache.hadoop.hbase.master.MasterCoprocessorHost.execOperation(MasterCoprocessorHost.java:1095)
 at 
org.apache.hadoop.hbase.master.MasterCoprocessorHost.preGetNamespaceDescriptor(MasterCoprocessorHost.java:163)
 at 
org.apache.hadoop.hbase.master.HMaster.getNamespaceDescriptor(HMaster.java:2535)
 at 
org.apache.hadoop.hbase.master.MasterRpcServices.getNamespaceDescriptor(MasterRpcServices.java:799)
 at 
org.apache.hadoop.hbase.protobuf.generated.MasterProtos$MasterService$2.callBlockingMethod(MasterProtos.java:51147)
 at org.apache.hadoop.hbase.ipc.RpcServer.call(RpcServer.java:2114) at 
org.apache.hadoop.hbase.ipc.CallRunner.run(CallRunner.java:101) at 
org.apache.hadoop.hbase.ipc.RpcExecutor.consumerLoop(RpcExecutor.java:130) at 
org.apache.hadoop.hbase.ipc.RpcExecutor$1.run(RpcExecutor.java:107) at 
java.lang.Thread.run(Thread.java:745) (state=08000,code=101) 
org.apache.phoenix.exception.PhoenixIOException: 
org.apache.hadoop.hbase.security.AccessDeniedException: Insufficient 
permissions (user=wwr, scope=SYSTEM, params=[namespace=SYSTEM],action=ADMIN) at 
org.apache.hadoop.hbase.security.access.AccessController.requireNamespacePermission(AccessController.java:588)
 at 
org.apache.hadoop.hbase.security.access.AccessController.preGetNamespaceDescriptor(AccessController.java:1321)
 at 
org.apache.hadoop.hbase.master.MasterCoprocessorHost$7.call(MasterCoprocessorHost.java:167)
 at 
org.apache.hadoop.hbase.master.MasterCoprocessorHost.execOperation(MasterCoprocessorHost.java:1095)
 at 
org.apache.hadoop.hbase.master.MasterCoprocessorHost.preGetNamespaceDescriptor(MasterCoprocessorHost.java:163)
 at 
org.apache.hadoop.hbase.master.HMaster.getNamespaceDescriptor(HMaster.java:2535)
 at 
org.apache.hadoop.hbase.master.MasterRpcServices.getNamespaceDescriptor(MasterRpcServices.java:799)
 at 
org.apache.hadoop.hbase.protobuf.generated.MasterProtos$MasterService$2.callBlockingMethod(MasterProtos.java:51147)
 at org.apache.hadoop.hbase.ipc.RpcServer.call(RpcServer.java:2114) at 
org.apache.hadoop.hbase.ipc.CallRunner.run(CallRunner.java:101) at 
org.apache.hadoop.hbase.ipc.RpcExecutor.consumerLoop(RpcExecutor.java:130) at 
org.apache.hadoop.hbase.ipc.RpcExecutor$1.run(RpcExecutor.java:107) at 
java.lang.Thread.run(Thread.java:745) at 
org.apache.phoenix.util.ServerUtil.parseServerException(ServerUtil.java:113) at 
org.apache.phoenix.query.ConnectionQueryServicesImpl.ensureNamespaceCreated(ConnectionQueryServicesImpl.java:992)
 at 
org.apache.phoenix.query.ConnectionQueryServicesImpl.access$1800(ConnectionQueryServicesImpl.java:222)
 at 
org.apache.phoenix.query.ConnectionQueryServicesImpl$13.ensureSystemTablesUpgraded(ConnectionQueryServicesImpl.java:2735)
 at 
org.apache.phoenix.query.ConnectionQueryServicesImpl$13.call(ConnectionQueryServicesImpl.java:2341)
 at 
org.apache.phoenix.query.ConnectionQueryServicesImpl$13.call(ConnectionQueryServicesImpl.java:2291)
 at 
org.apache.phoenix.util.PhoenixContextExecutor.call(PhoenixContextExecutor.java:76)
 at 
org.apache.phoenix.query.ConnectionQueryServicesImpl.init(ConnectionQueryServicesImpl.java:2291)
 at 
org.apache.phoenix.jdbc.PhoenixDriver.getConnectionQueryServices(PhoenixDriver.java:232)
 at 
org.apache.phoenix.jdbc.PhoenixEmbeddedDriver.createConnection(PhoenixEmbeddedDriver.java:147)
 at org.apache.phoenix.jdbc.PhoenixDriver.connect(PhoenixDriver.java:202) at 
sqlline.DatabaseConnection.connect(DatabaseConnection.java:157) at 
sqlline.DatabaseConnection.getConnection(DatabaseConnection.java:203) at 
sqlline.Commands.connect(Commands.java:1064) at 
sqlline.Commands.connect(Commands.java:996) at 
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) 
at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
 at java.lang.reflect.Method.invoke(Method.java:606) at 
sqlline.ReflectiveCommandHandler.execute(ReflectiveCommandHandler.java:36) at 
sqlline.SqlLine.dispatch(SqlLine.java:803) at 
sqlline.SqlLine.initArgs(SqlLine.java:588) at 
sqlline.SqlLine.begin(SqlLine.java:656) at 
sqlline.SqlLine.start(SqlLine.java:398) at 
sqlline.SqlLine.main(SqlLine.java:292) Caused by: 
org.apache.hadoop.hbase.security.AccessDeniedException: 
org.apache.hadoop.hbase.security.AccessDeniedException: Insufficient 
permissions (user=wwr, scope=SYSTEM, params=[namespace=SYSTEM],action=ADMIN) at 
org.apache.hadoop.hbase.security.access.AccessController.requireNamespacePermission(AccessController.java:588)
 at 
org.apache.hadoop.hbase.security.access.AccessController.preGetNamespaceDescriptor(AccessController.java:1321)
 at 
org.apache.hadoop.hbase.master.MasterCoprocessorHost$7.call(MasterCoprocessorHost.java:167)
 at 
org.apache.hadoop.hbase.master.MasterCoprocessorHost.execOperation(MasterCoprocessorHost.java:1095)
 at 
org.apache.hadoop.hbase.master.MasterCoprocessorHost.preGetNamespaceDescriptor(MasterCoprocessorHost.java:163)
 at 
org.apache.hadoop.hbase.master.HMaster.getNamespaceDescriptor(HMaster.java:2535)
 at 
org.apache.hadoop.hbase.master.MasterRpcServices.getNamespaceDescriptor(MasterRpcServices.java:799)
 at 
org.apache.hadoop.hbase.protobuf.generated.MasterProtos$MasterService$2.callBlockingMethod(MasterProtos.java:51147)
 at org.apache.hadoop.hbase.ipc.RpcServer.call(RpcServer.java:2114) at 
org.apache.hadoop.hbase.ipc.CallRunner.run(CallRunner.java:101) at 
org.apache.hadoop.hbase.ipc.RpcExecutor.consumerLoop(RpcExecutor.java:130) at 
org.apache.hadoop.hbase.ipc.RpcExecutor$1.run(RpcExecutor.java:107) at 
java.lang.Thread.run(Thread.java:745) at 
sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at 
sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
 at 
sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
 at java.lang.reflect.Constructor.newInstance(Constructor.java:526) at 
org.apache.hadoop.ipc.RemoteException.instantiateException(RemoteException.java:106)
 at 
org.apache.hadoop.ipc.RemoteException.unwrapRemoteException(RemoteException.java:95)
 at 
org.apache.hadoop.hbase.client.RpcRetryingCaller.translateException(RpcRetryingCaller.java:226)
 at 
org.apache.hadoop.hbase.client.RpcRetryingCaller.translateException(RpcRetryingCaller.java:240)
 at 
org.apache.hadoop.hbase.client.RpcRetryingCaller.callWithRetries(RpcRetryingCaller.java:140)
 at 
org.apache.hadoop.hbase.client.HBaseAdmin.executeCallable(HBaseAdmin.java:4036) 
at 
org.apache.hadoop.hbase.client.HBaseAdmin.getNamespaceDescriptor(HBaseAdmin.java:2797)
 at 
org.apache.phoenix.query.ConnectionQueryServicesImpl.ensureNamespaceCreated(ConnectionQueryServicesImpl.java:982)
 ... 23 more Caused by: 
org.apache.hadoop.hbase.ipc.RemoteWithExtrasException(org.apache.hadoop.hbase.security.AccessDeniedException):
 org.apache.hadoop.hbase.security.AccessDeniedException: Insufficient 
permissions (user=wwr, scope=SYSTEM, params=[namespace=SYSTEM],action=ADMIN) at 
org.apache.hadoop.hbase.security.access.AccessController.requireNamespacePermission(AccessController.java:588)
 at 
org.apache.hadoop.hbase.security.access.AccessController.preGetNamespaceDescriptor(AccessController.java:1321)
 at 
org.apache.hadoop.hbase.master.MasterCoprocessorHost$7.call(MasterCoprocessorHost.java:167)
 at 
org.apache.hadoop.hbase.master.MasterCoprocessorHost.execOperation(MasterCoprocessorHost.java:1095)
 at 
org.apache.hadoop.hbase.master.MasterCoprocessorHost.preGetNamespaceDescriptor(MasterCoprocessorHost.java:163)
 at 
org.apache.hadoop.hbase.master.HMaster.getNamespaceDescriptor(HMaster.java:2535)
 at 
org.apache.hadoop.hbase.master.MasterRpcServices.getNamespaceDescriptor(MasterRpcServices.java:799)
 at 
org.apache.hadoop.hbase.protobuf.generated.MasterProtos$MasterService$2.callBlockingMethod(MasterProtos.java:51147)
 at org.apache.hadoop.hbase.ipc.RpcServer.call(RpcServer.java:2114) at 
org.apache.hadoop.hbase.ipc.CallRunner.run(CallRunner.java:101) at 
org.apache.hadoop.hbase.ipc.RpcExecutor.consumerLoop(RpcExecutor.java:130) at 
org.apache.hadoop.hbase.ipc.RpcExecutor$1.run(RpcExecutor.java:107) at 
java.lang.Thread.run(Thread.java:745) at 
org.apache.hadoop.hbase.ipc.RpcClientImpl.call(RpcClientImpl.java:1235) at 
org.apache.hadoop.hbase.ipc.AbstractRpcClient.callBlockingMethod(AbstractRpcClient.java:217)
 at 
org.apache.hadoop.hbase.ipc.AbstractRpcClient$BlockingRpcChannelImplementation.callBlockingMethod(AbstractRpcClient.java:318)
 at 
org.apache.hadoop.hbase.protobuf.generated.MasterProtos$MasterService$BlockingStub.getNamespaceDescriptor(MasterProtos.java:55137)
 at 
org.apache.hadoop.hbase.client.ConnectionManager$HConnectionImplementation$4.getNamespaceDescriptor(ConnectionManager.java:1964)
 at org.apache.hadoop.hbase.client.HBaseAdmin$33.call(HBaseAdmin.java:2801) at 
org.apache.hadoop.hbase.client.HBaseAdmin$33.call(HBaseAdmin.java:2798) at 
org.apache.hadoop.hbase.client.RpcRetryingCaller.callWithRetries(RpcRetryingCaller.java:126)
 ... 26 more then I have used hbase user to give the user A [RWA] permissions 
for the namespace SYSTEM, then I have used user A to use sqline to enter in the 
Phoenix Shell, I can query and modify unauthorized schema and data tables



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to