Hi,
We have a webservice that performs reads/writes on HBase tables and have a
requirement to authorize and audit table/column family access using Ranger.
I've configured the reads/writes to be performed under doAs to try to make
this happen but the requests end up being authorized and audit logged as
the service user rather than the requestor.
A snippet of the application code looks like this (doAsUser is the end
user's username):
UserGroupInformation ugi = UserGroupInformation.createProxyUser(doAsUser,
UserGroupInformation.getLoginUser());
try {
ugi.doAs(new PriviledgedExceptionAction<Void>() {
@Override
public Void run() throws Exception {
LOGGER.info("HBase put as user " + ugi.getShortUserName());
table.put(put);
return null;
}
});
Has anyone got experience with the HBase Ranger plugin and/or come across
this problem before and know the best way to solve it?
For reference this is all running with HDP 2.3.2.
Thanks in advance!
--
Chris
--
*NOTICE AND DISCLAIMER*
This email (including attachments) is confidential. If you are not the
intended recipient, notify the sender immediately, delete this email from
your system and do not disclose or use for any purpose.
Business Address: Eagle House, 163 City Road, London, EC1V 1NR. United
Kingdom
Registered Office: Finsgate, 5-7 Cranwood Street, London, EC1V 9EE. United
Kingdom
Big Data Partnership Limited is a company registered in England & Wales
with Company No 7904824
