Have you polled Ranger community with this question ? http://ranger.apache.org/mail-lists.html
Cheers On Fri, Dec 18, 2015 at 9:04 AM, Chris Gent < [email protected]> wrote: > Hi, > > We have a webservice that performs reads/writes on HBase tables and have a > requirement to authorize and audit table/column family access using Ranger. > > I've configured the reads/writes to be performed under doAs to try to make > this happen but the requests end up being authorized and audit logged as > the service user rather than the requestor. > > > A snippet of the application code looks like this (doAsUser is the end > user's username): > > > UserGroupInformation ugi = UserGroupInformation.createProxyUser(doAsUser, > UserGroupInformation.getLoginUser()); > > try { > ugi.doAs(new PriviledgedExceptionAction<Void>() { > @Override > public Void run() throws Exception { > LOGGER.info("HBase put as user " + ugi.getShortUserName()); > table.put(put); > return null; > } > }); > > > Has anyone got experience with the HBase Ranger plugin and/or come across > this problem before and know the best way to solve it? > > For reference this is all running with HDP 2.3.2. > > Thanks in advance! > > -- > Chris > > -- > > > *NOTICE AND DISCLAIMER* > > This email (including attachments) is confidential. If you are not the > intended recipient, notify the sender immediately, delete this email from > your system and do not disclose or use for any purpose. > > Business Address: Eagle House, 163 City Road, London, EC1V 1NR. United > Kingdom > Registered Office: Finsgate, 5-7 Cranwood Street, London, EC1V 9EE. United > Kingdom > Big Data Partnership Limited is a company registered in England & Wales > with Company No 7904824 >
