I talked with a Ranger developer who has read the thread on Ranger mailing list.
Setting up proxy may require certain steps. I suggest responding to Bosco's question on the Ranger mailing list (by providing related server log, e.g.) - Ranger developers have knowledge about HBase. Cheers On Fri, Dec 18, 2015 at 9:24 AM, Chris Gent < [email protected]> wrote: > Hey Ted, > > Yeah - they suggested asking over here :-) > > I think the question is where the user context is set/comes from when using > the HBase API. It was suggested that it comes when the Table object gets > created? Or is it right back when the connection is established? > > -- > Chris > > > > On 18 December 2015 at 17:18, Ted Yu <[email protected]> wrote: > > > Have you polled Ranger community with this question ? > > > > http://ranger.apache.org/mail-lists.html > > > > Cheers > > > > On Fri, Dec 18, 2015 at 9:04 AM, Chris Gent < > > [email protected]> wrote: > > > > > Hi, > > > > > > We have a webservice that performs reads/writes on HBase tables and > have > > a > > > requirement to authorize and audit table/column family access using > > Ranger. > > > > > > I've configured the reads/writes to be performed under doAs to try to > > make > > > this happen but the requests end up being authorized and audit logged > as > > > the service user rather than the requestor. > > > > > > > > > A snippet of the application code looks like this (doAsUser is the end > > > user's username): > > > > > > > > > UserGroupInformation ugi = > UserGroupInformation.createProxyUser(doAsUser, > > > UserGroupInformation.getLoginUser()); > > > > > > try { > > > ugi.doAs(new PriviledgedExceptionAction<Void>() { > > > @Override > > > public Void run() throws Exception { > > > LOGGER.info("HBase put as user " + > > ugi.getShortUserName()); > > > table.put(put); > > > return null; > > > } > > > }); > > > > > > > > > Has anyone got experience with the HBase Ranger plugin and/or come > across > > > this problem before and know the best way to solve it? > > > > > > For reference this is all running with HDP 2.3.2. > > > > > > Thanks in advance! > > > > > > -- > > > Chris > > > > > > -- > > > > > > > > > *NOTICE AND DISCLAIMER* > > > > > > This email (including attachments) is confidential. If you are not the > > > intended recipient, notify the sender immediately, delete this email > from > > > your system and do not disclose or use for any purpose. > > > > > > Business Address: Eagle House, 163 City Road, London, EC1V 1NR. United > > > Kingdom > > > Registered Office: Finsgate, 5-7 Cranwood Street, London, EC1V 9EE. > > United > > > Kingdom > > > Big Data Partnership Limited is a company registered in England & Wales > > > with Company No 7904824 > > > > > > > > > -- > *Christopher Gent* > > *Managing Consultant* > Big Data Partnership > M: 07795 210205 > E: [email protected] > > *NOTICE AND DISCLAIMER* > > This email (including attachments) is confidential. If you are not the > intended recipient, notify the sender immediately, delete this email from > your system and do not disclose or use for any purpose. > > Business Address: Eagle House, 163 City Road, London, EC1V 1NR. United > Kingdom > Registered Office: Finsgate, 5-7 Cranwood Street, London, EC1V 9EE. United > Kingdom > Big Data Partnership Limited is a company registered in England & Wales > with Company No 7904824 > > -- > > > *NOTICE AND DISCLAIMER* > > This email (including attachments) is confidential. If you are not the > intended recipient, notify the sender immediately, delete this email from > your system and do not disclose or use for any purpose. > > Business Address: Eagle House, 163 City Road, London, EC1V 1NR. United > Kingdom > Registered Office: Finsgate, 5-7 Cranwood Street, London, EC1V 9EE. United > Kingdom > Big Data Partnership Limited is a company registered in England & Wales > with Company No 7904824 >
