Re: Hbase policy issue

[Madhan Neethiraj]

Aneela,

Was the earlier issue with HBase authorization resolved now? This exception 
should not impact the authorization.

Thanks,
Madhan

From:  Aneela Saleem <ane...@platalytics.com>
Reply-To:  "user@ranger.incubator.apache.org" <user@ranger.incubator.apache.org>
Date:  Saturday, December 5, 2015 at 9:28 AM
To:  "user@ranger.incubator.apache.org" <user@ranger.incubator.apache.org>
Subject:  Re: Hbase policy issue

Hi Madhan! 

I reinstallled hbase plugin and checked the logs. Now the exception changed to 
following

2015-12-05 22:25:42,251 FATAL [org.apache.ranger.audit.queue.AuditBatchQueue0] 
destination.SolrAuditDestination: Can't connect to Solr server. 
URL=[http://192.168.23.126:6083/solr/ranger_audits]
java.lang.NoSuchFieldError: DEF_CONTENT_CHARSET
        at 
org.apache.http.impl.client.DefaultHttpClient.setDefaultHttpParams(DefaultHttpClient.java:175)
        at 
org.apache.http.impl.client.DefaultHttpClient.createHttpParams(DefaultHttpClient.java:158)
        at 
org.apache.http.impl.client.AbstractHttpClient.getParams(AbstractHttpClient.java:448)
        at 
org.apache.solr.client.solrj.impl.HttpClientUtil.setConnectionTimeout(HttpClientUtil.java:267)
        at 
org.apache.solr.client.solrj.impl.LBHttpSolrClient.setConnectionTimeout(LBHttpSolrClient.java:460)
        at 
org.apache.ranger.audit.destination.SolrAuditDestination.connect(SolrAuditDestination.java:116)
        at 
org.apache.ranger.audit.destination.SolrAuditDestination.log(SolrAuditDestination.java:138)
        at 
org.apache.ranger.audit.queue.AuditBatchQueue.runDoAs(AuditBatchQueue.java:320)
        at 
org.apache.ranger.audit.queue.AuditBatchQueue$1.run(AuditBatchQueue.java:217)
        at 
org.apache.ranger.audit.queue.AuditBatchQueue$1.run(AuditBatchQueue.java:215)
        at java.security.AccessController.doPrivileged(Native Method)
        at javax.security.auth.Subject.doAs(Subject.java:356)
        at 
org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1594)
        at 
org.apache.ranger.audit.queue.AuditBatchQueue.run(AuditBatchQueue.java:223)
        at java.lang.Thread.run(Thread.java:745)




On Sat, Dec 5, 2015 at 9:58 PM, Hafiz Mujadid <hafizmujadi...@gmail.com> wrote:
hi Madhan! 

I have compiled ranger master branch code. Both the hbase and hbase-admin have 
same versions. I have hbase version 1.1.2.

Thanks

On Sat, Dec 5, 2015 at 9:20 PM, Madhan Neethiraj <mad...@apache.org> wrote:
Aneela,

It looks like the Ranger HBase plugin used in this environment is from an 
earlier version than the Ranger Admin. Can you please send the version details 
to troubleshoot this further?

While we look at fixing the issue in the code, you should be able to continue 
by using Ranger HBase plugin from the same version as Ranger Admin.

Thanks,
Madhan

From: Aneela Saleem <ane...@platalytics.com>
Reply-To: "user@ranger.incubator.apache.org" <user@ranger.incubator.apache.org>
Date: Saturday, December 5, 2015 at 7:43 AM
To: "user@ranger.incubator.apache.org" <user@ranger.incubator.apache.org>
Subject: Hbase policy issue

Hi! 

I have made a policy on hbase table emp with column family f1 and column name.
I gave mike user the permission of read and  roger have all permissions.

But when i scan table using user mike or roger even. It does not allow
ERROR: org.apache.hadoop.hbase.security.AccessDeniedException: Insufficient 
permissions for user ‘roger',action: scannerOpen, tableName:emp, family:f1

No audits are being shown and hbase logs have following exception

2015-12-05 20:42:32,976 ERROR [Thread-75] util.PolicyRefresher: 
PolicyRefresher(serviceName=hbasedev): failed to refresh policies. Will 
continue to use last known version of policies (-1)
com.sun.jersey.api.client.ClientHandlerException: 
org.codehaus.jackson.map.exc.UnrecognizedPropertyException: Unrecognized field 
"isEnabled" (Class 
org.apache.ranger.plugin.model.RangerPolicy$RangerPolicyItem), not marked as 
ignorable
 at [Source: 
sun.net.www.protocol.http.HttpURLConnection$HttpInputStream@28826668; line: 1, 
column: 938] (through reference chain: 
org.apache.ranger.plugin.util.ServicePolicies["policies"]->org.apache.ranger.plugin.model.RangerPolicy["policyItems"]->org.apache.ranger.plugin.model.RangerPolicyItem["isEnabled"])
        at 
com.sun.jersey.api.client.ClientResponse.getEntity(ClientResponse.java:563)
        at 
com.sun.jersey.api.client.ClientResponse.getEntity(ClientResponse.java:506)
        at 
org.apache.ranger.admin.client.RangerAdminRESTClient.getServicePoliciesIfUpdated(RangerAdminRESTClient.java:76)
        at 
org.apache.ranger.plugin.util.PolicyRefresher.loadPolicyfromPolicyAdmin(PolicyRefresher.java:205)
        at 
org.apache.ranger.plugin.util.PolicyRefresher.loadPolicy(PolicyRefresher.java:175)
        at 
org.apache.ranger.plugin.util.PolicyRefresher.run(PolicyRefresher.java:154)
Caused by: org.codehaus.jackson.map.exc.UnrecognizedPropertyException: 
Unrecognized field "isEnabled" (Class 
org.apache.ranger.plugin.model.RangerPolicy$RangerPolicyItem), not marked as 
ignorable
 at [Source: 
sun.net.www.protocol.http.HttpURLConnection$HttpInputStream@28826668; line: 1, 
column: 938] (through reference chain: 
org.apache.ranger.plugin.util.ServicePolicies["policies"]->org.apache.ranger.plugin.model.RangerPolicy["policyItems"]->org.apache.ranger.plugin.model.RangerPolicyItem["isEnabled"])
        at 
org.codehaus.jackson.map.exc.UnrecognizedPropertyException.from(UnrecognizedPropertyException.java:53)
        at 
org.codehaus.jackson.map.deser.StdDeserializationContext.unknownFieldException(StdDeserializationContext.java:267)
        at 
org.codehaus.jackson.map.deser.std.StdDeserializer.reportUnknownProperty(StdDeserializer.java:673)
        at 
org.codehaus.jackson.map.deser.std.StdDeserializer.handleUnknownProperty(StdDeserializer.java:659)
        at 
org.codehaus.jackson.map.deser.BeanDeserializer.handleUnknownProperty(BeanDeserializer.java:1365)
        at 
org.codehaus.jackson.map.deser.BeanDeserializer._handleUnknown(BeanDeserializer.java:725)
        at 
org.codehaus.jackson.map.deser.BeanDeserializer.deserializeFromObject(BeanDeserializer.java:703)
        at 
org.codehaus.jackson.map.deser.BeanDeserializer.deserialize(BeanDeserializer.java:580)
        at 
org.codehaus.jackson.map.deser.std.CollectionDeserializer.deserialize(CollectionDeserializer.java:217)
        at 
org.codehaus.jackson.map.deser.std.CollectionDeserializer.deserialize(CollectionDeserializer.java:194)
        at 
org.codehaus.jackson.map.deser.std.CollectionDeserializer.deserialize(CollectionDeserializer.java:30)
        at 
org.codehaus.jackson.map.deser.SettableBeanProperty.deserialize(SettableBeanProperty.java:299)
        at 
org.codehaus.jackson.map.deser.SettableBeanProperty$FieldProperty.deserializeAndSet(SettableBeanProperty.java:579)
        at 
org.codehaus.jackson.map.deser.BeanDeserializer.deserializeFromObject(BeanDeserializer.java:697)
        at 
org.codehaus.jackson.map.deser.BeanDeserializer.deserialize(BeanDeserializer.java:580)
        at 
org.codehaus.jackson.map.deser.std.CollectionDeserializer.deserialize(CollectionDeserializer.java:217)
        at 
org.codehaus.jackson.map.deser.std.CollectionDeserializer.deserialize(CollectionDeserializer.java:194)
        at 
org.codehaus.jackson.map.deser.std.CollectionDeserializer.deserialize(CollectionDeserializer.java:30)
        at 
org.codehaus.jackson.map.deser.SettableBeanProperty.deserialize(SettableBeanProperty.java:299)
        at 
org.codehaus.jackson.map.deser.SettableBeanProperty$FieldProperty.deserializeAndSet(SettableBeanProperty.java:579)
        at 
org.codehaus.jackson.map.deser.BeanDeserializer.deserializeFromObject(BeanDeserializer.java:697)
        at 
org.codehaus.jackson.map.deser.BeanDeserializer.deserialize(BeanDeserializer.java:580)
        at 
org.codehaus.jackson.map.ObjectMapper._readValue(ObjectMapper.java:2704)
        at 
org.codehaus.jackson.map.ObjectMapper.readValue(ObjectMapper.java:1315)
        at 
org.codehaus.jackson.jaxrs.JacksonJsonProvider.readFrom(JacksonJsonProvider.java:419)
        at 
com.sun.jersey.api.client.ClientResponse.getEntity(ClientResponse.java:553)
        ... 5 more
2015-12-05 20:42:32,977 WARN  [Thread-75] util.PolicyRefresher: cache file does 
not exist or not readble 
'/etc/ranger/hbasedev/policycache/hbaseRegional_hbasedev.json'



Thanks



-- 
Regards: HAFIZ MUJADID