Hello everyone.
I configured the hbase plugin with SSL this morning and I have a problem
with a permission while I shouldn't have any permission problem.
The hbase plugin is enabled.
I can see in the policy cache the following policy for my user rangerlookup
:
###
"resources": {
"column": {
"values": [
"*"
],
"isExcludes": false,
"isRecursive": false
},
"column-family": {
"values": [
"*"
],
"isExcludes": false,
"isRecursive": false
},
"table": {
"values": [
"*"
],
"isExcludes": false,
"isRecursive": false
}
},
###
###
{
"accesses": [
{
"type": "read",
"isAllowed": true
}
],
"users": [
"rangerlookup"
],
"groups": [],
"conditions": [],
"delegateAdmin": false
},
###
I created a table and I put data in it with the hbase user (the superadmin
of hbase)
###
echo "create 'test','cf1'" | hbase shell
echo "put 'test','1', 'cf1', 'personal data'" | hbase shell
###
Then I use the rangeruser to scan the table :
###
echo "scan 'test'" | hbase shell
###
And I got the following error message :
###
scan 'test'
ROW COLUMN+CELL
ERROR: org.apache.hadoop.hbase.security.AccessDeniedException: Insufficient
permissions for user ârangerlookup@<KERBEROS-REALM>',action: scannerOpen,
tableName:test, family:cf1.
###
Furthermore, I can see in the ranger audit UI the permission denied if I
try to create a table with mthe user rangerlookup.
But I don't see in the ranger audit UI the permission denied when I try to
scan this table.
Is it normal ?
Should I give more permissions in order to scan table in hbase than read ?
BR.
Lune
