Okay, so I deactivate the hbase plugin, and then I reactivated it.
And now it works.
I can only imagine there was a problem somewhere the first time I perform
this operation
On Thu, May 19, 2016 at 11:16 AM, Lune Silver <lunescar.ran...@gmail.com>
wrote:
> Hello everyone.
>
> I configured the hbase plugin with SSL this morning and I have a problem
> with a permission while I shouldn't have any permission problem.
>
> The hbase plugin is enabled.
> I can see in the policy cache the following policy for my user
> rangerlookup :
> ###
> "resources": {
> "column": {
> "values": [
> "*"
> ],
> "isExcludes": false,
> "isRecursive": false
> },
> "column-family": {
> "values": [
> "*"
> ],
> "isExcludes": false,
> "isRecursive": false
> },
> "table": {
> "values": [
> "*"
> ],
> "isExcludes": false,
> "isRecursive": false
> }
> },
>
> ###
>
> ###
> {
> "accesses": [
> {
> "type": "read",
> "isAllowed": true
> }
> ],
> "users": [
> "rangerlookup"
> ],
> "groups": [],
> "conditions": [],
> "delegateAdmin": false
> },
>
> ###
>
> I created a table and I put data in it with the hbase user (the superadmin
> of hbase)
> ###
> echo "create 'test','cf1'" | hbase shell
> echo "put 'test','1', 'cf1', 'personal data'" | hbase shell
> ###
>
> Then I use the rangeruser to scan the table :
> ###
> echo "scan 'test'" | hbase shell
> ###
>
> And I got the following error message :
> ###
> scan 'test'
> ROW COLUMN+CELL
>
> ERROR: org.apache.hadoop.hbase.security.AccessDeniedException:
> Insufficient permissions for user ârangerlookup@<KERBEROS-REALM>',action:
> scannerOpen, tableName:test, family:cf1.
> ###
>
> Furthermore, I can see in the ranger audit UI the permission denied if I
> try to create a table with mthe user rangerlookup.
>
> But I don't see in the ranger audit UI the permission denied when I try to
> scan this table.
>
> Is it normal ?
>
> Should I give more permissions in order to scan table in hbase than read ?
>
> BR.
>
> Lune
>
