hbase-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ted Yu <yuzhih...@gmail.com>
Subject Re: doAs with HBase Java API and Apache Ranger
Date Fri, 18 Dec 2015 17:37:34 GMT
I talked with a Ranger developer who has read the thread on Ranger mailing
list.

Setting up proxy may require certain steps.

I suggest responding to Bosco's question on the Ranger mailing list (by
providing related server log, e.g.) - Ranger developers have knowledge
about HBase.

Cheers

On Fri, Dec 18, 2015 at 9:24 AM, Chris Gent <
chris.gent@bigdatapartnership.com> wrote:

> Hey Ted,
>
> Yeah - they suggested asking over here :-)
>
> I think the question is where the user context is set/comes from when using
> the HBase API. It was suggested that it comes when the Table object gets
> created? Or is it right back when the connection is established?
>
> --
> Chris
>
>
>
> On 18 December 2015 at 17:18, Ted Yu <yuzhihong@gmail.com> wrote:
>
> > Have you polled Ranger community with this question ?
> >
> > http://ranger.apache.org/mail-lists.html
> >
> > Cheers
> >
> > On Fri, Dec 18, 2015 at 9:04 AM, Chris Gent <
> > chris.gent@bigdatapartnership.com> wrote:
> >
> > > Hi,
> > >
> > > We have a webservice that performs reads/writes on HBase tables and
> have
> > a
> > > requirement to authorize and audit table/column family access using
> > Ranger.
> > >
> > > I've configured the reads/writes to be performed under doAs to try to
> > make
> > > this happen but the requests end up being authorized and audit logged
> as
> > > the service user rather than the requestor.
> > >
> > >
> > > A snippet of the application code looks like this (doAsUser is the end
> > > user's username):
> > >
> > >
> > > UserGroupInformation ugi =
> UserGroupInformation.createProxyUser(doAsUser,
> > > UserGroupInformation.getLoginUser());
> > >
> > > try {
> > >       ugi.doAs(new PriviledgedExceptionAction<Void>() {
> > >           @Override
> > >           public Void run() throws Exception {
> > >                 LOGGER.info("HBase put as user " +
> > ugi.getShortUserName());
> > >                 table.put(put);
> > >                 return null;
> > >           }
> > >     });
> > >
> > >
> > > Has anyone got experience with the HBase Ranger plugin and/or come
> across
> > > this problem before and know the best way to solve it?
> > >
> > > For reference this is all running with HDP 2.3.2.
> > >
> > > Thanks in advance!
> > >
> > > --
> > > Chris
> > >
> > > --
> > >
> > >
> > > *NOTICE AND DISCLAIMER*
> > >
> > > This email (including attachments) is confidential. If you are not the
> > > intended recipient, notify the sender immediately, delete this email
> from
> > > your system and do not disclose or use for any purpose.
> > >
> > > Business Address: Eagle House, 163 City Road, London, EC1V 1NR. United
> > > Kingdom
> > > Registered Office: Finsgate, 5-7 Cranwood Street, London, EC1V 9EE.
> > United
> > > Kingdom
> > > Big Data Partnership Limited is a company registered in England & Wales
> > > with Company No 7904824
> > >
> >
>
>
>
> --
> *Christopher Gent*
>
> *Managing Consultant*
> Big Data Partnership
> M: 07795 210205
> E: chris.gent@bigdatapartnership.com
>
> *NOTICE AND DISCLAIMER*
>
> This email (including attachments) is confidential. If you are not the
> intended recipient, notify the sender immediately, delete this email from
> your system and do not disclose or use for any purpose.
>
> Business Address: Eagle House, 163 City Road, London, EC1V 1NR. United
> Kingdom
> Registered Office: Finsgate, 5-7 Cranwood Street, London, EC1V 9EE. United
> Kingdom
> Big Data Partnership Limited is a company registered in England & Wales
> with Company No 7904824
>
> --
>
>
> *NOTICE AND DISCLAIMER*
>
> This email (including attachments) is confidential. If you are not the
> intended recipient, notify the sender immediately, delete this email from
> your system and do not disclose or use for any purpose.
>
> Business Address: Eagle House, 163 City Road, London, EC1V 1NR. United
> Kingdom
> Registered Office: Finsgate, 5-7 Cranwood Street, London, EC1V 9EE. United
> Kingdom
> Big Data Partnership Limited is a company registered in England & Wales
> with Company No 7904824
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message