hbase-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ted Yu <yuzhih...@gmail.com>
Subject Re: doAs with HBase Java API and Apache Ranger
Date Fri, 18 Dec 2015 17:18:19 GMT
Have you polled Ranger community with this question ?

http://ranger.apache.org/mail-lists.html

Cheers

On Fri, Dec 18, 2015 at 9:04 AM, Chris Gent <
chris.gent@bigdatapartnership.com> wrote:

> Hi,
>
> We have a webservice that performs reads/writes on HBase tables and have a
> requirement to authorize and audit table/column family access using Ranger.
>
> I've configured the reads/writes to be performed under doAs to try to make
> this happen but the requests end up being authorized and audit logged as
> the service user rather than the requestor.
>
>
> A snippet of the application code looks like this (doAsUser is the end
> user's username):
>
>
> UserGroupInformation ugi = UserGroupInformation.createProxyUser(doAsUser,
> UserGroupInformation.getLoginUser());
>
> try {
>       ugi.doAs(new PriviledgedExceptionAction<Void>() {
>           @Override
>           public Void run() throws Exception {
>                 LOGGER.info("HBase put as user " + ugi.getShortUserName());
>                 table.put(put);
>                 return null;
>           }
>     });
>
>
> Has anyone got experience with the HBase Ranger plugin and/or come across
> this problem before and know the best way to solve it?
>
> For reference this is all running with HDP 2.3.2.
>
> Thanks in advance!
>
> --
> Chris
>
> --
>
>
> *NOTICE AND DISCLAIMER*
>
> This email (including attachments) is confidential. If you are not the
> intended recipient, notify the sender immediately, delete this email from
> your system and do not disclose or use for any purpose.
>
> Business Address: Eagle House, 163 City Road, London, EC1V 1NR. United
> Kingdom
> Registered Office: Finsgate, 5-7 Cranwood Street, London, EC1V 9EE. United
> Kingdom
> Big Data Partnership Limited is a company registered in England & Wales
> with Company No 7904824
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message