From user-return-54943-archive-asf-public=cust-asf.ponee.io@hbase.apache.org Sat Feb 24 18:13:33 2018 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by mx-eu-01.ponee.io (Postfix) with SMTP id 8E9C7180656 for ; Sat, 24 Feb 2018 18:13:32 +0100 (CET) Received: (qmail 87164 invoked by uid 500); 24 Feb 2018 17:13:26 -0000 Mailing-List: contact user-help@hbase.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@hbase.apache.org Delivered-To: mailing list user@hbase.apache.org Received: (qmail 87144 invoked by uid 99); 24 Feb 2018 17:13:25 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd4-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 24 Feb 2018 17:13:25 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd4-us-west.apache.org (ASF Mail Server at spamd4-us-west.apache.org) with ESMTP id 3096FC00E8 for ; Sat, 24 Feb 2018 17:13:25 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd4-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 1.879 X-Spam-Level: * X-Spam-Status: No, score=1.879 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=2, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=disabled Authentication-Results: spamd4-us-west.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mx1-lw-eu.apache.org ([10.40.0.8]) by localhost (spamd4-us-west.apache.org [10.40.0.11]) (amavisd-new, port 10024) with ESMTP id 2JxDvnCGKmST for ; Sat, 24 Feb 2018 17:13:23 +0000 (UTC) Received: from mail-lf0-f51.google.com (mail-lf0-f51.google.com [209.85.215.51]) by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTPS id 593A35F19B for ; Sat, 24 Feb 2018 17:13:22 +0000 (UTC) Received: by mail-lf0-f51.google.com with SMTP id q69so16622445lfi.10 for ; Sat, 24 Feb 2018 09:13:22 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=JBIJtwAR49tpHOuWzHfnTlFLm7JPvsHyWVhxcLIxvcE=; b=pluE7SqqWJDdtixSXDszaVsafGuPKV6dn+6nkOJM4JRbu4ISmXqKhpMalF0GjMR6MA GTLWI1c4QlKQ2kXtK5xclzK8Iq4recZGAwzylBo/oPRWvBkbLQJJBJYdzy+/ugn6gJ5s p/1QUuV5i8bmvG/XlqxgukxxIvVz4H8KMw7wVQ2/wAcNJXAx2CWmDYdRl8vwWzMRxuhz ioFOeGSZhEUoWM9AYXqyscEzvp2gCvd9ci4dBLbma82o6jJkWXGtvG+BAR97dh2Q+Ndd xJxmcdEeROBB5f5+pdzl5LoLeRIcAngomp5quX4uVzH7/SZoqDXnEkqag+s3D4YumT1m M/Ig== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=JBIJtwAR49tpHOuWzHfnTlFLm7JPvsHyWVhxcLIxvcE=; b=hPphOc5uCS4U4Bn/fHJkd8uvH/BCer2jvzdd1G3s/aqg+EKrNlGPVRH9gVyGxxN2xD BZC237App8Muk6xnOPweihVzNsfvjX+d7T2nCQ/MOj2vrI4oI+NDzWqETXW1mbDWR4pD 2kf2SEZOqehM1uwt6bbuYEbgwsT7JiP3I5J1PGKfiSQPlOUuBpjMIu2i7/rvdUYl//2m Ly2nToQFY9RjQJhRUoJjmFxAHRVcQDc1zSzftuqndJ0fOnudCxGx5Oc+4e6nFwZIQMJ9 K/ZmoW0Y5PPul8Qve0+3slQwLOp6DdaUIZVquKcltLYJZbom+KVoQ2u4o24y99bLAF/6 A1KA== X-Gm-Message-State: APf1xPAIRyQlVFICD9GFuWaE/sbbygAZ4AIXRMYeqQIJ/9ZbyPKaXA0V RM2pnv+lUL9+DoMOnyPlxnEPi9nHvi3A8hJl4E5KCw== X-Google-Smtp-Source: AH8x227849fIT7Djs5JVCRhHWF0s7dV+g3CTZP39p5kLZOXQVYyUoDhX6brc9ItWbvcHepVttd/G1Ri/lOiBC0uWyFc= X-Received: by 10.46.87.2 with SMTP id l2mr3870098ljb.80.1519492395947; Sat, 24 Feb 2018 09:13:15 -0800 (PST) MIME-Version: 1.0 Received: by 10.25.207.206 with HTTP; Sat, 24 Feb 2018 09:12:35 -0800 (PST) In-Reply-To: References: From: Ted Yu Date: Sat, 24 Feb 2018 09:12:35 -0800 Message-ID: Subject: Re: New installation of HBase ignoring cell visibility (even though it's active) To: user@hbase.apache.org Content-Type: multipart/alternative; boundary="f403045f88c47fdd0a0565f864a2" --f403045f88c47fdd0a0565f864a2 Content-Type: text/plain; charset="UTF-8" bq. a warning message in the shell should be displayed if simple auth and cell visibility are in use together. Makes sense. Please log a JIRA. On Sat, Feb 24, 2018 at 9:06 AM, Mike Thomsen wrote: > Ted/Anoop, > > I realized what the problem was. When I installed HBase previously (and had > this working) it was on a Linux machine with a package that created the > hbase superuser and loaded the services with that. I was starting HBase on > the Mac my company just gave me and was using my user account. Ergo, I was > scanning as the superuser... > > Sorry about that. I'd suggest for newbs like me that a warning message in > the shell should be displayed if simple auth and cell visibility are in use > together. > > BTW, the reason I have been trying to get this work is that I'm working on > a patch for NiFi to integrate visibility label support. > > Thanks, > > Mike > > On Sat, Feb 24, 2018 at 10:51 AM, Ted Yu wrote: > > > I noted that SIMPLE_AUTHENTICATION was returned. > > Here is related code for getSecurityCapabilities(): > > > > if (User.isHBaseSecurityEnabled(master.getConfiguration())) { > > > > capabilities.add(SecurityCapabilitiesResponse.Capability. > > SECURE_AUTHENTICATION); > > > > } else { > > > > capabilities.add(SecurityCapabilitiesResponse.Capability. > > SIMPLE_AUTHENTICATION); > > > > } > > Did "hbase.security.authentication" have value of "kerberos" ? > > > > If it does, please pastebin your hbase-site.xml > > > > Thanks > > > > On Sat, Feb 24, 2018 at 4:59 AM, Mike Thomsen > > wrote: > > > > > (hbase-site.xml is attached) > > > > > > I reinstalled HBase on my development machine and the console shows > that > > > it's just ignoring the cell visibility settings even though it shows > > > they're active: > > > > > > hbase(main):001:0> list > > > TABLE > > > > > > > > > > > > 0 row(s) in 0.1630 seconds > > > > > > => [] > > > hbase(main):002:0> get_auths "michaelthomsen" > > > 0 row(s) in 10.1940 seconds > > > > > > hbase(main):003:0> add_labels ["U", "PII", "PHI"] > > > 0 row(s) in 0.1900 seconds > > > > > > hbase(main):004:0> set_auths "michaelthomsen", ["U", "PII", "PHI"] > > > 0 row(s) in 0.0500 seconds > > > > > > hbase(main):005:0> get_auths "michaelthomsen" > > > U > > > > > > > > > > > > PII > > > > > > > > > > > > PHI > > > > > > > > > > > > 0 row(s) in 0.0470 seconds > > > > > > hbase(main):006:0> create 'test', {NAME => 'prop' } > > > 0 row(s) in 1.2780 seconds > > > > > > => Hbase::Table - test > > > hbase(main):007:0> put "test", "user1", "prop:name", "John Smith" > > > 0 row(s) in 0.0500 seconds > > > > > > hbase(main):008:0> scan "test" > > > ROW > > > COLUMN+CELL > > > > > > > > > user1 column=prop:name, > > > timestamp=1519476818510, value=John Smith > > > > > > 1 row(s) in 0.0260 seconds > > > > > > hbase(main):009:0> set_visibility "test", "PII", { COLUMNS => "prop" } > > > 1 row(s) in 0.0130 seconds > > > > > > hbase(main):010:0> scan "test", { AUTHORIZATIONS => ["PHI", "U"] } > > > ROW > > > COLUMN+CELL > > > > > > > > > user1 column=prop:name, > > > timestamp=1519476818510, value=John Smith > > > > > > 1 row(s) in 0.0180 seconds > > > > > > hbase(main):011:0> list_security_capabilities > > > SIMPLE_AUTHENTICATION > > > CELL_VISIBILITY > > > > > > => ["SIMPLE_AUTHENTICATION", "CELL_VISIBILITY"] > > > hbase(main):012:0> scan "test", { AUTHORIZATIONS => [] } > > > ROW > > > COLUMN+CELL > > > > > > > > > user1 column=prop:name, > > > timestamp=1519476818510, value=John Smith > > > > > > 1 row(s) in 0.0060 seconds > > > > > > > > > I'm running this on a Mac w/out HDFS. It's HBase 1.3.1. This makes no > > > sense because it's allowing me to assign authorizations to my simple > auth > > > user, set_visibility runs successfully and it's reporting that cell > > > visibility is enabled. > > > > > > > > > --f403045f88c47fdd0a0565f864a2--