Thanks for info !! Created jira for this at https://issues.apache.org/jira/browse/RANGER-202
On Fri, Dec 12, 2014 at 12:24 PM, Don Bosco Durai <[email protected]> wrote: > > Hi Hanish > > Glad it worked. We don’t support namespace yet. If you don’t mind, can you > create a JIRA for that? > > Thanks > > Bosco > > On Dec 11, 2014, at 9:57 PM, Hanish Bansal < > [email protected]> wrote: > > Thanks Selvamohan and Don Bosco. > > It worked fine. > > I gave global permission for user “root” using Ranger Policy Manager with > “*”. After restarting hbase, its working fine now. > > Also I have one another question regarding hbase ranger authorization: > > Is there any way to define authorization at namespace level? > > There is no option for selecting particular namespace in Ranger Policy > Manager UI. > So if there are two tables with same name in different namespaces then I > can't define different policies for those tables. > > > > On Fri, Dec 12, 2014 at 2:39 AM, Don Bosco Durai <[email protected]> wrote: >> >> Hanish, >> >> Running as “root” only gives you super privileges on the OS level. >> >> As Selve mentioned, for HBase (and other components), you have to >> configure the appropriate property to give the equivalent. You could give >> it as “root” if you want to. But that is generally not the common standard. >> >> You can also try one other way, where you can give a global permission >> for user “root” using Ranger Policy Manager. Here, you will give “*” to all >> fields. >> >> Thanks >> >> Bosco >> >> >> On Dec 11, 2014, at 8:35 AM, Hanish Bansal < >> [email protected]> wrote: >> >> Yeah, I am running everything with root user. >> >> I was in thinking that root is always superuser so everything should work >> fine with that. >> >> If I want to continue with root user then probably I should change value >> of property "hbase.superuser" in hbase-site.xml file to "root". >> >> Please let me know if I am missing anything. >> >> Regards, >> Hanish >> On 11/12/2014 9:55 pm, "Selvamohan Neethiraj" <[email protected]> >> wrote: >> >>> Hi Hanish, >>> >>> Are you running region server as ‘root’ ? >>> If you run it as ‘hbase’ user, you may be able to overcome this issue. >>> >>> hbase user should be specified in “hbase.superuser” property in the >>> hbase-site.xml .. >>> >>> <property> >>> <name>hbase.superuser</name> >>> <value>hbase</value> >>> <description>List of users or groups (comma-separated), who are >>> allowed full privileges, regardless of stored ACLs, across the cluster. >>> Only used when HBase security is enabled. >>> </description> >>> </property> >>> >>> >>> Let me know if you are able to continue further with these changes ... >>> >>> Thanks, >>> Selva- >>> >>> >>> >>> On Dec 11, 2014, at 10:30 AM, Hanish Bansal < >>> [email protected]> wrote: >>> >>> Hi, >>> >>> I installed ranger hbase plugin in Hbase-0.99.2. >>> >>> When i restart hbase after applying plugin, it is giving below error in >>> hbase region-server logs: >>> >>> 2014-12-11 19:43:14,537 ERROR >>> [RS_OPEN_REGION-impetus-d962centos:16201-0] handler.OpenRegionHandler: >>> Failed open of >>> region=hbase:namespace,,1418299477456.1c88744a822397485ee55e2ace68970f., >>> starting to roll back the global memstore size. >>> org.apache.hadoop.hbase.security.AccessDeniedException: Insufficient >>> permissions for user 'root (auth:SIMPLE)' (global, action=ADMIN) >>> at >>> com.xasecure.authorization.hbase.XaSecureAuthorizationCoprocessor.requirePermission(XaSecureAuthorizationCoprocessor.java:332) >>> at >>> com.xasecure.authorization.hbase.XaSecureAuthorizationCoprocessor.preOpen(XaSecureAuthorizationCoprocessor.java:685) >>> at >>> org.apache.hadoop.hbase.regionserver.RegionCoprocessorHost$1.call(RegionCoprocessorHost.java:332) >>> at >>> org.apache.hadoop.hbase.regionserver.RegionCoprocessorHost$RegionOperation.call(RegionCoprocessorHost.java:1575) >>> at >>> org.apache.hadoop.hbase.regionserver.RegionCoprocessorHost.execOperation(RegionCoprocessorHost.java:1650) >>> at >>> org.apache.hadoop.hbase.regionserver.RegionCoprocessorHost.execOperation(RegionCoprocessorHost.java:1607) >>> at >>> org.apache.hadoop.hbase.regionserver.RegionCoprocessorHost.preOpen(RegionCoprocessorHost.java:328) >>> at >>> org.apache.hadoop.hbase.regionserver.HRegion.initializeRegionInternals(HRegion.java:741) >>> at >>> org.apache.hadoop.hbase.regionserver.HRegion.initialize(HRegion.java:725) >>> at >>> org.apache.hadoop.hbase.regionserver.HRegion.openHRegion(HRegion.java:4797) >>> at >>> org.apache.hadoop.hbase.regionserver.HRegion.openHRegion(HRegion.java:4768) >>> at >>> org.apache.hadoop.hbase.regionserver.HRegion.openHRegion(HRegion.java:4739) >>> at >>> org.apache.hadoop.hbase.regionserver.HRegion.openHRegion(HRegion.java:4695) >>> at >>> org.apache.hadoop.hbase.regionserver.HRegion.openHRegion(HRegion.java:4646) >>> at >>> org.apache.hadoop.hbase.regionserver.handler.OpenRegionHandler.openRegion(OpenRegionHandler.java:356) >>> at >>> org.apache.hadoop.hbase.regionserver.handler.OpenRegionHandler.process(OpenRegionHandler.java:126) >>> at >>> org.apache.hadoop.hbase.executor.EventHandler.run(EventHandler.java:128) >>> at >>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) >>> at >>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) >>> at java.lang.Thread.run(Thread.java:744) >>> >>> After some retires HBase master goes down. >>> >>> The error is coming due to permissions of hbase system table: namespace. >>> >>> Please let me know how can I resolve this issue ? >>> >>> -- >>> *Thanks & Regards* >>> *Hanish Bansal* >>> >>> >>> >> > > -- > *Thanks & Regards* > *Hanish Bansal* > > > -- *Thanks & Regards* *Hanish Bansal*
