javajdbchbaseapache-phoenixapache-ranger

Hadoop Hbase Access denied exception


I want to access phoenix tables which is synced to Hbase tables. I wrote some jdbc code to access the data from Phoenix tables but i am getting access denied exception because of ranger policies enabled.

Class.forName("org.apache.phoenix.jdbc.PhoenixDriver");
Connection conn = DriverManager.getConnection(
                "jdbc:phoenix:abc1,abc2,abc3:2181:/hbase-unsecure","landing", "password");
System.out.println("Got connection !!!");
ResultSet rst = conn.createStatement().executeQuery("select * from EMP");

I get the error message as :

org.apache.hadoop.hbase.security.AccessDeniedException: org.apache.hadoop.hbase.security.AccessDeniedException: Insufficient permissions for user ‘saurav_bilung',action: scannerOpen, tableName:SYSTEM.STATS, family:0, column: GUIDE_POSTS_ROW_COUNT
    at org.apache.ranger.authorization.hbase.RangerAuthorizationCoprocessor.authorizeAccess(RangerAuthorizationCoprocessor.java:521)
    at org.apache.ranger.authorization.hbase.RangerAuthorizationCoprocessor.preScannerOpen(RangerAuthorizationCoprocessor.java:911)
    at org.apache.ranger.authorization.hbase.RangerAuthorizationCoprocessor.preScannerOpen(RangerAuthorizationCoprocessor.java:855)
    at org.apache.hadoop.hbase.regionserver.RegionCoprocessorHost$50.call(RegionCoprocessorHost.java:1267)
    at org.apache.hadoop.hbase.regionserver.RegionCoprocessorHost$RegionOperation.call(RegionCoprocessorHost.java:1660)
    at org.apache.hadoop.hbase.regionserver.RegionCoprocessorHost.execOperation(RegionCoprocessorHost.java:1734)
    at org.apache.hadoop.hbase.regionserver.RegionCoprocessorHost.execOperationWithResult(RegionCoprocessorHost.java:1709)
    at org.apache.hadoop.hbase.regionserver.RegionCoprocessorHost.preScannerOpen(RegionCoprocessorHost.java:1262)
    at org.apache.hadoop.hbase.regionserver.RSRpcServices.scan(RSRpcServices.java:2352)
    at org.apache.hadoop.hbase.protobuf.generated.ClientProtos$ClientService$2.callBlockingMethod(ClientProtos.java:32385)
    at org.apache.hadoop.hbase.ipc.RpcServer.call(RpcServer.java:2141)
    at org.apache.hadoop.hbase.ipc.CallRunner.run(CallRunner.java:112)
    at org.apache.hadoop.hbase.ipc.RpcExecutor$Handler.run(RpcExecutor.java:187)
    at org.apache.hadoop.hbase.ipc.RpcExecutor$Handler.run(RpcExecutor.java:167)

"landing" user has been given permission to perform all tasks through ranger but still I get error message as "insufficient privileges". I want to create connection as "landing" user. Need help here


Solution

  • As per your error message, it seems to be that it's trying to authenticate for your user "saurav_bilung" instead of the "landing" user. When you spark-submit or run your code, are you sudo-ing as the "landing" user? Also, make sure that your user and "landing" have access to the SYSTEM.STATS table. Let me know how that goes