Ted/Anoop https://issues.apache.org/jira/browse/HBASE-20080
On Sat, Feb 24, 2018 at 12:12 PM, Ted Yu <[email protected]> wrote: > bq. a warning message in the shell should be displayed if simple auth and > cell visibility are in use together. > > Makes sense. > > Please log a JIRA. > > On Sat, Feb 24, 2018 at 9:06 AM, Mike Thomsen <[email protected]> > wrote: > > > Ted/Anoop, > > > > I realized what the problem was. When I installed HBase previously (and > had > > this working) it was on a Linux machine with a package that created the > > hbase superuser and loaded the services with that. I was starting HBase > on > > the Mac my company just gave me and was using my user account. Ergo, I > was > > scanning as the superuser... > > > > Sorry about that. I'd suggest for newbs like me that a warning message in > > the shell should be displayed if simple auth and cell visibility are in > use > > together. > > > > BTW, the reason I have been trying to get this work is that I'm working > on > > a patch for NiFi to integrate visibility label support. > > > > Thanks, > > > > Mike > > > > On Sat, Feb 24, 2018 at 10:51 AM, Ted Yu <[email protected]> wrote: > > > > > I noted that SIMPLE_AUTHENTICATION was returned. > > > Here is related code for getSecurityCapabilities(): > > > > > > if (User.isHBaseSecurityEnabled(master.getConfiguration())) { > > > > > > capabilities.add(SecurityCapabilitiesResponse.Capability. > > > SECURE_AUTHENTICATION); > > > > > > } else { > > > > > > capabilities.add(SecurityCapabilitiesResponse.Capability. > > > SIMPLE_AUTHENTICATION); > > > > > > } > > > Did "hbase.security.authentication" have value of "kerberos" ? > > > > > > If it does, please pastebin your hbase-site.xml > > > > > > Thanks > > > > > > On Sat, Feb 24, 2018 at 4:59 AM, Mike Thomsen <[email protected]> > > > wrote: > > > > > > > (hbase-site.xml is attached) > > > > > > > > I reinstalled HBase on my development machine and the console shows > > that > > > > it's just ignoring the cell visibility settings even though it shows > > > > they're active: > > > > > > > > hbase(main):001:0> list > > > > TABLE > > > > > > > > > > > > > > > > 0 row(s) in 0.1630 seconds > > > > > > > > => [] > > > > hbase(main):002:0> get_auths "michaelthomsen" > > > > 0 row(s) in 10.1940 seconds > > > > > > > > hbase(main):003:0> add_labels ["U", "PII", "PHI"] > > > > 0 row(s) in 0.1900 seconds > > > > > > > > hbase(main):004:0> set_auths "michaelthomsen", ["U", "PII", "PHI"] > > > > 0 row(s) in 0.0500 seconds > > > > > > > > hbase(main):005:0> get_auths "michaelthomsen" > > > > U > > > > > > > > > > > > > > > > PII > > > > > > > > > > > > > > > > PHI > > > > > > > > > > > > > > > > 0 row(s) in 0.0470 seconds > > > > > > > > hbase(main):006:0> create 'test', {NAME => 'prop' } > > > > 0 row(s) in 1.2780 seconds > > > > > > > > => Hbase::Table - test > > > > hbase(main):007:0> put "test", "user1", "prop:name", "John Smith" > > > > 0 row(s) in 0.0500 seconds > > > > > > > > hbase(main):008:0> scan "test" > > > > ROW > > > > COLUMN+CELL > > > > > > > > > > > > user1 column=prop:name, > > > > timestamp=1519476818510, value=John Smith > > > > > > > > 1 row(s) in 0.0260 seconds > > > > > > > > hbase(main):009:0> set_visibility "test", "PII", { COLUMNS => "prop" > } > > > > 1 row(s) in 0.0130 seconds > > > > > > > > hbase(main):010:0> scan "test", { AUTHORIZATIONS => ["PHI", "U"] } > > > > ROW > > > > COLUMN+CELL > > > > > > > > > > > > user1 column=prop:name, > > > > timestamp=1519476818510, value=John Smith > > > > > > > > 1 row(s) in 0.0180 seconds > > > > > > > > hbase(main):011:0> list_security_capabilities > > > > SIMPLE_AUTHENTICATION > > > > CELL_VISIBILITY > > > > > > > > => ["SIMPLE_AUTHENTICATION", "CELL_VISIBILITY"] > > > > hbase(main):012:0> scan "test", { AUTHORIZATIONS => [] } > > > > ROW > > > > COLUMN+CELL > > > > > > > > > > > > user1 column=prop:name, > > > > timestamp=1519476818510, value=John Smith > > > > > > > > 1 row(s) in 0.0060 seconds > > > > > > > > > > > > I'm running this on a Mac w/out HDFS. It's HBase 1.3.1. This makes no > > > > sense because it's allowing me to assign authorizations to my simple > > auth > > > > user, set_visibility runs successfully and it's reporting that cell > > > > visibility is enabled. > > > > > > > > > > > > > >
