You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@phoenix.apache.org by Sumanta Gh <su...@tcs.com> on 2018/08/23 05:38:30 UTC
Is read-only user of Phoeix table possible?
Hi,
I have a Kerberos enabled Hbase 1.2 cluster with Phoenix 4.9.
In hbase shell, I have granted an hbase user with permission R.
hbase shell > grant 'user1', 'R'
Now while connecting through SqlLine, I am getting the below error -
Insufficient permissions (user=user1@EXAMPLE.COM, scope=default:SYSTEM.CATALOG, params=[table=default:SYSTEM.CATALOG],action=CREATE
Is the Phoenix client trying to CREATE a table everytime? For this issue, I am not able to create an absolute read-only user of Hbase.
NB : All Phoenix tables are already created
Kindly help to resolve this issue.
Regards
Sumanta
=====-----=====-----=====
Notice: The information contained in this e-mail
message and/or attachments to it may contain
confidential or privileged information. If you are
not the intended recipient, any dissemination, use,
review, distribution, printing or copying of the
information contained in this e-mail message
and/or attachments to it are strictly prohibited. If
you have received this communication in error,
please notify us by reply e-mail or telephone and
immediately and permanently delete the message
and any attachments. Thank you
Re: Is read-only user of Phoeix table possible?
Posted by Thomas D'Silva <td...@salesforce.com>.
I misspoke on my earlier email, the behavior I described is valid from
Phoenix 4.14+.
You are probably running in to PHOENIX-2717, which was fixed in 4.11
On Mon, Aug 27, 2018 at 9:06 AM, Josh Elser <el...@apache.org> wrote:
> Note, that the functionality that Thomas describes is how we intend
> Phoenix to work, and may not be how the 4.9 release of Phoenix works (due
> to changes that have been made).
>
> On 8/23/18 12:42 PM, Thomas D'Silva wrote:
>
>> On a new cluster, the first time a client connects is when the SYSTEM
>> tables are created. You need to connect with a user that has RWX on the
>> SYSTEM schema the very first time.
>> After that user1 should be able to connect. Also from the doc: Every user
>> requires '|RX|' permissions on all Phoenix|SYSTEM|tables in order to work
>> correctly. Users also require '|RWX|' permissions on|SYSTEM.SEQUENCE|table
>> for using|SEQUENCES|.
>>
>> On Wed, Aug 22, 2018 at 10:38 PM, Sumanta Gh <sumanta.gh@tcs.com <mailto:
>> sumanta.gh@tcs.com>> wrote:
>>
>> Hi,
>>
>> I have a Kerberos enabled Hbase 1.2 cluster with Phoenix 4.9.
>> In hbase shell, I have granted an hbase user with permission R.
>>
>> hbase shell > grant 'user1', 'R'
>>
>> Now while connecting through SqlLine, I am getting the below error -
>>
>> Insufficient permissions (user=user1@EXAMPLE.COM
>> <ma...@EXAMPLE.COM>, scope=default:SYSTEM.CATALOG,
>> params=[table=default:SYSTEM.CATALOG],action=CREATE
>>
>> Is the Phoenix client trying to CREATE a table everytime? For this
>> issue, I am not able to create an absolute read-only user of Hbase.
>> NB : All Phoenix tables are already created
>>
>> Kindly help to resolve this issue.
>>
>>
>> Regards
>> Sumanta
>>
>> =====-----=====-----=====
>> Notice: The information contained in this e-mail
>> message and/or attachments to it may contain
>> confidential or privileged information. If you are
>> not the intended recipient, any dissemination, use,
>> review, distribution, printing or copying of the
>> information contained in this e-mail message
>> and/or attachments to it are strictly prohibited. If
>> you have received this communication in error,
>> please notify us by reply e-mail or telephone and
>> immediately and permanently delete the message
>> and any attachments. Thank you
>>
>>
>>
Re: Is read-only user of Phoeix table possible?
Posted by Josh Elser <el...@apache.org>.
Note, that the functionality that Thomas describes is how we intend
Phoenix to work, and may not be how the 4.9 release of Phoenix works
(due to changes that have been made).
On 8/23/18 12:42 PM, Thomas D'Silva wrote:
> On a new cluster, the first time a client connects is when the SYSTEM
> tables are created. You need to connect with a user that has RWX on the
> SYSTEM schema the very first time.
> After that user1 should be able to connect. Also from the doc: Every
> user requires '|RX|' permissions on all Phoenix|SYSTEM|tables in order
> to work correctly. Users also require '|RWX|' permissions
> on|SYSTEM.SEQUENCE|table for using|SEQUENCES|.
>
> On Wed, Aug 22, 2018 at 10:38 PM, Sumanta Gh <sumanta.gh@tcs.com
> <ma...@tcs.com>> wrote:
>
> Hi,
>
> I have a Kerberos enabled Hbase 1.2 cluster with Phoenix 4.9.
> In hbase shell, I have granted an hbase user with permission R.
>
> hbase shell > grant 'user1', 'R'
>
> Now while connecting through SqlLine, I am getting the below error -
>
> Insufficient permissions (user=user1@EXAMPLE.COM
> <ma...@EXAMPLE.COM>, scope=default:SYSTEM.CATALOG,
> params=[table=default:SYSTEM.CATALOG],action=CREATE
>
> Is the Phoenix client trying to CREATE a table everytime? For this
> issue, I am not able to create an absolute read-only user of Hbase.
> NB : All Phoenix tables are already created
>
> Kindly help to resolve this issue.
>
>
> Regards
> Sumanta
>
> =====-----=====-----=====
> Notice: The information contained in this e-mail
> message and/or attachments to it may contain
> confidential or privileged information. If you are
> not the intended recipient, any dissemination, use,
> review, distribution, printing or copying of the
> information contained in this e-mail message
> and/or attachments to it are strictly prohibited. If
> you have received this communication in error,
> please notify us by reply e-mail or telephone and
> immediately and permanently delete the message
> and any attachments. Thank you
>
>
Re: Is read-only user of Phoeix table possible?
Posted by Thomas D'Silva <td...@salesforce.com>.
On a new cluster, the first time a client connects is when the SYSTEM
tables are created. You need to connect with a user that has RWX on the
SYSTEM schema the very first time.
After that user1 should be able to connect. Also from the doc: Every user
requires 'RX' permissions on all Phoenix SYSTEM tables in order to work
correctly. Users also require 'RWX' permissions on SYSTEM.SEQUENCE table
for using SEQUENCES.
On Wed, Aug 22, 2018 at 10:38 PM, Sumanta Gh <su...@tcs.com> wrote:
> Hi,
>
> I have a Kerberos enabled Hbase 1.2 cluster with Phoenix 4.9.
> In hbase shell, I have granted an hbase user with permission R.
>
> hbase shell > grant 'user1', 'R'
>
> Now while connecting through SqlLine, I am getting the below error -
>
> Insufficient permissions (user=user1@EXAMPLE.COM,
> scope=default:SYSTEM.CATALOG, params=[table=default:SYSTEM.
> CATALOG],action=CREATE
>
> Is the Phoenix client trying to CREATE a table everytime? For this issue,
> I am not able to create an absolute read-only user of Hbase.
> NB : All Phoenix tables are already created
>
> Kindly help to resolve this issue.
>
>
> Regards
> Sumanta
>
> =====-----=====-----=====
> Notice: The information contained in this e-mail
> message and/or attachments to it may contain
> confidential or privileged information. If you are
> not the intended recipient, any dissemination, use,
> review, distribution, printing or copying of the
> information contained in this e-mail message
> and/or attachments to it are strictly prohibited. If
> you have received this communication in error,
> please notify us by reply e-mail or telephone and
> immediately and permanently delete the message
> and any attachments. Thank you
>
>