You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@phoenix.apache.org by "wuwanru (JIRA)" <ji...@apache.org> on 2017/01/09 12:22:58 UTC
[jira] [Updated] (PHOENIX-3580) Phoenix user rights issues
[ https://issues.apache.org/jira/browse/PHOENIX-3580?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
wuwanru updated PHOENIX-3580:
-----------------------------
Description:
I have modified the ‘phoenix.schema.isNamespaceMappingEnabled’ property to true,restart hbase, used hbase user to create a schema A in phoenix sqlline ,used hbase user to give the user A [RWXCA] permissions for the namespace A ,then I have used user A to use sqline to enter in the Phoenix Shell, I got the error:
Setting property: [incremental, false] Setting property: [isolation, TRANSACTION_READ_COMMITTED] issuing: !connect jdbc:phoenix:localhost none none org.apache.phoenix.jdbc.PhoenixDriver Connecting to jdbc:phoenix:localhost SLF4J: Class path contains multiple SLF4J bindings. SLF4J: Found binding in [jar:file:/usr/hdp/2.3.4.0-3485/phoenix/phoenix-4.8.2-HBase-1.1-client.jar!/org/slf4j/impl/StaticLoggerBinder.class] SLF4J: Found binding in [jar:file:/usr/hdp/2.3.4.0-3485/hadoop/lib/slf4j-log4j12-1.7.10.jar!/org/slf4j/impl/StaticLoggerBinder.class] SLF4J: See http://www.slf4j.org/codes.html#multiple_bindings for an explanation. 16/12/23 00:28:32 WARN util.NativeCodeLoader: Unable to load native-hadoop library for your platform... using builtin-java classes where applicable 16/12/23 00:28:34 WARN shortcircuit.DomainSocketFactory: The short-circuit local reads feature cannot be used because libhadoop cannot be loaded. Error: org.apache.hadoop.hbase.security.AccessDeniedException: Insufficient permissions (user=wwr, scope=SYSTEM, params=[namespace=SYSTEM],action=ADMIN) at org.apache.hadoop.hbase.security.access.AccessController.requireNamespacePermission(AccessController.java:588) at org.apache.hadoop.hbase.security.access.AccessController.preGetNamespaceDescriptor(AccessController.java:1321) at org.apache.hadoop.hbase.master.MasterCoprocessorHost$7.call(MasterCoprocessorHost.java:167) at org.apache.hadoop.hbase.master.MasterCoprocessorHost.execOperation(MasterCoprocessorHost.java:1095) at org.apache.hadoop.hbase.master.MasterCoprocessorHost.preGetNamespaceDescriptor(MasterCoprocessorHost.java:163) at org.apache.hadoop.hbase.master.HMaster.getNamespaceDescriptor(HMaster.java:2535) at org.apache.hadoop.hbase.master.MasterRpcServices.getNamespaceDescriptor(MasterRpcServices.java:799) at org.apache.hadoop.hbase.protobuf.generated.MasterProtos$MasterService$2.callBlockingMethod(MasterProtos.java:51147) at org.apache.hadoop.hbase.ipc.RpcServer.call(RpcServer.java:2114) at org.apache.hadoop.hbase.ipc.CallRunner.run(CallRunner.java:101) at org.apache.hadoop.hbase.ipc.RpcExecutor.consumerLoop(RpcExecutor.java:130) at org.apache.hadoop.hbase.ipc.RpcExecutor$1.run(RpcExecutor.java:107) at java.lang.Thread.run(Thread.java:745) (state=08000,code=101) org.apache.phoenix.exception.PhoenixIOException: org.apache.hadoop.hbase.security.AccessDeniedException: Insufficient permissions (user=wwr, scope=SYSTEM, params=[namespace=SYSTEM],action=ADMIN) at org.apache.hadoop.hbase.security.access.AccessController.requireNamespacePermission(AccessController.java:588) at org.apache.hadoop.hbase.security.access.AccessController.preGetNamespaceDescriptor(AccessController.java:1321) at org.apache.hadoop.hbase.master.MasterCoprocessorHost$7.call(MasterCoprocessorHost.java:167) at org.apache.hadoop.hbase.master.MasterCoprocessorHost.execOperation(MasterCoprocessorHost.java:1095) at org.apache.hadoop.hbase.master.MasterCoprocessorHost.preGetNamespaceDescriptor(MasterCoprocessorHost.java:163) at org.apache.hadoop.hbase.master.HMaster.getNamespaceDescriptor(HMaster.java:2535) at org.apache.hadoop.hbase.master.MasterRpcServices.getNamespaceDescriptor(MasterRpcServices.java:799) at org.apache.hadoop.hbase.protobuf.generated.MasterProtos$MasterService$2.callBlockingMethod(MasterProtos.java:51147) at org.apache.hadoop.hbase.ipc.RpcServer.call(RpcServer.java:2114) at org.apache.hadoop.hbase.ipc.CallRunner.run(CallRunner.java:101) at org.apache.hadoop.hbase.ipc.RpcExecutor.consumerLoop(RpcExecutor.java:130) at org.apache.hadoop.hbase.ipc.RpcExecutor$1.run(RpcExecutor.java:107) at java.lang.Thread.run(Thread.java:745) at org.apache.phoenix.util.ServerUtil.parseServerException(ServerUtil.java:113) at org.apache.phoenix.query.ConnectionQueryServicesImpl.ensureNamespaceCreated(ConnectionQueryServicesImpl.java:992) at org.apache.phoenix.query.ConnectionQueryServicesImpl.access$1800(ConnectionQueryServicesImpl.java:222) at org.apache.phoenix.query.ConnectionQueryServicesImpl$13.ensureSystemTablesUpgraded(ConnectionQueryServicesImpl.java:2735) at org.apache.phoenix.query.ConnectionQueryServicesImpl$13.call(ConnectionQueryServicesImpl.java:2341) at org.apache.phoenix.query.ConnectionQueryServicesImpl$13.call(ConnectionQueryServicesImpl.java:2291) at org.apache.phoenix.util.PhoenixContextExecutor.call(PhoenixContextExecutor.java:76) at org.apache.phoenix.query.ConnectionQueryServicesImpl.init(ConnectionQueryServicesImpl.java:2291) at org.apache.phoenix.jdbc.PhoenixDriver.getConnectionQueryServices(PhoenixDriver.java:232) at org.apache.phoenix.jdbc.PhoenixEmbeddedDriver.createConnection(PhoenixEmbeddedDriver.java:147) at org.apache.phoenix.jdbc.PhoenixDriver.connect(PhoenixDriver.java:202) at sqlline.DatabaseConnection.connect(DatabaseConnection.java:157) at sqlline.DatabaseConnection.getConnection(DatabaseConnection.java:203) at sqlline.Commands.connect(Commands.java:1064) at sqlline.Commands.connect(Commands.java:996) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at sqlline.ReflectiveCommandHandler.execute(ReflectiveCommandHandler.java:36) at sqlline.SqlLine.dispatch(SqlLine.java:803) at sqlline.SqlLine.initArgs(SqlLine.java:588) at sqlline.SqlLine.begin(SqlLine.java:656) at sqlline.SqlLine.start(SqlLine.java:398) at sqlline.SqlLine.main(SqlLine.java:292) Caused by: org.apache.hadoop.hbase.security.AccessDeniedException: org.apache.hadoop.hbase.security.AccessDeniedException: Insufficient permissions (user=wwr, scope=SYSTEM, params=[namespace=SYSTEM],action=ADMIN) at org.apache.hadoop.hbase.security.access.AccessController.requireNamespacePermission(AccessController.java:588) at org.apache.hadoop.hbase.security.access.AccessController.preGetNamespaceDescriptor(AccessController.java:1321) at org.apache.hadoop.hbase.master.MasterCoprocessorHost$7.call(MasterCoprocessorHost.java:167) at org.apache.hadoop.hbase.master.MasterCoprocessorHost.execOperation(MasterCoprocessorHost.java:1095) at org.apache.hadoop.hbase.master.MasterCoprocessorHost.preGetNamespaceDescriptor(MasterCoprocessorHost.java:163) at org.apache.hadoop.hbase.master.HMaster.getNamespaceDescriptor(HMaster.java:2535) at org.apache.hadoop.hbase.master.MasterRpcServices.getNamespaceDescriptor(MasterRpcServices.java:799) at org.apache.hadoop.hbase.protobuf.generated.MasterProtos$MasterService$2.callBlockingMethod(MasterProtos.java:51147) at org.apache.hadoop.hbase.ipc.RpcServer.call(RpcServer.java:2114) at org.apache.hadoop.hbase.ipc.CallRunner.run(CallRunner.java:101) at org.apache.hadoop.hbase.ipc.RpcExecutor.consumerLoop(RpcExecutor.java:130) at org.apache.hadoop.hbase.ipc.RpcExecutor$1.run(RpcExecutor.java:107) at java.lang.Thread.run(Thread.java:745) at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57) at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) at java.lang.reflect.Constructor.newInstance(Constructor.java:526) at org.apache.hadoop.ipc.RemoteException.instantiateException(RemoteException.java:106) at org.apache.hadoop.ipc.RemoteException.unwrapRemoteException(RemoteException.java:95) at org.apache.hadoop.hbase.client.RpcRetryingCaller.translateException(RpcRetryingCaller.java:226) at org.apache.hadoop.hbase.client.RpcRetryingCaller.translateException(RpcRetryingCaller.java:240) at org.apache.hadoop.hbase.client.RpcRetryingCaller.callWithRetries(RpcRetryingCaller.java:140) at org.apache.hadoop.hbase.client.HBaseAdmin.executeCallable(HBaseAdmin.java:4036) at org.apache.hadoop.hbase.client.HBaseAdmin.getNamespaceDescriptor(HBaseAdmin.java:2797) at org.apache.phoenix.query.ConnectionQueryServicesImpl.ensureNamespaceCreated(ConnectionQueryServicesImpl.java:982) ... 23 more Caused by: org.apache.hadoop.hbase.ipc.RemoteWithExtrasException(org.apache.hadoop.hbase.security.AccessDeniedException): org.apache.hadoop.hbase.security.AccessDeniedException: Insufficient permissions (user=wwr, scope=SYSTEM, params=[namespace=SYSTEM],action=ADMIN) at org.apache.hadoop.hbase.security.access.AccessController.requireNamespacePermission(AccessController.java:588) at org.apache.hadoop.hbase.security.access.AccessController.preGetNamespaceDescriptor(AccessController.java:1321) at org.apache.hadoop.hbase.master.MasterCoprocessorHost$7.call(MasterCoprocessorHost.java:167) at org.apache.hadoop.hbase.master.MasterCoprocessorHost.execOperation(MasterCoprocessorHost.java:1095) at org.apache.hadoop.hbase.master.MasterCoprocessorHost.preGetNamespaceDescriptor(MasterCoprocessorHost.java:163) at org.apache.hadoop.hbase.master.HMaster.getNamespaceDescriptor(HMaster.java:2535) at org.apache.hadoop.hbase.master.MasterRpcServices.getNamespaceDescriptor(MasterRpcServices.java:799) at org.apache.hadoop.hbase.protobuf.generated.MasterProtos$MasterService$2.callBlockingMethod(MasterProtos.java:51147) at org.apache.hadoop.hbase.ipc.RpcServer.call(RpcServer.java:2114) at org.apache.hadoop.hbase.ipc.CallRunner.run(CallRunner.java:101) at org.apache.hadoop.hbase.ipc.RpcExecutor.consumerLoop(RpcExecutor.java:130) at org.apache.hadoop.hbase.ipc.RpcExecutor$1.run(RpcExecutor.java:107) at java.lang.Thread.run(Thread.java:745) at org.apache.hadoop.hbase.ipc.RpcClientImpl.call(RpcClientImpl.java:1235) at org.apache.hadoop.hbase.ipc.AbstractRpcClient.callBlockingMethod(AbstractRpcClient.java:217) at org.apache.hadoop.hbase.ipc.AbstractRpcClient$BlockingRpcChannelImplementation.callBlockingMethod(AbstractRpcClient.java:318) at org.apache.hadoop.hbase.protobuf.generated.MasterProtos$MasterService$BlockingStub.getNamespaceDescriptor(MasterProtos.java:55137) at org.apache.hadoop.hbase.client.ConnectionManager$HConnectionImplementation$4.getNamespaceDescriptor(ConnectionManager.java:1964) at org.apache.hadoop.hbase.client.HBaseAdmin$33.call(HBaseAdmin.java:2801) at org.apache.hadoop.hbase.client.HBaseAdmin$33.call(HBaseAdmin.java:2798) at org.apache.hadoop.hbase.client.RpcRetryingCaller.callWithRetries(RpcRetryingCaller.java:126) ... 26 more
then I have used hbase user to give the user A [RWA] permissions for the namespace SYSTEM, then I have used user A to use sqline to enter in the Phoenix Shell, I can query and modify unauthorized schema and data tables
was:I have modified the ‘phoenix.schema.isNamespaceMappingEnabled’ property to true,restart hbase, used hbase user to create a schema A in phoenix sqlline ,used hbase user to give the user A [RWXCA] permissions for the namespace A ,then I have used user A to use sqline to enter in the Phoenix Shell, I got the error: Setting property: [incremental, false] Setting property: [isolation, TRANSACTION_READ_COMMITTED] issuing: !connect jdbc:phoenix:localhost none none org.apache.phoenix.jdbc.PhoenixDriver Connecting to jdbc:phoenix:localhost SLF4J: Class path contains multiple SLF4J bindings. SLF4J: Found binding in [jar:file:/usr/hdp/2.3.4.0-3485/phoenix/phoenix-4.8.2-HBase-1.1-client.jar!/org/slf4j/impl/StaticLoggerBinder.class] SLF4J: Found binding in [jar:file:/usr/hdp/2.3.4.0-3485/hadoop/lib/slf4j-log4j12-1.7.10.jar!/org/slf4j/impl/StaticLoggerBinder.class] SLF4J: See http://www.slf4j.org/codes.html#multiple_bindings for an explanation. 16/12/23 00:28:32 WARN util.NativeCodeLoader: Unable to load native-hadoop library for your platform... using builtin-java classes where applicable 16/12/23 00:28:34 WARN shortcircuit.DomainSocketFactory: The short-circuit local reads feature cannot be used because libhadoop cannot be loaded. Error: org.apache.hadoop.hbase.security.AccessDeniedException: Insufficient permissions (user=wwr, scope=SYSTEM, params=[namespace=SYSTEM],action=ADMIN) at org.apache.hadoop.hbase.security.access.AccessController.requireNamespacePermission(AccessController.java:588) at org.apache.hadoop.hbase.security.access.AccessController.preGetNamespaceDescriptor(AccessController.java:1321) at org.apache.hadoop.hbase.master.MasterCoprocessorHost$7.call(MasterCoprocessorHost.java:167) at org.apache.hadoop.hbase.master.MasterCoprocessorHost.execOperation(MasterCoprocessorHost.java:1095) at org.apache.hadoop.hbase.master.MasterCoprocessorHost.preGetNamespaceDescriptor(MasterCoprocessorHost.java:163) at org.apache.hadoop.hbase.master.HMaster.getNamespaceDescriptor(HMaster.java:2535) at org.apache.hadoop.hbase.master.MasterRpcServices.getNamespaceDescriptor(MasterRpcServices.java:799) at org.apache.hadoop.hbase.protobuf.generated.MasterProtos$MasterService$2.callBlockingMethod(MasterProtos.java:51147) at org.apache.hadoop.hbase.ipc.RpcServer.call(RpcServer.java:2114) at org.apache.hadoop.hbase.ipc.CallRunner.run(CallRunner.java:101) at org.apache.hadoop.hbase.ipc.RpcExecutor.consumerLoop(RpcExecutor.java:130) at org.apache.hadoop.hbase.ipc.RpcExecutor$1.run(RpcExecutor.java:107) at java.lang.Thread.run(Thread.java:745) (state=08000,code=101) org.apache.phoenix.exception.PhoenixIOException: org.apache.hadoop.hbase.security.AccessDeniedException: Insufficient permissions (user=wwr, scope=SYSTEM, params=[namespace=SYSTEM],action=ADMIN) at org.apache.hadoop.hbase.security.access.AccessController.requireNamespacePermission(AccessController.java:588) at org.apache.hadoop.hbase.security.access.AccessController.preGetNamespaceDescriptor(AccessController.java:1321) at org.apache.hadoop.hbase.master.MasterCoprocessorHost$7.call(MasterCoprocessorHost.java:167) at org.apache.hadoop.hbase.master.MasterCoprocessorHost.execOperation(MasterCoprocessorHost.java:1095) at org.apache.hadoop.hbase.master.MasterCoprocessorHost.preGetNamespaceDescriptor(MasterCoprocessorHost.java:163) at org.apache.hadoop.hbase.master.HMaster.getNamespaceDescriptor(HMaster.java:2535) at org.apache.hadoop.hbase.master.MasterRpcServices.getNamespaceDescriptor(MasterRpcServices.java:799) at org.apache.hadoop.hbase.protobuf.generated.MasterProtos$MasterService$2.callBlockingMethod(MasterProtos.java:51147) at org.apache.hadoop.hbase.ipc.RpcServer.call(RpcServer.java:2114) at org.apache.hadoop.hbase.ipc.CallRunner.run(CallRunner.java:101) at org.apache.hadoop.hbase.ipc.RpcExecutor.consumerLoop(RpcExecutor.java:130) at org.apache.hadoop.hbase.ipc.RpcExecutor$1.run(RpcExecutor.java:107) at java.lang.Thread.run(Thread.java:745) at org.apache.phoenix.util.ServerUtil.parseServerException(ServerUtil.java:113) at org.apache.phoenix.query.ConnectionQueryServicesImpl.ensureNamespaceCreated(ConnectionQueryServicesImpl.java:992) at org.apache.phoenix.query.ConnectionQueryServicesImpl.access$1800(ConnectionQueryServicesImpl.java:222) at org.apache.phoenix.query.ConnectionQueryServicesImpl$13.ensureSystemTablesUpgraded(ConnectionQueryServicesImpl.java:2735) at org.apache.phoenix.query.ConnectionQueryServicesImpl$13.call(ConnectionQueryServicesImpl.java:2341) at org.apache.phoenix.query.ConnectionQueryServicesImpl$13.call(ConnectionQueryServicesImpl.java:2291) at org.apache.phoenix.util.PhoenixContextExecutor.call(PhoenixContextExecutor.java:76) at org.apache.phoenix.query.ConnectionQueryServicesImpl.init(ConnectionQueryServicesImpl.java:2291) at org.apache.phoenix.jdbc.PhoenixDriver.getConnectionQueryServices(PhoenixDriver.java:232) at org.apache.phoenix.jdbc.PhoenixEmbeddedDriver.createConnection(PhoenixEmbeddedDriver.java:147) at org.apache.phoenix.jdbc.PhoenixDriver.connect(PhoenixDriver.java:202) at sqlline.DatabaseConnection.connect(DatabaseConnection.java:157) at sqlline.DatabaseConnection.getConnection(DatabaseConnection.java:203) at sqlline.Commands.connect(Commands.java:1064) at sqlline.Commands.connect(Commands.java:996) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at sqlline.ReflectiveCommandHandler.execute(ReflectiveCommandHandler.java:36) at sqlline.SqlLine.dispatch(SqlLine.java:803) at sqlline.SqlLine.initArgs(SqlLine.java:588) at sqlline.SqlLine.begin(SqlLine.java:656) at sqlline.SqlLine.start(SqlLine.java:398) at sqlline.SqlLine.main(SqlLine.java:292) Caused by: org.apache.hadoop.hbase.security.AccessDeniedException: org.apache.hadoop.hbase.security.AccessDeniedException: Insufficient permissions (user=wwr, scope=SYSTEM, params=[namespace=SYSTEM],action=ADMIN) at org.apache.hadoop.hbase.security.access.AccessController.requireNamespacePermission(AccessController.java:588) at org.apache.hadoop.hbase.security.access.AccessController.preGetNamespaceDescriptor(AccessController.java:1321) at org.apache.hadoop.hbase.master.MasterCoprocessorHost$7.call(MasterCoprocessorHost.java:167) at org.apache.hadoop.hbase.master.MasterCoprocessorHost.execOperation(MasterCoprocessorHost.java:1095) at org.apache.hadoop.hbase.master.MasterCoprocessorHost.preGetNamespaceDescriptor(MasterCoprocessorHost.java:163) at org.apache.hadoop.hbase.master.HMaster.getNamespaceDescriptor(HMaster.java:2535) at org.apache.hadoop.hbase.master.MasterRpcServices.getNamespaceDescriptor(MasterRpcServices.java:799) at org.apache.hadoop.hbase.protobuf.generated.MasterProtos$MasterService$2.callBlockingMethod(MasterProtos.java:51147) at org.apache.hadoop.hbase.ipc.RpcServer.call(RpcServer.java:2114) at org.apache.hadoop.hbase.ipc.CallRunner.run(CallRunner.java:101) at org.apache.hadoop.hbase.ipc.RpcExecutor.consumerLoop(RpcExecutor.java:130) at org.apache.hadoop.hbase.ipc.RpcExecutor$1.run(RpcExecutor.java:107) at java.lang.Thread.run(Thread.java:745) at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57) at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) at java.lang.reflect.Constructor.newInstance(Constructor.java:526) at org.apache.hadoop.ipc.RemoteException.instantiateException(RemoteException.java:106) at org.apache.hadoop.ipc.RemoteException.unwrapRemoteException(RemoteException.java:95) at org.apache.hadoop.hbase.client.RpcRetryingCaller.translateException(RpcRetryingCaller.java:226) at org.apache.hadoop.hbase.client.RpcRetryingCaller.translateException(RpcRetryingCaller.java:240) at org.apache.hadoop.hbase.client.RpcRetryingCaller.callWithRetries(RpcRetryingCaller.java:140) at org.apache.hadoop.hbase.client.HBaseAdmin.executeCallable(HBaseAdmin.java:4036) at org.apache.hadoop.hbase.client.HBaseAdmin.getNamespaceDescriptor(HBaseAdmin.java:2797) at org.apache.phoenix.query.ConnectionQueryServicesImpl.ensureNamespaceCreated(ConnectionQueryServicesImpl.java:982) ... 23 more Caused by: org.apache.hadoop.hbase.ipc.RemoteWithExtrasException(org.apache.hadoop.hbase.security.AccessDeniedException): org.apache.hadoop.hbase.security.AccessDeniedException: Insufficient permissions (user=wwr, scope=SYSTEM, params=[namespace=SYSTEM],action=ADMIN) at org.apache.hadoop.hbase.security.access.AccessController.requireNamespacePermission(AccessController.java:588) at org.apache.hadoop.hbase.security.access.AccessController.preGetNamespaceDescriptor(AccessController.java:1321) at org.apache.hadoop.hbase.master.MasterCoprocessorHost$7.call(MasterCoprocessorHost.java:167) at org.apache.hadoop.hbase.master.MasterCoprocessorHost.execOperation(MasterCoprocessorHost.java:1095) at org.apache.hadoop.hbase.master.MasterCoprocessorHost.preGetNamespaceDescriptor(MasterCoprocessorHost.java:163) at org.apache.hadoop.hbase.master.HMaster.getNamespaceDescriptor(HMaster.java:2535) at org.apache.hadoop.hbase.master.MasterRpcServices.getNamespaceDescriptor(MasterRpcServices.java:799) at org.apache.hadoop.hbase.protobuf.generated.MasterProtos$MasterService$2.callBlockingMethod(MasterProtos.java:51147) at org.apache.hadoop.hbase.ipc.RpcServer.call(RpcServer.java:2114) at org.apache.hadoop.hbase.ipc.CallRunner.run(CallRunner.java:101) at org.apache.hadoop.hbase.ipc.RpcExecutor.consumerLoop(RpcExecutor.java:130) at org.apache.hadoop.hbase.ipc.RpcExecutor$1.run(RpcExecutor.java:107) at java.lang.Thread.run(Thread.java:745) at org.apache.hadoop.hbase.ipc.RpcClientImpl.call(RpcClientImpl.java:1235) at org.apache.hadoop.hbase.ipc.AbstractRpcClient.callBlockingMethod(AbstractRpcClient.java:217) at org.apache.hadoop.hbase.ipc.AbstractRpcClient$BlockingRpcChannelImplementation.callBlockingMethod(AbstractRpcClient.java:318) at org.apache.hadoop.hbase.protobuf.generated.MasterProtos$MasterService$BlockingStub.getNamespaceDescriptor(MasterProtos.java:55137) at org.apache.hadoop.hbase.client.ConnectionManager$HConnectionImplementation$4.getNamespaceDescriptor(ConnectionManager.java:1964) at org.apache.hadoop.hbase.client.HBaseAdmin$33.call(HBaseAdmin.java:2801) at org.apache.hadoop.hbase.client.HBaseAdmin$33.call(HBaseAdmin.java:2798) at org.apache.hadoop.hbase.client.RpcRetryingCaller.callWithRetries(RpcRetryingCaller.java:126) ... 26 more then I have used hbase user to give the user A [RWA] permissions for the namespace SYSTEM, then I have used user A to use sqline to enter in the Phoenix Shell, I can query and modify unauthorized schema and data tables
> Phoenix user rights issues
> --------------------------
>
> Key: PHOENIX-3580
> URL: https://issues.apache.org/jira/browse/PHOENIX-3580
> Project: Phoenix
> Issue Type: Bug
> Affects Versions: 4.8.2
> Environment: Hortonworks 2.3.4;
> hbase 1.1.2
> spark 1.5.2
> phoenix 4.8.2
> centos 6.5
> 3 nodes(Cpu:2 cores,memory 16G)
> Reporter: wuwanru
> Fix For: 4.8.2
>
>
> I have modified the ‘phoenix.schema.isNamespaceMappingEnabled’ property to true,restart hbase, used hbase user to create a schema A in phoenix sqlline ,used hbase user to give the user A [RWXCA] permissions for the namespace A ,then I have used user A to use sqline to enter in the Phoenix Shell, I got the error:
> Setting property: [incremental, false] Setting property: [isolation, TRANSACTION_READ_COMMITTED] issuing: !connect jdbc:phoenix:localhost none none org.apache.phoenix.jdbc.PhoenixDriver Connecting to jdbc:phoenix:localhost SLF4J: Class path contains multiple SLF4J bindings. SLF4J: Found binding in [jar:file:/usr/hdp/2.3.4.0-3485/phoenix/phoenix-4.8.2-HBase-1.1-client.jar!/org/slf4j/impl/StaticLoggerBinder.class] SLF4J: Found binding in [jar:file:/usr/hdp/2.3.4.0-3485/hadoop/lib/slf4j-log4j12-1.7.10.jar!/org/slf4j/impl/StaticLoggerBinder.class] SLF4J: See http://www.slf4j.org/codes.html#multiple_bindings for an explanation. 16/12/23 00:28:32 WARN util.NativeCodeLoader: Unable to load native-hadoop library for your platform... using builtin-java classes where applicable 16/12/23 00:28:34 WARN shortcircuit.DomainSocketFactory: The short-circuit local reads feature cannot be used because libhadoop cannot be loaded. Error: org.apache.hadoop.hbase.security.AccessDeniedException: Insufficient permissions (user=wwr, scope=SYSTEM, params=[namespace=SYSTEM],action=ADMIN) at org.apache.hadoop.hbase.security.access.AccessController.requireNamespacePermission(AccessController.java:588) at org.apache.hadoop.hbase.security.access.AccessController.preGetNamespaceDescriptor(AccessController.java:1321) at org.apache.hadoop.hbase.master.MasterCoprocessorHost$7.call(MasterCoprocessorHost.java:167) at org.apache.hadoop.hbase.master.MasterCoprocessorHost.execOperation(MasterCoprocessorHost.java:1095) at org.apache.hadoop.hbase.master.MasterCoprocessorHost.preGetNamespaceDescriptor(MasterCoprocessorHost.java:163) at org.apache.hadoop.hbase.master.HMaster.getNamespaceDescriptor(HMaster.java:2535) at org.apache.hadoop.hbase.master.MasterRpcServices.getNamespaceDescriptor(MasterRpcServices.java:799) at org.apache.hadoop.hbase.protobuf.generated.MasterProtos$MasterService$2.callBlockingMethod(MasterProtos.java:51147) at org.apache.hadoop.hbase.ipc.RpcServer.call(RpcServer.java:2114) at org.apache.hadoop.hbase.ipc.CallRunner.run(CallRunner.java:101) at org.apache.hadoop.hbase.ipc.RpcExecutor.consumerLoop(RpcExecutor.java:130) at org.apache.hadoop.hbase.ipc.RpcExecutor$1.run(RpcExecutor.java:107) at java.lang.Thread.run(Thread.java:745) (state=08000,code=101) org.apache.phoenix.exception.PhoenixIOException: org.apache.hadoop.hbase.security.AccessDeniedException: Insufficient permissions (user=wwr, scope=SYSTEM, params=[namespace=SYSTEM],action=ADMIN) at org.apache.hadoop.hbase.security.access.AccessController.requireNamespacePermission(AccessController.java:588) at org.apache.hadoop.hbase.security.access.AccessController.preGetNamespaceDescriptor(AccessController.java:1321) at org.apache.hadoop.hbase.master.MasterCoprocessorHost$7.call(MasterCoprocessorHost.java:167) at org.apache.hadoop.hbase.master.MasterCoprocessorHost.execOperation(MasterCoprocessorHost.java:1095) at org.apache.hadoop.hbase.master.MasterCoprocessorHost.preGetNamespaceDescriptor(MasterCoprocessorHost.java:163) at org.apache.hadoop.hbase.master.HMaster.getNamespaceDescriptor(HMaster.java:2535) at org.apache.hadoop.hbase.master.MasterRpcServices.getNamespaceDescriptor(MasterRpcServices.java:799) at org.apache.hadoop.hbase.protobuf.generated.MasterProtos$MasterService$2.callBlockingMethod(MasterProtos.java:51147) at org.apache.hadoop.hbase.ipc.RpcServer.call(RpcServer.java:2114) at org.apache.hadoop.hbase.ipc.CallRunner.run(CallRunner.java:101) at org.apache.hadoop.hbase.ipc.RpcExecutor.consumerLoop(RpcExecutor.java:130) at org.apache.hadoop.hbase.ipc.RpcExecutor$1.run(RpcExecutor.java:107) at java.lang.Thread.run(Thread.java:745) at org.apache.phoenix.util.ServerUtil.parseServerException(ServerUtil.java:113) at org.apache.phoenix.query.ConnectionQueryServicesImpl.ensureNamespaceCreated(ConnectionQueryServicesImpl.java:992) at org.apache.phoenix.query.ConnectionQueryServicesImpl.access$1800(ConnectionQueryServicesImpl.java:222) at org.apache.phoenix.query.ConnectionQueryServicesImpl$13.ensureSystemTablesUpgraded(ConnectionQueryServicesImpl.java:2735) at org.apache.phoenix.query.ConnectionQueryServicesImpl$13.call(ConnectionQueryServicesImpl.java:2341) at org.apache.phoenix.query.ConnectionQueryServicesImpl$13.call(ConnectionQueryServicesImpl.java:2291) at org.apache.phoenix.util.PhoenixContextExecutor.call(PhoenixContextExecutor.java:76) at org.apache.phoenix.query.ConnectionQueryServicesImpl.init(ConnectionQueryServicesImpl.java:2291) at org.apache.phoenix.jdbc.PhoenixDriver.getConnectionQueryServices(PhoenixDriver.java:232) at org.apache.phoenix.jdbc.PhoenixEmbeddedDriver.createConnection(PhoenixEmbeddedDriver.java:147) at org.apache.phoenix.jdbc.PhoenixDriver.connect(PhoenixDriver.java:202) at sqlline.DatabaseConnection.connect(DatabaseConnection.java:157) at sqlline.DatabaseConnection.getConnection(DatabaseConnection.java:203) at sqlline.Commands.connect(Commands.java:1064) at sqlline.Commands.connect(Commands.java:996) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at sqlline.ReflectiveCommandHandler.execute(ReflectiveCommandHandler.java:36) at sqlline.SqlLine.dispatch(SqlLine.java:803) at sqlline.SqlLine.initArgs(SqlLine.java:588) at sqlline.SqlLine.begin(SqlLine.java:656) at sqlline.SqlLine.start(SqlLine.java:398) at sqlline.SqlLine.main(SqlLine.java:292) Caused by: org.apache.hadoop.hbase.security.AccessDeniedException: org.apache.hadoop.hbase.security.AccessDeniedException: Insufficient permissions (user=wwr, scope=SYSTEM, params=[namespace=SYSTEM],action=ADMIN) at org.apache.hadoop.hbase.security.access.AccessController.requireNamespacePermission(AccessController.java:588) at org.apache.hadoop.hbase.security.access.AccessController.preGetNamespaceDescriptor(AccessController.java:1321) at org.apache.hadoop.hbase.master.MasterCoprocessorHost$7.call(MasterCoprocessorHost.java:167) at org.apache.hadoop.hbase.master.MasterCoprocessorHost.execOperation(MasterCoprocessorHost.java:1095) at org.apache.hadoop.hbase.master.MasterCoprocessorHost.preGetNamespaceDescriptor(MasterCoprocessorHost.java:163) at org.apache.hadoop.hbase.master.HMaster.getNamespaceDescriptor(HMaster.java:2535) at org.apache.hadoop.hbase.master.MasterRpcServices.getNamespaceDescriptor(MasterRpcServices.java:799) at org.apache.hadoop.hbase.protobuf.generated.MasterProtos$MasterService$2.callBlockingMethod(MasterProtos.java:51147) at org.apache.hadoop.hbase.ipc.RpcServer.call(RpcServer.java:2114) at org.apache.hadoop.hbase.ipc.CallRunner.run(CallRunner.java:101) at org.apache.hadoop.hbase.ipc.RpcExecutor.consumerLoop(RpcExecutor.java:130) at org.apache.hadoop.hbase.ipc.RpcExecutor$1.run(RpcExecutor.java:107) at java.lang.Thread.run(Thread.java:745) at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57) at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) at java.lang.reflect.Constructor.newInstance(Constructor.java:526) at org.apache.hadoop.ipc.RemoteException.instantiateException(RemoteException.java:106) at org.apache.hadoop.ipc.RemoteException.unwrapRemoteException(RemoteException.java:95) at org.apache.hadoop.hbase.client.RpcRetryingCaller.translateException(RpcRetryingCaller.java:226) at org.apache.hadoop.hbase.client.RpcRetryingCaller.translateException(RpcRetryingCaller.java:240) at org.apache.hadoop.hbase.client.RpcRetryingCaller.callWithRetries(RpcRetryingCaller.java:140) at org.apache.hadoop.hbase.client.HBaseAdmin.executeCallable(HBaseAdmin.java:4036) at org.apache.hadoop.hbase.client.HBaseAdmin.getNamespaceDescriptor(HBaseAdmin.java:2797) at org.apache.phoenix.query.ConnectionQueryServicesImpl.ensureNamespaceCreated(ConnectionQueryServicesImpl.java:982) ... 23 more Caused by: org.apache.hadoop.hbase.ipc.RemoteWithExtrasException(org.apache.hadoop.hbase.security.AccessDeniedException): org.apache.hadoop.hbase.security.AccessDeniedException: Insufficient permissions (user=wwr, scope=SYSTEM, params=[namespace=SYSTEM],action=ADMIN) at org.apache.hadoop.hbase.security.access.AccessController.requireNamespacePermission(AccessController.java:588) at org.apache.hadoop.hbase.security.access.AccessController.preGetNamespaceDescriptor(AccessController.java:1321) at org.apache.hadoop.hbase.master.MasterCoprocessorHost$7.call(MasterCoprocessorHost.java:167) at org.apache.hadoop.hbase.master.MasterCoprocessorHost.execOperation(MasterCoprocessorHost.java:1095) at org.apache.hadoop.hbase.master.MasterCoprocessorHost.preGetNamespaceDescriptor(MasterCoprocessorHost.java:163) at org.apache.hadoop.hbase.master.HMaster.getNamespaceDescriptor(HMaster.java:2535) at org.apache.hadoop.hbase.master.MasterRpcServices.getNamespaceDescriptor(MasterRpcServices.java:799) at org.apache.hadoop.hbase.protobuf.generated.MasterProtos$MasterService$2.callBlockingMethod(MasterProtos.java:51147) at org.apache.hadoop.hbase.ipc.RpcServer.call(RpcServer.java:2114) at org.apache.hadoop.hbase.ipc.CallRunner.run(CallRunner.java:101) at org.apache.hadoop.hbase.ipc.RpcExecutor.consumerLoop(RpcExecutor.java:130) at org.apache.hadoop.hbase.ipc.RpcExecutor$1.run(RpcExecutor.java:107) at java.lang.Thread.run(Thread.java:745) at org.apache.hadoop.hbase.ipc.RpcClientImpl.call(RpcClientImpl.java:1235) at org.apache.hadoop.hbase.ipc.AbstractRpcClient.callBlockingMethod(AbstractRpcClient.java:217) at org.apache.hadoop.hbase.ipc.AbstractRpcClient$BlockingRpcChannelImplementation.callBlockingMethod(AbstractRpcClient.java:318) at org.apache.hadoop.hbase.protobuf.generated.MasterProtos$MasterService$BlockingStub.getNamespaceDescriptor(MasterProtos.java:55137) at org.apache.hadoop.hbase.client.ConnectionManager$HConnectionImplementation$4.getNamespaceDescriptor(ConnectionManager.java:1964) at org.apache.hadoop.hbase.client.HBaseAdmin$33.call(HBaseAdmin.java:2801) at org.apache.hadoop.hbase.client.HBaseAdmin$33.call(HBaseAdmin.java:2798) at org.apache.hadoop.hbase.client.RpcRetryingCaller.callWithRetries(RpcRetryingCaller.java:126) ... 26 more
> then I have used hbase user to give the user A [RWA] permissions for the namespace SYSTEM, then I have used user A to use sqline to enter in the Phoenix Shell, I can query and modify unauthorized schema and data tables
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)