Home | About | Sematext search-lucene.com search-hadoop.com
NEW: Monitor These Apps!
elasticsearch, apache solr, apache hbase, hadoop, redis, casssandra, amazon cloudwatch, mysql, memcached, apache kafka, apache zookeeper, apache storm, ubuntu, centOS, red hat, debian, puppet labs, java, senseiDB
 Search Hadoop and all its subprojects:

Switch to Threaded View
Accumulo >> mail # user >> Setting appropriate user authorizations - how and what are the best practices


Copy link to this message
-
Re: Setting appropriate user authorizations - how and what are the best practices
On Mon, Aug 6, 2012 at 9:25 AM, Edmon Begoli <[EMAIL PROTECTED]> wrote:
> I implemented a simple example for writing and then reading a data
> from a table in Accumulo (code attached).
>
> When I run the code I get the exception printed below. I suspect that
> I am getting this because user (root) who inserted this data might not
> have permissions to read it.
>
> I would like to know what is the proper way to:
>
> A. Assign these authorizations and how

You can use setauths command in the shell.

FYI, you may find the following of interest.

https://issues.apache.org/jira/browse/ACCUMULO-246

>
> B. What are the best practices in Accumulo for assign privileges as my
> next step will be to create hierarchies of user authorizations.
> I want to at the minimum reflect the HIPAA domain where usually only
> owner of the private data and some, narrow group can actually see all
> of the data, but
> many can see some de-identified fragments of it.
>
> Exception
> ------------------------------------------------------------------
>
>
> 12/08/03 09:27:28 INFO zookeeper.ClientCnxn: Socket connection
> established to localhost/127.0.0.1:2181, initiating session
> 12/08/03 09:27:28 INFO zookeeper.ClientCnxn: Session establishment
> complete on server localhost/127.0.0.1:2181, sessionid > 0x138d87a3657fbfc, negotiated timeout = 30000
> Exception in thread "main" java.lang.RuntimeException:
> org.apache.accumulo.core.client.AccumuloSecurityException: Error
> BAD_AUTHORIZATIONS - The user does not have the specified
> authorizations assigned
>         at org.apache.accumulo.core.client.impl.ScannerIterator.hasNext(ScannerIterator.java:186)
>         at accumulo.ClaimsBroker.main(ClaimsBroker.java:56)
> Caused by: org.apache.accumulo.core.client.AccumuloSecurityException:
> Error BAD_AUTHORIZATIONS - The user does not have the specified
> authorizations assigned
>         at org.apache.accumulo.core.client.impl.ThriftScanner.scan(ThriftScanner.java:470)
>         at org.apache.accumulo.core.client.impl.ThriftScanner.scan(ThriftScanner.java:295)
>         at org.apache.accumulo.core.client.impl.ScannerIterator$Reader.run(ScannerIterator.java:94)
>         at org.apache.accumulo.core.client.impl.ScannerIterator.hasNext(ScannerIterator.java:176)
>         ... 1 more
> Caused by: ThriftSecurityException(user:root, code:BAD_AUTHORIZATIONS)
>         at org.apache.accumulo.core.tabletserver.thrift.TabletClientService$startScan_result.read(TabletClientService.java:4657)
>         at org.apache.accumulo.core.tabletserver.thrift.TabletClientService$Client.recv_startScan(TabletClientService.java:192)
>         at org.apache.accumulo.core.tabletserver.thrift.TabletClientService$Client.startScan(TabletClientService.java:157)
>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
>         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>         at java.lang.reflect.Method.invoke(Method.java:616)
>         at org.apache.accumulo.cloudtrace.instrument.thrift.TraceWrap$2.invoke(TraceWrap.java:84)
>         at $Proxy1.startScan(Unknown Source)
>         at org.apache.accumulo.core.client.impl.ThriftScanner.scan(ThriftScanner.java:415)
>         ... 4 more
NEW: Monitor These Apps!
elasticsearch, apache solr, apache hbase, hadoop, redis, casssandra, amazon cloudwatch, mysql, memcached, apache kafka, apache zookeeper, apache storm, ubuntu, centOS, red hat, debian, puppet labs, java, senseiDB