Home | About | Sematext search-lucene.com search-hadoop.com
 Search Hadoop and all its subprojects:

Switch to Threaded View
Accumulo, mail # user - Setting appropriate user authorizations - how and what are the best practices


Copy link to this message
-
Re: Setting appropriate user authorizations - how and what are the best practices
Keith Turner 2012-08-06, 14:43
On Mon, Aug 6, 2012 at 9:25 AM, Edmon Begoli <[EMAIL PROTECTED]> wrote:
> I implemented a simple example for writing and then reading a data
> from a table in Accumulo (code attached).
>
> When I run the code I get the exception printed below. I suspect that
> I am getting this because user (root) who inserted this data might not
> have permissions to read it.
>
> I would like to know what is the proper way to:
>
> A. Assign these authorizations and how

You can use setauths command in the shell.

FYI, you may find the following of interest.

https://issues.apache.org/jira/browse/ACCUMULO-246

>
> B. What are the best practices in Accumulo for assign privileges as my
> next step will be to create hierarchies of user authorizations.
> I want to at the minimum reflect the HIPAA domain where usually only
> owner of the private data and some, narrow group can actually see all
> of the data, but
> many can see some de-identified fragments of it.
>
> Exception
> ------------------------------------------------------------------
>
>
> 12/08/03 09:27:28 INFO zookeeper.ClientCnxn: Socket connection
> established to localhost/127.0.0.1:2181, initiating session
> 12/08/03 09:27:28 INFO zookeeper.ClientCnxn: Session establishment
> complete on server localhost/127.0.0.1:2181, sessionid > 0x138d87a3657fbfc, negotiated timeout = 30000
> Exception in thread "main" java.lang.RuntimeException:
> org.apache.accumulo.core.client.AccumuloSecurityException: Error
> BAD_AUTHORIZATIONS - The user does not have the specified
> authorizations assigned
>         at org.apache.accumulo.core.client.impl.ScannerIterator.hasNext(ScannerIterator.java:186)
>         at accumulo.ClaimsBroker.main(ClaimsBroker.java:56)
> Caused by: org.apache.accumulo.core.client.AccumuloSecurityException:
> Error BAD_AUTHORIZATIONS - The user does not have the specified
> authorizations assigned
>         at org.apache.accumulo.core.client.impl.ThriftScanner.scan(ThriftScanner.java:470)
>         at org.apache.accumulo.core.client.impl.ThriftScanner.scan(ThriftScanner.java:295)
>         at org.apache.accumulo.core.client.impl.ScannerIterator$Reader.run(ScannerIterator.java:94)
>         at org.apache.accumulo.core.client.impl.ScannerIterator.hasNext(ScannerIterator.java:176)
>         ... 1 more
> Caused by: ThriftSecurityException(user:root, code:BAD_AUTHORIZATIONS)
>         at org.apache.accumulo.core.tabletserver.thrift.TabletClientService$startScan_result.read(TabletClientService.java:4657)
>         at org.apache.accumulo.core.tabletserver.thrift.TabletClientService$Client.recv_startScan(TabletClientService.java:192)
>         at org.apache.accumulo.core.tabletserver.thrift.TabletClientService$Client.startScan(TabletClientService.java:157)
>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
>         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>         at java.lang.reflect.Method.invoke(Method.java:616)
>         at org.apache.accumulo.cloudtrace.instrument.thrift.TraceWrap$2.invoke(TraceWrap.java:84)
>         at $Proxy1.startScan(Unknown Source)
>         at org.apache.accumulo.core.client.impl.ThriftScanner.scan(ThriftScanner.java:415)
>         ... 4 more