Home | About | Sematext search-lucene.com search-hadoop.com
 Search Hadoop and all its subprojects:

Switch to Threaded View
Accumulo, mail # user - Setting appropriate user authorizations - how and what are the best practices


Copy link to this message
-
Re: Setting appropriate user authorizations - how and what are the best practices
John Vines 2012-08-06, 14:45
That error occurs when a user tried to do a scan with an authorization they
do not have granted to them. Make sure that the user has the authorizations
they are trying to scan with (if this is an unintended error). Otherwise,
it's working as intended.

2. There will be coming changes to how authorizations are handled in 1.5 to
better support a stricter way to handle authorization realms. accumulo-667
has the discussion in it.

John

On Mon, Aug 6, 2012 at 9:25 AM, Edmon Begoli <[EMAIL PROTECTED]> wrote:

> I implemented a simple example for writing and then reading a data
> from a table in Accumulo (code attached).
>
> When I run the code I get the exception printed below. I suspect that
> I am getting this because user (root) who inserted this data might not
> have permissions to read it.
>
> I would like to know what is the proper way to:
>
> A. Assign these authorizations and how
>
> B. What are the best practices in Accumulo for assign privileges as my
> next step will be to create hierarchies of user authorizations.
> I want to at the minimum reflect the HIPAA domain where usually only
> owner of the private data and some, narrow group can actually see all
> of the data, but
> many can see some de-identified fragments of it.
>
> Exception
> ------------------------------------------------------------------
>
>
> 12/08/03 09:27:28 INFO zookeeper.ClientCnxn: Socket connection
> established to localhost/127.0.0.1:2181, initiating session
> 12/08/03 09:27:28 INFO zookeeper.ClientCnxn: Session establishment
> complete on server localhost/127.0.0.1:2181, sessionid > 0x138d87a3657fbfc, negotiated timeout = 30000
> Exception in thread "main" java.lang.RuntimeException:
> org.apache.accumulo.core.client.AccumuloSecurityException: Error
> BAD_AUTHORIZATIONS - The user does not have the specified
> authorizations assigned
>         at
> org.apache.accumulo.core.client.impl.ScannerIterator.hasNext(ScannerIterator.java:186)
>         at accumulo.ClaimsBroker.main(ClaimsBroker.java:56)
> Caused by: org.apache.accumulo.core.client.AccumuloSecurityException:
> Error BAD_AUTHORIZATIONS - The user does not have the specified
> authorizations assigned
>         at
> org.apache.accumulo.core.client.impl.ThriftScanner.scan(ThriftScanner.java:470)
>         at
> org.apache.accumulo.core.client.impl.ThriftScanner.scan(ThriftScanner.java:295)
>         at
> org.apache.accumulo.core.client.impl.ScannerIterator$Reader.run(ScannerIterator.java:94)
>         at
> org.apache.accumulo.core.client.impl.ScannerIterator.hasNext(ScannerIterator.java:176)
>         ... 1 more
> Caused by: ThriftSecurityException(user:root, code:BAD_AUTHORIZATIONS)
>         at
> org.apache.accumulo.core.tabletserver.thrift.TabletClientService$startScan_result.read(TabletClientService.java:4657)
>         at
> org.apache.accumulo.core.tabletserver.thrift.TabletClientService$Client.recv_startScan(TabletClientService.java:192)
>         at
> org.apache.accumulo.core.tabletserver.thrift.TabletClientService$Client.startScan(TabletClientService.java:157)
>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>         at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
>         at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>         at java.lang.reflect.Method.invoke(Method.java:616)
>         at
> org.apache.accumulo.cloudtrace.instrument.thrift.TraceWrap$2.invoke(TraceWrap.java:84)
>         at $Proxy1.startScan(Unknown Source)
>         at
> org.apache.accumulo.core.client.impl.ThriftScanner.scan(ThriftScanner.java:415)
>         ... 4 more
>