Phoenix non-Kerberos security ?

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Phoenix non-Kerberos security ?

Aleksandr Saraseka-2
Hello community.
Does Phoenix have some kind of security for authentication and authorization other then Kerberos ?
We're allowing our users connect to our cluster with QueryServer, but at the same time we want to authenticate them and control what kind of access they can have (read only, write only to some tables) without enabling Kerberos for HBase/HDFS clusters.

--
Aleksandr Saraseka
DBA
<a href="tel:380997600401" style="color:#505050;text-decoration:none;font-family:Arial" target="_blank">380997600401
   [hidden email]    eztexting.com
Reply | Threaded
Open this post in threaded view
|

Re: Phoenix non-Kerberos security ?

anil gupta
To the best of my knowledge Phoenix/HBase only supports Kerberos.
In past, i have used secure HBase/Phoenix cluster in web services and it worked fine. Kerberos can be integrated with AD. But, you might need to check whether Queryserver supports security or not. In worst case, a potential workaround would be to put Phoenix query server behind a homegrown webservice that authenticates and authorizes the users before forwarding the request to Queryserver.

HTH,
Anil Gupta

On Mon, Nov 4, 2019 at 12:45 AM Aleksandr Saraseka <[hidden email]> wrote:
Hello community.
Does Phoenix have some kind of security for authentication and authorization other then Kerberos ?
We're allowing our users connect to our cluster with QueryServer, but at the same time we want to authenticate them and control what kind of access they can have (read only, write only to some tables) without enabling Kerberos for HBase/HDFS clusters.

--
Aleksandr Saraseka
DBA
<a href="tel:380997600401" style="color:rgb(80,80,80);text-decoration:none;font-family:Arial" target="_blank">380997600401
   [hidden email]    eztexting.com


--
Thanks & Regards,
Anil Gupta
Reply | Threaded
Open this post in threaded view
|

Re: Phoenix non-Kerberos security ?

Aleksandr Saraseka-2
It's working fine with Kerberos, but we use streaming Spark jobs on Google Dataproc cluster and seems it has some problems to make Spark -> Phoenix JDBC -> HBase working, so I'm trying to find some workaround to keep HBase unsecure and have "protection from mistake" for PQS that users use.

On Mon, Nov 4, 2019 at 11:02 AM anil gupta <[hidden email]> wrote:
To the best of my knowledge Phoenix/HBase only supports Kerberos.
In past, i have used secure HBase/Phoenix cluster in web services and it worked fine. Kerberos can be integrated with AD. But, you might need to check whether Queryserver supports security or not. In worst case, a potential workaround would be to put Phoenix query server behind a homegrown webservice that authenticates and authorizes the users before forwarding the request to Queryserver.

HTH,
Anil Gupta

On Mon, Nov 4, 2019 at 12:45 AM Aleksandr Saraseka <[hidden email]> wrote:
Hello community.
Does Phoenix have some kind of security for authentication and authorization other then Kerberos ?
We're allowing our users connect to our cluster with QueryServer, but at the same time we want to authenticate them and control what kind of access they can have (read only, write only to some tables) without enabling Kerberos for HBase/HDFS clusters.

--
Aleksandr Saraseka
DBA
<a href="tel:380997600401" style="color:rgb(80,80,80);text-decoration:none;font-family:Arial" target="_blank">380997600401
   [hidden email]    eztexting.com


--
Thanks & Regards,
Anil Gupta


--
Aleksandr Saraseka
DBA
<a href="tel:380997600401" style="color:rgb(80,80,80);text-decoration:none;font-family:Arial" target="_blank">380997600401
   [hidden email]    eztexting.com