Created 02-07-2021 03:54 AM
So we're running Cloudera 6.2.1 which has Hbase 2.1.2 We'd like to provide row and cell level security.
Looking at this guide...
...I have to set a brunch of properties.
hbase.security.exec.permission.checks=true
hbase.security.access.early_out=false
hfile.format.version=3
Also I need to toggle on the 'Enable Hbase authorization' flag.
I assume I also have to configure the (the VisibilityController and AccessController) coprocessors? There is this vague statement in the document mentioned about.
---
Optionally, search for and configure HBase Coprocessor Master Classes and HBase Coprocessor Region Classes.
---
Also I see in Cloudera 6.2.1 manager Hbase configuration toggles for 'Enable Row level authorization' and 'Enable Cell ACLs'. Do I need to toggle those on too? There is no mention of these in the setup.
It's a bit confusing.
Richard
Created 02-09-2021 12:39 PM
Figured it out. When you toggle on the row level and cell ACLS hbase configuration it automatically adds entries to the hbase-site.xml for you... eg. the access and visibility coprocessors. So I'm all good.
Richard
Created 03-14-2021 01:16 AM
Hello @Rjkoop
Thanks for posting the Update & confirming the Q has been resolved. In short, the Article requires us to set the 3 Configurations you specified ["hbase.security.exec.permission.checks", "hbase.security.access.early_out", "hfile.format.version"] along with enabling the "HBase Secure Authorization" (Mandatory for "HBase Cell-Level ACLs" enabling).
Additionally, Link [1] documents the ACL functionality in detail as well. As the Post is Solved, I shall mark the same likewise as well.
- Smarak
[1] https://hbase.apache.org/book.html#hbase.accesscontrol.configuration
Created 02-09-2021 12:39 PM
Figured it out. When you toggle on the row level and cell ACLS hbase configuration it automatically adds entries to the hbase-site.xml for you... eg. the access and visibility coprocessors. So I'm all good.
Richard
Created 03-14-2021 01:16 AM
Hello @Rjkoop
Thanks for posting the Update & confirming the Q has been resolved. In short, the Article requires us to set the 3 Configurations you specified ["hbase.security.exec.permission.checks", "hbase.security.access.early_out", "hfile.format.version"] along with enabling the "HBase Secure Authorization" (Mandatory for "HBase Cell-Level ACLs" enabling).
Additionally, Link [1] documents the ACL functionality in detail as well. As the Post is Solved, I shall mark the same likewise as well.
- Smarak
[1] https://hbase.apache.org/book.html#hbase.accesscontrol.configuration