Support Questions

Find answers, ask questions, and share your expertise

Cloudera 6.2.1 Hbase cell level security

avatar
Contributor

So we're running Cloudera 6.2.1 which has Hbase 2.1.2  We'd like to provide row and cell level security.

 

Looking at this guide...

https://docs.cloudera.com/documentation/enterprise/6/6.2/topics/admin_hbase_security.html#id_v2w_bv3...

 

...I have to set a brunch of properties.

 

hbase.security.exec.permission.checks=true

hbase.security.access.early_out=false

hfile.format.version=3

 

Also I need to toggle on the 'Enable Hbase authorization' flag.

 

I assume I also have to configure the (the VisibilityController and AccessController) coprocessors?  There is this vague statement in the document mentioned about.

---

Optionally, search for and configure HBase Coprocessor Master Classes and HBase Coprocessor Region Classes.

---

Also I see in Cloudera 6.2.1 manager Hbase configuration toggles for 'Enable Row level authorization' and 'Enable Cell ACLs'.  Do I need to toggle those on too?  There is no mention of these in the setup.

 

It's a bit confusing.

 

Richard

 

 

2 ACCEPTED SOLUTIONS

avatar
Contributor

Figured it out.  When you toggle on the row level and cell ACLS hbase configuration it automatically adds entries to the hbase-site.xml for you... eg. the access and visibility coprocessors.  So I'm all good.

 

Richard

View solution in original post

avatar
Super Collaborator

Hello @Rjkoop 

 

Thanks for posting the Update & confirming the Q has been resolved. In short, the Article requires us to set the 3 Configurations you specified ["hbase.security.exec.permission.checks", "hbase.security.access.early_out", "hfile.format.version"] along with enabling the "HBase Secure Authorization" (Mandatory for "HBase Cell-Level ACLs" enabling). 

 

Additionally, Link [1] documents the ACL functionality in detail as well. As the Post is Solved, I shall mark the same likewise as well. 

 

- Smarak

 

[1] https://hbase.apache.org/book.html#hbase.accesscontrol.configuration

View solution in original post

2 REPLIES 2

avatar
Contributor

Figured it out.  When you toggle on the row level and cell ACLS hbase configuration it automatically adds entries to the hbase-site.xml for you... eg. the access and visibility coprocessors.  So I'm all good.

 

Richard

avatar
Super Collaborator

Hello @Rjkoop 

 

Thanks for posting the Update & confirming the Q has been resolved. In short, the Article requires us to set the 3 Configurations you specified ["hbase.security.exec.permission.checks", "hbase.security.access.early_out", "hfile.format.version"] along with enabling the "HBase Secure Authorization" (Mandatory for "HBase Cell-Level ACLs" enabling). 

 

Additionally, Link [1] documents the ACL functionality in detail as well. As the Post is Solved, I shall mark the same likewise as well. 

 

- Smarak

 

[1] https://hbase.apache.org/book.html#hbase.accesscontrol.configuration