Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
Celebrating as our community reaches 100,000 members! Thank you!
Solved Go to solution

Cloudera 6.2.1 Hbase cell level security

Labels:
avatar
author-rank Rjkoop
Contributor

Created ‎02-07-2021 03:54 AM

So we're running Cloudera 6.2.1 which has Hbase 2.1.2  We'd like to provide row and cell level security.

 

Looking at this guide...

https://docs.cloudera.com/documentation/enterprise/6/6.2/topics/admin_hbase_security.html#id_v2w_bv3...

 

...I have to set a brunch of properties.

 

hbase.security.exec.permission.checks=true

hbase.security.access.early_out=false

hfile.format.version=3

 

Also I need to toggle on the 'Enable Hbase authorization' flag.

 

I assume I also have to configure the (the VisibilityController and AccessController) coprocessors?  There is this vague statement in the document mentioned about.

---

Optionally, search for and configure HBase Coprocessor Master Classes and HBase Coprocessor Region Classes.

---

Also I see in Cloudera 6.2.1 manager Hbase configuration toggles for 'Enable Row level authorization' and 'Enable Cell ACLs'.  Do I need to toggle those on too?  There is no mention of these in the setup.

 

It's a bit confusing.

 

Richard

 

 

1,032 Views
0 Kudos
2 ACCEPTED SOLUTIONS

avatar
author-rank Rjkoop
Contributor

Created ‎02-09-2021 12:39 PM

Figured it out.  When you toggle on the row level and cell ACLS hbase configuration it automatically adds entries to the hbase-site.xml for you... eg. the access and visibility coprocessors.  So I'm all good.

 

Richard

View solution in original post

1,004 Views
0 Kudos

avatar
author-rank smdas author-rank
Super Collaborator

Created ‎03-14-2021 01:16 AM

Hello @Rjkoop 

 

Thanks for posting the Update & confirming the Q has been resolved. In short, the Article requires us to set the 3 Configurations you specified ["hbase.security.exec.permission.checks", "hbase.security.access.early_out", "hfile.format.version"] along with enabling the "HBase Secure Authorization" (Mandatory for "HBase Cell-Level ACLs" enabling). 

 

Additionally, Link [1] documents the ACL functionality in detail as well. As the Post is Solved, I shall mark the same likewise as well. 

 

- Smarak

 

[1] https://hbase.apache.org/book.html#hbase.accesscontrol.configuration

View solution in original post

969 Views
0 Kudos
2 REPLIES 2

avatar
author-rank Rjkoop
Contributor

Created ‎02-09-2021 12:39 PM

Figured it out.  When you toggle on the row level and cell ACLS hbase configuration it automatically adds entries to the hbase-site.xml for you... eg. the access and visibility coprocessors.  So I'm all good.

 

Richard

1,005 Views
0 Kudos

avatar
author-rank smdas author-rank
Super Collaborator

Created ‎03-14-2021 01:16 AM

Hello @Rjkoop 

 

Thanks for posting the Update & confirming the Q has been resolved. In short, the Article requires us to set the 3 Configurations you specified ["hbase.security.exec.permission.checks", "hbase.security.access.early_out", "hfile.format.version"] along with enabling the "HBase Secure Authorization" (Mandatory for "HBase Cell-Level ACLs" enabling). 

 

Additionally, Link [1] documents the ACL functionality in detail as well. As the Post is Solved, I shall mark the same likewise as well. 

 

- Smarak

 

[1] https://hbase.apache.org/book.html#hbase.accesscontrol.configuration

970 Views
0 Kudos
Announcements
Product Announcements
[ANNOUNCE] Cloudera on Public Cloud Runtime 7.2.18 is GA!
What's New @ Cloudera
Cloudera Operational Database (COD) supports enhancements to...
Community Announcements
March 2024 Community Highlights
Community Announcements
Celebrating 100,000 Members: A Journey of Growth and Connect...
Product Announcements
[ANNOUNCE] New Cloudera JDBC Connector for Apache Hive 2.6.2...
View More Announcements