First thing to take into account when using a coprocessor is that they can break your hbase in case of error so this configuration can help you: hbase.coprocessor.abortonerror setting it to false will allow to still start your hbase cluster.
When you decide to use coprocessors:
- hbase.coprocessor.enabled: Enables
or disables coprocessor loading, for master loading
- hbase.coprocessor.user.enabled: Enables or disables coprocessor loading from shell aka user loading in table creation.
- hbase.coprocessor.region.classes: A comma-separatedlist
of Coprocessors that are loaded by
default
on alltables
These settings set ground rules of how coprocessors can be used it might be a good decision to be restrictive in how they can be added.
Once we have looked at all of these a coprocessor is an extension of the Hbase cluster or table functionnalities so no extra security on top of the standard Hbase security. You are however allowed to put your own logic in the coprocessor if it makes sense. A coprocessor at a higher priority may preempt action by those at lower priority by throwing an IOException (or a subclass of this). The coprocessor blog has an example of an acces-control coprocessor: https://blogs.apache.org/hbase/entry/coprocessor_introduction.
If you are enclined to build more access logic this is a good starting point.
hope this helps
