Support Questions

Find answers, ask questions, and share your expertise

HBase Coprocessor and security

avatar

Is there a way of restricting access to an HBase coprocessor in a multi tenant environment ? What should i be taking into consideration when using coprocessor ?

1 ACCEPTED SOLUTION

avatar

First thing to take into account when using a coprocessor is that they can break your hbase in case of error so this configuration can help you: hbase.coprocessor.abortonerror setting it to false will allow to still start your hbase cluster.

When you decide to use coprocessors:

- hbase.coprocessor.enabled: Enables or disables coprocessor loading, for master loading

- hbase.coprocessor.user.enabled: Enables or disables coprocessor loading from shell aka user loading in table creation.

- hbase.coprocessor.region.classes: A comma-separatedlist of Coprocessors that are loaded by

default on alltables

These settings set ground rules of how coprocessors can be used it might be a good decision to be restrictive in how they can be added.

Once we have looked at all of these a coprocessor is an extension of the Hbase cluster or table functionnalities so no extra security on top of the standard Hbase security. You are however allowed to put your own logic in the coprocessor if it makes sense. A coprocessor at a higher priority may preempt action by those at lower priority by throwing an IOException (or a subclass of this). The coprocessor blog has an example of an acces-control coprocessor: https://blogs.apache.org/hbase/entry/coprocessor_introduction.

If you are enclined to build more access logic this is a good starting point.

hope this helps

View solution in original post

2 REPLIES 2

avatar

First thing to take into account when using a coprocessor is that they can break your hbase in case of error so this configuration can help you: hbase.coprocessor.abortonerror setting it to false will allow to still start your hbase cluster.

When you decide to use coprocessors:

- hbase.coprocessor.enabled: Enables or disables coprocessor loading, for master loading

- hbase.coprocessor.user.enabled: Enables or disables coprocessor loading from shell aka user loading in table creation.

- hbase.coprocessor.region.classes: A comma-separatedlist of Coprocessors that are loaded by

default on alltables

These settings set ground rules of how coprocessors can be used it might be a good decision to be restrictive in how they can be added.

Once we have looked at all of these a coprocessor is an extension of the Hbase cluster or table functionnalities so no extra security on top of the standard Hbase security. You are however allowed to put your own logic in the coprocessor if it makes sense. A coprocessor at a higher priority may preempt action by those at lower priority by throwing an IOException (or a subclass of this). The coprocessor blog has an example of an acces-control coprocessor: https://blogs.apache.org/hbase/entry/coprocessor_introduction.

If you are enclined to build more access logic this is a good starting point.

hope this helps

avatar

Could you confirm that from an operation point of view, i can add / remove coprocessor using the following process.

- Stop application relying on coprocessor

- Remove coprocessor from hbase-site

- Rolling / restart of master ( assuming HA master )

- Rolling / restart of region server ( if we are using HA region server, we should not have any disruption of services )