org.apache.hadoop.hbase.security.access
Class AccessControlLists

java.lang.Object
  extended by org.apache.hadoop.hbase.security.access.AccessControlLists

public class AccessControlLists
extends Object

Maintains lists of permission grants to users and groups to allow for authorization checks by AccessController.

Access control lists are stored in an "internal" metadata table named _acl_. Each table's permission grants are stored as a separate row, keyed by the table name. KeyValues for permissions assignments are stored in one of the formats:

 Key                      Desc
 --------                 --------
 user                     table level permissions for a user [R=read, W=write]


Field Summary
static byte[] ACL_GLOBAL_NAME
           
static char ACL_KEY_DELIMITER
          Delimiter to separate user, column family, and qualifier in _acl_ table info: column keys
static byte[] ACL_LIST_FAMILY
           
static String ACL_LIST_FAMILY_STR
          Column family used to store ACL grants
static byte[] ACL_TABLE_NAME
           
static String ACL_TABLE_NAME_STR
          Internal storage table for access control lists
static HTableDescriptor ACL_TABLEDESC
          Table descriptor for ACL internal table
static String GROUP_PREFIX
          Prefix character to denote group names
static String SUPERUSER_CONF_KEY
          Configuration key for superusers
 
Constructor Summary
AccessControlLists()
           
 
Method Summary
static String getGroupName(String aclKey)
          Returns the actual name for a group principal (stripped of the group prefix).
static boolean isGroupPrincipal(String name)
          Returns whether or not the given name should be interpreted as a group principal.
static
<T extends Permission>
com.google.common.collect.ListMultimap<String,T>
readPermissions(DataInput in, org.apache.hadoop.conf.Configuration conf)
          Reads a set of permissions as Writable instances from the input stream.
static void writePermissions(DataOutput out, com.google.common.collect.ListMultimap<String,? extends Permission> perms, org.apache.hadoop.conf.Configuration conf)
          Writes a set of permissions as Writable instances to the given output stream.
static byte[] writePermissionsAsBytes(com.google.common.collect.ListMultimap<String,? extends Permission> perms, org.apache.hadoop.conf.Configuration conf)
          Writes a set of permissions as Writable instances and returns the resulting byte array.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

ACL_TABLE_NAME_STR

public static final String ACL_TABLE_NAME_STR
Internal storage table for access control lists

See Also:
Constant Field Values

ACL_TABLE_NAME

public static final byte[] ACL_TABLE_NAME

ACL_GLOBAL_NAME

public static final byte[] ACL_GLOBAL_NAME

ACL_LIST_FAMILY_STR

public static final String ACL_LIST_FAMILY_STR
Column family used to store ACL grants

See Also:
Constant Field Values

ACL_LIST_FAMILY

public static final byte[] ACL_LIST_FAMILY

ACL_TABLEDESC

public static final HTableDescriptor ACL_TABLEDESC
Table descriptor for ACL internal table


ACL_KEY_DELIMITER

public static final char ACL_KEY_DELIMITER
Delimiter to separate user, column family, and qualifier in _acl_ table info: column keys

See Also:
Constant Field Values

GROUP_PREFIX

public static final String GROUP_PREFIX
Prefix character to denote group names

See Also:
Constant Field Values

SUPERUSER_CONF_KEY

public static final String SUPERUSER_CONF_KEY
Configuration key for superusers

See Also:
Constant Field Values
Constructor Detail

AccessControlLists

public AccessControlLists()
Method Detail

writePermissions

public static void writePermissions(DataOutput out,
                                    com.google.common.collect.ListMultimap<String,? extends Permission> perms,
                                    org.apache.hadoop.conf.Configuration conf)
                             throws IOException
Writes a set of permissions as Writable instances to the given output stream.

Parameters:
out -
perms -
conf -
Throws:
IOException

writePermissionsAsBytes

public static byte[] writePermissionsAsBytes(com.google.common.collect.ListMultimap<String,? extends Permission> perms,
                                             org.apache.hadoop.conf.Configuration conf)
Writes a set of permissions as Writable instances and returns the resulting byte array.


readPermissions

public static <T extends Permission> com.google.common.collect.ListMultimap<String,T> readPermissions(DataInput in,
                                                                                                      org.apache.hadoop.conf.Configuration conf)
                                                                                           throws IOException
Reads a set of permissions as Writable instances from the input stream.

Throws:
IOException

isGroupPrincipal

public static boolean isGroupPrincipal(String name)
Returns whether or not the given name should be interpreted as a group principal. Currently this simply checks if the name starts with the special group prefix character ("@").


getGroupName

public static String getGroupName(String aclKey)
Returns the actual name for a group principal (stripped of the group prefix).



Copyright © 2015 The Apache Software Foundation. All Rights Reserved.