org.apache.hadoop.hbase.security.access
Interface AccessControllerProtocol

All Superinterfaces:
CoprocessorProtocol, VersionedProtocol
All Known Implementing Classes:
AccessController

public interface AccessControllerProtocol
extends CoprocessorProtocol

A custom protocol defined for maintaining and querying access control lists.


Field Summary
static long VERSION
           
 
Method Summary
 void checkPermissions(Permission[] permissions)
          Checks whether the given Permissions will pass the access checks for the current user.
 List<UserPermission> getUserPermissions(byte[] tableName)
          Queries the permissions currently stored for the given table, returning a list of currently granted permissions, along with the user or group each is associated with.
 void grant(byte[] user, TablePermission permission)
          Deprecated. Use revoke(UserPermission userPermission) instead
 void grant(UserPermission userPermission)
          Grants the given user or group the privilege to perform the given actions
 void revoke(byte[] user, TablePermission permission)
          Deprecated. Use revoke(UserPermission userPermission) instead
 void revoke(UserPermission userPermission)
          Revokes a previously granted privilege from a user or group.
 
Methods inherited from interface org.apache.hadoop.hbase.ipc.VersionedProtocol
getProtocolSignature, getProtocolVersion
 

Field Detail

VERSION

static final long VERSION
See Also:
Constant Field Values
Method Detail

grant

void grant(UserPermission userPermission)
           throws IOException
Grants the given user or group the privilege to perform the given actions

Parameters:
userPermission - the details of the provided user permissions
Throws:
IOException - if the grant could not be applied

grant

@Deprecated
void grant(byte[] user,
                      TablePermission permission)
           throws IOException
Deprecated. Use revoke(UserPermission userPermission) instead

Grants the given user or group the privilege to perform the given actions over the specified scope contained in TablePermission

Parameters:
user - the user name, or, if prefixed with "@", group name receiving the grant
permission - the details of the provided permissions
Throws:
IOException - if the grant could not be applied

revoke

void revoke(UserPermission userPermission)
            throws IOException
Revokes a previously granted privilege from a user or group. Note that the provided TablePermission details must exactly match a stored grant. For example, if user "bob" has been granted "READ" access to table "data", over column family and qualifer "info:colA", then the table, column family and column qualifier must all be specified. Attempting to revoke permissions over just the "data" table will have no effect.

Parameters:
permission - the details of the previously granted permission to revoke
Throws:
IOException - if the revocation could not be performed

revoke

@Deprecated
void revoke(byte[] user,
                       TablePermission permission)
            throws IOException
Deprecated. Use revoke(UserPermission userPermission) instead

Revokes a previously granted privilege from a user or group. Note that the provided TablePermission details must exactly match a stored grant. For example, if user "bob" has been granted "READ" access to table "data", over column family and qualifer "info:colA", then the table, column family and column qualifier must all be specified. Attempting to revoke permissions over just the "data" table will have no effect.

Parameters:
user - the user name, or, if prefixed with "@", group name whose privileges are being revoked
permission - the details of the previously granted permission to revoke
Throws:
IOException - if the revocation could not be performed

getUserPermissions

List<UserPermission> getUserPermissions(byte[] tableName)
                                        throws IOException
Queries the permissions currently stored for the given table, returning a list of currently granted permissions, along with the user or group each is associated with.

Parameters:
tableName - the table of the permission grants to return
Returns:
a list of the currently granted permissions, with associated user or group names
Throws:
IOException - if there is an error querying the permissions

checkPermissions

void checkPermissions(Permission[] permissions)
                      throws IOException
Checks whether the given Permissions will pass the access checks for the current user. Global permissions can be checked from the -acl- table or any other table, however TablePermissions can only be checked by the table's regions. If access control checks fail this method throws AccessDeniedException.

Parameters:
permissions - to check for. Permission subclasses can be used to do more specific checks at the table/family/column level.
Throws:
IOException - if there is an error checking the permissions


Copyright © 2015 The Apache Software Foundation. All Rights Reserved.