public class AccessControlLists extends Object
AccessController
.
Access control lists are stored in an "internal" metadata table named
_acl_
. Each table's permission grants are stored as a separate row,
keyed by the table name. KeyValues for permissions assignments are stored
in one of the formats:
Key Desc -------- -------- user table level permissions for a user [R=read, W=write]
Modifier and Type | Field and Description |
---|---|
static byte[] |
ACL_GLOBAL_NAME |
static char |
ACL_KEY_DELIMITER
Delimiter to separate user, column family, and qualifier in
_acl_ table info: column keys
|
static byte[] |
ACL_LIST_FAMILY |
static String |
ACL_LIST_FAMILY_STR
Column family used to store ACL grants
|
static byte[] |
ACL_TABLE_NAME |
static String |
ACL_TABLE_NAME_STR
Internal storage table for access control lists
|
static HTableDescriptor |
ACL_TABLEDESC
Table descriptor for ACL internal table
|
static String |
GROUP_PREFIX
Prefix character to denote group names
|
static String |
SUPERUSER_CONF_KEY
Configuration key for superusers
|
Constructor and Description |
---|
AccessControlLists() |
Modifier and Type | Method and Description |
---|---|
static String |
getGroupName(String aclKey)
Returns the actual name for a group principal (stripped of the
group prefix).
|
static boolean |
isGroupPrincipal(String name)
Returns whether or not the given name should be interpreted as a group
principal.
|
static <T extends Permission> |
readPermissions(DataInput in,
org.apache.hadoop.conf.Configuration conf)
Reads a set of permissions as
Writable instances
from the input stream. |
static void |
writePermissions(DataOutput out,
com.google.common.collect.ListMultimap<String,? extends Permission> perms,
org.apache.hadoop.conf.Configuration conf)
Writes a set of permissions as
Writable instances
to the given output stream. |
static byte[] |
writePermissionsAsBytes(com.google.common.collect.ListMultimap<String,? extends Permission> perms,
org.apache.hadoop.conf.Configuration conf)
Writes a set of permissions as
Writable instances
and returns the resulting byte array. |
public static final String ACL_TABLE_NAME_STR
public static final byte[] ACL_TABLE_NAME
public static final byte[] ACL_GLOBAL_NAME
public static final String ACL_LIST_FAMILY_STR
public static final byte[] ACL_LIST_FAMILY
public static final HTableDescriptor ACL_TABLEDESC
public static final char ACL_KEY_DELIMITER
public static final String GROUP_PREFIX
public static final String SUPERUSER_CONF_KEY
public static void writePermissions(DataOutput out, com.google.common.collect.ListMultimap<String,? extends Permission> perms, org.apache.hadoop.conf.Configuration conf) throws IOException
Writable
instances
to the given output stream.out
- perms
- conf
- IOException
public static byte[] writePermissionsAsBytes(com.google.common.collect.ListMultimap<String,? extends Permission> perms, org.apache.hadoop.conf.Configuration conf)
Writable
instances
and returns the resulting byte array.public static <T extends Permission> com.google.common.collect.ListMultimap<String,T> readPermissions(DataInput in, org.apache.hadoop.conf.Configuration conf) throws IOException
Writable
instances
from the input stream.IOException
public static boolean isGroupPrincipal(String name)
Copyright © 2014 The Apache Software Foundation. All Rights Reserved.