public class TableAuthManager extends Object
Modifier and Type | Method and Description |
---|---|
boolean |
authorize(User user,
byte[] table,
byte[] family,
byte[] qualifier,
Permission.Action action) |
boolean |
authorize(User user,
byte[] table,
byte[] family,
Permission.Action action) |
boolean |
authorize(User user,
byte[] table,
KeyValue kv,
Permission.Action action) |
boolean |
authorize(User user,
Permission.Action action)
Authorize a global permission based on ACLs for the given user and the
user's groups.
|
boolean |
authorizeGroup(String groupName,
byte[] table,
byte[] family,
Permission.Action action)
Checks authorization to a given table and column family for a group, based
on the stored permissions.
|
boolean |
authorizeGroup(String groupName,
Permission.Action action)
Checks authorization for a given action for a group, based on the stored
permissions.
|
boolean |
authorizeUser(String username,
byte[] table,
byte[] family,
byte[] qualifier,
Permission.Action action) |
boolean |
authorizeUser(String username,
byte[] table,
byte[] family,
Permission.Action action)
Checks authorization to a given table and column family for a user, based on the
stored user permissions.
|
boolean |
authorizeUser(String username,
Permission.Action action)
Checks global authorization for a specific action for a user, based on the
stored user permissions.
|
static TableAuthManager |
get(ZooKeeperWatcher watcher,
org.apache.hadoop.conf.Configuration conf) |
ZKPermissionWatcher |
getZKPermissionWatcher() |
boolean |
matchPermission(User user,
byte[] table,
byte[] family,
byte[] qualifier,
Permission.Action action) |
boolean |
matchPermission(User user,
byte[] table,
byte[] family,
Permission.Action action)
Returns true if the given user has a
TablePermission matching up
to the column family portion of a permission. |
void |
refreshCacheFromWritable(byte[] table,
byte[] data) |
void |
remove(byte[] table) |
void |
setGroupPermissions(String group,
byte[] table,
List<TablePermission> perms)
Overwrites the existing permission set for a group and triggers an update
for zookeeper synchronization.
|
void |
setUserPermissions(String username,
byte[] table,
List<TablePermission> perms)
Overwrites the existing permission set for a given user for a table, and
triggers an update for zookeeper synchronization.
|
void |
writeToZooKeeper(byte[] table,
org.apache.hadoop.hbase.security.access.TableAuthManager.PermissionCache<TablePermission> tablePerms) |
public ZKPermissionWatcher getZKPermissionWatcher()
public void refreshCacheFromWritable(byte[] table, byte[] data) throws IOException
IOException
public boolean authorize(User user, Permission.Action action)
user
- action
- public boolean authorize(User user, byte[] table, KeyValue kv, Permission.Action action)
public boolean authorizeUser(String username, Permission.Action action)
public boolean authorizeUser(String username, byte[] table, byte[] family, Permission.Action action)
username
- table
- family
- action
- public boolean authorizeUser(String username, byte[] table, byte[] family, byte[] qualifier, Permission.Action action)
public boolean authorizeGroup(String groupName, Permission.Action action)
public boolean authorizeGroup(String groupName, byte[] table, byte[] family, Permission.Action action)
groupName
- table
- family
- action
- public boolean authorize(User user, byte[] table, byte[] family, byte[] qualifier, Permission.Action action)
public boolean authorize(User user, byte[] table, byte[] family, Permission.Action action)
public boolean matchPermission(User user, byte[] table, byte[] family, Permission.Action action)
TablePermission
matching up
to the column family portion of a permission. Note that this permission
may be scoped to a given column qualifier and does not guarantee that
authorize() on the same column family would return true.public boolean matchPermission(User user, byte[] table, byte[] family, byte[] qualifier, Permission.Action action)
public void remove(byte[] table)
public void setUserPermissions(String username, byte[] table, List<TablePermission> perms)
username
- table
- perms
- public void setGroupPermissions(String group, byte[] table, List<TablePermission> perms)
group
- table
- perms
- public void writeToZooKeeper(byte[] table, org.apache.hadoop.hbase.security.access.TableAuthManager.PermissionCache<TablePermission> tablePerms)
public static TableAuthManager get(ZooKeeperWatcher watcher, org.apache.hadoop.conf.Configuration conf) throws IOException
IOException
Copyright © 2014 The Apache Software Foundation. All Rights Reserved.