public interface AccessControllerProtocol extends CoprocessorProtocol
Modifier and Type | Field and Description |
---|---|
static long |
VERSION |
Modifier and Type | Method and Description |
---|---|
void |
checkPermissions(Permission[] permissions)
Checks whether the given Permissions will pass the access checks for the
current user.
|
List<UserPermission> |
getUserPermissions(byte[] tableName)
Queries the permissions currently stored for the given table, returning
a list of currently granted permissions, along with the user or group
each is associated with.
|
void |
grant(byte[] user,
TablePermission permission)
Deprecated.
Use
revoke(UserPermission userPermission) instead |
void |
grant(UserPermission userPermission)
Grants the given user or group the privilege to perform the given actions
|
void |
revoke(byte[] user,
TablePermission permission)
Deprecated.
Use
revoke(UserPermission userPermission) instead |
void |
revoke(UserPermission userPermission)
Revokes a previously granted privilege from a user or group.
|
getProtocolSignature, getProtocolVersion
static final long VERSION
void grant(UserPermission userPermission) throws IOException
userPermission
- the details of the provided user permissionsIOException
- if the grant could not be applied@Deprecated void grant(byte[] user, TablePermission permission) throws IOException
revoke(UserPermission userPermission)
insteadTablePermission
user
- the user name, or, if prefixed with "@", group name receiving
the grantpermission
- the details of the provided permissionsIOException
- if the grant could not be appliedvoid revoke(UserPermission userPermission) throws IOException
TablePermission
details must exactly match
a stored grant. For example, if user "bob" has been granted "READ" access
to table "data", over column family and qualifer "info:colA", then the
table, column family and column qualifier must all be specified.
Attempting to revoke permissions over just the "data" table will have
no effect.permission
- the details of the previously granted permission to revokeIOException
- if the revocation could not be performed@Deprecated void revoke(byte[] user, TablePermission permission) throws IOException
revoke(UserPermission userPermission)
insteadTablePermission
details must exactly match
a stored grant. For example, if user "bob" has been granted "READ" access
to table "data", over column family and qualifer "info:colA", then the
table, column family and column qualifier must all be specified.
Attempting to revoke permissions over just the "data" table will have
no effect.user
- the user name, or, if prefixed with "@", group name whose
privileges are being revokedpermission
- the details of the previously granted permission to revokeIOException
- if the revocation could not be performedList<UserPermission> getUserPermissions(byte[] tableName) throws IOException
tableName
- the table of the permission grants to returnIOException
- if there is an error querying the permissionsvoid checkPermissions(Permission[] permissions) throws IOException
permissions
- to check for. Permission subclasses can be used
to do more specific checks at the table/family/column level.IOException
- if there is an error checking the permissionsCopyright © 2014 The Apache Software Foundation. All Rights Reserved.