Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.apache.hadoop.hbase.security.access
Class TableAuthManager

java.lang.Object
  extended by org.apache.hadoop.hbase.security.access.TableAuthManager

public class TableAuthManager
extends Object

Performs authorization checks for a given user's assigned permissions

Method Summary
 boolean authorize(User user, byte[] table, byte[] family, byte[] qualifier, Permission.Action action)
           
 boolean authorize(User user, byte[] table, byte[] family, Permission.Action action)
           
 boolean authorize(User user, byte[] table, KeyValue kv, Permission.Action action)
           
 boolean authorize(User user, Permission.Action action)
          Authorize a global permission based on ACLs for the given user and the user's groups.
 boolean authorizeGroup(String groupName, byte[] table, byte[] family, Permission.Action action)
          Checks authorization to a given table and column family for a group, based on the stored permissions.
 boolean authorizeGroup(String groupName, Permission.Action action)
          Checks authorization for a given action for a group, based on the stored permissions.
 boolean authorizeUser(String username, byte[] table, byte[] family, byte[] qualifier, Permission.Action action)
           
 boolean authorizeUser(String username, byte[] table, byte[] family, Permission.Action action)
          Checks authorization to a given table and column family for a user, based on the stored user permissions.
 boolean authorizeUser(String username, Permission.Action action)
          Checks global authorization for a specific action for a user, based on the stored user permissions.
static TableAuthManager get(ZooKeeperWatcher watcher, org.apache.hadoop.conf.Configuration conf)
           
 ZKPermissionWatcher getZKPermissionWatcher()
           
 boolean matchPermission(User user, byte[] table, byte[] family, byte[] qualifier, Permission.Action action)
           
 boolean matchPermission(User user, byte[] table, byte[] family, Permission.Action action)
          Returns true if the given user has a TablePermission matching up to the column family portion of a permission.
 void refreshCacheFromWritable(byte[] table, byte[] data)
           
 void remove(byte[] table)
           
 void setGroupPermissions(String group, byte[] table, List<TablePermission> perms)
          Overwrites the existing permission set for a group and triggers an update for zookeeper synchronization.
 void setUserPermissions(String username, byte[] table, List<TablePermission> perms)
          Overwrites the existing permission set for a given user for a table, and triggers an update for zookeeper synchronization.
 void writeToZooKeeper(byte[] table, org.apache.hadoop.hbase.security.access.TableAuthManager.PermissionCache<TablePermission> tablePerms)
           
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Method Detail

getZKPermissionWatcher

public ZKPermissionWatcher getZKPermissionWatcher()

refreshCacheFromWritable

public void refreshCacheFromWritable(byte[] table,
                                     byte[] data)
                              throws IOException
Throws:
IOException

authorize

public boolean authorize(User user,
                         Permission.Action action)
Authorize a global permission based on ACLs for the given user and the user's groups.

Parameters:
user -
action -
Returns:
true if known and authorized, false otherwise

authorize

public boolean authorize(User user,
                         byte[] table,
                         KeyValue kv,
                         Permission.Action action)

authorizeUser

public boolean authorizeUser(String username,
                             Permission.Action action)
Checks global authorization for a specific action for a user, based on the stored user permissions.

authorizeUser

public boolean authorizeUser(String username,
                             byte[] table,
                             byte[] family,
                             Permission.Action action)
Checks authorization to a given table and column family for a user, based on the stored user permissions.

Parameters:
username -
table -
family -
action -
Returns:
true if known and authorized, false otherwise

authorizeUser

public boolean authorizeUser(String username,
                             byte[] table,
                             byte[] family,
                             byte[] qualifier,
                             Permission.Action action)

authorizeGroup

public boolean authorizeGroup(String groupName,
                              Permission.Action action)
Checks authorization for a given action for a group, based on the stored permissions.

authorizeGroup

public boolean authorizeGroup(String groupName,
                              byte[] table,
                              byte[] family,
                              Permission.Action action)
Checks authorization to a given table and column family for a group, based on the stored permissions.

Parameters:
groupName -
table -
family -
action -
Returns:
true if known and authorized, false otherwise

authorize

public boolean authorize(User user,
                         byte[] table,
                         byte[] family,
                         byte[] qualifier,
                         Permission.Action action)

authorize

public boolean authorize(User user,
                         byte[] table,
                         byte[] family,
                         Permission.Action action)

matchPermission

public boolean matchPermission(User user,
                               byte[] table,
                               byte[] family,
                               Permission.Action action)
Returns true if the given user has a TablePermission matching up to the column family portion of a permission. Note that this permission may be scoped to a given column qualifier and does not guarantee that authorize() on the same column family would return true.

matchPermission

public boolean matchPermission(User user,
                               byte[] table,
                               byte[] family,
                               byte[] qualifier,
                               Permission.Action action)

remove

public void remove(byte[] table)

setUserPermissions

public void setUserPermissions(String username,
                               byte[] table,
                               List<TablePermission> perms)
Overwrites the existing permission set for a given user for a table, and triggers an update for zookeeper synchronization.

Parameters:
username -
table -
perms -

setGroupPermissions

public void setGroupPermissions(String group,
                                byte[] table,
                                List<TablePermission> perms)
Overwrites the existing permission set for a group and triggers an update for zookeeper synchronization.

Parameters:
group -
table -
perms -

writeToZooKeeper

public void writeToZooKeeper(byte[] table,
                             org.apache.hadoop.hbase.security.access.TableAuthManager.PermissionCache<TablePermission> tablePerms)

get

public static TableAuthManager get(ZooKeeperWatcher watcher,
                                   org.apache.hadoop.conf.Configuration conf)
                            throws IOException
Throws:
IOException
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2013 The Apache Software Foundation. All Rights Reserved.