@InterfaceAudience.Private public class TableAuthManager extends Object
| Modifier and Type | Method and Description |
|---|---|
boolean |
authorize(User user,
Permission.Action action)
Authorize a global permission based on ACLs for the given user and the
user's groups.
|
boolean |
authorize(User user,
String namespace,
Permission.Action action) |
boolean |
authorize(User user,
TableName table,
byte[] family,
byte[] qualifier,
Permission.Action action) |
boolean |
authorize(User user,
TableName table,
byte[] family,
Permission.Action action) |
boolean |
authorize(User user,
TableName table,
Cell cell,
Permission.Action action)
Authorize a user for a given KV.
|
boolean |
authorizeGroup(String groupName,
Permission.Action action)
Checks global authorization for a given action for a group, based on the stored
permissions.
|
boolean |
authorizeGroup(String groupName,
TableName table,
byte[] family,
byte[] qualifier,
Permission.Action action)
Checks authorization to a given table, column family and column for a group, based
on the stored permissions.
|
boolean |
authorizeUser(User user,
TableName table,
byte[] family,
byte[] qualifier,
Permission.Action action) |
boolean |
authorizeUser(User user,
TableName table,
byte[] family,
Permission.Action action)
Checks authorization to a given table and column family for a user, based on the
stored user permissions.
|
static TableAuthManager |
get(ZooKeeperWatcher watcher,
org.apache.hadoop.conf.Configuration conf) |
long |
getMTime() |
ZKPermissionWatcher |
getZKPermissionWatcher() |
boolean |
groupHasAccess(String groupName,
TableName table,
Permission.Action action)
Checks if the user has access to the full table or at least a family/qualifier
for the specified action.
|
boolean |
hasAccess(User user,
TableName table,
Permission.Action action) |
boolean |
matchPermission(User user,
TableName table,
byte[] family,
byte[] qualifier,
Permission.Action action) |
boolean |
matchPermission(User user,
TableName table,
byte[] family,
Permission.Action action)
Returns true if the given user has a
TablePermission matching up
to the column family portion of a permission. |
void |
refreshNamespaceCacheFromWritable(String namespace,
byte[] data) |
void |
refreshTableCacheFromWritable(TableName table,
byte[] data) |
void |
removeNamespace(byte[] ns) |
void |
removeTable(TableName table) |
void |
setNamespaceGroupPermissions(String group,
String namespace,
List<TablePermission> perms)
Overwrites the existing permission set for a group and triggers an update
for zookeeper synchronization.
|
void |
setNamespaceUserPermissions(String username,
String namespace,
List<TablePermission> perms)
Overwrites the existing permission set for a given user for a table, and
triggers an update for zookeeper synchronization.
|
void |
setTableGroupPermissions(String group,
TableName table,
List<TablePermission> perms)
Overwrites the existing permission set for a group and triggers an update
for zookeeper synchronization.
|
void |
setTableUserPermissions(String username,
TableName table,
List<TablePermission> perms)
Overwrites the existing permission set for a given user for a table, and
triggers an update for zookeeper synchronization.
|
boolean |
userHasAccess(User user,
TableName table,
Permission.Action action)
Checks if the user has access to the full table or at least a family/qualifier
for the specified action.
|
void |
writeNamespaceToZooKeeper(String namespace,
org.apache.hadoop.hbase.security.access.TableAuthManager.PermissionCache<TablePermission> tablePerms) |
void |
writeTableToZooKeeper(TableName table,
org.apache.hadoop.hbase.security.access.TableAuthManager.PermissionCache<TablePermission> tablePerms) |
public ZKPermissionWatcher getZKPermissionWatcher()
public void refreshTableCacheFromWritable(TableName table, byte[] data) throws IOException
IOExceptionpublic void refreshNamespaceCacheFromWritable(String namespace, byte[] data) throws IOException
IOExceptionpublic boolean authorize(User user, Permission.Action action)
user - action - public boolean authorize(User user, TableName table, Cell cell, Permission.Action action)
public boolean authorize(User user, String namespace, Permission.Action action)
public boolean authorizeUser(User user, TableName table, byte[] family, Permission.Action action)
user - table - family - action - public boolean authorizeUser(User user, TableName table, byte[] family, byte[] qualifier, Permission.Action action)
public boolean userHasAccess(User user, TableName table, Permission.Action action)
user - table - action - public boolean authorizeGroup(String groupName, Permission.Action action)
public boolean authorizeGroup(String groupName, TableName table, byte[] family, byte[] qualifier, Permission.Action action)
groupName - table - family - qualifier - action - public boolean groupHasAccess(String groupName, TableName table, Permission.Action action)
groupName - table - action - public boolean authorize(User user, TableName table, byte[] family, byte[] qualifier, Permission.Action action)
public boolean hasAccess(User user, TableName table, Permission.Action action)
public boolean authorize(User user, TableName table, byte[] family, Permission.Action action)
public boolean matchPermission(User user, TableName table, byte[] family, Permission.Action action)
TablePermission matching up
to the column family portion of a permission. Note that this permission
may be scoped to a given column qualifier and does not guarantee that
authorize() on the same column family would return true.public boolean matchPermission(User user, TableName table, byte[] family, byte[] qualifier, Permission.Action action)
public void removeNamespace(byte[] ns)
public void removeTable(TableName table)
public void setTableUserPermissions(String username, TableName table, List<TablePermission> perms)
username - table - perms - public void setTableGroupPermissions(String group, TableName table, List<TablePermission> perms)
group - table - perms - public void setNamespaceUserPermissions(String username, String namespace, List<TablePermission> perms)
username - namespace - perms - public void setNamespaceGroupPermissions(String group, String namespace, List<TablePermission> perms)
group - namespace - perms - public void writeTableToZooKeeper(TableName table, org.apache.hadoop.hbase.security.access.TableAuthManager.PermissionCache<TablePermission> tablePerms)
public void writeNamespaceToZooKeeper(String namespace, org.apache.hadoop.hbase.security.access.TableAuthManager.PermissionCache<TablePermission> tablePerms)
public long getMTime()
public static TableAuthManager get(ZooKeeperWatcher watcher, org.apache.hadoop.conf.Configuration conf) throws IOException
IOExceptionCopyright © 2007-2016 The Apache Software Foundation. All Rights Reserved.