Package | Description |
---|---|
org.apache.hadoop.hbase.security.access |
Modifier and Type | Field and Description |
---|---|
private Permission.Action |
AuthResult.action |
protected Permission.Action[] |
Permission.actions |
Modifier and Type | Field and Description |
---|---|
protected static Map<Byte,Permission.Action> |
Permission.ACTION_BY_CODE |
Modifier and Type | Method and Description |
---|---|
Permission.Action |
AuthResult.getAction() |
Permission.Action[] |
Permission.getActions() |
static Permission.Action |
Permission.Action.valueOf(String name)
Returns the enum constant of this type with the specified name.
|
static Permission.Action[] |
Permission.Action.values()
Returns an array containing the constants of this enum type, in
the order they are declared.
|
Modifier and Type | Method and Description |
---|---|
static AuthResult |
AuthResult.allow(String request,
String reason,
User user,
Permission.Action action,
String namespace) |
static AuthResult |
AuthResult.allow(String request,
String reason,
User user,
Permission.Action action,
TableName table,
byte[] family,
byte[] qualifier) |
static AuthResult |
AuthResult.allow(String request,
String reason,
User user,
Permission.Action action,
TableName table,
Map<byte[],? extends Collection<?>> families) |
private boolean |
TableAuthManager.authorize(List<Permission> perms,
Permission.Action action)
Authorizes a global permission
|
private boolean |
TableAuthManager.authorize(List<TablePermission> perms,
String namespace,
Permission.Action action) |
private boolean |
TableAuthManager.authorize(List<TablePermission> perms,
TableName table,
byte[] family,
byte[] qualifier,
Permission.Action action) |
boolean |
TableAuthManager.authorize(User user,
Permission.Action action)
Authorize a global permission based on ACLs for the given user and the
user's groups.
|
boolean |
TableAuthManager.authorize(User user,
String namespace,
Permission.Action action) |
boolean |
TableAuthManager.authorize(User user,
TableName table,
byte[] family,
byte[] qualifier,
Permission.Action action) |
boolean |
TableAuthManager.authorize(User user,
TableName table,
byte[] family,
Permission.Action action) |
boolean |
TableAuthManager.authorize(User user,
TableName table,
Cell cell,
Permission.Action action)
Authorize a user for a given KV.
|
boolean |
TableAuthManager.authorizeGroup(String groupName,
Permission.Action action)
Checks global authorization for a given action for a group, based on the stored
permissions.
|
boolean |
TableAuthManager.authorizeGroup(String groupName,
TableName table,
byte[] family,
byte[] qualifier,
Permission.Action action)
Checks authorization to a given table, column family and column for a group, based
on the stored permissions.
|
boolean |
TableAuthManager.authorizeUser(User user,
TableName table,
byte[] family,
byte[] qualifier,
Permission.Action action) |
boolean |
TableAuthManager.authorizeUser(User user,
TableName table,
byte[] family,
Permission.Action action)
Checks authorization to a given table and column family for a user, based on the
stored user permissions.
|
private boolean |
AccessController.checkCoveringPermission(AccessController.OpType request,
RegionCoprocessorEnvironment e,
byte[] row,
Map<byte[],? extends Collection<?>> familyMap,
long opTs,
Permission.Action... actions)
Determine if cell ACLs covered by the operation grant access.
|
static AuthResult |
AuthResult.deny(String request,
String reason,
User user,
Permission.Action action,
String namespace) |
static AuthResult |
AuthResult.deny(String request,
String reason,
User user,
Permission.Action action,
TableName table,
byte[] family,
byte[] qualifier) |
static AuthResult |
AuthResult.deny(String request,
String reason,
User user,
Permission.Action action,
TableName table,
Map<byte[],? extends Collection<?>> families) |
static void |
AccessControlClient.grant(org.apache.hadoop.conf.Configuration conf,
String userName,
Permission.Action... actions)
Deprecated.
|
static void |
AccessControlClient.grant(org.apache.hadoop.conf.Configuration conf,
String namespace,
String userName,
Permission.Action... actions)
Deprecated.
|
static void |
AccessControlClient.grant(org.apache.hadoop.conf.Configuration conf,
TableName tableName,
String userName,
byte[] family,
byte[] qual,
Permission.Action... actions)
Deprecated.
|
static void |
AccessControlClient.grant(Connection connection,
String userName,
Permission.Action... actions) |
static void |
AccessControlClient.grant(Connection connection,
String namespace,
String userName,
Permission.Action... actions)
Grants permission on the specified namespace for the specified user.
|
static void |
AccessControlClient.grant(Connection connection,
TableName tableName,
String userName,
byte[] family,
byte[] qual,
Permission.Action... actions)
Grants permission on the specified table for the specified user
|
boolean |
TableAuthManager.groupHasAccess(String groupName,
TableName table,
Permission.Action action)
Checks if the user has access to the full table or at least a family/qualifier
for the specified action.
|
private boolean |
TableAuthManager.hasAccess(List<TablePermission> perms,
TableName table,
Permission.Action action) |
boolean |
TableAuthManager.hasAccess(User user,
TableName table,
Permission.Action action) |
private boolean |
AccessController.hasFamilyQualifierPermission(User user,
Permission.Action perm,
RegionCoprocessorEnvironment env,
Map<byte[],? extends Collection<byte[]>> familyMap)
Returns
true if the current user is allowed the given action
over at least one of the column qualifiers in the given column families. |
boolean |
Permission.implies(Permission.Action action) |
boolean |
TablePermission.implies(String namespace,
Permission.Action action)
Checks that a given table operation is authorized by this permission
instance.
|
boolean |
TablePermission.implies(TableName table,
byte[] family,
byte[] qualifier,
Permission.Action action)
Checks that a given table operation is authorized by this permission
instance.
|
boolean |
TablePermission.implies(TableName table,
KeyValue kv,
Permission.Action action)
Checks if this permission grants access to perform the given action on
the given table and key value.
|
boolean |
TablePermission.matchesFamily(TableName table,
byte[] family,
Permission.Action action)
Returns
true if this permission matches the given column
family at least. |
boolean |
TablePermission.matchesFamilyQualifier(TableName table,
byte[] family,
byte[] qualifier,
Permission.Action action)
Returns if the given permission matches the given qualifier.
|
boolean |
TableAuthManager.matchPermission(User user,
TableName table,
byte[] family,
byte[] qualifier,
Permission.Action action) |
boolean |
TableAuthManager.matchPermission(User user,
TableName table,
byte[] family,
Permission.Action action)
Returns true if the given user has a
TablePermission matching up
to the column family portion of a permission. |
(package private) AuthResult |
AccessController.permissionGranted(AccessController.OpType opType,
User user,
RegionCoprocessorEnvironment e,
Map<byte[],? extends Collection<?>> families,
Permission.Action... actions)
Check the current user for authorization to perform a specific action
against the given set of row data.
|
(package private) AuthResult |
AccessController.permissionGranted(String request,
User user,
Permission.Action permRequest,
RegionCoprocessorEnvironment e,
Map<byte[],? extends Collection<?>> families)
Check the current user for authorization to perform a specific action
against the given set of row data.
|
private void |
AccessController.requireAccess(String request,
TableName tableName,
Permission.Action... permissions)
Authorizes that the current user has any of the given permissions to access the table.
|
private void |
AccessController.requireGlobalPermission(String request,
Permission.Action perm,
String namespace)
Checks that the user has the given global permission.
|
private void |
AccessController.requireGlobalPermission(String request,
Permission.Action perm,
TableName tableName,
Map<byte[],? extends Collection<byte[]>> familyMap)
Checks that the user has the given global permission.
|
void |
AccessController.requireNamespacePermission(String request,
String namespace,
Permission.Action... permissions)
Checks that the user has the given global or namespace permission.
|
void |
AccessController.requireNamespacePermission(String request,
String namespace,
TableName tableName,
Map<byte[],? extends Collection<byte[]>> familyMap,
Permission.Action... permissions)
Checks that the user has the given global or namespace permission.
|
private void |
AccessController.requirePermission(String request,
Permission.Action perm)
Authorizes that the current user has global privileges for the given action.
|
private void |
AccessController.requirePermission(String request,
TableName tableName,
byte[] family,
byte[] qualifier,
Permission.Action... permissions)
Authorizes that the current user has any of the given permissions for the
given table, column family and column qualifier.
|
private void |
AccessController.requireTablePermission(String request,
TableName tableName,
byte[] family,
byte[] qualifier,
Permission.Action... permissions)
Authorizes that the current user has any of the given permissions for the
given table, column family and column qualifier.
|
static void |
AccessControlClient.revoke(org.apache.hadoop.conf.Configuration conf,
String userName,
Permission.Action... actions)
Deprecated.
|
static void |
AccessControlClient.revoke(org.apache.hadoop.conf.Configuration conf,
String namespace,
String userName,
Permission.Action... actions)
Deprecated.
|
static void |
AccessControlClient.revoke(org.apache.hadoop.conf.Configuration conf,
TableName tableName,
String username,
byte[] family,
byte[] qualifier,
Permission.Action... actions)
Deprecated.
|
static void |
AccessControlClient.revoke(Connection connection,
String userName,
Permission.Action... actions)
Revoke global permissions for the specified user.
|
static void |
AccessControlClient.revoke(Connection connection,
String namespace,
String userName,
Permission.Action... actions)
Revokes the permission on the table for the specified user.
|
static void |
AccessControlClient.revoke(Connection connection,
TableName tableName,
String username,
byte[] family,
byte[] qualifier,
Permission.Action... actions)
Revokes the permission on the table
|
boolean |
TableAuthManager.userHasAccess(User user,
TableName table,
Permission.Action action)
Checks if the user has access to the full table or at least a family/qualifier
for the specified action.
|
Constructor and Description |
---|
AuthResult(boolean allowed,
String request,
String reason,
User user,
Permission.Action action,
String namespace) |
AuthResult(boolean allowed,
String request,
String reason,
User user,
Permission.Action action,
TableName table,
byte[] family,
byte[] qualifier) |
AuthResult(boolean allowed,
String request,
String reason,
User user,
Permission.Action action,
TableName table,
Map<byte[],? extends Collection<?>> families) |
Permission(Permission.Action... assigned) |
TablePermission(String namespace,
Permission.Action... assigned)
Create a new permission for the given namespace,
allowing the given actions.
|
TablePermission(String namespace,
TableName table,
byte[] family,
byte[] qualifier,
Permission.Action... assigned)
Creates a new permission for the given namespace or table, restricted to the given
column family and qualifier, allowing the assigned actions to be performed.
|
TablePermission(TableName table,
byte[] family,
byte[] qualifier,
Permission.Action... assigned)
Creates a new permission for the given table, restricted to the given
column family and qualifier, allowing the assigned actions to be performed.
|
TablePermission(TableName table,
byte[] family,
Permission.Action... assigned)
Create a new permission for the given table and (optionally) column family,
allowing the given actions.
|
UserPermission(byte[] user,
Permission.Action... assigned)
Creates a new instance for the given user.
|
UserPermission(byte[] user,
String namespace,
Permission.Action... assigned)
Creates a new instance for the given user.
|
UserPermission(byte[] user,
TableName table,
byte[] family,
byte[] qualifier,
Permission.Action... assigned)
Creates a new permission for the given user, table, column family and
column qualifier.
|
UserPermission(byte[] user,
TableName table,
byte[] family,
Permission.Action... assigned)
Creates a new instance for the given user, table and column family.
|
Copyright © 2007–2019 The Apache Software Foundation. All rights reserved.