AccessControlLists (Apache HBase 1.4.11 API)

java.lang.Object
- org.apache.hadoop.hbase.security.access.AccessControlLists

@InterfaceAudience.Private
public class AccessControlLists
extends Object

Maintains lists of permission grants to users and groups to allow for authorization checks by AccessController.

Access control lists are stored in an "internal" metadata table named _acl_. Each table's permission grants are stored as a separate row, keyed by the table name. KeyValues for permissions assignments are stored in one of the formats:

 Key                      Desc
 --------                 --------
 user                     table level permissions for a user [R=read, W=write]
 group                    table level permissions for a group
 user,family              column family level permissions for a user
 group,family             column family level permissions for a group
 user,family,qualifier    column qualifier level permissions for a user
 group,family,qualifier   column qualifier level permissions for a group

All values are encoded as byte arrays containing the codes from the org.apache.hadoop.hbase.security.access.TablePermission.Action enum.

Field Summary

Fields
Modifier and Type	Field and Description
`static byte[]`	`ACL_GLOBAL_NAME`
`static char`	`ACL_KEY_DELIMITER` Delimiter to separate user, column family, and qualifier in _acl_ table info: column keys
`static byte[]`	`ACL_LIST_FAMILY`
`static String`	`ACL_LIST_FAMILY_STR` Column family used to store ACL grants
`static TableName`	`ACL_TABLE_NAME` Internal storage table for access control lists
`static byte`	`ACL_TAG_TYPE` KV tag to store per cell access control lists
`static char`	`NAMESPACE_PREFIX`

Constructor Summary

Constructors
Constructor and Description

AccessControlLists()

Constructors
Constructor and Description
`AccessControlLists()`

Method Summary

Methods
Modifier and Type	Method and Description
`static byte[]`	`fromNamespaceEntry(byte[] namespace)`
`static String`	`fromNamespaceEntry(String namespace)`
`static List<Permission>`	`getCellPermissionsForUser(User user, Cell cell)`
`static com.google.common.collect.ListMultimap<String,TablePermission>`	`getNamespacePermissions(org.apache.hadoop.conf.Configuration conf, String namespace)`
`static com.google.common.collect.ListMultimap<String,TablePermission>`	`getTablePermissions(org.apache.hadoop.conf.Configuration conf, TableName tableName)`
`static boolean`	`isNamespaceEntry(byte[] entryName)`
`static boolean`	`isNamespaceEntry(String entryName)`
`static com.google.common.collect.ListMultimap<String,TablePermission>`	`readPermissions(byte[] data, org.apache.hadoop.conf.Configuration conf)` Reads a set of permissions as `Writable` instances from the input stream.
`static byte[]`	`toNamespaceEntry(byte[] namespace)`
`static String`	`toNamespaceEntry(String namespace)`
`static byte[]`	`writePermissionsAsBytes(com.google.common.collect.ListMultimap<String,TablePermission> perms, org.apache.hadoop.conf.Configuration conf)` Writes a set of permissions as `Writable` instances and returns the resulting byte array.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail
- ACL_TABLE_NAME
```
public static final TableName ACL_TABLE_NAME
```
  Internal storage table for access control lists
- ACL_GLOBAL_NAME
```
public static final byte[] ACL_GLOBAL_NAME
```
- ACL_LIST_FAMILY_STR
```
public static final String ACL_LIST_FAMILY_STR
```
  Column family used to store ACL grants
  
  See Also:
  Constant Field Values
- ACL_LIST_FAMILY
```
public static final byte[] ACL_LIST_FAMILY
```
- ACL_TAG_TYPE
```
public static final byte ACL_TAG_TYPE
```
  KV tag to store per cell access control lists
  
  See Also:
  Constant Field Values
- NAMESPACE_PREFIX
```
public static final char NAMESPACE_PREFIX
```
  See Also:
  Constant Field Values
- ACL_KEY_DELIMITER
```
public static final char ACL_KEY_DELIMITER
```
  Delimiter to separate user, column family, and qualifier in _acl_ table info: column keys
  
  See Also:
  Constant Field Values

Constructor Detail
- AccessControlLists
```
public AccessControlLists()
```

Method Detail

getTablePermissions

public static com.google.common.collect.ListMultimap<String,TablePermission> getTablePermissions(org.apache.hadoop.conf.Configuration conf,
                                                                                 TableName tableName)
                                                                                          throws IOException

Throws:: IOException

getNamespacePermissions

public static com.google.common.collect.ListMultimap<String,TablePermission> getNamespacePermissions(org.apache.hadoop.conf.Configuration conf,
                                                                                     String namespace)
                                                                                              throws IOException

Throws:: IOException

writePermissionsAsBytes

public static byte[] writePermissionsAsBytes(com.google.common.collect.ListMultimap<String,TablePermission> perms,
                             org.apache.hadoop.conf.Configuration conf)

Writes a set of permissions as Writable instances and returns the resulting byte array. Writes a set of permission [user: table permission]

readPermissions

public static com.google.common.collect.ListMultimap<String,TablePermission> readPermissions(byte[] data,
                                                                             org.apache.hadoop.conf.Configuration conf)
                                                                                      throws DeserializationException

Reads a set of permissions as Writable instances from the input stream.

Throws:: DeserializationException

isNamespaceEntry

public static boolean isNamespaceEntry(String entryName)

isNamespaceEntry

public static boolean isNamespaceEntry(byte[] entryName)

toNamespaceEntry

public static String toNamespaceEntry(String namespace)

fromNamespaceEntry

public static String fromNamespaceEntry(String namespace)

toNamespaceEntry

public static byte[] toNamespaceEntry(byte[] namespace)

fromNamespaceEntry

public static byte[] fromNamespaceEntry(byte[] namespace)

getCellPermissionsForUser

public static List<Permission> getCellPermissionsForUser(User user,
                                         Cell cell)
                                                  throws IOException

Throws:: IOException

Class AccessControlLists

Field Summary

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Field Detail

ACL_TABLE_NAME

ACL_GLOBAL_NAME

ACL_LIST_FAMILY_STR

ACL_LIST_FAMILY

ACL_TAG_TYPE

NAMESPACE_PREFIX

ACL_KEY_DELIMITER

Constructor Detail

AccessControlLists

Method Detail

getTablePermissions

getNamespacePermissions

writePermissionsAsBytes

readPermissions

isNamespaceEntry

isNamespaceEntry

toNamespaceEntry

fromNamespaceEntry

toNamespaceEntry

fromNamespaceEntry

getCellPermissionsForUser