org.apache.hadoop.hbase.security.access

Class AccessControlClient

java.lang.Object

org.apache.hadoop.hbase.security.access.AccessControlClient

@InterfaceAudience.Public
public class AccessControlClient
extends Object

Utility client for doing access control admin operations.

Field Summary

Fields

Modifier and Type	Field and Description
static TableName	ACL_TABLE_NAME

Constructor Summary

Constructors

Constructor and Description
AccessControlClient()

Method Summary

Modifier and Type	Method and Description
private static org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.AccessControlService.BlockingInterface	getAccessControlServiceStub(Table ht)
static List<UserPermission>	getUserPermissions(Connection connection, String tableRegex) List all the userPermissions matching the given pattern.
private static void	grant(Connection connection, String userName, boolean mergeExistingPermissions, Permission.Action... actions) Grants permission on the specified namespace for the specified user.
static void	grant(Connection connection, String userName, Permission.Action... actions) Grant global permissions for the specified user.
private static void	grant(Connection connection, String namespace, String userName, boolean mergeExistingPermissions, Permission.Action... actions) Grants permission on the specified namespace for the specified user.
static void	grant(Connection connection, String namespace, String userName, Permission.Action... actions) Grants permission on the specified namespace for the specified user.
private static void	grant(Connection connection, TableName tableName, String userName, byte[] family, byte[] qual, boolean mergeExistingPermissions, Permission.Action... actions) Grants permission on the specified table for the specified user
static void	grant(Connection connection, TableName tableName, String userName, byte[] family, byte[] qual, Permission.Action... actions) Grants permission on the specified table for the specified user.
static boolean	isAccessControllerRunning(Connection connection)
static boolean	isAuthorizationEnabled(Connection connection) Return true if authorization is supported and enabled
static boolean	isCellAuthorizationEnabled(Connection connection) Return true if cell authorization is supported and enabled
static void	revoke(Connection connection, String userName, Permission.Action... actions) Revoke global permissions for the specified user.
static void	revoke(Connection connection, String namespace, String userName, Permission.Action... actions) Revokes the permission on the table for the specified user.
static void	revoke(Connection connection, TableName tableName, String username, byte[] family, byte[] qualifier, Permission.Action... actions) Revokes the permission on the table

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

ACL_TABLE_NAME

public static final TableName ACL_TABLE_NAME

Constructor Detail

AccessControlClient

public AccessControlClient()

Method Detail

isAuthorizationEnabled

public static boolean isAuthorizationEnabled(Connection connection)
                                      throws IOException

Return true if authorization is supported and enabled

Parameters:

connection - The connection to use

Returns:

true if authorization is supported and enabled, false otherwise

Throws:

IOException

isCellAuthorizationEnabled

public static boolean isCellAuthorizationEnabled(Connection connection)
                                          throws IOException

Return true if cell authorization is supported and enabled

Parameters:

connection - The connection to use

Returns:

true if cell authorization is supported and enabled, false otherwise

Throws:

IOException

getAccessControlServiceStub

private static org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.AccessControlService.BlockingInterface getAccessControlServiceStub(Table ht)
                                                                                                                                          throws IOException

Throws:

IOException

grant

private static void grant(Connection connection,
                          TableName tableName,
                          String userName,
                          byte[] family,
                          byte[] qual,
                          boolean mergeExistingPermissions,
                          Permission.Action... actions)
                   throws Throwable

Grants permission on the specified table for the specified user

Parameters:

connection - The Connection instance to use

tableName -

userName -

family -

qual -

mergeExistingPermissions - If set to false, later granted permissions will override previous granted permissions. otherwise, it'll merge with previous granted permissions.

actions -

Throws:

Throwable

grant

public static void grant(Connection connection,
                         TableName tableName,
                         String userName,
                         byte[] family,
                         byte[] qual,
                         Permission.Action... actions)
                  throws Throwable

Grants permission on the specified table for the specified user. If permissions for a specified user exists, later granted permissions will override previous granted permissions.

Parameters:

connection - The Connection instance to use

tableName -

userName -

family -

qual -

actions -

Throws:

Throwable

grant

private static void grant(Connection connection,
                          String namespace,
                          String userName,
                          boolean mergeExistingPermissions,
                          Permission.Action... actions)
                   throws Throwable

Grants permission on the specified namespace for the specified user.

Parameters:

connection -

namespace -

userName -

mergeExistingPermissions - If set to false, later granted permissions will override previous granted permissions. otherwise, it'll merge with previous granted permissions.

actions -

Throws:

Throwable

grant

public static void grant(Connection connection,
                         String namespace,
                         String userName,
                         Permission.Action... actions)
                  throws Throwable

Grants permission on the specified namespace for the specified user. If permissions on the specified namespace exists, later granted permissions will override previous granted permissions.

Parameters:

connection - The Connection instance to use

namespace -

userName -

actions -

Throws:

Throwable

grant

private static void grant(Connection connection,
                          String userName,
                          boolean mergeExistingPermissions,
                          Permission.Action... actions)
                   throws Throwable

Grants permission on the specified namespace for the specified user.

Parameters:

connection -

userName -

mergeExistingPermissions - If set to false, later granted permissions will override previous granted permissions. otherwise, it'll merge with previous granted permissions.

actions -

Throws:

Throwable

grant

public static void grant(Connection connection,
                         String userName,
                         Permission.Action... actions)
                  throws Throwable

Grant global permissions for the specified user. If permissions for the specified user exists, later granted permissions will override previous granted permissions.

Parameters:

connection -

userName -

actions -

Throws:

Throwable

isAccessControllerRunning

public static boolean isAccessControllerRunning(Connection connection)
                                         throws MasterNotRunningException,
                                                ZooKeeperConnectionException,
                                                IOException

Throws:

MasterNotRunningException

ZooKeeperConnectionException

IOException

revoke

public static void revoke(Connection connection,
                          TableName tableName,
                          String username,
                          byte[] family,
                          byte[] qualifier,
                          Permission.Action... actions)
                   throws Throwable

Revokes the permission on the table

Parameters:

connection - The Connection instance to use

tableName -

username -

family -

qualifier -

actions -

Throws:

Throwable

revoke

public static void revoke(Connection connection,
                          String namespace,
                          String userName,
                          Permission.Action... actions)
                   throws Throwable

Revokes the permission on the table for the specified user.

Parameters:

connection - The Connection instance to use

namespace -

userName -

actions -

Throws:

Throwable

revoke

public static void revoke(Connection connection,
                          String userName,
                          Permission.Action... actions)
                   throws Throwable

Revoke global permissions for the specified user.

Parameters:

connection - The Connection instance to use

Throws:

Throwable

getUserPermissions

public static List<UserPermission> getUserPermissions(Connection connection,
                                                      String tableRegex)
                                               throws Throwable

List all the userPermissions matching the given pattern. If pattern is null, the behavior is dependent on whether user has global admin privileges or not. If yes, the global permissions along with the list of superusers would be returned. Else, no rows get returned.

Parameters:

connection - The Connection instance to use

tableRegex - The regular expression string to match against

Returns:

- returns an array of UserPermissions

Throws:

Throwable