| Package | Description |
|---|---|
| org.apache.hadoop.hbase.regionserver | |
| org.apache.hadoop.hbase.security.access |
| Modifier and Type | Method and Description |
|---|---|
protected void |
RSRpcServices.requirePermission(String request,
Permission.Action perm) |
| Modifier and Type | Field and Description |
|---|---|
private Permission.Action |
AuthResult.action |
protected Permission.Action[] |
Permission.actions |
| Modifier and Type | Field and Description |
|---|---|
protected static Map<Byte,Permission.Action> |
Permission.ACTION_BY_CODE |
| Modifier and Type | Method and Description |
|---|---|
Permission.Action |
AuthResult.getAction() |
Permission.Action[] |
Permission.getActions() |
static Permission.Action |
AccessControlUtil.toPermissionAction(org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.Permission.Action action)
Converts a Permission.Action proto to a client Permission.Action object.
|
static Permission.Action |
ShadedAccessControlUtil.toPermissionAction(org.apache.hadoop.hbase.shaded.protobuf.generated.AccessControlProtos.Permission.Action action)
Convert a Permission.Action shaded proto to a client Permission.Action object.
|
static Permission.Action |
Permission.Action.valueOf(String name)
Returns the enum constant of this type with the specified name.
|
static Permission.Action[] |
Permission.Action.values()
Returns an array containing the constants of this enum type, in
the order they are declared.
|
| Modifier and Type | Method and Description |
|---|---|
static List<Permission.Action> |
AccessControlUtil.toPermissionActions(List<org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.Permission.Action> protoActions)
Converts a list of Permission.Action proto to a list of client Permission.Action objects.
|
static List<Permission.Action> |
ShadedAccessControlUtil.toPermissionActions(List<org.apache.hadoop.hbase.shaded.protobuf.generated.AccessControlProtos.Permission.Action> protoActions)
Converts a list of Permission.Action shaded proto to a list of client Permission.Action
objects.
|
| Modifier and Type | Method and Description |
|---|---|
static AuthResult |
AuthResult.allow(String request,
String reason,
User user,
Permission.Action action,
String namespace) |
static AuthResult |
AuthResult.allow(String request,
String reason,
User user,
Permission.Action action,
TableName table,
byte[] family,
byte[] qualifier) |
static AuthResult |
AuthResult.allow(String request,
String reason,
User user,
Permission.Action action,
TableName table,
Map<byte[],? extends Collection<?>> families) |
private boolean |
TableAuthManager.authorize(List<Permission> perms,
Permission.Action action)
Authorizes a global permission
|
private boolean |
TableAuthManager.authorize(List<TablePermission> perms,
String namespace,
Permission.Action action) |
private boolean |
TableAuthManager.authorize(List<TablePermission> perms,
TableName table,
byte[] family,
byte[] qualifier,
Permission.Action action) |
boolean |
TableAuthManager.authorize(User user,
Permission.Action action)
Authorize a global permission based on ACLs for the given user and the
user's groups.
|
boolean |
TableAuthManager.authorize(User user,
String namespace,
Permission.Action action) |
boolean |
TableAuthManager.authorize(User user,
TableName table,
byte[] family,
byte[] qualifier,
Permission.Action action) |
boolean |
TableAuthManager.authorize(User user,
TableName table,
byte[] family,
Permission.Action action) |
boolean |
TableAuthManager.authorize(User user,
TableName table,
Cell cell,
Permission.Action action)
Authorize a user for a given KV.
|
boolean |
TableAuthManager.authorizeGroup(String groupName,
Permission.Action action)
Checks global authorization for a given action for a group, based on the stored
permissions.
|
boolean |
TableAuthManager.authorizeGroup(String groupName,
TableName table,
byte[] family,
byte[] qualifier,
Permission.Action action)
Checks authorization to a given table, column family and column for a group, based
on the stored permissions.
|
boolean |
TableAuthManager.authorizeUser(User user,
TableName table,
byte[] family,
byte[] qualifier,
Permission.Action action) |
boolean |
TableAuthManager.authorizeUser(User user,
TableName table,
byte[] family,
Permission.Action action)
Checks authorization to a given table and column family for a user, based on the
stored user permissions.
|
private boolean |
AccessController.checkCoveringPermission(User user,
AccessController.OpType request,
RegionCoprocessorEnvironment e,
byte[] row,
Map<byte[],? extends Collection<?>> familyMap,
long opTs,
Permission.Action... actions)
Determine if cell ACLs covered by the operation grant access.
|
static AuthResult |
AuthResult.deny(String request,
String reason,
User user,
Permission.Action action,
String namespace) |
static AuthResult |
AuthResult.deny(String request,
String reason,
User user,
Permission.Action action,
TableName table,
byte[] family,
byte[] qualifier) |
static AuthResult |
AuthResult.deny(String request,
String reason,
User user,
Permission.Action action,
TableName table,
Map<byte[],? extends Collection<?>> families) |
private static void |
AccessControlClient.grant(Connection connection,
String userName,
boolean mergeExistingPermissions,
Permission.Action... actions)
Grants permission on the specified namespace for the specified user.
|
static void |
AccessControlClient.grant(Connection connection,
String userName,
Permission.Action... actions)
Grant global permissions for the specified user.
|
private static void |
AccessControlClient.grant(Connection connection,
String namespace,
String userName,
boolean mergeExistingPermissions,
Permission.Action... actions)
Grants permission on the specified namespace for the specified user.
|
static void |
AccessControlClient.grant(Connection connection,
String namespace,
String userName,
Permission.Action... actions)
Grants permission on the specified namespace for the specified user.
|
private static void |
AccessControlClient.grant(Connection connection,
TableName tableName,
String userName,
byte[] family,
byte[] qual,
boolean mergeExistingPermissions,
Permission.Action... actions)
Grants permission on the specified table for the specified user
|
static void |
AccessControlClient.grant(Connection connection,
TableName tableName,
String userName,
byte[] family,
byte[] qual,
Permission.Action... actions)
Grants permission on the specified table for the specified user.
|
static void |
AccessControlUtil.grant(com.google.protobuf.RpcController controller,
org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.AccessControlService.BlockingInterface protocol,
String userShortName,
boolean mergeExistingPermissions,
Permission.Action... actions)
A utility used to grant a user global permissions.
|
static void |
AccessControlUtil.grant(com.google.protobuf.RpcController controller,
org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.AccessControlService.BlockingInterface protocol,
String userShortName,
String namespace,
boolean mergeExistingPermissions,
Permission.Action... actions)
A utility used to grant a user namespace permissions.
|
static void |
AccessControlUtil.grant(com.google.protobuf.RpcController controller,
org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.AccessControlService.BlockingInterface protocol,
String userShortName,
TableName tableName,
byte[] f,
byte[] q,
boolean mergeExistingPermissions,
Permission.Action... actions)
A utility used to grant a user table permissions.
|
boolean |
TableAuthManager.groupHasAccess(String groupName,
TableName table,
Permission.Action action)
Checks if the user has access to the full table or at least a family/qualifier
for the specified action.
|
private boolean |
TableAuthManager.hasAccess(List<TablePermission> perms,
TableName table,
Permission.Action action) |
boolean |
TableAuthManager.hasAccess(User user,
TableName table,
Permission.Action action) |
private boolean |
AccessController.hasFamilyQualifierPermission(User user,
Permission.Action perm,
RegionCoprocessorEnvironment env,
Map<byte[],? extends Collection<byte[]>> familyMap)
Returns
true if the current user is allowed the given action
over at least one of the column qualifiers in the given column families. |
boolean |
Permission.implies(Permission.Action action) |
boolean |
TablePermission.implies(String namespace,
Permission.Action action)
Checks that a given table operation is authorized by this permission
instance.
|
boolean |
TablePermission.implies(TableName table,
byte[] family,
byte[] qualifier,
Permission.Action action)
Checks that a given table operation is authorized by this permission
instance.
|
boolean |
TablePermission.implies(TableName table,
KeyValue kv,
Permission.Action action)
Checks if this permission grants access to perform the given action on
the given table and key value.
|
boolean |
TablePermission.matchesFamily(TableName table,
byte[] family,
Permission.Action action)
Returns
true if this permission matches the given column
family at least. |
boolean |
TablePermission.matchesFamilyQualifier(TableName table,
byte[] family,
byte[] qualifier,
Permission.Action action)
Returns if the given permission matches the given qualifier.
|
boolean |
TableAuthManager.matchPermission(User user,
TableName table,
byte[] family,
byte[] qualifier,
Permission.Action action) |
boolean |
TableAuthManager.matchPermission(User user,
TableName table,
byte[] family,
Permission.Action action)
Returns true if the given user has a
TablePermission matching up
to the column family portion of a permission. |
private AuthResult |
AccessController.permissionGranted(AccessController.OpType opType,
User user,
RegionCoprocessorEnvironment e,
Map<byte[],? extends Collection<?>> families,
Permission.Action... actions)
Check the current user for authorization to perform a specific action
against the given set of row data.
|
private AuthResult |
AccessController.permissionGranted(String request,
User user,
Permission.Action permRequest,
RegionCoprocessorEnvironment e,
Map<byte[],? extends Collection<?>> families)
Check the current user for authorization to perform a specific action
against the given set of row data.
|
void |
AccessController.requireAccess(ObserverContext<?> ctx,
String request,
TableName tableName,
Permission.Action... permissions) |
void |
AccessChecker.requireAccess(User user,
String request,
TableName tableName,
Permission.Action... permissions)
Authorizes that the current user has any of the given permissions to access the table.
|
void |
AccessController.requireGlobalPermission(ObserverContext<?> ctx,
String request,
Permission.Action perm,
String namespace) |
void |
AccessController.requireGlobalPermission(ObserverContext<?> ctx,
String request,
Permission.Action perm,
TableName tableName,
Map<byte[],? extends Collection<byte[]>> familyMap) |
void |
AccessChecker.requireGlobalPermission(User user,
String request,
Permission.Action perm,
String namespace)
Checks that the user has the given global permission.
|
void |
AccessChecker.requireGlobalPermission(User user,
String request,
Permission.Action perm,
TableName tableName,
Map<byte[],? extends Collection<byte[]>> familyMap)
Checks that the user has the given global permission.
|
void |
AccessController.requireNamespacePermission(ObserverContext<?> ctx,
String request,
String namespace,
Permission.Action... permissions) |
void |
AccessController.requireNamespacePermission(ObserverContext<?> ctx,
String request,
String namespace,
TableName tableName,
Map<byte[],? extends Collection<byte[]>> familyMap,
Permission.Action... permissions) |
void |
AccessChecker.requireNamespacePermission(User user,
String request,
String namespace,
Permission.Action... permissions)
Checks that the user has the given global or namespace permission.
|
void |
AccessChecker.requireNamespacePermission(User user,
String request,
String namespace,
TableName tableName,
Map<byte[],? extends Collection<byte[]>> familyMap,
Permission.Action... permissions)
Checks that the user has the given global or namespace permission.
|
void |
AccessController.requirePermission(ObserverContext<?> ctx,
String request,
Permission.Action perm) |
void |
AccessController.requirePermission(ObserverContext<?> ctx,
String request,
TableName tableName,
byte[] family,
byte[] qualifier,
Permission.Action... permissions) |
void |
AccessChecker.requirePermission(User user,
String request,
Permission.Action perm)
Authorizes that the current user has global privileges for the given action.
|
void |
AccessChecker.requirePermission(User user,
String request,
TableName tableName,
byte[] family,
byte[] qualifier,
Permission.Action... permissions)
Authorizes that the current user has any of the given permissions for the
given table, column family and column qualifier.
|
void |
AccessController.requireTablePermission(ObserverContext<?> ctx,
String request,
TableName tableName,
byte[] family,
byte[] qualifier,
Permission.Action... permissions) |
void |
AccessChecker.requireTablePermission(User user,
String request,
TableName tableName,
byte[] family,
byte[] qualifier,
Permission.Action... permissions)
Authorizes that the current user has any of the given permissions for the
given table, column family and column qualifier.
|
static void |
AccessControlClient.revoke(Connection connection,
String userName,
Permission.Action... actions)
Revoke global permissions for the specified user.
|
static void |
AccessControlClient.revoke(Connection connection,
String namespace,
String userName,
Permission.Action... actions)
Revokes the permission on the table for the specified user.
|
static void |
AccessControlClient.revoke(Connection connection,
TableName tableName,
String username,
byte[] family,
byte[] qualifier,
Permission.Action... actions)
Revokes the permission on the table
|
static void |
AccessControlUtil.revoke(com.google.protobuf.RpcController controller,
org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.AccessControlService.BlockingInterface protocol,
String userShortName,
Permission.Action... actions)
A utility used to revoke a user's global permissions.
|
static void |
AccessControlUtil.revoke(com.google.protobuf.RpcController controller,
org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.AccessControlService.BlockingInterface protocol,
String userShortName,
String namespace,
Permission.Action... actions)
A utility used to revoke a user's namespace permissions.
|
static void |
AccessControlUtil.revoke(com.google.protobuf.RpcController controller,
org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.AccessControlService.BlockingInterface protocol,
String userShortName,
TableName tableName,
byte[] f,
byte[] q,
Permission.Action... actions)
A utility used to revoke a user's table permissions.
|
void |
Permission.setActions(Permission.Action[] assigned) |
static org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.Permission.Action |
AccessControlUtil.toPermissionAction(Permission.Action action)
Convert a client Permission.Action to a Permission.Action proto
|
static org.apache.hadoop.hbase.shaded.protobuf.generated.AccessControlProtos.Permission.Action |
ShadedAccessControlUtil.toPermissionAction(Permission.Action action)
Convert a client user permission to a user permission shaded proto.
|
boolean |
TableAuthManager.userHasAccess(User user,
TableName table,
Permission.Action action)
Checks if the user has access to the full table or at least a family/qualifier
for the specified action.
|
| Constructor and Description |
|---|
AuthResult(boolean allowed,
String request,
String reason,
User user,
Permission.Action action,
String namespace) |
AuthResult(boolean allowed,
String request,
String reason,
User user,
Permission.Action action,
TableName table,
byte[] family,
byte[] qualifier) |
AuthResult(boolean allowed,
String request,
String reason,
User user,
Permission.Action action,
TableName table,
Map<byte[],? extends Collection<?>> families) |
Permission(Permission.Action... assigned) |
TablePermission(String namespace,
Permission.Action... assigned)
Create a new permission for the given namespace,
allowing the given actions.
|
TablePermission(String namespace,
TableName table,
byte[] family,
byte[] qualifier,
Permission.Action... assigned)
Creates a new permission for the given namespace or table, restricted to the given
column family and qualifier, allowing the assigned actions to be performed.
|
TablePermission(TableName table,
byte[] family,
byte[] qualifier,
Permission.Action... assigned)
Creates a new permission for the given table, restricted to the given
column family and qualifier, allowing the assigned actions to be performed.
|
TablePermission(TableName table,
byte[] family,
Permission.Action... assigned)
Create a new permission for the given table and (optionally) column family,
allowing the given actions.
|
UserPermission(byte[] user,
Permission.Action... assigned)
Creates a new instance for the given user.
|
UserPermission(byte[] user,
String namespace,
Permission.Action... assigned)
Creates a new instance for the given user.
|
UserPermission(byte[] user,
TableName table,
byte[] family,
byte[] qualifier,
Permission.Action... assigned)
Creates a new permission for the given user, table, column family and
column qualifier.
|
UserPermission(byte[] user,
TableName table,
byte[] family,
Permission.Action... assigned)
Creates a new instance for the given user, table and column family.
|
Copyright © 2007–2019 The Apache Software Foundation. All rights reserved.