AccessController (Apache HBase 2.2.3 API)

java.lang.Object
- org.apache.hadoop.hbase.security.access.AccessController

All Implemented Interfaces:

Coprocessor, BulkLoadObserver, EndpointObserver, MasterCoprocessor, MasterObserver, RegionCoprocessor, RegionObserver, RegionServerCoprocessor, RegionServerObserver, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.AccessControlService.Interface
```
@InterfaceAudience.LimitedPrivate(value="Configuration")
public class AccessController
extends Object
implements MasterCoprocessor, RegionCoprocessor, RegionServerCoprocessor, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.AccessControlService.Interface, MasterObserver, RegionObserver, RegionServerObserver, EndpointObserver, BulkLoadObserver
```
Provides basic authorization checks for data access and administrative operations.
AccessController performs authorization checks for HBase operations based on:
- the identity of the user performing the operation
- the scope over which the operation is performed, in increasing specificity: global, table, column family, or qualifier
- the type of action being performed (as mapped to Permission.Action values)
If the authorization check fails, an AccessDeniedException will be thrown for the operation.

To perform authorization checks, AccessController relies on the RpcServerEngine being loaded to provide the user identities for remote requests.

The access control lists used for authorization can be manipulated via the exposed AccessControlProtos.AccessControlService Interface implementation, and the associated grant, revoke, and user_permission HBase shell commands.

Nested Class Summary

Nested Classes
Modifier and Type Class and Description

private static class AccessController.OpType
- Nested classes/interfaces inherited from interface org.apache.hadoop.hbase.Coprocessor
  Coprocessor.State
- Nested classes/interfaces inherited from interface org.apache.hadoop.hbase.coprocessor.RegionObserver
  RegionObserver.MutationType

Nested Classes
Modifier and Type	Class and Description
`private static class`	`AccessController.OpType`

Field Summary

Fields
Modifier and Type	Field and Description
`private AccessChecker`	`accessChecker`
`private boolean`	`aclRegion` flags if we are running on a region of the _acl_ table
`private boolean`	`aclTabAvailable` if the ACL table is available, only relevant in the master
`private static org.slf4j.Logger`	`AUDITLOG`
`private boolean`	`authorizationEnabled` if we are active, usually false, only true if "hbase.security.authorization" has been set to true in site configuration
`private boolean`	`cellFeaturesEnabled` if we are able to support cell ACLs
`private static String`	`CHECK_COVERING_PERM`
`private boolean`	`compatibleEarlyTermination` if we should terminate access checks early as soon as table or CF grants allow access; pre-0.98 compatible behavior
`private boolean`	`initialized` if we have been successfully initialized
`private static org.slf4j.Logger`	`LOG`
`private RegionCoprocessorEnvironment`	`regionEnv` defined only for Endpoint implementation, so it can have way to access region services
`private Map<InternalScanner,String>`	`scannerOwners` Mapping of scanner instances to the user who created them
`private boolean`	`shouldCheckExecPermission` if we should check EXEC permissions
`private Map<TableName,List<UserPermission>>`	`tableAcls`
`private static String`	`TAG_CHECK_PASSED`
`private static byte[]`	`TRUE`
`private UserProvider`	`userProvider` Provider for mapping principal names to Users

Fields inherited from interface org.apache.hadoop.hbase.Coprocessor
PRIORITY_HIGHEST, PRIORITY_LOWEST, PRIORITY_SYSTEM, PRIORITY_USER, VERSION

Constructor Summary

Constructors
Constructor and Description

AccessController()

Constructors
Constructor and Description
`AccessController()`

Method Summary

All Methods Static Methods Instance Methods Concrete Methods Deprecated Methods
Modifier and Type	Method and Description
`private static void`	`addCellPermissions(byte[] perms, Map<byte[],List<Cell>> familyMap)`
`private boolean`	`checkCoveringPermission(User user, AccessController.OpType request, RegionCoprocessorEnvironment e, byte[] row, Map<byte[],? extends Collection<?>> familyMap, long opTs, Permission.Action... actions)` Determine if cell ACLs covered by the operation grant access.
`private void`	`checkForReservedTagPresence(User user, Mutation m)`
`void`	`checkLockPermissions(ObserverContext<?> ctx, String namespace, TableName tableName, RegionInfo[] regionInfos, String reason)`
`void`	`checkPermissions(com.google.protobuf.RpcController controller, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.CheckPermissionsRequest request, com.google.protobuf.RpcCallback<org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.CheckPermissionsResponse> done)` Deprecated. since 2.2.0 and will be removed 4.0.0. Use `Admin.hasUserPermissions(List)` instead.
`private void`	`checkSystemOrSuperUser(User activeUser)`
`private static void`	`createACLTable(Admin admin)` Create the ACL table
`private Cell`	`createNewCellWithTags(Mutation mutation, Cell oldCell, Cell newCell)`
`private User`	`getActiveUser(ObserverContext<?> ctx)` Returns the active user to which authorization checks should be applied.
`AuthManager`	`getAuthManager()`
`Optional<BulkLoadObserver>`	`getBulkLoadObserver()`
`Optional<EndpointObserver>`	`getEndpointObserver()`
`Optional<MasterObserver>`	`getMasterObserver()`
`Region`	`getRegion()`
`private Region`	`getRegion(RegionCoprocessorEnvironment e)`
`Optional<RegionObserver>`	`getRegionObserver()` Observer/Service Getters
`Optional<RegionServerObserver>`	`getRegionServerObserver()`
`Iterable<com.google.protobuf.Service>`	`getServices()` Coprocessor endpoints providing protobuf services should override this method.
`private TableName`	`getTableName(Region region)`
`private TableName`	`getTableName(RegionCoprocessorEnvironment e)`
`void`	`getUserPermissions(com.google.protobuf.RpcController controller, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.GetUserPermissionsRequest request, com.google.protobuf.RpcCallback<org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.GetUserPermissionsResponse> done)` Deprecated. since 2.2.0 and will be removed in 4.0.0. Use `Admin.getUserPermissions(GetUserPermissionsRequest)` instead.
`void`	`grant(com.google.protobuf.RpcController controller, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.GrantRequest request, com.google.protobuf.RpcCallback<org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.GrantResponse> done)` Deprecated. since 2.2.0 and will be removed in 4.0.0. Use `Admin.grant(UserPermission, boolean)` instead.
`private boolean`	`hasFamilyQualifierPermission(User user, Permission.Action perm, RegionCoprocessorEnvironment env, Map<byte[],? extends Collection<byte[]>> familyMap)` Returns `true` if the current user is allowed the given action over at least one of the column qualifiers in the given column families.
`void`	`hasPermission(com.google.protobuf.RpcController controller, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.HasPermissionRequest request, com.google.protobuf.RpcCallback<org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.HasPermissionResponse> done)` Deprecated. since 2.2.0 and will be removed in 4.0.0. Use `Admin.hasUserPermissions(String, List)` instead.
`private void`	`initialize(RegionCoprocessorEnvironment e)`
`private void`	`internalPreRead(ObserverContext<RegionCoprocessorEnvironment> c, Query query, AccessController.OpType opType)`
`static boolean`	`isCellAuthorizationSupported(org.apache.hadoop.conf.Configuration conf)`
`private Map<byte[],? extends Collection<byte[]>>`	`makeFamilyMap(byte[] family, byte[] qualifier)`
`private AuthResult`	`permissionGranted(AccessController.OpType opType, User user, RegionCoprocessorEnvironment e, Map<byte[],? extends Collection<?>> families, Permission.Action... actions)` Check the current user for authorization to perform a specific action against the given set of row data.
`void`	`postAbortProcedure(ObserverContext<MasterCoprocessorEnvironment> ctx)` Called after a abortProcedure request has been processed.
`List<Pair<Cell,Cell>>`	`postAppendBeforeWAL(ObserverContext<RegionCoprocessorEnvironment> ctx, Mutation mutation, List<Pair<Cell,Cell>> cellPairs)` Called after a list of new cells has been created during an append operation, but before they are committed to the WAL or memstore.
`void`	`postCompletedCreateTableAction(ObserverContext<MasterCoprocessorEnvironment> c, TableDescriptor desc, RegionInfo[] regions)` Called after the createTable operation has been requested.
`ReplicationEndpoint`	`postCreateReplicationEndPoint(ObserverContext<RegionServerCoprocessorEnvironment> ctx, ReplicationEndpoint endpoint)` This will be called after the replication endpoint is instantiated.
`void`	`postDelete(ObserverContext<RegionCoprocessorEnvironment> c, Delete delete, WALEdit edit, Durability durability)` Called after the client deletes a value.
`void`	`postDeleteNamespace(ObserverContext<MasterCoprocessorEnvironment> ctx, String namespace)` Called after the deleteNamespace operation has been requested.
`void`	`postDeleteTable(ObserverContext<MasterCoprocessorEnvironment> c, TableName tableName)` Called after the deleteTable operation has been requested.
`void`	`postEndpointInvocation(ObserverContext<RegionCoprocessorEnvironment> ctx, com.google.protobuf.Service service, String methodName, com.google.protobuf.Message request, com.google.protobuf.Message.Builder responseBuilder)` Called after an Endpoint service method is invoked.
`void`	`postGetTableDescriptors(ObserverContext<MasterCoprocessorEnvironment> ctx, List<TableName> tableNamesList, List<TableDescriptor> descriptors, String regex)` Called after a getTableDescriptors request has been processed.
`void`	`postGetTableNames(ObserverContext<MasterCoprocessorEnvironment> ctx, List<TableDescriptor> descriptors, String regex)` Called after a getTableNames request has been processed.
`List<Pair<Cell,Cell>>`	`postIncrementBeforeWAL(ObserverContext<RegionCoprocessorEnvironment> ctx, Mutation mutation, List<Pair<Cell,Cell>> cellPairs)` Called after a list of new cells has been created during an increment operation, but before they are committed to the WAL or memstore.
`void`	`postListNamespaceDescriptors(ObserverContext<MasterCoprocessorEnvironment> ctx, List<NamespaceDescriptor> descriptors)` Called after a listNamespaceDescriptors request has been processed.
`void`	`postModifyTable(ObserverContext<MasterCoprocessorEnvironment> c, TableName tableName, TableDescriptor htd)` Called after the modifyTable operation has been requested.
`void`	`postOpen(ObserverContext<RegionCoprocessorEnvironment> c)` Called after the region is reported as open to the master.
`void`	`postPut(ObserverContext<RegionCoprocessorEnvironment> c, Put put, WALEdit edit, Durability durability)` Called after the client stores a value.
`void`	`postRollWALWriterRequest(ObserverContext<RegionServerCoprocessorEnvironment> ctx)` This will be called after executing user request to roll a region server WAL.
`void`	`postScannerClose(ObserverContext<RegionCoprocessorEnvironment> c, InternalScanner s)` Called after the client closes a scanner.
`boolean`	`postScannerFilterRow(ObserverContext<RegionCoprocessorEnvironment> e, InternalScanner s, Cell curRowCell, boolean hasMore)` This will be called by the scan flow when the current scanned row is being filtered out by the filter.
`RegionScanner`	`postScannerOpen(ObserverContext<RegionCoprocessorEnvironment> c, Scan scan, RegionScanner s)` Called after the client opens a new scanner.
`void`	`postStartMaster(ObserverContext<MasterCoprocessorEnvironment> ctx)` Called immediately after an active master instance has completed initialization.
`void`	`postTruncateTable(ObserverContext<MasterCoprocessorEnvironment> ctx, TableName tableName)` Called after the truncateTable operation has been requested.
`void`	`preAbortProcedure(ObserverContext<MasterCoprocessorEnvironment> ctx, long procId)` Called before a abortProcedure request has been processed.
`void`	`preAddReplicationPeer(ObserverContext<MasterCoprocessorEnvironment> ctx, String peerId, ReplicationPeerConfig peerConfig)` Called before add a replication peer
`Result`	`preAppend(ObserverContext<RegionCoprocessorEnvironment> c, Append append)` Called before Append.
`Result`	`preAppendAfterRowLock(ObserverContext<RegionCoprocessorEnvironment> c, Append append)` Called before Append but after acquiring rowlock.
`void`	`preAssign(ObserverContext<MasterCoprocessorEnvironment> c, RegionInfo regionInfo)` Called prior to assigning a specific region.
`void`	`preBalance(ObserverContext<MasterCoprocessorEnvironment> c)` Called prior to requesting rebalancing of the cluster regions, though after the initial checks for regions in transition and the balance switch flag.
`void`	`preBalanceSwitch(ObserverContext<MasterCoprocessorEnvironment> c, boolean newValue)` Called prior to modifying the flag used to enable/disable region balancing.
`void`	`preBatchMutate(ObserverContext<RegionCoprocessorEnvironment> c, MiniBatchOperationInProgress<Mutation> miniBatchOp)` This will be called for every batch mutation operation happening at the server.
`void`	`preBulkLoadHFile(ObserverContext<RegionCoprocessorEnvironment> ctx, List<Pair<byte[],String>> familyPaths)` Verifies user has CREATE privileges on the Column Families involved in the bulkLoadHFile request.
`boolean`	`preCheckAndDelete(ObserverContext<RegionCoprocessorEnvironment> c, byte[] row, byte[] family, byte[] qualifier, CompareOperator op, ByteArrayComparable comparator, Delete delete, boolean result)` Called before checkAndDelete.
`boolean`	`preCheckAndDeleteAfterRowLock(ObserverContext<RegionCoprocessorEnvironment> c, byte[] row, byte[] family, byte[] qualifier, CompareOperator op, ByteArrayComparable comparator, Delete delete, boolean result)` Called before checkAndDelete but after acquiring rowock.
`boolean`	`preCheckAndPut(ObserverContext<RegionCoprocessorEnvironment> c, byte[] row, byte[] family, byte[] qualifier, CompareOperator op, ByteArrayComparable comparator, Put put, boolean result)` Called before checkAndPut.
`boolean`	`preCheckAndPutAfterRowLock(ObserverContext<RegionCoprocessorEnvironment> c, byte[] row, byte[] family, byte[] qualifier, CompareOperator opp, ByteArrayComparable comparator, Put put, boolean result)` Called before checkAndPut but after acquiring rowlock.
`void`	`preCleanupBulkLoad(ObserverContext<RegionCoprocessorEnvironment> ctx)` Authorization security check for SecureBulkLoadProtocol.cleanupBulkLoad()
`void`	`preClearCompactionQueues(ObserverContext<RegionServerCoprocessorEnvironment> ctx)` This will be called before clearing compaction queues
`void`	`preClearDeadServers(ObserverContext<MasterCoprocessorEnvironment> ctx)` Called before clear dead region servers.
`void`	`preCloneSnapshot(ObserverContext<MasterCoprocessorEnvironment> ctx, SnapshotDescription snapshot, TableDescriptor hTableDescriptor)` Called before a snapshot is cloned.
`void`	`preClose(ObserverContext<RegionCoprocessorEnvironment> c, boolean abortRequested)` Called before the region is reported as closed to the master.
`InternalScanner`	`preCompact(ObserverContext<RegionCoprocessorEnvironment> c, Store store, InternalScanner scanner, ScanType scanType, CompactionLifeCycleTracker tracker, CompactionRequest request)` Called prior to writing the `StoreFile`s selected for compaction into a new `StoreFile`.
`void`	`preCreateNamespace(ObserverContext<MasterCoprocessorEnvironment> ctx, NamespaceDescriptor ns)` Called before a new namespace is created by `HMaster`.
`void`	`preCreateTable(ObserverContext<MasterCoprocessorEnvironment> c, TableDescriptor desc, RegionInfo[] regions)` Observer implementations
`void`	`preDecommissionRegionServers(ObserverContext<MasterCoprocessorEnvironment> ctx, List<ServerName> servers, boolean offload)` Called before decommission region servers.
`void`	`preDelete(ObserverContext<RegionCoprocessorEnvironment> c, Delete delete, WALEdit edit, Durability durability)` Called before the client deletes a value.
`void`	`preDeleteNamespace(ObserverContext<MasterCoprocessorEnvironment> ctx, String namespace)` Called before `HMaster` deletes a namespace
`void`	`preDeleteSnapshot(ObserverContext<MasterCoprocessorEnvironment> ctx, SnapshotDescription snapshot)` Called before a snapshot is deleted.
`void`	`preDeleteTable(ObserverContext<MasterCoprocessorEnvironment> c, TableName tableName)` Called before `HMaster` deletes a table.
`void`	`preDisableReplicationPeer(ObserverContext<MasterCoprocessorEnvironment> ctx, String peerId)` Called before disable a replication peer
`void`	`preDisableTable(ObserverContext<MasterCoprocessorEnvironment> c, TableName tableName)` Called prior to disabling a table.
`void`	`preEnableReplicationPeer(ObserverContext<MasterCoprocessorEnvironment> ctx, String peerId)` Called before enable a replication peer
`void`	`preEnableTable(ObserverContext<MasterCoprocessorEnvironment> c, TableName tableName)` Called prior to enabling a table.
`com.google.protobuf.Message`	`preEndpointInvocation(ObserverContext<RegionCoprocessorEnvironment> ctx, com.google.protobuf.Service service, String methodName, com.google.protobuf.Message request)` Called before an Endpoint service method is invoked.
`void`	`preExecuteProcedures(ObserverContext<RegionServerCoprocessorEnvironment> ctx)` This will be called before executing procedures
`boolean`	`preExists(ObserverContext<RegionCoprocessorEnvironment> c, Get get, boolean exists)` Called before the client tests for existence using a Get.
`void`	`preFlush(ObserverContext<RegionCoprocessorEnvironment> c, FlushLifeCycleTracker tracker)` Called before the memstore is flushed to disk.
`void`	`preGetLocks(ObserverContext<MasterCoprocessorEnvironment> ctx)` Called before a getLocks request has been processed.
`void`	`preGetNamespaceDescriptor(ObserverContext<MasterCoprocessorEnvironment> ctx, String namespace)` Called before a getNamespaceDescriptor request has been processed.
`void`	`preGetOp(ObserverContext<RegionCoprocessorEnvironment> c, Get get, List<Cell> result)` Called before the client performs a Get
`void`	`preGetProcedures(ObserverContext<MasterCoprocessorEnvironment> ctx)` Called before a getProcedures request has been processed.
`void`	`preGetReplicationPeerConfig(ObserverContext<MasterCoprocessorEnvironment> ctx, String peerId)` Called before get the configured ReplicationPeerConfig for the specified peer
`void`	`preGetTableDescriptors(ObserverContext<MasterCoprocessorEnvironment> ctx, List<TableName> tableNamesList, List<TableDescriptor> descriptors, String regex)` Called before a getTableDescriptors request has been processed.
`void`	`preGetUserPermissions(ObserverContext<MasterCoprocessorEnvironment> ctx, String userName, String namespace, TableName tableName, byte[] family, byte[] qualifier)` Called before getting user permissions.
`private void`	`preGetUserPermissions(User caller, String userName, String namespace, TableName tableName, byte[] family, byte[] qualifier)`
`void`	`preGrant(ObserverContext<MasterCoprocessorEnvironment> ctx, UserPermission userPermission, boolean mergeExistingPermissions)` Called before granting user permissions.
`private void`	`preGrantOrRevoke(User caller, String request, UserPermission userPermission)`
`void`	`preHasUserPermissions(ObserverContext<MasterCoprocessorEnvironment> ctx, String userName, List<Permission> permissions)`
`private void`	`preHasUserPermissions(User caller, String userName, List<Permission> permissions)`
`Result`	`preIncrement(ObserverContext<RegionCoprocessorEnvironment> c, Increment increment)` Called before Increment.
`Result`	`preIncrementAfterRowLock(ObserverContext<RegionCoprocessorEnvironment> c, Increment increment)` Called before Increment but after acquiring rowlock.
`void`	`preIsRpcThrottleEnabled(ObserverContext<MasterCoprocessorEnvironment> ctx)` Called before getting if is rpc throttle enabled.
`void`	`preListDecommissionedRegionServers(ObserverContext<MasterCoprocessorEnvironment> ctx)` Called before list decommissioned region servers.
`void`	`preListReplicationPeers(ObserverContext<MasterCoprocessorEnvironment> ctx, String regex)` Called before list replication peers.
`void`	`preListSnapshot(ObserverContext<MasterCoprocessorEnvironment> ctx, SnapshotDescription snapshot)` Called before listSnapshots request has been processed.
`void`	`preLockHeartbeat(ObserverContext<MasterCoprocessorEnvironment> ctx, TableName tableName, String description)` Called before heartbeat to a lock.
`void`	`preMergeRegions(ObserverContext<MasterCoprocessorEnvironment> ctx, RegionInfo[] regionsToMerge)` Called before merge regions request.
`void`	`preModifyNamespace(ObserverContext<MasterCoprocessorEnvironment> ctx, NamespaceDescriptor ns)` Called prior to modifying a namespace's properties.
`TableDescriptor`	`preModifyTable(ObserverContext<MasterCoprocessorEnvironment> c, TableName tableName, TableDescriptor currentDesc, TableDescriptor newDesc)` Called prior to modifying a table's properties.
`void`	`preMove(ObserverContext<MasterCoprocessorEnvironment> c, RegionInfo region, ServerName srcServer, ServerName destServer)` Called prior to moving a given region from one region server to another.
`void`	`preOpen(ObserverContext<RegionCoprocessorEnvironment> c)` Called before the region is reported as open to the master.
`void`	`prePrepareBulkLoad(ObserverContext<RegionCoprocessorEnvironment> ctx)` Authorization check for SecureBulkLoadProtocol.prepareBulkLoad()
`void`	`prePut(ObserverContext<RegionCoprocessorEnvironment> c, Put put, WALEdit edit, Durability durability)` Called before the client stores a value.
`void`	`preRecommissionRegionServer(ObserverContext<MasterCoprocessorEnvironment> ctx, ServerName server, List<byte[]> encodedRegionNames)` Called before recommission region server.
`void`	`preRegionOffline(ObserverContext<MasterCoprocessorEnvironment> c, RegionInfo regionInfo)` Called prior to marking a given region as offline.
`void`	`preRemoveReplicationPeer(ObserverContext<MasterCoprocessorEnvironment> ctx, String peerId)` Called before remove a replication peer
`void`	`preReplicateLogEntries(ObserverContext<RegionServerCoprocessorEnvironment> ctx)` This will be called before executing replication request to shipping log entries.
`void`	`preRequestLock(ObserverContext<MasterCoprocessorEnvironment> ctx, String namespace, TableName tableName, RegionInfo[] regionInfos, String description)` Called before new LockProcedure is queued.
`void`	`preRestoreSnapshot(ObserverContext<MasterCoprocessorEnvironment> ctx, SnapshotDescription snapshot, TableDescriptor hTableDescriptor)` Called before a snapshot is restored.
`void`	`preRevoke(ObserverContext<MasterCoprocessorEnvironment> ctx, UserPermission userPermission)` Called before revoking user permissions.
`void`	`preRollWALWriterRequest(ObserverContext<RegionServerCoprocessorEnvironment> ctx)` This will be called before executing user request to roll a region server WAL.
`void`	`preScannerClose(ObserverContext<RegionCoprocessorEnvironment> c, InternalScanner s)` Called before the client closes a scanner.
`boolean`	`preScannerNext(ObserverContext<RegionCoprocessorEnvironment> c, InternalScanner s, List<Result> result, int limit, boolean hasNext)` Called before the client asks for the next row on a scanner.
`void`	`preScannerOpen(ObserverContext<RegionCoprocessorEnvironment> c, Scan scan)` Called before the client opens a new scanner.
`void`	`preSetNamespaceQuota(ObserverContext<MasterCoprocessorEnvironment> ctx, String namespace, GlobalQuotaSettings quotas)` Called before the quota for the namespace is stored.
`void`	`preSetRegionServerQuota(ObserverContext<MasterCoprocessorEnvironment> ctx, String regionServer, GlobalQuotaSettings quotas)` Called before the quota for the region server is stored.
`void`	`preSetSplitOrMergeEnabled(ObserverContext<MasterCoprocessorEnvironment> ctx, boolean newValue, MasterSwitchType switchType)` Called prior to setting split / merge switch Supports Coprocessor 'bypass'.
`void`	`preSetTableQuota(ObserverContext<MasterCoprocessorEnvironment> ctx, TableName tableName, GlobalQuotaSettings quotas)` Called before the quota for the table is stored.
`void`	`preSetUserQuota(ObserverContext<MasterCoprocessorEnvironment> ctx, String userName, GlobalQuotaSettings quotas)` Called before the quota for the user is stored.
`void`	`preSetUserQuota(ObserverContext<MasterCoprocessorEnvironment> ctx, String userName, String namespace, GlobalQuotaSettings quotas)` Called before the quota for the user on the specified namespace is stored.
`void`	`preSetUserQuota(ObserverContext<MasterCoprocessorEnvironment> ctx, String userName, TableName tableName, GlobalQuotaSettings quotas)` Called before the quota for the user on the specified table is stored.
`void`	`preShutdown(ObserverContext<MasterCoprocessorEnvironment> c)` Called prior to shutting down the full HBase cluster, including this `HMaster` process.
`void`	`preSnapshot(ObserverContext<MasterCoprocessorEnvironment> ctx, SnapshotDescription snapshot, TableDescriptor hTableDescriptor)` Called before a new snapshot is taken.
`void`	`preSplitRegion(ObserverContext<MasterCoprocessorEnvironment> ctx, TableName tableName, byte[] splitRow)` Called before the split region procedure is called.
`void`	`preStopMaster(ObserverContext<MasterCoprocessorEnvironment> c)` Called immediately prior to stopping this `HMaster` process.
`void`	`preStopRegionServer(ObserverContext<RegionServerCoprocessorEnvironment> ctx)` Called before stopping region server.
`void`	`preSwitchExceedThrottleQuota(ObserverContext<MasterCoprocessorEnvironment> ctx, boolean enable)` Called before switching exceed throttle quota state.
`void`	`preSwitchRpcThrottle(ObserverContext<MasterCoprocessorEnvironment> ctx, boolean enable)` Called before switching rpc throttle enabled state.
`void`	`preTableFlush(ObserverContext<MasterCoprocessorEnvironment> ctx, TableName tableName)` Called before the table memstore is flushed to disk.
`void`	`preTruncateTable(ObserverContext<MasterCoprocessorEnvironment> c, TableName tableName)` Called before `HMaster` truncates a table.
`void`	`preUnassign(ObserverContext<MasterCoprocessorEnvironment> c, RegionInfo regionInfo, boolean force)` Called prior to unassigning a given region.
`void`	`preUpdateReplicationPeerConfig(ObserverContext<MasterCoprocessorEnvironment> ctx, String peerId, ReplicationPeerConfig peerConfig)` Called before update peerConfig for the specified peer
`void`	`requireAccess(ObserverContext<?> ctx, String request, TableName tableName, Permission.Action... permissions)`
`void`	`requireGlobalPermission(ObserverContext<?> ctx, String request, Permission.Action perm, String namespace)`
`void`	`requireGlobalPermission(ObserverContext<?> ctx, String request, Permission.Action perm, TableName tableName, Map<byte[],? extends Collection<byte[]>> familyMap)`
`void`	`requireNamespacePermission(ObserverContext<?> ctx, String request, String namespace, Permission.Action... permissions)`
`void`	`requireNamespacePermission(ObserverContext<?> ctx, String request, String namespace, TableName tableName, Map<byte[],? extends Collection<byte[]>> familyMap, Permission.Action... permissions)`
`void`	`requirePermission(ObserverContext<?> ctx, String request, Permission.Action perm)`
`void`	`requirePermission(ObserverContext<?> ctx, String request, TableName tableName, byte[] family, byte[] qualifier, Permission.Action... permissions)`
`private void`	`requireScannerOwner(InternalScanner s)` Verify, when servicing an RPC, that the caller is the scanner owner.
`void`	`requireTablePermission(ObserverContext<?> ctx, String request, TableName tableName, byte[] family, byte[] qualifier, Permission.Action... permissions)`
`void`	`revoke(com.google.protobuf.RpcController controller, org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.RevokeRequest request, com.google.protobuf.RpcCallback<org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.RevokeResponse> done)` Deprecated. since 2.2.0 and will be removed in 4.0.0. Use `Admin.revoke(UserPermission)` instead.
`void`	`start(CoprocessorEnvironment env)` Called by the `CoprocessorEnvironment` during it's own startup to initialize the coprocessor.
`void`	`stop(CoprocessorEnvironment env)` Called by the `CoprocessorEnvironment` during it's own shutdown to stop the coprocessor.
`private void`	`updateACL(RegionCoprocessorEnvironment e, Map<byte[],List<Cell>> familyMap)` Writes all table ACLs for the tables in the given Map up into ZooKeeper znodes.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.apache.hadoop.hbase.coprocessor.MasterObserver
postAddReplicationPeer, postAddRSGroup, postAssign, postBalance, postBalanceRSGroup, postBalanceSwitch, postClearDeadServers, postCloneSnapshot, postCompletedDeleteTableAction, postCompletedDisableTableAction, postCompletedEnableTableAction, postCompletedMergeRegionsAction, postCompletedModifyTableAction, postCompletedModifyTableAction, postCompletedSplitRegionAction, postCompletedTruncateTableAction, postCreateNamespace, postCreateTable, postDecommissionRegionServers, postDeleteSnapshot, postDisableReplicationPeer, postDisableTable, postEnableReplicationPeer, postEnableTable, postGetClusterMetrics, postGetLocks, postGetNamespaceDescriptor, postGetProcedures, postGetReplicationPeerConfig, postGetUserPermissions, postGrant, postHasUserPermissions, postIsRpcThrottleEnabled, postListDecommissionedRegionServers, postListReplicationPeers, postListSnapshot, postLockHeartbeat, postMergeRegions, postMergeRegionsCommitAction, postModifyNamespace, postModifyNamespace, postModifyTable, postMove, postMoveServers, postMoveServersAndTables, postMoveTables, postRecommissionRegionServer, postRegionOffline, postRemoveReplicationPeer, postRemoveRSGroup, postRemoveServers, postRequestLock, postRestoreSnapshot, postRevoke, postRollBackMergeRegionsAction, postRollBackSplitRegionAction, postSetNamespaceQuota, postSetRegionServerQuota, postSetSplitOrMergeEnabled, postSetTableQuota, postSetUserQuota, postSetUserQuota, postSetUserQuota, postSnapshot, postSwitchExceedThrottleQuota, postSwitchRpcThrottle, postTableFlush, postUnassign, postUpdateReplicationPeerConfig, preAddRSGroup, preBalanceRSGroup, preCreateTableAction, preCreateTableRegionsInfos, preDeleteTableAction, preDisableTableAction, preEnableTableAction, preGetClusterMetrics, preGetTableNames, preListNamespaceDescriptors, preMasterInitialization, preMergeRegionsAction, preMergeRegionsCommitAction, preModifyNamespace, preModifyTable, preModifyTableAction, preModifyTableAction, preMoveServers, preMoveServersAndTables, preMoveTables, preRemoveRSGroup, preRemoveServers, preSplitRegionAction, preSplitRegionAfterMETAAction, preSplitRegionBeforeMETAAction, preTruncateTableAction

Methods inherited from interface org.apache.hadoop.hbase.coprocessor.RegionServerObserver
postClearCompactionQueues, postExecuteProcedures, postReplicateLogEntries

- Field Detail
  - LOG
```
private static final org.slf4j.Logger LOG
```
  - AUDITLOG
```
private static final org.slf4j.Logger AUDITLOG
```
  - CHECK_COVERING_PERM
```
private static final String CHECK_COVERING_PERM
```
    See Also:
    
    Constant Field Values
  - TAG_CHECK_PASSED
```
private static final String TAG_CHECK_PASSED
```
    See Also:
    
    Constant Field Values
  - TRUE
```
private static final byte[] TRUE
```
  - accessChecker
```
private AccessChecker accessChecker
```
  - aclRegion
```
private boolean aclRegion
```
    flags if we are running on a region of the _acl_ table
  - regionEnv
```
private RegionCoprocessorEnvironment regionEnv
```
    defined only for Endpoint implementation, so it can have way to access region services
  - scannerOwners
```
private Map<InternalScanner,String> scannerOwners
```
    Mapping of scanner instances to the user who created them
  - tableAcls
```
private Map<TableName,List<UserPermission>> tableAcls
```
  - userProvider
```
private UserProvider userProvider
```
    Provider for mapping principal names to Users
  - authorizationEnabled
```
private boolean authorizationEnabled
```
    if we are active, usually false, only true if "hbase.security.authorization" has been set to true in site configuration
  - cellFeaturesEnabled
```
private boolean cellFeaturesEnabled
```
    if we are able to support cell ACLs
  - shouldCheckExecPermission
```
private boolean shouldCheckExecPermission
```
    if we should check EXEC permissions
  - compatibleEarlyTermination
```
private boolean compatibleEarlyTermination
```
    if we should terminate access checks early as soon as table or CF grants allow access; pre-0.98 compatible behavior
  - initialized
```
private volatile boolean initialized
```
    if we have been successfully initialized
  - aclTabAvailable
```
private volatile boolean aclTabAvailable
```
    if the ACL table is available, only relevant in the master
- Constructor Detail
  - AccessController
```
public AccessController()
```
- Method Detail
  - isCellAuthorizationSupported
```
public static boolean isCellAuthorizationSupported(org.apache.hadoop.conf.Configuration conf)
```
  - getRegion
```
public Region getRegion()
```
  - getAuthManager
```
public AuthManager getAuthManager()
```
  - initialize
```
private void initialize(RegionCoprocessorEnvironment e)
                 throws IOException
```
    Throws:
    
    IOException
  - updateACL
```
private void updateACL(RegionCoprocessorEnvironment e,
                       Map<byte[],List<Cell>> familyMap)
```
    Writes all table ACLs for the tables in the given Map up into ZooKeeper znodes. This is called to synchronize ACL changes following _acl_ table updates.
  - permissionGranted
```
private AuthResult permissionGranted(AccessController.OpType opType,
                                     User user,
                                     RegionCoprocessorEnvironment e,
                                     Map<byte[],? extends Collection<?>> families,
                                     Permission.Action... actions)
```
    Check the current user for authorization to perform a specific action against the given set of row data.
    
    Parameters:
    
    opType - the operation type
    
    user - the user
    
    e - the coprocessor environment
    
    families - the map of column families to qualifiers present in the request
    
    actions - the desired actions
    
    Returns:
    
    an authorization result
  - requireAccess
```
public void requireAccess(ObserverContext<?> ctx,
                          String request,
                          TableName tableName,
                          Permission.Action... permissions)
                   throws IOException
```
    Throws:
    
    IOException
  - requirePermission
```
public void requirePermission(ObserverContext<?> ctx,
                              String request,
                              Permission.Action perm)
                       throws IOException
```
    Throws:
    
    IOException
  - requireGlobalPermission
```
public void requireGlobalPermission(ObserverContext<?> ctx,
                                    String request,
                                    Permission.Action perm,
                                    TableName tableName,
                                    Map<byte[],? extends Collection<byte[]>> familyMap)
                             throws IOException
```
    Throws:
    
    IOException
  - requireGlobalPermission
```
public void requireGlobalPermission(ObserverContext<?> ctx,
                                    String request,
                                    Permission.Action perm,
                                    String namespace)
                             throws IOException
```
    Throws:
    
    IOException
  - requireNamespacePermission
```
public void requireNamespacePermission(ObserverContext<?> ctx,
                                       String request,
                                       String namespace,
                                       Permission.Action... permissions)
                                throws IOException
```
    Throws:
    
    IOException
  - requireNamespacePermission
```
public void requireNamespacePermission(ObserverContext<?> ctx,
                                       String request,
                                       String namespace,
                                       TableName tableName,
                                       Map<byte[],? extends Collection<byte[]>> familyMap,
                                       Permission.Action... permissions)
                                throws IOException
```
    Throws:
    
    IOException
  - requirePermission
```
public void requirePermission(ObserverContext<?> ctx,
                              String request,
                              TableName tableName,
                              byte[] family,
                              byte[] qualifier,
                              Permission.Action... permissions)
                       throws IOException
```
    Throws:
    
    IOException
  - requireTablePermission
```
public void requireTablePermission(ObserverContext<?> ctx,
                                   String request,
                                   TableName tableName,
                                   byte[] family,
                                   byte[] qualifier,
                                   Permission.Action... permissions)
                            throws IOException
```
    Throws:
    
    IOException
  - checkLockPermissions
```
public void checkLockPermissions(ObserverContext<?> ctx,
                                 String namespace,
                                 TableName tableName,
                                 RegionInfo[] regionInfos,
                                 String reason)
                          throws IOException
```
    Throws:
    
    IOException
  - hasFamilyQualifierPermission
```
private boolean hasFamilyQualifierPermission(User user,
                                             Permission.Action perm,
                                             RegionCoprocessorEnvironment env,
                                             Map<byte[],? extends Collection<byte[]>> familyMap)
                                      throws IOException
```
    Returns true if the current user is allowed the given action over at least one of the column qualifiers in the given column families.
    
    Throws:
    
    IOException
  - checkCoveringPermission
```
private boolean checkCoveringPermission(User user,
                                        AccessController.OpType request,
                                        RegionCoprocessorEnvironment e,
                                        byte[] row,
                                        Map<byte[],? extends Collection<?>> familyMap,
                                        long opTs,
                                        Permission.Action... actions)
                                 throws IOException
```
    Determine if cell ACLs covered by the operation grant access. This is expensive.
    
    Returns:
    
    false if cell ACLs failed to grant access, true otherwise
    
    Throws:
    
    IOException
  - addCellPermissions
```
private static void addCellPermissions(byte[] perms,
                                       Map<byte[],List<Cell>> familyMap)
```
  - checkForReservedTagPresence
```
private void checkForReservedTagPresence(User user,
                                         Mutation m)
                                  throws IOException
```
    Throws:
    
    IOException
  - start
```
public void start(CoprocessorEnvironment env)
           throws IOException
```
    Description copied from interface: Coprocessor
    
    Called by the CoprocessorEnvironment during it's own startup to initialize the coprocessor.
    
    Specified by:
    
    start in interface Coprocessor
    
    Throws:
    
    IOException
  - stop
```
public void stop(CoprocessorEnvironment env)
```
    Description copied from interface: Coprocessor
    
    Called by the CoprocessorEnvironment during it's own shutdown to stop the coprocessor.
    
    Specified by:
    
    stop in interface Coprocessor
  - getRegionObserver
```
public Optional<RegionObserver> getRegionObserver()
```
    Observer/Service Getters
    
    Specified by:
    
    getRegionObserver in interface RegionCoprocessor
  - getMasterObserver
```
public Optional<MasterObserver> getMasterObserver()
```
    Specified by:
    
    getMasterObserver in interface MasterCoprocessor
  - getEndpointObserver
```
public Optional<EndpointObserver> getEndpointObserver()
```
    Specified by:
    
    getEndpointObserver in interface RegionCoprocessor
  - getBulkLoadObserver
```
public Optional<BulkLoadObserver> getBulkLoadObserver()
```
    Specified by:
    
    getBulkLoadObserver in interface RegionCoprocessor
  - getRegionServerObserver
```
public Optional<RegionServerObserver> getRegionServerObserver()
```
    Specified by:
    
    getRegionServerObserver in interface RegionServerCoprocessor
  - getServices
```
public Iterable<com.google.protobuf.Service> getServices()
```
    Description copied from interface: Coprocessor
    
    Coprocessor endpoints providing protobuf services should override this method.
    
    Specified by:
    
    getServices in interface Coprocessor
    
    Returns:
    
    Iterable of Services or empty collection. Implementations should never return null.
  - preCreateTable
```
public void preCreateTable(ObserverContext<MasterCoprocessorEnvironment> c,
                           TableDescriptor desc,
                           RegionInfo[] regions)
                    throws IOException
```
    Observer implementations
    
    Specified by:
    
    preCreateTable in interface MasterObserver
    
    Parameters:
    
    c - the environment to interact with the framework and master
    
    desc - the TableDescriptor for the table
    
    regions - the initial regions created for the table
    
    Throws:
    
    IOException
  - postCompletedCreateTableAction
```
public void postCompletedCreateTableAction(ObserverContext<MasterCoprocessorEnvironment> c,
                                           TableDescriptor desc,
                                           RegionInfo[] regions)
                                    throws IOException
```
    Description copied from interface: MasterObserver
    
    Called after the createTable operation has been requested. Called as part of create table RPC call. Called as part of create table procedure and it is async to the create RPC call.
    
    Specified by:
    
    postCompletedCreateTableAction in interface MasterObserver
    
    Parameters:
    
    c - the environment to interact with the framework and master
    
    desc - the TableDescriptor for the table
    
    regions - the initial regions created for the table
    
    Throws:
    
    IOException
  - preDeleteTable
```
public void preDeleteTable(ObserverContext<MasterCoprocessorEnvironment> c,
                           TableName tableName)
                    throws IOException
```
    Description copied from interface: MasterObserver
    
    Called before HMaster deletes a table. Called as part of delete table RPC call.
    
    Specified by:
    
    preDeleteTable in interface MasterObserver
    
    Parameters:
    
    c - the environment to interact with the framework and master
    
    tableName - the name of the table
    
    Throws:
    
    IOException
  - postDeleteTable
```
public void postDeleteTable(ObserverContext<MasterCoprocessorEnvironment> c,
                            TableName tableName)
                     throws IOException
```
    Description copied from interface: MasterObserver
    
    Called after the deleteTable operation has been requested. Called as part of delete table RPC call.
    
    Specified by:
    
    postDeleteTable in interface MasterObserver
    
    Parameters:
    
    c - the environment to interact with the framework and master
    
    tableName - the name of the table
    
    Throws:
    
    IOException
  - preTruncateTable
```
public void preTruncateTable(ObserverContext<MasterCoprocessorEnvironment> c,
                             TableName tableName)
                      throws IOException
```
    Description copied from interface: MasterObserver
    
    Called before HMaster truncates a table. Called as part of truncate table RPC call.
    
    Specified by:
    
    preTruncateTable in interface MasterObserver
    
    Parameters:
    
    c - the environment to interact with the framework and master
    
    tableName - the name of the table
    
    Throws:
    
    IOException
  - postTruncateTable
```
public void postTruncateTable(ObserverContext<MasterCoprocessorEnvironment> ctx,
                              TableName tableName)
                       throws IOException
```
    Description copied from interface: MasterObserver
    
    Called after the truncateTable operation has been requested. Called as part of truncate table RPC call. The truncate is synchronous, so this method will be called when the truncate operation is terminated.
    
    Specified by:
    
    postTruncateTable in interface MasterObserver
    
    Parameters:
    
    ctx - the environment to interact with the framework and master
    
    tableName - the name of the table
    
    Throws:
    
    IOException
  - preModifyTable
```
public TableDescriptor preModifyTable(ObserverContext<MasterCoprocessorEnvironment> c,
                                      TableName tableName,
                                      TableDescriptor currentDesc,
                                      TableDescriptor newDesc)
                               throws IOException
```
    Description copied from interface: MasterObserver
    
    Called prior to modifying a table's properties. Called as part of modify table RPC call.
    
    Specified by:
    
    preModifyTable in interface MasterObserver
    
    Parameters:
    
    c - the environment to interact with the framework and master
    
    tableName - the name of the table
    
    currentDesc - current TableDescriptor of the table
    
    newDesc - after modify operation, table will have this descriptor
    
    Throws:
    
    IOException
  - postModifyTable
```
public void postModifyTable(ObserverContext<MasterCoprocessorEnvironment> c,
                            TableName tableName,
                            TableDescriptor htd)
                     throws IOException
```
    Description copied from interface: MasterObserver
    
    Called after the modifyTable operation has been requested. Called as part of modify table RPC call.
    
    Specified by:
    
    postModifyTable in interface MasterObserver
    
    Parameters:
    
    c - the environment to interact with the framework and master
    
    tableName - the name of the table
    
    htd - current TableDescriptor of the table
    
    Throws:
    
    IOException
  - preEnableTable
```
public void preEnableTable(ObserverContext<MasterCoprocessorEnvironment> c,
                           TableName tableName)
                    throws IOException
```
    Description copied from interface: MasterObserver
    
    Called prior to enabling a table. Called as part of enable table RPC call.
    
    Specified by:
    
    preEnableTable in interface MasterObserver
    
    Parameters:
    
    c - the environment to interact with the framework and master
    
    tableName - the name of the table
    
    Throws:
    
    IOException
  - preDisableTable
```
public void preDisableTable(ObserverContext<MasterCoprocessorEnvironment> c,
                            TableName tableName)
                     throws IOException
```
    Description copied from interface: MasterObserver
    
    Called prior to disabling a table. Called as part of disable table RPC call.
    
    Specified by:
    
    preDisableTable in interface MasterObserver
    
    Parameters:
    
    c - the environment to interact with the framework and master
    
    tableName - the name of the table
    
    Throws:
    
    IOException
  - preAbortProcedure
```
public void preAbortProcedure(ObserverContext<MasterCoprocessorEnvironment> ctx,
                              long procId)
                       throws IOException
```
    Description copied from interface: MasterObserver
    
    Called before a abortProcedure request has been processed.
    
    Specified by:
    
    preAbortProcedure in interface MasterObserver
    
    Parameters:
    
    ctx - the environment to interact with the framework and master
    
    procId - the Id of the procedure
    
    Throws:
    
    IOException
  - postAbortProcedure
```
public void postAbortProcedure(ObserverContext<MasterCoprocessorEnvironment> ctx)
                        throws IOException
```
    Description copied from interface: MasterObserver
    
    Called after a abortProcedure request has been processed.
    
    Specified by:
    
    postAbortProcedure in interface MasterObserver
    
    Parameters:
    
    ctx - the environment to interact with the framework and master
    
    Throws:
    
    IOException
  - preGetProcedures
```
public void preGetProcedures(ObserverContext<MasterCoprocessorEnvironment> ctx)
                      throws IOException
```
    Description copied from interface: MasterObserver
    
    Called before a getProcedures request has been processed.
    
    Specified by:
    
    preGetProcedures in interface MasterObserver
    
    Parameters:
    
    ctx - the environment to interact with the framework and master
    
    Throws:
    
    IOException
  - preGetLocks
```
public void preGetLocks(ObserverContext<MasterCoprocessorEnvironment> ctx)
                 throws IOException
```
    Description copied from interface: MasterObserver
    
    Called before a getLocks request has been processed.
    
    Specified by:
    
    preGetLocks in interface MasterObserver
    
    Parameters:
    
    ctx - the environment to interact with the framework and master
    
    Throws:
    
    IOException - if something went wrong
  - preMove
```
public void preMove(ObserverContext<MasterCoprocessorEnvironment> c,
                    RegionInfo region,
                    ServerName srcServer,
                    ServerName destServer)
             throws IOException
```
    Description copied from interface: MasterObserver
    
    Called prior to moving a given region from one region server to another.
    
    Specified by:
    
    preMove in interface MasterObserver
    
    Parameters:
    
    c - the environment to interact with the framework and master
    
    region - the RegionInfo
    
    srcServer - the source ServerName
    
    destServer - the destination ServerName
    
    Throws:
    
    IOException
  - preAssign
```
public void preAssign(ObserverContext<MasterCoprocessorEnvironment> c,
                      RegionInfo regionInfo)
               throws IOException
```
    Description copied from interface: MasterObserver
    
    Called prior to assigning a specific region.
    
    Specified by:
    
    preAssign in interface MasterObserver
    
    Parameters:
    
    c - the environment to interact with the framework and master
    
    regionInfo - the regionInfo of the region
    
    Throws:
    
    IOException
  - preUnassign
```
public void preUnassign(ObserverContext<MasterCoprocessorEnvironment> c,
                        RegionInfo regionInfo,
                        boolean force)
                 throws IOException
```
    Description copied from interface: MasterObserver
    
    Called prior to unassigning a given region.
    
    Specified by:
    
    preUnassign in interface MasterObserver
    
    Parameters:
    
    c - the environment to interact with the framework and master
    
    force - whether to force unassignment or not
    
    Throws:
    
    IOException
  - preRegionOffline
```
public void preRegionOffline(ObserverContext<MasterCoprocessorEnvironment> c,
                             RegionInfo regionInfo)
                      throws IOException
```
    Description copied from interface: MasterObserver
    
    Called prior to marking a given region as offline.
    
    Specified by:
    
    preRegionOffline in interface MasterObserver
    
    Parameters:
    
    c - the environment to interact with the framework and master
    
    Throws:
    
    IOException
  - preSetSplitOrMergeEnabled
```
public void preSetSplitOrMergeEnabled(ObserverContext<MasterCoprocessorEnvironment> ctx,
                                      boolean newValue,
                                      MasterSwitchType switchType)
                               throws IOException
```
    Description copied from interface: MasterObserver
    
    Called prior to setting split / merge switch Supports Coprocessor 'bypass'.
    
    Specified by:
    
    preSetSplitOrMergeEnabled in interface MasterObserver
    
    Parameters:
    
    ctx - the coprocessor instance's environment
    
    newValue - the new value submitted in the call
    
    switchType - type of switch
    
    Throws:
    
    IOException
  - preBalance
```
public void preBalance(ObserverContext<MasterCoprocessorEnvironment> c)
                throws IOException
```
    Description copied from interface: MasterObserver
    
    Called prior to requesting rebalancing of the cluster regions, though after the initial checks for regions in transition and the balance switch flag.
    
    Specified by:
    
    preBalance in interface MasterObserver
    
    Parameters:
    
    c - the environment to interact with the framework and master
    
    Throws:
    
    IOException
  - preBalanceSwitch
```
public void preBalanceSwitch(ObserverContext<MasterCoprocessorEnvironment> c,
                             boolean newValue)
                      throws IOException
```
    Description copied from interface: MasterObserver
    
    Called prior to modifying the flag used to enable/disable region balancing.
    
    Specified by:
    
    preBalanceSwitch in interface MasterObserver
    
    Parameters:
    
    c - the coprocessor instance's environment
    
    Throws:
    
    IOException
  - preShutdown
```
public void preShutdown(ObserverContext<MasterCoprocessorEnvironment> c)
                 throws IOException
```
    Description copied from interface: MasterObserver
    
    Called prior to shutting down the full HBase cluster, including this HMaster process.
    
    Specified by:
    
    preShutdown in interface MasterObserver
    
    Throws:
    
    IOException
  - preStopMaster
```
public void preStopMaster(ObserverContext<MasterCoprocessorEnvironment> c)
                   throws IOException
```
    Description copied from interface: MasterObserver
    
    Called immediately prior to stopping this HMaster process.
    
    Specified by:
    
    preStopMaster in interface MasterObserver
    
    Throws:
    
    IOException
  - postStartMaster
```
public void postStartMaster(ObserverContext<MasterCoprocessorEnvironment> ctx)
                     throws IOException
```
    Description copied from interface: MasterObserver
    
    Called immediately after an active master instance has completed initialization. Will not be called on standby master instances unless they take over the active role.
    
    Specified by:
    
    postStartMaster in interface MasterObserver
    
    Throws:
    
    IOException
  - createACLTable
```
private static void createACLTable(Admin admin)
                            throws IOException
```
    Create the ACL table
    
    Throws:
    
    IOException
  - preSnapshot
```
public void preSnapshot(ObserverContext<MasterCoprocessorEnvironment> ctx,
                        SnapshotDescription snapshot,
                        TableDescriptor hTableDescriptor)
                 throws IOException
```
    Description copied from interface: MasterObserver
    
    Called before a new snapshot is taken. Called as part of snapshot RPC call.
    
    Specified by:
    
    preSnapshot in interface MasterObserver
    
    Parameters:
    
    ctx - the environment to interact with the framework and master
    
    snapshot - the SnapshotDescriptor for the snapshot
    
    hTableDescriptor - the TableDescriptor of the table to snapshot
    
    Throws:
    
    IOException
  - preListSnapshot
```
public void preListSnapshot(ObserverContext<MasterCoprocessorEnvironment> ctx,
                            SnapshotDescription snapshot)
                     throws IOException
```
    Description copied from interface: MasterObserver
    
    Called before listSnapshots request has been processed.
    
    Specified by:
    
    preListSnapshot in interface MasterObserver
    
    Parameters:
    
    ctx - the environment to interact with the framework and master
    
    snapshot - the SnapshotDescriptor of the snapshot to list
    
    Throws:
    
    IOException
  - preCloneSnapshot
```
public void preCloneSnapshot(ObserverContext<MasterCoprocessorEnvironment> ctx,
                             SnapshotDescription snapshot,
                             TableDescriptor hTableDescriptor)
                      throws IOException
```
    Description copied from interface: MasterObserver
    
    Called before a snapshot is cloned. Called as part of restoreSnapshot RPC call.
    
    Specified by:
    
    preCloneSnapshot in interface MasterObserver
    
    Parameters:
    
    ctx - the environment to interact with the framework and master
    
    snapshot - the SnapshotDescriptor for the snapshot
    
    hTableDescriptor - the TableDescriptor of the table to create
    
    Throws:
    
    IOException
  - preRestoreSnapshot
```
public void preRestoreSnapshot(ObserverContext<MasterCoprocessorEnvironment> ctx,
                               SnapshotDescription snapshot,
                               TableDescriptor hTableDescriptor)
                        throws IOException
```
    Description copied from interface: MasterObserver
    
    Called before a snapshot is restored. Called as part of restoreSnapshot RPC call.
    
    Specified by:
    
    preRestoreSnapshot in interface MasterObserver
    
    Parameters:
    
    ctx - the environment to interact with the framework and master
    
    snapshot - the SnapshotDescriptor for the snapshot
    
    hTableDescriptor - the TableDescriptor of the table to restore
    
    Throws:
    
    IOException
  - preDeleteSnapshot
```
public void preDeleteSnapshot(ObserverContext<MasterCoprocessorEnvironment> ctx,
                              SnapshotDescription snapshot)
                       throws IOException
```
    Description copied from interface: MasterObserver
    
    Called before a snapshot is deleted. Called as part of deleteSnapshot RPC call.
    
    Specified by:
    
    preDeleteSnapshot in interface MasterObserver
    
    Parameters:
    
    ctx - the environment to interact with the framework and master
    
    snapshot - the SnapshotDescriptor of the snapshot to delete
    
    Throws:
    
    IOException
  - preCreateNamespace
```
public void preCreateNamespace(ObserverContext<MasterCoprocessorEnvironment> ctx,
                               NamespaceDescriptor ns)
                        throws IOException
```
    Description copied from interface: MasterObserver
    
    Called before a new namespace is created by HMaster.
    
    Specified by:
    
    preCreateNamespace in interface MasterObserver
    
    Parameters:
    
    ctx - the environment to interact with the framework and master
    
    ns - the NamespaceDescriptor for the table
    
    Throws:
    
    IOException
  - preDeleteNamespace
```
public void preDeleteNamespace(ObserverContext<MasterCoprocessorEnvironment> ctx,
                               String namespace)
                        throws IOException
```
    Description copied from interface: MasterObserver
    
    Called before HMaster deletes a namespace
    
    Specified by:
    
    preDeleteNamespace in interface MasterObserver
    
    Parameters:
    
    ctx - the environment to interact with the framework and master
    
    namespace - the name of the namespace
    
    Throws:
    
    IOException
  - postDeleteNamespace
```
public void postDeleteNamespace(ObserverContext<MasterCoprocessorEnvironment> ctx,
                                String namespace)
                         throws IOException
```
    Description copied from interface: MasterObserver
    
    Called after the deleteNamespace operation has been requested.
    
    Specified by:
    
    postDeleteNamespace in interface MasterObserver
    
    Parameters:
    
    ctx - the environment to interact with the framework and master
    
    namespace - the name of the namespace
    
    Throws:
    
    IOException
  - preModifyNamespace
```
public void preModifyNamespace(ObserverContext<MasterCoprocessorEnvironment> ctx,
                               NamespaceDescriptor ns)
                        throws IOException
```
    Description copied from interface: MasterObserver
    
    Called prior to modifying a namespace's properties.
    
    Specified by:
    
    preModifyNamespace in interface MasterObserver
    
    Parameters:
    
    ctx - the environment to interact with the framework and master
    
    ns - after modify operation, namespace will have this descriptor
    
    Throws:
    
    IOException
  - preGetNamespaceDescriptor
```
public void preGetNamespaceDescriptor(ObserverContext<MasterCoprocessorEnvironment> ctx,
                                      String namespace)
                               throws IOException
```
    Description copied from interface: MasterObserver
    
    Called before a getNamespaceDescriptor request has been processed.
    
    Specified by:
    
    preGetNamespaceDescriptor in interface MasterObserver
    
    Parameters:
    
    ctx - the environment to interact with the framework and master
    
    namespace - the name of the namespace
    
    Throws:
    
    IOException
  - postListNamespaceDescriptors
```
public void postListNamespaceDescriptors(ObserverContext<MasterCoprocessorEnvironment> ctx,
                                         List<NamespaceDescriptor> descriptors)
                                  throws IOException
```
    Description copied from interface: MasterObserver
    
    Called after a listNamespaceDescriptors request has been processed.
    
    Specified by:
    
    postListNamespaceDescriptors in interface MasterObserver
    
    Parameters:
    
    ctx - the environment to interact with the framework and master
    
    descriptors - the list of descriptors about to be returned
    
    Throws:
    
    IOException
  - preTableFlush
```
public void preTableFlush(ObserverContext<MasterCoprocessorEnvironment> ctx,
                          TableName tableName)
                   throws IOException
```
    Description copied from interface: MasterObserver
    
    Called before the table memstore is flushed to disk.
    
    Specified by:
    
    preTableFlush in interface MasterObserver
    
    Parameters:
    
    ctx - the environment to interact with the framework and master
    
    tableName - the name of the table
    
    Throws:
    
    IOException
  - preSplitRegion
```
public void preSplitRegion(ObserverContext<MasterCoprocessorEnvironment> ctx,
                           TableName tableName,
                           byte[] splitRow)
                    throws IOException
```
    Description copied from interface: MasterObserver
    
    Called before the split region procedure is called.
    
    Specified by:
    
    preSplitRegion in interface MasterObserver
    
    Parameters:
    
    ctx - the environment to interact with the framework and master
    
    tableName - the table where the region belongs to
    
    splitRow - split point
    
    Throws:
    
    IOException
  - preClearDeadServers
```
public void preClearDeadServers(ObserverContext<MasterCoprocessorEnvironment> ctx)
                         throws IOException
```
    Description copied from interface: MasterObserver
    
    Called before clear dead region servers.
    
    Specified by:
    
    preClearDeadServers in interface MasterObserver
    
    Throws:
    
    IOException
  - preDecommissionRegionServers
```
public void preDecommissionRegionServers(ObserverContext<MasterCoprocessorEnvironment> ctx,
                                         List<ServerName> servers,
                                         boolean offload)
                                  throws IOException
```
    Description copied from interface: MasterObserver
    
    Called before decommission region servers.
    
    Specified by:
    
    preDecommissionRegionServers in interface MasterObserver
    
    Throws:
    
    IOException
  - preListDecommissionedRegionServers
```
public void preListDecommissionedRegionServers(ObserverContext<MasterCoprocessorEnvironment> ctx)
                                        throws IOException
```
    Description copied from interface: MasterObserver
    
    Called before list decommissioned region servers.
    
    Specified by:
    
    preListDecommissionedRegionServers in interface MasterObserver
    
    Throws:
    
    IOException
  - preRecommissionRegionServer
```
public void preRecommissionRegionServer(ObserverContext<MasterCoprocessorEnvironment> ctx,
                                        ServerName server,
                                        List<byte[]> encodedRegionNames)
                                 throws IOException
```
    Description copied from interface: MasterObserver
    
    Called before recommission region server.
    
    Specified by:
    
    preRecommissionRegionServer in interface MasterObserver
    
    Throws:
    
    IOException
  - preOpen
```
public void preOpen(ObserverContext<RegionCoprocessorEnvironment> c)
             throws IOException
```
    Description copied from interface: RegionObserver
    
    Called before the region is reported as open to the master.
    
    Specified by:
    
    preOpen in interface RegionObserver
    
    Parameters:
    
    c - the environment provided by the region server
    
    Throws:
    
    IOException
  - postOpen
```
public void postOpen(ObserverContext<RegionCoprocessorEnvironment> c)
```
    Description copied from interface: RegionObserver
    
    Called after the region is reported as open to the master.
    
    Specified by:
    
    postOpen in interface RegionObserver
    
    Parameters:
    
    c - the environment provided by the region server
  - preFlush
```
public void preFlush(ObserverContext<RegionCoprocessorEnvironment> c,
                     FlushLifeCycleTracker tracker)
              throws IOException
```
    Description copied from interface: RegionObserver
    
    Called before the memstore is flushed to disk.
    
    Specified by:
    
    preFlush in interface RegionObserver
    
    Parameters:
    
    c - the environment provided by the region server
    
    tracker - tracker used to track the life cycle of a flush
    
    Throws:
    
    IOException
  - preCompact
```
public InternalScanner preCompact(ObserverContext<RegionCoprocessorEnvironment> c,
                                  Store store,
                                  InternalScanner scanner,
                                  ScanType scanType,
                                  CompactionLifeCycleTracker tracker,
                                  CompactionRequest request)
                           throws IOException
```
    Description copied from interface: RegionObserver
    
    Called prior to writing the StoreFiles selected for compaction into a new StoreFile.
    To override or modify the compaction process, implementing classes can wrap the provided InternalScanner with a custom implementation that is returned from this method. The custom scanner can then inspect Cells from the wrapped scanner, applying its own policy to what gets written.
    
    Specified by:
    
    preCompact in interface RegionObserver
    
    Parameters:
    
    c - the environment provided by the region server
    
    store - the store being compacted
    
    scanner - the scanner over existing data used in the store file rewriting
    
    scanType - type of Scan
    
    tracker - tracker used to track the life cycle of a compaction
    
    request - the requested compaction
    
    Returns:
    
    the scanner to use during compaction. Should not be null unless the implementation is writing new store files on its own.
    
    Throws:
    
    IOException
  - internalPreRead
```
private void internalPreRead(ObserverContext<RegionCoprocessorEnvironment> c,
                             Query query,
                             AccessController.OpType opType)
                      throws IOException
```
    Throws:
    
    IOException
  - preGetOp
```
public void preGetOp(ObserverContext<RegionCoprocessorEnvironment> c,
                     Get get,
                     List<Cell> result)
              throws IOException
```
    Description copied from interface: RegionObserver
    
    Called before the client performs a Get
    Call CoprocessorEnvironment#bypass to skip default actions. If 'bypass' is set, we skip out on calling any subsequent chained coprocessors.
    
    Specified by:
    
    preGetOp in interface RegionObserver
    
    Parameters:
    
    c - the environment provided by the region server
    
    get - the Get request
    
    result - The result to return to the client if default processing is bypassed. Can be modified. Will not be used if default processing is not bypassed.
    
    Throws:
    
    IOException
  - preExists
```
public boolean preExists(ObserverContext<RegionCoprocessorEnvironment> c,
                         Get get,
                         boolean exists)
                  throws IOException
```
    Description copied from interface: RegionObserver
    
    Called before the client tests for existence using a Get.
    Call CoprocessorEnvironment#bypass to skip default actions. If 'bypass' is set, we skip out on calling any subsequent chained coprocessors.
    
    Specified by:
    
    preExists in interface RegionObserver
    
    Parameters:
    
    c - the environment provided by the region server
    
    get - the Get request
    
    exists - the result returned by the region server
    
    Returns:
    
    the value to return to the client if bypassing default processing
    
    Throws:
    
    IOException
  - prePut
```
public void prePut(ObserverContext<RegionCoprocessorEnvironment> c,
                   Put put,
                   WALEdit edit,
                   Durability durability)
            throws IOException
```
    Description copied from interface: RegionObserver
    
    Called before the client stores a value.
    Call CoprocessorEnvironment#bypass to skip default actions. If 'bypass' is set, we skip out on calling any subsequent chained coprocessors.
    Note: Do not retain references to any Cells in 'put' beyond the life of this invocation. If need a Cell reference for later use, copy the cell and use that.
    
    Specified by:
    
    prePut in interface RegionObserver
    
    Parameters:
    
    c - the environment provided by the region server
    
    put - The Put object
    
    edit - The WALEdit object that will be written to the wal
    
    durability - Persistence guarantee for this Put
    
    Throws:
    
    IOException
  - postPut
```
public void postPut(ObserverContext<RegionCoprocessorEnvironment> c,
                    Put put,
                    WALEdit edit,
                    Durability durability)
```
    Description copied from interface: RegionObserver
    
    Called after the client stores a value.
    Note: Do not retain references to any Cells in 'put' beyond the life of this invocation. If need a Cell reference for later use, copy the cell and use that.
    
    Specified by:
    
    postPut in interface RegionObserver
    
    Parameters:
    
    c - the environment provided by the region server
    
    put - The Put object
    
    edit - The WALEdit object for the wal
    
    durability - Persistence guarantee for this Put
  - preDelete
```
public void preDelete(ObserverContext<RegionCoprocessorEnvironment> c,
                      Delete delete,
                      WALEdit edit,
                      Durability durability)
               throws IOException
```
    Description copied from interface: RegionObserver
    
    Called before the client deletes a value.
    Call CoprocessorEnvironment#bypass to skip default actions. If 'bypass' is set, we skip out on calling any subsequent chained coprocessors.
    Note: Do not retain references to any Cells in 'delete' beyond the life of this invocation. If need a Cell reference for later use, copy the cell and use that.
    
    Specified by:
    
    preDelete in interface RegionObserver
    
    Parameters:
    
    c - the environment provided by the region server
    
    delete - The Delete object
    
    edit - The WALEdit object for the wal
    
    durability - Persistence guarantee for this Delete
    
    Throws:
    
    IOException
  - preBatchMutate
```
public void preBatchMutate(ObserverContext<RegionCoprocessorEnvironment> c,
                           MiniBatchOperationInProgress<Mutation> miniBatchOp)
                    throws IOException
```
    Description copied from interface: RegionObserver
    
    This will be called for every batch mutation operation happening at the server. This will be called after acquiring the locks on the mutating rows and after applying the proper timestamp for each Mutation at the server. The batch may contain Put/Delete. By setting OperationStatus of Mutations (MiniBatchOperationInProgress.setOperationStatus(int, OperationStatus)), RegionObserver can make Region to skip these Mutations.
    Note: Do not retain references to any Cells in Mutations beyond the life of this invocation. If need a Cell reference for later use, copy the cell and use that.
    
    Specified by:
    
    preBatchMutate in interface RegionObserver
    
    Parameters:
    
    c - the environment provided by the region server
    
    miniBatchOp - batch of Mutations getting applied to region.
    
    Throws:
    
    IOException
  - postDelete
```
public void postDelete(ObserverContext<RegionCoprocessorEnvironment> c,
                       Delete delete,
                       WALEdit edit,
                       Durability durability)
                throws IOException
```
    Description copied from interface: RegionObserver
    
    Called after the client deletes a value.
    Note: Do not retain references to any Cells in 'delete' beyond the life of this invocation. If need a Cell reference for later use, copy the cell and use that.
    
    Specified by:
    
    postDelete in interface RegionObserver
    
    Parameters:
    
    c - the environment provided by the region server
    
    delete - The Delete object
    
    edit - The WALEdit object for the wal
    
    durability - Persistence guarantee for this Delete
    
    Throws:
    
    IOException
  - preCheckAndPut
```
public boolean preCheckAndPut(ObserverContext<RegionCoprocessorEnvironment> c,
                              byte[] row,
                              byte[] family,
                              byte[] qualifier,
                              CompareOperator op,
                              ByteArrayComparable comparator,
                              Put put,
                              boolean result)
                       throws IOException
```
    Description copied from interface: RegionObserver
    
    Called before checkAndPut.
    Call CoprocessorEnvironment#bypass to skip default actions. If 'bypass' is set, we skip out on calling any subsequent chained coprocessors.
    Note: Do not retain references to any Cells in 'put' beyond the life of this invocation. If need a Cell reference for later use, copy the cell and use that.
    
    Specified by:
    
    preCheckAndPut in interface RegionObserver
    
    Parameters:
    
    c - the environment provided by the region server
    
    row - row to check
    
    family - column family
    
    qualifier - column qualifier
    
    op - the comparison operation
    
    comparator - the comparator
    
    put - data to put if check succeeds
    
    Returns:
    
    the return value to return to client if bypassing default processing
    
    Throws:
    
    IOException
  - preCheckAndPutAfterRowLock
```
public boolean preCheckAndPutAfterRowLock(ObserverContext<RegionCoprocessorEnvironment> c,
                                          byte[] row,
                                          byte[] family,
                                          byte[] qualifier,
                                          CompareOperator opp,
                                          ByteArrayComparable comparator,
                                          Put put,
                                          boolean result)
                                   throws IOException
```
    Description copied from interface: RegionObserver
    
    Called before checkAndPut but after acquiring rowlock.
    Note: Caution to be taken for not doing any long time operation in this hook. Row will be locked for longer time. Trying to acquire lock on another row, within this, can lead to potential deadlock.
    Call CoprocessorEnvironment#bypass to skip default actions. If 'bypass' is set, we skip out on calling any subsequent chained coprocessors.
    Note: Do not retain references to any Cells in 'put' beyond the life of this invocation. If need a Cell reference for later use, copy the cell and use that.
    
    Specified by:
    
    preCheckAndPutAfterRowLock in interface RegionObserver
    
    Parameters:
    
    c - the environment provided by the region server
    
    row - row to check
    
    family - column family
    
    qualifier - column qualifier
    
    opp - the comparison operation
    
    comparator - the comparator
    
    put - data to put if check succeeds
    
    Returns:
    
    the return value to return to client if bypassing default processing
    
    Throws:
    
    IOException
  - preCheckAndDelete
```
public boolean preCheckAndDelete(ObserverContext<RegionCoprocessorEnvironment> c,
                                 byte[] row,
                                 byte[] family,
                                 byte[] qualifier,
                                 CompareOperator op,
                                 ByteArrayComparable comparator,
                                 Delete delete,
                                 boolean result)
                          throws IOException
```
    Description copied from interface: RegionObserver
    
    Called before checkAndDelete.
    Call CoprocessorEnvironment#bypass to skip default actions. If 'bypass' is set, we skip out on calling any subsequent chained coprocessors.
    Note: Do not retain references to any Cells in 'delete' beyond the life of this invocation. If need a Cell reference for later use, copy the cell and use that.
    
    Specified by:
    
    preCheckAndDelete in interface RegionObserver
    
    Parameters:
    
    c - the environment provided by the region server
    
    row - row to check
    
    family - column family
    
    qualifier - column qualifier
    
    op - the comparison operation
    
    comparator - the comparator
    
    delete - delete to commit if check succeeds
    
    Returns:
    
    the value to return to client if bypassing default processing
    
    Throws:
    
    IOException
  - preCheckAndDeleteAfterRowLock
```
public boolean preCheckAndDeleteAfterRowLock(ObserverContext<RegionCoprocessorEnvironment> c,
                                             byte[] row,
                                             byte[] family,
                                             byte[] qualifier,
                                             CompareOperator op,
                                             ByteArrayComparable comparator,
                                             Delete delete,
                                             boolean result)
                                      throws IOException
```
    Description copied from interface: RegionObserver
    
    Called before checkAndDelete but after acquiring rowock.
    Note: Caution to be taken for not doing any long time operation in this hook. Row will be locked for longer time. Trying to acquire lock on another row, within this, can lead to potential deadlock.
    Call CoprocessorEnvironment#bypass to skip default actions. If 'bypass' is set, we skip out on calling any subsequent chained coprocessors.
    Note: Do not retain references to any Cells in 'delete' beyond the life of this invocation. If need a Cell reference for later use, copy the cell and use that.
    
    Specified by:
    
    preCheckAndDeleteAfterRowLock in interface RegionObserver
    
    Parameters:
    
    c - the environment provided by the region server
    
    row - row to check
    
    family - column family
    
    qualifier - column qualifier
    
    op - the comparison operation
    
    comparator - the comparator
    
    delete - delete to commit if check succeeds
    
    Returns:
    
    the value to return to client if bypassing default processing
    
    Throws:
    
    IOException
  - preAppend
```
public Result preAppend(ObserverContext<RegionCoprocessorEnvironment> c,
                        Append append)
                 throws IOException
```
    Description copied from interface: RegionObserver
    
    Called before Append.
    Call CoprocessorEnvironment#bypass to skip default actions. If 'bypass' is set, we skip out on calling any subsequent chained coprocessors.
    Note: Do not retain references to any Cells in 'append' beyond the life of this invocation. If need a Cell reference for later use, copy the cell and use that.
    
    Specified by:
    
    preAppend in interface RegionObserver
    
    Parameters:
    
    c - the environment provided by the region server
    
    append - Append object
    
    Returns:
    
    result to return to the client if bypassing default processing
    
    Throws:
    
    IOException
  - preAppendAfterRowLock
```
public Result preAppendAfterRowLock(ObserverContext<RegionCoprocessorEnvironment> c,
                                    Append append)
                             throws IOException
```
    Description copied from interface: RegionObserver
    
    Called before Append but after acquiring rowlock.
    Note: Caution to be taken for not doing any long time operation in this hook. Row will be locked for longer time. Trying to acquire lock on another row, within this, can lead to potential deadlock.
    Call CoprocessorEnvironment#bypass to skip default actions. If 'bypass' is set, we skip out on calling any subsequent chained coprocessors.
    Note: Do not retain references to any Cells in 'append' beyond the life of this invocation. If need a Cell reference for later use, copy the cell and use that.
    
    Specified by:
    
    preAppendAfterRowLock in interface RegionObserver
    
    Parameters:
    
    c - the environment provided by the region server
    
    append - Append object
    
    Returns:
    
    result to return to the client if bypassing default processing
    
    Throws:
    
    IOException
  - preIncrement
```
public Result preIncrement(ObserverContext<RegionCoprocessorEnvironment> c,
                           Increment increment)
                    throws IOException
```
    Description copied from interface: RegionObserver
    
    Called before Increment.
    Call CoprocessorEnvironment#bypass to skip default actions. If 'bypass' is set, we skip out on calling any subsequent chained coprocessors.
    Note: Do not retain references to any Cells in 'increment' beyond the life of this invocation. If need a Cell reference for later use, copy the cell and use that.
    
    Specified by:
    
    preIncrement in interface RegionObserver
    
    Parameters:
    
    c - the environment provided by the region server
    
    increment - increment object
    
    Returns:
    
    result to return to the client if bypassing default processing
    
    Throws:
    
    IOException
  - preIncrementAfterRowLock
```
public Result preIncrementAfterRowLock(ObserverContext<RegionCoprocessorEnvironment> c,
                                       Increment increment)
                                throws IOException
```
    Description copied from interface: RegionObserver
    
    Called before Increment but after acquiring rowlock.
    Note: Caution to be taken for not doing any long time operation in this hook. Row will be locked for longer time. Trying to acquire lock on another row, within this, can lead to potential deadlock.
    Call CoprocessorEnvironment#bypass to skip default actions. If 'bypass' is set, we skip out on calling any subsequent chained coprocessors.
    Note: Do not retain references to any Cells in 'increment' beyond the life of this invocation. If need a Cell reference for later use, copy the cell and use that.
    
    Specified by:
    
    preIncrementAfterRowLock in interface RegionObserver
    
    Parameters:
    
    c - the environment provided by the region server
    
    increment - increment object
    
    Returns:
    
    result to return to the client if bypassing default processing if an error occurred on the coprocessor
    
    Throws:
    
    IOException
  - postIncrementBeforeWAL
```
public List<Pair<Cell,Cell>> postIncrementBeforeWAL(ObserverContext<RegionCoprocessorEnvironment> ctx,
                                                    Mutation mutation,
                                                    List<Pair<Cell,Cell>> cellPairs)
                                             throws IOException
```
    Description copied from interface: RegionObserver
    
    Called after a list of new cells has been created during an increment operation, but before they are committed to the WAL or memstore.
    
    Specified by:
    
    postIncrementBeforeWAL in interface RegionObserver
    
    Parameters:
    
    ctx - the environment provided by the region server
    
    mutation - the current mutation
    
    cellPairs - a list of cell pair. The first cell is old cell which may be null. And the second cell is the new cell.
    
    Returns:
    
    a list of cell pair, possibly changed.
    
    Throws:
    
    IOException
  - postAppendBeforeWAL
```
public List<Pair<Cell,Cell>> postAppendBeforeWAL(ObserverContext<RegionCoprocessorEnvironment> ctx,
                                                 Mutation mutation,
                                                 List<Pair<Cell,Cell>> cellPairs)
                                          throws IOException
```
    Description copied from interface: RegionObserver
    
    Called after a list of new cells has been created during an append operation, but before they are committed to the WAL or memstore.
    
    Specified by:
    
    postAppendBeforeWAL in interface RegionObserver
    
    Parameters:
    
    ctx - the environment provided by the region server
    
    mutation - the current mutation
    
    cellPairs - a list of cell pair. The first cell is old cell which may be null. And the second cell is the new cell.
    
    Returns:
    
    a list of cell pair, possibly changed.
    
    Throws:
    
    IOException
  - createNewCellWithTags
```
private Cell createNewCellWithTags(Mutation mutation,
                                   Cell oldCell,
                                   Cell newCell)
```
  - preScannerOpen
```
public void preScannerOpen(ObserverContext<RegionCoprocessorEnvironment> c,
                           Scan scan)
                    throws IOException
```
    Description copied from interface: RegionObserver
    
    Called before the client opens a new scanner.
    Note: Do not retain references to any Cells returned by scanner, beyond the life of this invocation. If need a Cell reference for later use, copy the cell and use that.
    
    Specified by:
    
    preScannerOpen in interface RegionObserver
    
    Parameters:
    
    c - the environment provided by the region server
    
    scan - the Scan specification
    
    Throws:
    
    IOException
  - postScannerOpen
```
public RegionScanner postScannerOpen(ObserverContext<RegionCoprocessorEnvironment> c,
                                     Scan scan,
                                     RegionScanner s)
                              throws IOException
```
    Description copied from interface: RegionObserver
    
    Called after the client opens a new scanner.
    Note: Do not retain references to any Cells returned by scanner, beyond the life of this invocation. If need a Cell reference for later use, copy the cell and use that.
    
    Specified by:
    
    postScannerOpen in interface RegionObserver
    
    Parameters:
    
    c - the environment provided by the region server
    
    scan - the Scan specification
    
    s - if not null, the base scanner
    
    Returns:
    
    the scanner instance to use
    
    Throws:
    
    IOException
  - preScannerNext
```
public boolean preScannerNext(ObserverContext<RegionCoprocessorEnvironment> c,
                              InternalScanner s,
                              List<Result> result,
                              int limit,
                              boolean hasNext)
                       throws IOException
```
    Description copied from interface: RegionObserver
    
    Called before the client asks for the next row on a scanner.
    Call CoprocessorEnvironment#bypass to skip default actions. If 'bypass' is set, we skip out on calling any subsequent chained coprocessors.
    Note: Do not retain references to any Cells returned by scanner, beyond the life of this invocation. If need a Cell reference for later use, copy the cell and use that.
    
    Specified by:
    
    preScannerNext in interface RegionObserver
    
    Parameters:
    
    c - the environment provided by the region server
    
    s - the scanner
    
    result - The result to return to the client if default processing is bypassed. Can be modified. Will not be returned if default processing is not bypassed.
    
    limit - the maximum number of results to return
    
    hasNext - the 'has more' indication
    
    Returns:
    
    'has more' indication that should be sent to client
    
    Throws:
    
    IOException
  - preScannerClose
```
public void preScannerClose(ObserverContext<RegionCoprocessorEnvironment> c,
                            InternalScanner s)
                     throws IOException
```
    Description copied from interface: RegionObserver
    
    Called before the client closes a scanner.
    Call CoprocessorEnvironment#bypass to skip default actions. If 'bypass' is set, we skip out on calling any subsequent chained coprocessors.
    
    Specified by:
    
    preScannerClose in interface RegionObserver
    
    Parameters:
    
    c - the environment provided by the region server
    
    s - the scanner
    
    Throws:
    
    IOException
  - postScannerClose
```
public void postScannerClose(ObserverContext<RegionCoprocessorEnvironment> c,
                             InternalScanner s)
                      throws IOException
```
    Description copied from interface: RegionObserver
    
    Called after the client closes a scanner.
    
    Specified by:
    
    postScannerClose in interface RegionObserver
    
    Parameters:
    
    c - the environment provided by the region server
    
    s - the scanner
    
    Throws:
    
    IOException
  - postScannerFilterRow
```
public boolean postScannerFilterRow(ObserverContext<RegionCoprocessorEnvironment> e,
                                    InternalScanner s,
                                    Cell curRowCell,
                                    boolean hasMore)
                             throws IOException
```
    Description copied from interface: RegionObserver
    This will be called by the scan flow when the current scanned row is being filtered out by the filter. The filter may be filtering out the row via any of the below scenarios
    1. boolean filterRowKey(byte [] buffer, int offset, int length) returning true
    2. boolean filterRow() returning true
    3. default void filterRow(List<KeyValue> kvs) removing all the kvs from the passed List
    Note: Do not retain references to any Cells returned by scanner, beyond the life of this invocation. If need a Cell reference for later use, copy the cell and use that.
    Specified by:
    
    postScannerFilterRow in interface RegionObserver
    
    Parameters:
    
    e - the environment provided by the region server
    
    s - the scanner
    
    curRowCell - The cell in the current row which got filtered out
    
    hasMore - the 'has more' indication
    
    Returns:
    
    whether more rows are available for the scanner or not
    
    Throws:
    
    IOException
  - requireScannerOwner
```
private void requireScannerOwner(InternalScanner s)
                          throws AccessDeniedException
```
    Verify, when servicing an RPC, that the caller is the scanner owner. If so, we assume that access control is correctly enforced based on the checks performed in preScannerOpen()
    
    Throws:
    
    AccessDeniedException
  - preBulkLoadHFile
```
public void preBulkLoadHFile(ObserverContext<RegionCoprocessorEnvironment> ctx,
                             List<Pair<byte[],String>> familyPaths)
                      throws IOException
```
    Verifies user has CREATE privileges on the Column Families involved in the bulkLoadHFile request. Specific Column Write privileges are presently ignored.
    
    Specified by:
    
    preBulkLoadHFile in interface RegionObserver
    
    Parameters:
    
    ctx - the environment provided by the region server
    
    familyPaths - pairs of { CF, HFile path } submitted for bulk load. Adding or removing from this list will add or remove HFiles to be bulk loaded.
    
    Throws:
    
    IOException
  - prePrepareBulkLoad
```
public void prePrepareBulkLoad(ObserverContext<RegionCoprocessorEnvironment> ctx)
                        throws IOException
```
    Authorization check for SecureBulkLoadProtocol.prepareBulkLoad()
    
    Specified by:
    
    prePrepareBulkLoad in interface BulkLoadObserver
    
    Parameters:
    
    ctx - the context
    
    Throws:
    
    IOException
  - preCleanupBulkLoad
```
public void preCleanupBulkLoad(ObserverContext<RegionCoprocessorEnvironment> ctx)
                        throws IOException
```
    Authorization security check for SecureBulkLoadProtocol.cleanupBulkLoad()
    
    Specified by:
    
    preCleanupBulkLoad in interface BulkLoadObserver
    
    Parameters:
    
    ctx - the context
    
    Throws:
    
    IOException
  - preEndpointInvocation
```
public com.google.protobuf.Message preEndpointInvocation(ObserverContext<RegionCoprocessorEnvironment> ctx,
                                                         com.google.protobuf.Service service,
                                                         String methodName,
                                                         com.google.protobuf.Message request)
                                                  throws IOException
```
    Description copied from interface: EndpointObserver
    
    Called before an Endpoint service method is invoked. The request message can be altered by returning a new instance. Throwing an exception will abort the invocation. Calling ObserverContext.bypass() has no effect in this hook.
    
    Specified by:
    
    preEndpointInvocation in interface EndpointObserver
    
    Parameters:
    
    ctx - the environment provided by the region server
    
    service - the endpoint service
    
    methodName - the invoked service method
    
    request - Request message expected by given Service's method (by the name methodName).
    
    Returns:
    
    the possibly modified message
    
    Throws:
    
    IOException
  - postEndpointInvocation
```
public void postEndpointInvocation(ObserverContext<RegionCoprocessorEnvironment> ctx,
                                   com.google.protobuf.Service service,
                                   String methodName,
                                   com.google.protobuf.Message request,
                                   com.google.protobuf.Message.Builder responseBuilder)
                            throws IOException
```
    Description copied from interface: EndpointObserver
    
    Called after an Endpoint service method is invoked. The response message can be altered using the builder.
    
    Specified by:
    
    postEndpointInvocation in interface EndpointObserver
    
    Parameters:
    
    ctx - the environment provided by the region server
    
    service - the endpoint service
    
    methodName - the invoked service method
    
    request - Request message expected by given Service's method (by the name methodName).
    
    responseBuilder - Builder for final response to the client, with original response from Service's method merged into it.
    
    Throws:
    
    IOException
  - grant
```
@Deprecated
public void grant(com.google.protobuf.RpcController controller,
                              org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.GrantRequest request,
                              com.google.protobuf.RpcCallback<org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.GrantResponse> done)
```
    Deprecated. since 2.2.0 and will be removed in 4.0.0. Use Admin.grant(UserPermission, boolean) instead.
    
    Description copied from interface: org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.AccessControlService.Interface
    
    rpc Grant(.hbase.pb.GrantRequest) returns (.hbase.pb.GrantResponse);
    
    Specified by:
    
    grant in interface org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.AccessControlService.Interface
    
    See Also:
    
    Admin.grant(UserPermission, boolean), HBASE-21739
  - revoke
```
@Deprecated
public void revoke(com.google.protobuf.RpcController controller,
                               org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.RevokeRequest request,
                               com.google.protobuf.RpcCallback<org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.RevokeResponse> done)
```
    Deprecated. since 2.2.0 and will be removed in 4.0.0. Use Admin.revoke(UserPermission) instead.
    
    Description copied from interface: org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.AccessControlService.Interface
    
    rpc Revoke(.hbase.pb.RevokeRequest) returns (.hbase.pb.RevokeResponse);
    
    Specified by:
    
    revoke in interface org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.AccessControlService.Interface
    
    See Also:
    
    Admin.revoke(UserPermission), HBASE-21739
  - getUserPermissions
```
@Deprecated
public void getUserPermissions(com.google.protobuf.RpcController controller,
                                           org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.GetUserPermissionsRequest request,
                                           com.google.protobuf.RpcCallback<org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.GetUserPermissionsResponse> done)
```
    Deprecated. since 2.2.0 and will be removed in 4.0.0. Use Admin.getUserPermissions(GetUserPermissionsRequest) instead.
    
    Description copied from interface: org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.AccessControlService.Interface
    
    rpc GetUserPermissions(.hbase.pb.GetUserPermissionsRequest) returns (.hbase.pb.GetUserPermissionsResponse);
    
    Specified by:
    
    getUserPermissions in interface org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.AccessControlService.Interface
    
    See Also:
    
    Admin.getUserPermissions(GetUserPermissionsRequest), HBASE-21911
  - checkPermissions
```
@Deprecated
public void checkPermissions(com.google.protobuf.RpcController controller,
                                         org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.CheckPermissionsRequest request,
                                         com.google.protobuf.RpcCallback<org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.CheckPermissionsResponse> done)
```
    Deprecated. since 2.2.0 and will be removed 4.0.0. Use Admin.hasUserPermissions(List) instead.
    
    Description copied from interface: org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.AccessControlService.Interface
    
    rpc CheckPermissions(.hbase.pb.CheckPermissionsRequest) returns (.hbase.pb.CheckPermissionsResponse);
    
    Specified by:
    
    checkPermissions in interface org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.AccessControlService.Interface
    
    See Also:
    
    Admin.hasUserPermissions(List), HBASE-22117
  - getRegion
```
private Region getRegion(RegionCoprocessorEnvironment e)
```
  - getTableName
```
private TableName getTableName(RegionCoprocessorEnvironment e)
```
  - getTableName
```
private TableName getTableName(Region region)
```
  - preClose
```
public void preClose(ObserverContext<RegionCoprocessorEnvironment> c,
                     boolean abortRequested)
              throws IOException
```
    Description copied from interface: RegionObserver
    
    Called before the region is reported as closed to the master.
    
    Specified by:
    
    preClose in interface RegionObserver
    
    Parameters:
    
    c - the environment provided by the region server
    
    abortRequested - true if the region server is aborting
    
    Throws:
    
    IOException
  - checkSystemOrSuperUser
```
private void checkSystemOrSuperUser(User activeUser)
                             throws IOException
```
    Throws:
    
    IOException
  - preStopRegionServer
```
public void preStopRegionServer(ObserverContext<RegionServerCoprocessorEnvironment> ctx)
                         throws IOException
```
    Description copied from interface: RegionServerObserver
    
    Called before stopping region server.
    
    Specified by:
    
    preStopRegionServer in interface RegionServerObserver
    
    Parameters:
    
    ctx - the environment to interact with the framework and region server.
    
    Throws:
    
    IOException
  - makeFamilyMap
```
private Map<byte[],? extends Collection<byte[]>> makeFamilyMap(byte[] family,
                                                               byte[] qualifier)
```
  - preGetTableDescriptors
```
public void preGetTableDescriptors(ObserverContext<MasterCoprocessorEnvironment> ctx,
                                   List<TableName> tableNamesList,
                                   List<TableDescriptor> descriptors,
                                   String regex)
                            throws IOException
```
    Description copied from interface: MasterObserver
    
    Called before a getTableDescriptors request has been processed.
    
    Specified by:
    
    preGetTableDescriptors in interface MasterObserver
    
    Parameters:
    
    ctx - the environment to interact with the framework and master
    
    tableNamesList - the list of table names, or null if querying for all
    
    descriptors - an empty list, can be filled with what to return in coprocessor
    
    regex - regular expression used for filtering the table names
    
    Throws:
    
    IOException
  - postGetTableDescriptors
```
public void postGetTableDescriptors(ObserverContext<MasterCoprocessorEnvironment> ctx,
                                    List<TableName> tableNamesList,
                                    List<TableDescriptor> descriptors,
                                    String regex)
                             throws IOException
```
    Description copied from interface: MasterObserver
    
    Called after a getTableDescriptors request has been processed.
    
    Specified by:
    
    postGetTableDescriptors in interface MasterObserver
    
    Parameters:
    
    ctx - the environment to interact with the framework and master
    
    tableNamesList - the list of table names, or null if querying for all
    
    descriptors - the list of descriptors about to be returned
    
    regex - regular expression used for filtering the table names
    
    Throws:
    
    IOException
  - postGetTableNames
```
public void postGetTableNames(ObserverContext<MasterCoprocessorEnvironment> ctx,
                              List<TableDescriptor> descriptors,
                              String regex)
                       throws IOException
```
    Description copied from interface: MasterObserver
    
    Called after a getTableNames request has been processed.
    
    Specified by:
    
    postGetTableNames in interface MasterObserver
    
    Parameters:
    
    ctx - the environment to interact with the framework and master
    
    descriptors - the list of descriptors about to be returned
    
    regex - regular expression used for filtering the table names
    
    Throws:
    
    IOException
  - preMergeRegions
```
public void preMergeRegions(ObserverContext<MasterCoprocessorEnvironment> ctx,
                            RegionInfo[] regionsToMerge)
                     throws IOException
```
    Description copied from interface: MasterObserver
    
    Called before merge regions request.
    
    Specified by:
    
    preMergeRegions in interface MasterObserver
    
    Parameters:
    
    ctx - coprocessor environment
    
    regionsToMerge - regions to be merged
    
    Throws:
    
    IOException
  - preRollWALWriterRequest
```
public void preRollWALWriterRequest(ObserverContext<RegionServerCoprocessorEnvironment> ctx)
                             throws IOException
```
    Description copied from interface: RegionServerObserver
    
    This will be called before executing user request to roll a region server WAL.
    
    Specified by:
    
    preRollWALWriterRequest in interface RegionServerObserver
    
    Parameters:
    
    ctx - the environment to interact with the framework and region server.
    
    Throws:
    
    IOException
  - postRollWALWriterRequest
```
public void postRollWALWriterRequest(ObserverContext<RegionServerCoprocessorEnvironment> ctx)
                              throws IOException
```
    Description copied from interface: RegionServerObserver
    
    This will be called after executing user request to roll a region server WAL.
    
    Specified by:
    
    postRollWALWriterRequest in interface RegionServerObserver
    
    Parameters:
    
    ctx - the environment to interact with the framework and region server.
    
    Throws:
    
    IOException
  - preSetUserQuota
```
public void preSetUserQuota(ObserverContext<MasterCoprocessorEnvironment> ctx,
                            String userName,
                            GlobalQuotaSettings quotas)
                     throws IOException
```
    Description copied from interface: MasterObserver
    
    Called before the quota for the user is stored.
    
    Specified by:
    
    preSetUserQuota in interface MasterObserver
    
    Parameters:
    
    ctx - the environment to interact with the framework and master
    
    userName - the name of user
    
    quotas - the current quota for the user
    
    Throws:
    
    IOException
  - preSetUserQuota
```
public void preSetUserQuota(ObserverContext<MasterCoprocessorEnvironment> ctx,
                            String userName,
                            TableName tableName,
                            GlobalQuotaSettings quotas)
                     throws IOException
```
    Description copied from interface: MasterObserver
    
    Called before the quota for the user on the specified table is stored.
    
    Specified by:
    
    preSetUserQuota in interface MasterObserver
    
    Parameters:
    
    ctx - the environment to interact with the framework and master
    
    userName - the name of user
    
    tableName - the name of the table
    
    quotas - the current quota for the user on the table
    
    Throws:
    
    IOException
  - preSetUserQuota
```
public void preSetUserQuota(ObserverContext<MasterCoprocessorEnvironment> ctx,
                            String userName,
                            String namespace,
                            GlobalQuotaSettings quotas)
                     throws IOException
```
    Description copied from interface: MasterObserver
    
    Called before the quota for the user on the specified namespace is stored.
    
    Specified by:
    
    preSetUserQuota in interface MasterObserver
    
    Parameters:
    
    ctx - the environment to interact with the framework and master
    
    userName - the name of user
    
    namespace - the name of the namespace
    
    quotas - the current quota for the user on the namespace
    
    Throws:
    
    IOException
  - preSetTableQuota
```
public void preSetTableQuota(ObserverContext<MasterCoprocessorEnvironment> ctx,
                             TableName tableName,
                             GlobalQuotaSettings quotas)
                      throws IOException
```
    Description copied from interface: MasterObserver
    
    Called before the quota for the table is stored.
    
    Specified by:
    
    preSetTableQuota in interface MasterObserver
    
    Parameters:
    
    ctx - the environment to interact with the framework and master
    
    tableName - the name of the table
    
    quotas - the current quota for the table
    
    Throws:
    
    IOException
  - preSetNamespaceQuota
```
public void preSetNamespaceQuota(ObserverContext<MasterCoprocessorEnvironment> ctx,
                                 String namespace,
                                 GlobalQuotaSettings quotas)
                          throws IOException
```
    Description copied from interface: MasterObserver
    
    Called before the quota for the namespace is stored.
    
    Specified by:
    
    preSetNamespaceQuota in interface MasterObserver
    
    Parameters:
    
    ctx - the environment to interact with the framework and master
    
    namespace - the name of the namespace
    
    quotas - the current quota for the namespace
    
    Throws:
    
    IOException
  - preSetRegionServerQuota
```
public void preSetRegionServerQuota(ObserverContext<MasterCoprocessorEnvironment> ctx,
                                    String regionServer,
                                    GlobalQuotaSettings quotas)
                             throws IOException
```
    Description copied from interface: MasterObserver
    
    Called before the quota for the region server is stored.
    
    Specified by:
    
    preSetRegionServerQuota in interface MasterObserver
    
    Parameters:
    
    ctx - the environment to interact with the framework and master
    
    regionServer - the name of the region server
    
    quotas - the current quota for the region server
    
    Throws:
    
    IOException
  - postCreateReplicationEndPoint
```
public ReplicationEndpoint postCreateReplicationEndPoint(ObserverContext<RegionServerCoprocessorEnvironment> ctx,
                                                         ReplicationEndpoint endpoint)
```
    Description copied from interface: RegionServerObserver
    
    This will be called after the replication endpoint is instantiated.
    
    Specified by:
    
    postCreateReplicationEndPoint in interface RegionServerObserver
    
    Parameters:
    
    ctx - the environment to interact with the framework and region server.
    
    endpoint - - the base endpoint for replication
    
    Returns:
    
    the endpoint to use during replication.
  - preReplicateLogEntries
```
public void preReplicateLogEntries(ObserverContext<RegionServerCoprocessorEnvironment> ctx)
                            throws IOException
```
    Description copied from interface: RegionServerObserver
    
    This will be called before executing replication request to shipping log entries.
    
    Specified by:
    
    preReplicateLogEntries in interface RegionServerObserver
    
    Parameters:
    
    ctx - the environment to interact with the framework and region server.
    
    Throws:
    
    IOException
  - preClearCompactionQueues
```
public void preClearCompactionQueues(ObserverContext<RegionServerCoprocessorEnvironment> ctx)
                              throws IOException
```
    Description copied from interface: RegionServerObserver
    
    This will be called before clearing compaction queues
    
    Specified by:
    
    preClearCompactionQueues in interface RegionServerObserver
    
    Parameters:
    
    ctx - the environment to interact with the framework and region server.
    
    Throws:
    
    IOException
  - preAddReplicationPeer
```
public void preAddReplicationPeer(ObserverContext<MasterCoprocessorEnvironment> ctx,
                                  String peerId,
                                  ReplicationPeerConfig peerConfig)
                           throws IOException
```
    Description copied from interface: MasterObserver
    
    Called before add a replication peer
    
    Specified by:
    
    preAddReplicationPeer in interface MasterObserver
    
    Parameters:
    
    ctx - the environment to interact with the framework and master
    
    peerId - a short name that identifies the peer
    
    peerConfig - configuration for the replication peer
    
    Throws:
    
    IOException
  - preRemoveReplicationPeer
```
public void preRemoveReplicationPeer(ObserverContext<MasterCoprocessorEnvironment> ctx,
                                     String peerId)
                              throws IOException
```
    Description copied from interface: MasterObserver
    
    Called before remove a replication peer
    
    Specified by:
    
    preRemoveReplicationPeer in interface MasterObserver
    
    peerId - a short name that identifies the peer
    
    Throws:
    
    IOException
  - preEnableReplicationPeer
```
public void preEnableReplicationPeer(ObserverContext<MasterCoprocessorEnvironment> ctx,
                                     String peerId)
                              throws IOException
```
    Description copied from interface: MasterObserver
    
    Called before enable a replication peer
    
    Specified by:
    
    preEnableReplicationPeer in interface MasterObserver
    
    peerId - a short name that identifies the peer
    
    Throws:
    
    IOException
  - preDisableReplicationPeer
```
public void preDisableReplicationPeer(ObserverContext<MasterCoprocessorEnvironment> ctx,
                                      String peerId)
                               throws IOException
```
    Description copied from interface: MasterObserver
    
    Called before disable a replication peer
    
    Specified by:
    
    preDisableReplicationPeer in interface MasterObserver
    
    peerId - a short name that identifies the peer
    
    Throws:
    
    IOException
  - preGetReplicationPeerConfig
```
public void preGetReplicationPeerConfig(ObserverContext<MasterCoprocessorEnvironment> ctx,
                                        String peerId)
                                 throws IOException
```
    Description copied from interface: MasterObserver
    
    Called before get the configured ReplicationPeerConfig for the specified peer
    
    Specified by:
    
    preGetReplicationPeerConfig in interface MasterObserver
    
    peerId - a short name that identifies the peer
    
    Throws:
    
    IOException
  - preUpdateReplicationPeerConfig
```
public void preUpdateReplicationPeerConfig(ObserverContext<MasterCoprocessorEnvironment> ctx,
                                           String peerId,
                                           ReplicationPeerConfig peerConfig)
                                    throws IOException
```
    Description copied from interface: MasterObserver
    
    Called before update peerConfig for the specified peer
    
    Specified by:
    
    preUpdateReplicationPeerConfig in interface MasterObserver
    
    peerId - a short name that identifies the peer
    
    Throws:
    
    IOException
  - preListReplicationPeers
```
public void preListReplicationPeers(ObserverContext<MasterCoprocessorEnvironment> ctx,
                                    String regex)
                             throws IOException
```
    Description copied from interface: MasterObserver
    
    Called before list replication peers.
    
    Specified by:
    
    preListReplicationPeers in interface MasterObserver
    
    Parameters:
    
    ctx - the environment to interact with the framework and master
    
    regex - The regular expression to match peer id
    
    Throws:
    
    IOException
  - preRequestLock
```
public void preRequestLock(ObserverContext<MasterCoprocessorEnvironment> ctx,
                           String namespace,
                           TableName tableName,
                           RegionInfo[] regionInfos,
                           String description)
                    throws IOException
```
    Description copied from interface: MasterObserver
    
    Called before new LockProcedure is queued.
    
    Specified by:
    
    preRequestLock in interface MasterObserver
    
    Parameters:
    
    ctx - the environment to interact with the framework and master
    
    Throws:
    
    IOException
  - preLockHeartbeat
```
public void preLockHeartbeat(ObserverContext<MasterCoprocessorEnvironment> ctx,
                             TableName tableName,
                             String description)
                      throws IOException
```
    Description copied from interface: MasterObserver
    
    Called before heartbeat to a lock.
    
    Specified by:
    
    preLockHeartbeat in interface MasterObserver
    
    Parameters:
    
    ctx - the environment to interact with the framework and master
    
    Throws:
    
    IOException
  - preExecuteProcedures
```
public void preExecuteProcedures(ObserverContext<RegionServerCoprocessorEnvironment> ctx)
                          throws IOException
```
    Description copied from interface: RegionServerObserver
    
    This will be called before executing procedures
    
    Specified by:
    
    preExecuteProcedures in interface RegionServerObserver
    
    Parameters:
    
    ctx - the environment to interact with the framework and region server.
    
    Throws:
    
    IOException
  - preSwitchRpcThrottle
```
public void preSwitchRpcThrottle(ObserverContext<MasterCoprocessorEnvironment> ctx,
                                 boolean enable)
                          throws IOException
```
    Description copied from interface: MasterObserver
    
    Called before switching rpc throttle enabled state.
    
    Specified by:
    
    preSwitchRpcThrottle in interface MasterObserver
    
    Parameters:
    
    ctx - the coprocessor instance's environment
    
    enable - the rpc throttle value
    
    Throws:
    
    IOException
  - preIsRpcThrottleEnabled
```
public void preIsRpcThrottleEnabled(ObserverContext<MasterCoprocessorEnvironment> ctx)
                             throws IOException
```
    Description copied from interface: MasterObserver
    
    Called before getting if is rpc throttle enabled.
    
    Specified by:
    
    preIsRpcThrottleEnabled in interface MasterObserver
    
    Parameters:
    
    ctx - the coprocessor instance's environment
    
    Throws:
    
    IOException
  - preSwitchExceedThrottleQuota
```
public void preSwitchExceedThrottleQuota(ObserverContext<MasterCoprocessorEnvironment> ctx,
                                         boolean enable)
                                  throws IOException
```
    Description copied from interface: MasterObserver
    
    Called before switching exceed throttle quota state.
    
    Specified by:
    
    preSwitchExceedThrottleQuota in interface MasterObserver
    
    Parameters:
    
    ctx - the coprocessor instance's environment
    
    enable - the exceed throttle quota value
    
    Throws:
    
    IOException
  - getActiveUser
```
private User getActiveUser(ObserverContext<?> ctx)
                    throws IOException
```
    Returns the active user to which authorization checks should be applied. If we are in the context of an RPC call, the remote user is used, otherwise the currently logged in user is used.
    
    Throws:
    
    IOException
  - hasPermission
```
@Deprecated
public void hasPermission(com.google.protobuf.RpcController controller,
                                      org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.HasPermissionRequest request,
                                      com.google.protobuf.RpcCallback<org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.HasPermissionResponse> done)
```
    Deprecated. since 2.2.0 and will be removed in 4.0.0. Use Admin.hasUserPermissions(String, List) instead.
    
    Description copied from interface: org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.AccessControlService.Interface
    
    rpc HasPermission(.hbase.pb.HasPermissionRequest) returns (.hbase.pb.HasPermissionResponse);
    
    Specified by:
    
    hasPermission in interface org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.AccessControlService.Interface
    
    See Also:
    
    Admin.hasUserPermissions(String, List), HBASE-22117
  - preGrant
```
public void preGrant(ObserverContext<MasterCoprocessorEnvironment> ctx,
                     UserPermission userPermission,
                     boolean mergeExistingPermissions)
              throws IOException
```
    Description copied from interface: MasterObserver
    
    Called before granting user permissions.
    
    Specified by:
    
    preGrant in interface MasterObserver
    
    Parameters:
    
    ctx - the coprocessor instance's environment
    
    userPermission - the user and permissions
    
    mergeExistingPermissions - True if merge with previous granted permissions
    
    Throws:
    
    IOException
  - preRevoke
```
public void preRevoke(ObserverContext<MasterCoprocessorEnvironment> ctx,
                      UserPermission userPermission)
               throws IOException
```
    Description copied from interface: MasterObserver
    
    Called before revoking user permissions.
    
    Specified by:
    
    preRevoke in interface MasterObserver
    
    Parameters:
    
    ctx - the coprocessor instance's environment
    
    userPermission - the user and permissions
    
    Throws:
    
    IOException
  - preGrantOrRevoke
```
private void preGrantOrRevoke(User caller,
                              String request,
                              UserPermission userPermission)
                       throws IOException
```
    Throws:
    
    IOException
  - preGetUserPermissions
```
public void preGetUserPermissions(ObserverContext<MasterCoprocessorEnvironment> ctx,
                                  String userName,
                                  String namespace,
                                  TableName tableName,
                                  byte[] family,
                                  byte[] qualifier)
                           throws IOException
```
    Description copied from interface: MasterObserver
    
    Called before getting user permissions.
    
    Specified by:
    
    preGetUserPermissions in interface MasterObserver
    
    Parameters:
    
    ctx - the coprocessor instance's environment
    
    userName - the user name, null if get all user permissions
    
    namespace - the namespace, null if don't get namespace permission
    
    tableName - the table name, null if don't get table permission
    
    family - the table column family, null if don't get table family permission
    
    qualifier - the table column qualifier, null if don't get table qualifier permission
    
    Throws:
    
    IOException - if something went wrong
  - preGetUserPermissions
```
private void preGetUserPermissions(User caller,
                                   String userName,
                                   String namespace,
                                   TableName tableName,
                                   byte[] family,
                                   byte[] qualifier)
                            throws IOException
```
    Throws:
    
    IOException
  - preHasUserPermissions
```
public void preHasUserPermissions(ObserverContext<MasterCoprocessorEnvironment> ctx,
                                  String userName,
                                  List<Permission> permissions)
                           throws IOException
```
    Specified by:
    
    preHasUserPermissions in interface MasterObserver
    
    Throws:
    
    IOException
  - preHasUserPermissions
```
private void preHasUserPermissions(User caller,
                                   String userName,
                                   List<Permission> permissions)
                            throws IOException
```
    Throws:
    
    IOException

Class AccessController

Nested Class Summary

Nested classes/interfaces inherited from interface org.apache.hadoop.hbase.Coprocessor

Nested classes/interfaces inherited from interface org.apache.hadoop.hbase.coprocessor.RegionObserver

Field Summary

Fields inherited from interface org.apache.hadoop.hbase.Coprocessor

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Methods inherited from interface org.apache.hadoop.hbase.coprocessor.MasterObserver

Methods inherited from interface org.apache.hadoop.hbase.coprocessor.RegionObserver

Methods inherited from interface org.apache.hadoop.hbase.coprocessor.RegionServerObserver

Field Detail

LOG

AUDITLOG

CHECK_COVERING_PERM

TAG_CHECK_PASSED

TRUE

accessChecker

aclRegion

regionEnv

scannerOwners

tableAcls

userProvider

authorizationEnabled

cellFeaturesEnabled

shouldCheckExecPermission

compatibleEarlyTermination

initialized

aclTabAvailable

Constructor Detail

AccessController

Method Detail

isCellAuthorizationSupported

getRegion

getAuthManager

initialize

updateACL

permissionGranted

requireAccess

requirePermission

requireGlobalPermission

requireGlobalPermission

requireNamespacePermission

requireNamespacePermission

requirePermission

requireTablePermission

checkLockPermissions

hasFamilyQualifierPermission

checkCoveringPermission

addCellPermissions

checkForReservedTagPresence

start

stop

getRegionObserver

getMasterObserver

getEndpointObserver

getBulkLoadObserver

getRegionServerObserver

getServices

preCreateTable

postCompletedCreateTableAction

preDeleteTable

postDeleteTable

preTruncateTable

postTruncateTable

preModifyTable

postModifyTable

preEnableTable

preDisableTable

preAbortProcedure

postAbortProcedure

preGetProcedures

preGetLocks

preMove

preAssign

preUnassign

preRegionOffline

preSetSplitOrMergeEnabled

preBalance