@InterfaceAudience.Private public final class NoopAccessChecker extends AccessChecker
AccessChecker.InputUser
Constructor and Description |
---|
NoopAccessChecker(org.apache.hadoop.conf.Configuration conf) |
Modifier and Type | Method and Description |
---|---|
void |
checkLockPermissions(User user,
String namespace,
TableName tableName,
RegionInfo[] regionInfos,
String reason) |
boolean |
hasUserPermission(User user,
String request,
Permission permission)
Authorizes that if the current user has the given permissions.
|
void |
performOnSuperuser(String request,
User caller,
String userToBeChecked)
Check if caller is granting or revoking superusers's or supergroups's permissions.
|
AuthResult |
permissionGranted(String request,
User user,
Permission.Action permRequest,
TableName tableName,
Map<byte[],? extends Collection<?>> families)
Check the current user for authorization to perform a specific action against the given set of
row data.
|
void |
requireAccess(User user,
String request,
TableName tableName,
Permission.Action... permissions)
Authorizes that the current user has any of the given permissions to access the table.
|
void |
requireGlobalPermission(User user,
String request,
Permission.Action perm,
String namespace)
Checks that the user has the given global permission.
|
void |
requireGlobalPermission(User user,
String request,
Permission.Action perm,
TableName tableName,
Map<byte[],? extends Collection<byte[]>> familyMap,
String filterUser)
Checks that the user has the given global permission.
|
void |
requireNamespacePermission(User user,
String request,
String namespace,
String filterUser,
Permission.Action... permissions)
Checks that the user has the given global or namespace permission.
|
void |
requireNamespacePermission(User user,
String request,
String namespace,
TableName tableName,
Map<byte[],? extends Collection<byte[]>> familyMap,
Permission.Action... permissions)
Checks that the user has the given global or namespace permission.
|
void |
requirePermission(User user,
String request,
String filterUser,
Permission.Action perm)
Authorizes that the current user has global privileges for the given action.
|
void |
requirePermission(User user,
String request,
TableName tableName,
byte[] family,
byte[] qualifier,
String filterUser,
Permission.Action... permissions)
Authorizes that the current user has any of the given permissions for the given table, column
family and column qualifier.
|
void |
requireTablePermission(User user,
String request,
TableName tableName,
byte[] family,
byte[] qualifier,
Permission.Action... permissions)
Authorizes that the current user has any of the given permissions for the given table, column
family and column qualifier.
|
getAuthManager, getUserGroups, isAuthorizationSupported, logResult, validateCallerWithFilterUser
public NoopAccessChecker(org.apache.hadoop.conf.Configuration conf) throws RuntimeException
RuntimeException
public void requireAccess(User user, String request, TableName tableName, Permission.Action... permissions)
AccessChecker
requireAccess
in class AccessChecker
user
- Active user to which authorization checks should be appliedrequest
- Request type.tableName
- Table requestedpermissions
- Actions being requestedpublic void requirePermission(User user, String request, String filterUser, Permission.Action perm)
AccessChecker
requirePermission
in class AccessChecker
user
- Active user to which authorization checks should be appliedrequest
- Request typefilterUser
- User name to be filtered from permission as requestedperm
- The action being requestedpublic void requireGlobalPermission(User user, String request, Permission.Action perm, TableName tableName, Map<byte[],? extends Collection<byte[]>> familyMap, String filterUser)
AccessChecker
requireGlobalPermission
in class AccessChecker
user
- Active user to which authorization checks should be appliedrequest
- Request typeperm
- Action being requestedtableName
- Affected table name.familyMap
- Affected column families.filterUser
- User name to be filtered from permission as requestedpublic void requireGlobalPermission(User user, String request, Permission.Action perm, String namespace)
AccessChecker
requireGlobalPermission
in class AccessChecker
user
- Active user to which authorization checks should be appliedrequest
- Request typeperm
- Action being requestednamespace
- The given namespacepublic void requireNamespacePermission(User user, String request, String namespace, String filterUser, Permission.Action... permissions)
AccessChecker
requireNamespacePermission
in class AccessChecker
user
- Active user to which authorization checks should be appliedrequest
- Request typenamespace
- Name space as requestedfilterUser
- User name to be filtered from permission as requestedpermissions
- Actions being requestedpublic void requireNamespacePermission(User user, String request, String namespace, TableName tableName, Map<byte[],? extends Collection<byte[]>> familyMap, Permission.Action... permissions)
AccessChecker
requireNamespacePermission
in class AccessChecker
user
- Active user to which authorization checks should be appliedrequest
- Request typenamespace
- The given namespacetableName
- Table requestedfamilyMap
- Column family map requestedpermissions
- Actions being requestedpublic void requirePermission(User user, String request, TableName tableName, byte[] family, byte[] qualifier, String filterUser, Permission.Action... permissions)
AccessChecker
requirePermission
in class AccessChecker
user
- Active user to which authorization checks should be appliedrequest
- Request typetableName
- Table requestedfamily
- Column family requestedqualifier
- Column qualifier requestedfilterUser
- User name to be filtered from permission as requestedpermissions
- Actions being requestedpublic void requireTablePermission(User user, String request, TableName tableName, byte[] family, byte[] qualifier, Permission.Action... permissions)
AccessChecker
requireTablePermission
in class AccessChecker
user
- Active user to which authorization checks should be appliedrequest
- Request typetableName
- Table requestedfamily
- Column family paramqualifier
- Column qualifier parampublic void performOnSuperuser(String request, User caller, String userToBeChecked)
AccessChecker
performOnSuperuser
in class AccessChecker
request
- request namecaller
- calleruserToBeChecked
- target user or grouppublic void checkLockPermissions(User user, String namespace, TableName tableName, RegionInfo[] regionInfos, String reason)
checkLockPermissions
in class AccessChecker
public boolean hasUserPermission(User user, String request, Permission permission)
AccessChecker
hasUserPermission
in class AccessChecker
user
- Active user to which authorization checks should be appliedrequest
- Request typepermission
- Actions being requestedpublic AuthResult permissionGranted(String request, User user, Permission.Action permRequest, TableName tableName, Map<byte[],? extends Collection<?>> families)
AccessChecker
Note: Ordering of the authorization checks has been carefully optimized to short-circuit the most common requests and minimize the amount of processing required.
permissionGranted
in class AccessChecker
request
- User requestuser
- User namepermRequest
- the action being requestedtableName
- Table namefamilies
- the map of column families to qualifiers present in the requestCopyright © 2007–2020 The Apache Software Foundation. All rights reserved.