Package | Description |
---|---|
org.apache.hadoop.hbase.regionserver | |
org.apache.hadoop.hbase.security.access |
Modifier and Type | Method and Description |
---|---|
protected void |
RSRpcServices.requirePermission(String request,
Permission.Action perm) |
Modifier and Type | Field and Description |
---|---|
private Permission.Action |
AuthResult.action |
Modifier and Type | Field and Description |
---|---|
protected static Map<Byte,Permission.Action> |
Permission.ACTION_BY_CODE |
protected EnumSet<Permission.Action> |
Permission.actions |
private List<Permission.Action> |
Permission.Builder.actions |
Modifier and Type | Method and Description |
---|---|
Permission.Action |
AuthResult.getAction() |
Permission.Action[] |
Permission.getActions() |
static Permission.Action |
AccessControlUtil.toPermissionAction(org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.Permission.Action action)
Converts a Permission.Action proto to a client Permission.Action object.
|
static Permission.Action |
ShadedAccessControlUtil.toPermissionAction(org.apache.hadoop.hbase.shaded.protobuf.generated.AccessControlProtos.Permission.Action action)
Convert a Permission.Action shaded proto to a client Permission.Action object.
|
static Permission.Action[] |
AccessControlUtil.toPermissionActions(List<org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.Permission.Action> protoActions)
Converts a list of Permission.Action proto to an array of client Permission.Action objects.
|
static Permission.Action[] |
ShadedAccessControlUtil.toPermissionActions(List<org.apache.hadoop.hbase.shaded.protobuf.generated.AccessControlProtos.Permission.Action> protoActions)
Converts a list of Permission.Action shaded proto to an array of client Permission.Action
objects.
|
static Permission.Action |
Permission.Action.valueOf(String name)
Returns the enum constant of this type with the specified name.
|
static Permission.Action[] |
Permission.Action.values()
Returns an array containing the constants of this enum type, in
the order they are declared.
|
Modifier and Type | Method and Description |
---|---|
boolean |
AuthManager.accessUserTable(User user,
TableName table,
Permission.Action action)
Checks if the user has access to the full table or at least a family/qualifier for the
specified action.
|
static AuthResult |
AuthResult.allow(String request,
String reason,
User user,
Permission.Action action,
String namespace) |
static AuthResult |
AuthResult.allow(String request,
String reason,
User user,
Permission.Action action,
TableName table,
byte[] family,
byte[] qualifier) |
static AuthResult |
AuthResult.allow(String request,
String reason,
User user,
Permission.Action action,
TableName table,
Map<byte[],? extends Collection<?>> families) |
boolean |
AuthManager.authorizeCell(User user,
TableName table,
Cell cell,
Permission.Action action)
Check if user has given action privilige in cell scope.
|
private boolean |
AuthManager.authorizeFamily(Set<TablePermission> permissions,
TableName table,
byte[] family,
Permission.Action action) |
private boolean |
AuthManager.authorizeGlobal(GlobalPermission permissions,
Permission.Action action) |
private boolean |
AuthManager.authorizeNamespace(Set<NamespacePermission> permissions,
String namespace,
Permission.Action action) |
private boolean |
AuthManager.authorizeTable(Set<TablePermission> permissions,
TableName table,
byte[] family,
byte[] qualifier,
Permission.Action action) |
boolean |
AuthManager.authorizeUserFamily(User user,
TableName table,
byte[] family,
Permission.Action action)
Check if user has given action privilige in table:family scope.
|
boolean |
AuthManager.authorizeUserGlobal(User user,
Permission.Action action)
Check if user has given action privilige in global scope.
|
boolean |
AuthManager.authorizeUserNamespace(User user,
String namespace,
Permission.Action action)
Check if user has given action privilige in namespace scope.
|
boolean |
AuthManager.authorizeUserTable(User user,
TableName table,
byte[] family,
byte[] qualifier,
Permission.Action action)
Check if user has given action privilige in table:family:qualifier scope.
|
boolean |
AuthManager.authorizeUserTable(User user,
TableName table,
byte[] family,
Permission.Action action)
Check if user has given action privilige in table:family scope.
|
boolean |
AuthManager.authorizeUserTable(User user,
TableName table,
Permission.Action action)
Check if user has given action privilige in table scope.
|
private boolean |
AccessController.checkCoveringPermission(User user,
AccessController.OpType request,
RegionCoprocessorEnvironment e,
byte[] row,
Map<byte[],? extends Collection<?>> familyMap,
long opTs,
Permission.Action... actions)
Determine if cell ACLs covered by the operation grant access.
|
static AuthResult |
AuthResult.deny(String request,
String reason,
User user,
Permission.Action action,
String namespace) |
static AuthResult |
AuthResult.deny(String request,
String reason,
User user,
Permission.Action action,
TableName table,
byte[] family,
byte[] qualifier) |
static AuthResult |
AuthResult.deny(String request,
String reason,
User user,
Permission.Action action,
TableName table,
Map<byte[],? extends Collection<?>> families) |
private static void |
AccessControlClient.grant(Connection connection,
String userName,
boolean mergeExistingPermissions,
Permission.Action... actions)
Grant global permissions for the specified user.
|
static void |
AccessControlClient.grant(Connection connection,
String userName,
Permission.Action... actions)
Grant global permissions for the specified user.
|
private static void |
AccessControlClient.grant(Connection connection,
String namespace,
String userName,
boolean mergeExistingPermissions,
Permission.Action... actions)
Grants permission on the specified namespace for the specified user.
|
static void |
AccessControlClient.grant(Connection connection,
String namespace,
String userName,
Permission.Action... actions)
Grants permission on the specified namespace for the specified user.
|
private static void |
AccessControlClient.grant(Connection connection,
TableName tableName,
String userName,
byte[] family,
byte[] qual,
boolean mergeExistingPermissions,
Permission.Action... actions)
Grants permission on the specified table for the specified user
|
static void |
AccessControlClient.grant(Connection connection,
TableName tableName,
String userName,
byte[] family,
byte[] qual,
Permission.Action... actions)
Grants permission on the specified table for the specified user.
|
static void |
AccessControlUtil.grant(com.google.protobuf.RpcController controller,
org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.AccessControlService.BlockingInterface protocol,
String userShortName,
boolean mergeExistingPermissions,
Permission.Action... actions)
Deprecated.
|
static void |
AccessControlUtil.grant(com.google.protobuf.RpcController controller,
org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.AccessControlService.BlockingInterface protocol,
String userShortName,
String namespace,
boolean mergeExistingPermissions,
Permission.Action... actions)
Deprecated.
|
static void |
AccessControlUtil.grant(com.google.protobuf.RpcController controller,
org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.AccessControlService.BlockingInterface protocol,
String userShortName,
TableName tableName,
byte[] f,
byte[] q,
boolean mergeExistingPermissions,
Permission.Action... actions)
Deprecated.
|
private boolean |
AuthManager.hasAccessTable(Set<TablePermission> permissions,
Permission.Action action) |
private boolean |
AccessController.hasFamilyQualifierPermission(User user,
Permission.Action perm,
RegionCoprocessorEnvironment env,
Map<byte[],? extends Collection<byte[]>> familyMap)
Returns
true if the current user is allowed the given action over at least one of
the column qualifiers in the given column families. |
static boolean |
AccessControlClient.hasPermission(Connection connection,
String tableName,
byte[] columnFamily,
byte[] columnQualifier,
String userName,
Permission.Action... actions)
Validates whether specified user has permission to perform actions on the mentioned table,
column family or column qualifier.
|
static boolean |
AccessControlClient.hasPermission(Connection connection,
String tableName,
String columnFamily,
String columnQualifier,
String userName,
Permission.Action... actions)
Validates whether specified user has permission to perform actions on the mentioned table,
column family or column qualifier.
|
static boolean |
AccessControlUtil.hasPermission(com.google.protobuf.RpcController controller,
org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.AccessControlService.BlockingInterface protocol,
TableName tableName,
byte[] columnFamily,
byte[] columnQualifier,
String userName,
Permission.Action[] actions)
Deprecated.
|
boolean |
Permission.implies(Permission.Action action)
check if given action is granted
|
boolean |
NamespacePermission.implies(String namespace,
Permission.Action action)
check if given action is granted in given namespace.
|
boolean |
TablePermission.implies(TableName table,
byte[] family,
byte[] qualifier,
Permission.Action action)
Check if given action can performs on given table:family:qualifier.
|
boolean |
TablePermission.implies(TableName table,
byte[] family,
Permission.Action action)
Check if given action can performs on given table:family.
|
boolean |
TablePermission.implies(TableName table,
KeyValue kv,
Permission.Action action)
Checks if this permission grants access to perform the given action on the given table and key
value.
|
private AuthResult |
AccessController.permissionGranted(AccessController.OpType opType,
User user,
RegionCoprocessorEnvironment e,
Map<byte[],? extends Collection<?>> families,
Permission.Action... actions)
Check the current user for authorization to perform a specific action against the given set of
row data.
|
private AuthResult |
AccessChecker.permissionGranted(String request,
User user,
Permission.Action permRequest,
TableName tableName,
byte[] family,
byte[] qualifier) |
AuthResult |
AccessChecker.permissionGranted(String request,
User user,
Permission.Action permRequest,
TableName tableName,
Map<byte[],? extends Collection<?>> families)
Check the current user for authorization to perform a specific action against the given set of
row data.
|
AuthResult |
NoopAccessChecker.permissionGranted(String request,
User user,
Permission.Action permRequest,
TableName tableName,
Map<byte[],? extends Collection<?>> families) |
void |
AccessController.requireAccess(ObserverContext<?> ctx,
String request,
TableName tableName,
Permission.Action... permissions) |
void |
AccessChecker.requireAccess(User user,
String request,
TableName tableName,
Permission.Action... permissions)
Authorizes that the current user has any of the given permissions to access the table.
|
void |
NoopAccessChecker.requireAccess(User user,
String request,
TableName tableName,
Permission.Action... permissions) |
void |
AccessController.requireGlobalPermission(ObserverContext<?> ctx,
String request,
Permission.Action perm,
String namespace) |
void |
AccessController.requireGlobalPermission(ObserverContext<?> ctx,
String request,
Permission.Action perm,
TableName tableName,
Map<byte[],? extends Collection<byte[]>> familyMap) |
void |
AccessChecker.requireGlobalPermission(User user,
String request,
Permission.Action perm,
String namespace)
Checks that the user has the given global permission.
|
void |
NoopAccessChecker.requireGlobalPermission(User user,
String request,
Permission.Action perm,
String namespace) |
void |
AccessChecker.requireGlobalPermission(User user,
String request,
Permission.Action perm,
TableName tableName,
Map<byte[],? extends Collection<byte[]>> familyMap,
String filterUser)
Checks that the user has the given global permission.
|
void |
NoopAccessChecker.requireGlobalPermission(User user,
String request,
Permission.Action perm,
TableName tableName,
Map<byte[],? extends Collection<byte[]>> familyMap,
String filterUser) |
void |
AccessController.requireNamespacePermission(ObserverContext<?> ctx,
String request,
String namespace,
Permission.Action... permissions) |
void |
AccessController.requireNamespacePermission(ObserverContext<?> ctx,
String request,
String namespace,
TableName tableName,
Map<byte[],? extends Collection<byte[]>> familyMap,
Permission.Action... permissions) |
void |
AccessChecker.requireNamespacePermission(User user,
String request,
String namespace,
String filterUser,
Permission.Action... permissions)
Checks that the user has the given global or namespace permission.
|
void |
NoopAccessChecker.requireNamespacePermission(User user,
String request,
String namespace,
String filterUser,
Permission.Action... permissions) |
void |
AccessChecker.requireNamespacePermission(User user,
String request,
String namespace,
TableName tableName,
Map<byte[],? extends Collection<byte[]>> familyMap,
Permission.Action... permissions)
Checks that the user has the given global or namespace permission.
|
void |
NoopAccessChecker.requireNamespacePermission(User user,
String request,
String namespace,
TableName tableName,
Map<byte[],? extends Collection<byte[]>> familyMap,
Permission.Action... permissions) |
void |
AccessController.requirePermission(ObserverContext<?> ctx,
String request,
Permission.Action perm) |
void |
AccessController.requirePermission(ObserverContext<?> ctx,
String request,
TableName tableName,
byte[] family,
byte[] qualifier,
Permission.Action... permissions) |
void |
AccessChecker.requirePermission(User user,
String request,
String filterUser,
Permission.Action perm)
Authorizes that the current user has global privileges for the given action.
|
void |
NoopAccessChecker.requirePermission(User user,
String request,
String filterUser,
Permission.Action perm) |
void |
AccessChecker.requirePermission(User user,
String request,
TableName tableName,
byte[] family,
byte[] qualifier,
String filterUser,
Permission.Action... permissions)
Authorizes that the current user has any of the given permissions for the given table, column
family and column qualifier.
|
void |
NoopAccessChecker.requirePermission(User user,
String request,
TableName tableName,
byte[] family,
byte[] qualifier,
String filterUser,
Permission.Action... permissions) |
void |
AccessController.requireTablePermission(ObserverContext<?> ctx,
String request,
TableName tableName,
byte[] family,
byte[] qualifier,
Permission.Action... permissions) |
void |
AccessChecker.requireTablePermission(User user,
String request,
TableName tableName,
byte[] family,
byte[] qualifier,
Permission.Action... permissions)
Authorizes that the current user has any of the given permissions for the given table, column
family and column qualifier.
|
void |
NoopAccessChecker.requireTablePermission(User user,
String request,
TableName tableName,
byte[] family,
byte[] qualifier,
Permission.Action... permissions) |
static void |
AccessControlClient.revoke(Connection connection,
String userName,
Permission.Action... actions)
Revoke global permissions for the specified user.
|
static void |
AccessControlClient.revoke(Connection connection,
String namespace,
String userName,
Permission.Action... actions)
Revokes the permission on the namespace for the specified user.
|
static void |
AccessControlClient.revoke(Connection connection,
TableName tableName,
String username,
byte[] family,
byte[] qualifier,
Permission.Action... actions)
Revokes the permission on the table
|
static void |
AccessControlUtil.revoke(com.google.protobuf.RpcController controller,
org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.AccessControlService.BlockingInterface protocol,
String userShortName,
Permission.Action... actions)
Deprecated.
Use
Admin.revoke(UserPermission) instead. |
static void |
AccessControlUtil.revoke(com.google.protobuf.RpcController controller,
org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.AccessControlService.BlockingInterface protocol,
String userShortName,
String namespace,
Permission.Action... actions)
Deprecated.
Use
Admin.revoke(UserPermission) instead. |
static void |
AccessControlUtil.revoke(com.google.protobuf.RpcController controller,
org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.AccessControlService.BlockingInterface protocol,
String userShortName,
TableName tableName,
byte[] f,
byte[] q,
Permission.Action... actions)
Deprecated.
Use
Admin.revoke(UserPermission) instead. |
void |
Permission.setActions(Permission.Action[] assigned) |
static org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.Permission.Action |
AccessControlUtil.toPermissionAction(Permission.Action action)
Convert a client Permission.Action to a Permission.Action proto
|
static org.apache.hadoop.hbase.shaded.protobuf.generated.AccessControlProtos.Permission.Action |
ShadedAccessControlUtil.toPermissionAction(Permission.Action action)
Convert a client user permission to a user permission shaded proto.
|
Permission.Builder |
Permission.Builder.withActions(Permission.Action... actions) |
Constructor and Description |
---|
AuthResult(boolean allowed,
String request,
String reason,
User user,
Permission.Action action,
String namespace) |
AuthResult(boolean allowed,
String request,
String reason,
User user,
Permission.Action action,
TableName table,
byte[] family,
byte[] qualifier) |
AuthResult(boolean allowed,
String request,
String reason,
User user,
Permission.Action action,
TableName table,
Map<byte[],? extends Collection<?>> families) |
GlobalPermission(Permission.Action... assigned)
Construct a global permission.
|
NamespacePermission(String namespace,
Permission.Action... assigned)
Construct a namespace permission.
|
Permission(Permission.Action... assigned) |
TablePermission(TableName table,
byte[] family,
byte[] qualifier,
Permission.Action... assigned)
Construct a table:family:qualifier permission.
|
Copyright © 2007–2020 The Apache Software Foundation. All rights reserved.