Class AccessControlClient
java.lang.Object
org.apache.hadoop.hbase.security.access.AccessControlClient
Utility client for doing access control admin operations.
-
Field Summary
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionstatic List<UserPermission>
getUserPermissions
(Connection connection, String tableRegex) List all the userPermissions matching the given pattern.static List<UserPermission>
getUserPermissions
(Connection connection, String tableRegex, byte[] columnFamily) List all the userPermissions matching the given table pattern and column family.static List<UserPermission>
getUserPermissions
(Connection connection, String tableRegex, byte[] columnFamily, byte[] columnQualifier) List all the userPermissions matching the given table pattern, column family and column qualifier.static List<UserPermission>
getUserPermissions
(Connection connection, String tableRegex, byte[] columnFamily, byte[] columnQualifier, String userName) List all the userPermissions matching the given table pattern, column family and column qualifier.static List<UserPermission>
getUserPermissions
(Connection connection, String tableRegex, byte[] columnFamily, String userName) List all the userPermissions matching the given table pattern, column family and user name.static List<UserPermission>
getUserPermissions
(Connection connection, String tableRegex, String userName) List all the userPermissions matching the given table pattern and user name.private static void
grant
(Connection connection, String userName, boolean mergeExistingPermissions, Permission.Action... actions) Grant global permissions for the specified user.private static void
grant
(Connection connection, String namespace, String userName, boolean mergeExistingPermissions, Permission.Action... actions) Grants permission on the specified namespace for the specified user.static void
grant
(Connection connection, String namespace, String userName, Permission.Action... actions) Grants permission on the specified namespace for the specified user.static void
grant
(Connection connection, String userName, Permission.Action... actions) Grant global permissions for the specified user.private static void
grant
(Connection connection, TableName tableName, String userName, byte[] family, byte[] qual, boolean mergeExistingPermissions, Permission.Action... actions) Grants permission on the specified table for the specified userstatic void
grant
(Connection connection, TableName tableName, String userName, byte[] family, byte[] qual, Permission.Action... actions) Grants permission on the specified table for the specified user.static boolean
hasPermission
(Connection connection, String tableName, byte[] columnFamily, byte[] columnQualifier, String userName, Permission.Action... actions) Validates whether specified user has permission to perform actions on the mentioned table, column family or column qualifier.static boolean
hasPermission
(Connection connection, String tableName, String columnFamily, String columnQualifier, String userName, Permission.Action... actions) Validates whether specified user has permission to perform actions on the mentioned table, column family or column qualifier.static boolean
isAccessControllerRunning
(Connection connection) static boolean
isAuthorizationEnabled
(Connection connection) Return true if authorization is supported and enabledstatic boolean
isCellAuthorizationEnabled
(Connection connection) Return true if cell authorization is supported and enabledstatic void
revoke
(Connection connection, String namespace, String userName, Permission.Action... actions) Revokes the permission on the namespace for the specified user.static void
revoke
(Connection connection, String userName, Permission.Action... actions) Revoke global permissions for the specified user.static void
revoke
(Connection connection, TableName tableName, String username, byte[] family, byte[] qualifier, Permission.Action... actions) Revokes the permission on the table
-
Field Details
-
ACL_TABLE_NAME
-
-
Constructor Details
-
AccessControlClient
public AccessControlClient()
-
-
Method Details
-
isAuthorizationEnabled
Return true if authorization is supported and enabled- Parameters:
connection
- The connection to use- Returns:
- true if authorization is supported and enabled, false otherwise
- Throws:
IOException
-
isCellAuthorizationEnabled
Return true if cell authorization is supported and enabled- Parameters:
connection
- The connection to use- Returns:
- true if cell authorization is supported and enabled, false otherwise
- Throws:
IOException
-
grant
private static void grant(Connection connection, TableName tableName, String userName, byte[] family, byte[] qual, boolean mergeExistingPermissions, Permission.Action... actions) throws Throwable Grants permission on the specified table for the specified user- Parameters:
connection
- The Connection instance to usetableName
- the table nameuserName
- the user namefamily
- the column familyqual
- the column qualifiermergeExistingPermissions
- If set to false, later granted permissions will override previous granted permissions. otherwise, it'll merge with previous granted permissions.actions
- the actions- Throws:
Throwable
-
grant
public static void grant(Connection connection, TableName tableName, String userName, byte[] family, byte[] qual, Permission.Action... actions) throws Throwable Grants permission on the specified table for the specified user. If permissions for a specified user exists, later granted permissions will override previous granted permissions.- Parameters:
connection
- The Connection instance to usetableName
- the table nameuserName
- the user namefamily
- the column familyqual
- the column qualifieractions
- the actions- Throws:
Throwable
-
grant
private static void grant(Connection connection, String namespace, String userName, boolean mergeExistingPermissions, Permission.Action... actions) throws Throwable Grants permission on the specified namespace for the specified user.- Parameters:
connection
- The Connection instance to usenamespace
- the namespaceuserName
- the user namemergeExistingPermissions
- If set to false, later granted permissions will override previous granted permissions. otherwise, it'll merge with previous granted permissions.actions
- the actions- Throws:
Throwable
-
grant
public static void grant(Connection connection, String namespace, String userName, Permission.Action... actions) throws Throwable Grants permission on the specified namespace for the specified user. If permissions on the specified namespace exists, later granted permissions will override previous granted permissions.- Parameters:
connection
- The Connection instance to usenamespace
- the namespaceuserName
- the user nameactions
- the actions- Throws:
Throwable
-
grant
private static void grant(Connection connection, String userName, boolean mergeExistingPermissions, Permission.Action... actions) throws Throwable Grant global permissions for the specified user.- Parameters:
connection
- The Connection instance to useuserName
- the user namemergeExistingPermissions
- If set to false, later granted permissions will override previous granted permissions. otherwise, it'll merge with previous granted permissions.actions
- the actions- Throws:
Throwable
-
grant
public static void grant(Connection connection, String userName, Permission.Action... actions) throws Throwable Grant global permissions for the specified user. If permissions for the specified user exists, later granted permissions will override previous granted permissions.- Throws:
Throwable
-
isAccessControllerRunning
public static boolean isAccessControllerRunning(Connection connection) throws MasterNotRunningException, ZooKeeperConnectionException, IOException -
revoke
public static void revoke(Connection connection, TableName tableName, String username, byte[] family, byte[] qualifier, Permission.Action... actions) throws Throwable Revokes the permission on the table- Parameters:
connection
- The Connection instance to use- Throws:
Throwable
-
revoke
public static void revoke(Connection connection, String namespace, String userName, Permission.Action... actions) throws Throwable Revokes the permission on the namespace for the specified user.- Parameters:
connection
- The Connection instance to use- Throws:
Throwable
-
revoke
public static void revoke(Connection connection, String userName, Permission.Action... actions) throws Throwable Revoke global permissions for the specified user.- Parameters:
connection
- The Connection instance to use- Throws:
Throwable
-
getUserPermissions
public static List<UserPermission> getUserPermissions(Connection connection, String tableRegex) throws Throwable List all the userPermissions matching the given pattern. If pattern is null, the behavior is dependent on whether user has global admin privileges or not. If yes, the global permissions along with the list of superusers would be returned. Else, no rows get returned.- Parameters:
connection
- The Connection instance to usetableRegex
- The regular expression string to match against- Returns:
- List of UserPermissions
- Throws:
Throwable
-
getUserPermissions
public static List<UserPermission> getUserPermissions(Connection connection, String tableRegex, String userName) throws Throwable List all the userPermissions matching the given table pattern and user name.- Parameters:
connection
- ConnectiontableRegex
- The regular expression string to match againstuserName
- User name, if empty then all user permissions will be retrieved.- Returns:
- List of UserPermissions
- Throws:
Throwable
- on failure
-
getUserPermissions
public static List<UserPermission> getUserPermissions(Connection connection, String tableRegex, byte[] columnFamily) throws Throwable List all the userPermissions matching the given table pattern and column family.- Parameters:
connection
- ConnectiontableRegex
- The regular expression string to match against. It shouldn't be null, empty or a namespace regular expression.columnFamily
- Column family- Returns:
- List of UserPermissions
- Throws:
Throwable
- on failure
-
getUserPermissions
public static List<UserPermission> getUserPermissions(Connection connection, String tableRegex, byte[] columnFamily, String userName) throws Throwable List all the userPermissions matching the given table pattern, column family and user name.- Parameters:
connection
- ConnectiontableRegex
- The regular expression string to match against. It shouldn't be null, empty or a namespace regular expression.columnFamily
- Column familyuserName
- User name, if empty then all user permissions will be retrieved.- Returns:
- List of UserPermissions
- Throws:
Throwable
- on failure
-
getUserPermissions
public static List<UserPermission> getUserPermissions(Connection connection, String tableRegex, byte[] columnFamily, byte[] columnQualifier) throws Throwable List all the userPermissions matching the given table pattern, column family and column qualifier.- Parameters:
connection
- ConnectiontableRegex
- The regular expression string to match against. It shouldn't be null, empty or a namespace regular expression.columnFamily
- Column familycolumnQualifier
- Column qualifier- Returns:
- List of UserPermissions
- Throws:
Throwable
- on failure
-
getUserPermissions
public static List<UserPermission> getUserPermissions(Connection connection, String tableRegex, byte[] columnFamily, byte[] columnQualifier, String userName) throws Throwable List all the userPermissions matching the given table pattern, column family and column qualifier.- Parameters:
connection
- ConnectiontableRegex
- The regular expression string to match against. It shouldn't be null, empty or a namespace regular expression.columnFamily
- Column familycolumnQualifier
- Column qualifieruserName
- User name, if empty then all user permissions will be retrieved.- Returns:
- List of UserPermissions
- Throws:
Throwable
- on failure
-
hasPermission
public static boolean hasPermission(Connection connection, String tableName, String columnFamily, String columnQualifier, String userName, Permission.Action... actions) throws Throwable Validates whether specified user has permission to perform actions on the mentioned table, column family or column qualifier.- Parameters:
connection
- ConnectiontableName
- Table name, it shouldn't be null or empty.columnFamily
- The column family. Optional argument, can be empty. If empty then validation will happen at table level.columnQualifier
- The column qualifier. Optional argument, can be empty. If empty then validation will happen at table and column family level. columnQualifier will not be considered if columnFamily is passed as null or empty.userName
- User name, it shouldn't be null or empty.actions
- Actions- Returns:
- true if access allowed to the specified user, otherwise false.
- Throws:
Throwable
- on failure
-
hasPermission
public static boolean hasPermission(Connection connection, String tableName, byte[] columnFamily, byte[] columnQualifier, String userName, Permission.Action... actions) throws Throwable Validates whether specified user has permission to perform actions on the mentioned table, column family or column qualifier.- Parameters:
connection
- ConnectiontableName
- Table name, it shouldn't be null or empty.columnFamily
- The column family. Optional argument, can be empty. If empty then validation will happen at table level.columnQualifier
- The column qualifier. Optional argument, can be empty. If empty then validation will happen at table and column family level. columnQualifier will not be considered if columnFamily is passed as null or empty.userName
- User name, it shouldn't be null or empty.actions
- Actions- Returns:
- true if access allowed to the specified user, otherwise false.
- Throws:
Throwable
- on failure
-