Class AccessControlClient

java.lang.Object
org.apache.hadoop.hbase.security.access.AccessControlClient

@Public public class AccessControlClient extends Object
Utility client for doing access control admin operations.
  • Field Details

  • Constructor Details

  • Method Details

    • isAuthorizationEnabled

      public static boolean isAuthorizationEnabled(Connection connection) throws IOException
      Return true if authorization is supported and enabled
      Parameters:
      connection - The connection to use
      Returns:
      true if authorization is supported and enabled, false otherwise
      Throws:
      IOException
    • isCellAuthorizationEnabled

      public static boolean isCellAuthorizationEnabled(Connection connection) throws IOException
      Return true if cell authorization is supported and enabled
      Parameters:
      connection - The connection to use
      Returns:
      true if cell authorization is supported and enabled, false otherwise
      Throws:
      IOException
    • grant

      private static void grant(Connection connection, TableName tableName, String userName, byte[] family, byte[] qual, boolean mergeExistingPermissions, Permission.Action... actions) throws Throwable
      Grants permission on the specified table for the specified user
      Parameters:
      connection - The Connection instance to use
      tableName - the table name
      userName - the user name
      family - the column family
      qual - the column qualifier
      mergeExistingPermissions - If set to false, later granted permissions will override previous granted permissions. otherwise, it'll merge with previous granted permissions.
      actions - the actions
      Throws:
      Throwable
    • grant

      public static void grant(Connection connection, TableName tableName, String userName, byte[] family, byte[] qual, Permission.Action... actions) throws Throwable
      Grants permission on the specified table for the specified user. If permissions for a specified user exists, later granted permissions will override previous granted permissions.
      Parameters:
      connection - The Connection instance to use
      tableName - the table name
      userName - the user name
      family - the column family
      qual - the column qualifier
      actions - the actions
      Throws:
      Throwable
    • grant

      private static void grant(Connection connection, String namespace, String userName, boolean mergeExistingPermissions, Permission.Action... actions) throws Throwable
      Grants permission on the specified namespace for the specified user.
      Parameters:
      connection - The Connection instance to use
      namespace - the namespace
      userName - the user name
      mergeExistingPermissions - If set to false, later granted permissions will override previous granted permissions. otherwise, it'll merge with previous granted permissions.
      actions - the actions
      Throws:
      Throwable
    • grant

      public static void grant(Connection connection, String namespace, String userName, Permission.Action... actions) throws Throwable
      Grants permission on the specified namespace for the specified user. If permissions on the specified namespace exists, later granted permissions will override previous granted permissions.
      Parameters:
      connection - The Connection instance to use
      namespace - the namespace
      userName - the user name
      actions - the actions
      Throws:
      Throwable
    • grant

      private static void grant(Connection connection, String userName, boolean mergeExistingPermissions, Permission.Action... actions) throws Throwable
      Grant global permissions for the specified user.
      Parameters:
      connection - The Connection instance to use
      userName - the user name
      mergeExistingPermissions - If set to false, later granted permissions will override previous granted permissions. otherwise, it'll merge with previous granted permissions.
      actions - the actions
      Throws:
      Throwable
    • grant

      public static void grant(Connection connection, String userName, Permission.Action... actions) throws Throwable
      Grant global permissions for the specified user. If permissions for the specified user exists, later granted permissions will override previous granted permissions.
      Throws:
      Throwable
    • isAccessControllerRunning

      Throws:
      MasterNotRunningException
      ZooKeeperConnectionException
      IOException
    • revoke

      public static void revoke(Connection connection, TableName tableName, String username, byte[] family, byte[] qualifier, Permission.Action... actions) throws Throwable
      Revokes the permission on the table
      Parameters:
      connection - The Connection instance to use
      Throws:
      Throwable
    • revoke

      public static void revoke(Connection connection, String namespace, String userName, Permission.Action... actions) throws Throwable
      Revokes the permission on the namespace for the specified user.
      Parameters:
      connection - The Connection instance to use
      Throws:
      Throwable
    • revoke

      public static void revoke(Connection connection, String userName, Permission.Action... actions) throws Throwable
      Revoke global permissions for the specified user.
      Parameters:
      connection - The Connection instance to use
      Throws:
      Throwable
    • getUserPermissions

      public static List<UserPermission> getUserPermissions(Connection connection, String tableRegex) throws Throwable
      List all the userPermissions matching the given pattern. If pattern is null, the behavior is dependent on whether user has global admin privileges or not. If yes, the global permissions along with the list of superusers would be returned. Else, no rows get returned.
      Parameters:
      connection - The Connection instance to use
      tableRegex - The regular expression string to match against
      Returns:
      List of UserPermissions
      Throws:
      Throwable
    • getUserPermissions

      public static List<UserPermission> getUserPermissions(Connection connection, String tableRegex, String userName) throws Throwable
      List all the userPermissions matching the given table pattern and user name.
      Parameters:
      connection - Connection
      tableRegex - The regular expression string to match against
      userName - User name, if empty then all user permissions will be retrieved.
      Returns:
      List of UserPermissions
      Throws:
      Throwable - on failure
    • getUserPermissions

      public static List<UserPermission> getUserPermissions(Connection connection, String tableRegex, byte[] columnFamily) throws Throwable
      List all the userPermissions matching the given table pattern and column family.
      Parameters:
      connection - Connection
      tableRegex - The regular expression string to match against. It shouldn't be null, empty or a namespace regular expression.
      columnFamily - Column family
      Returns:
      List of UserPermissions
      Throws:
      Throwable - on failure
    • getUserPermissions

      public static List<UserPermission> getUserPermissions(Connection connection, String tableRegex, byte[] columnFamily, String userName) throws Throwable
      List all the userPermissions matching the given table pattern, column family and user name.
      Parameters:
      connection - Connection
      tableRegex - The regular expression string to match against. It shouldn't be null, empty or a namespace regular expression.
      columnFamily - Column family
      userName - User name, if empty then all user permissions will be retrieved.
      Returns:
      List of UserPermissions
      Throws:
      Throwable - on failure
    • getUserPermissions

      public static List<UserPermission> getUserPermissions(Connection connection, String tableRegex, byte[] columnFamily, byte[] columnQualifier) throws Throwable
      List all the userPermissions matching the given table pattern, column family and column qualifier.
      Parameters:
      connection - Connection
      tableRegex - The regular expression string to match against. It shouldn't be null, empty or a namespace regular expression.
      columnFamily - Column family
      columnQualifier - Column qualifier
      Returns:
      List of UserPermissions
      Throws:
      Throwable - on failure
    • getUserPermissions

      public static List<UserPermission> getUserPermissions(Connection connection, String tableRegex, byte[] columnFamily, byte[] columnQualifier, String userName) throws Throwable
      List all the userPermissions matching the given table pattern, column family and column qualifier.
      Parameters:
      connection - Connection
      tableRegex - The regular expression string to match against. It shouldn't be null, empty or a namespace regular expression.
      columnFamily - Column family
      columnQualifier - Column qualifier
      userName - User name, if empty then all user permissions will be retrieved.
      Returns:
      List of UserPermissions
      Throws:
      Throwable - on failure
    • hasPermission

      public static boolean hasPermission(Connection connection, String tableName, String columnFamily, String columnQualifier, String userName, Permission.Action... actions) throws Throwable
      Validates whether specified user has permission to perform actions on the mentioned table, column family or column qualifier.
      Parameters:
      connection - Connection
      tableName - Table name, it shouldn't be null or empty.
      columnFamily - The column family. Optional argument, can be empty. If empty then validation will happen at table level.
      columnQualifier - The column qualifier. Optional argument, can be empty. If empty then validation will happen at table and column family level. columnQualifier will not be considered if columnFamily is passed as null or empty.
      userName - User name, it shouldn't be null or empty.
      actions - Actions
      Returns:
      true if access allowed to the specified user, otherwise false.
      Throws:
      Throwable - on failure
    • hasPermission

      public static boolean hasPermission(Connection connection, String tableName, byte[] columnFamily, byte[] columnQualifier, String userName, Permission.Action... actions) throws Throwable
      Validates whether specified user has permission to perform actions on the mentioned table, column family or column qualifier.
      Parameters:
      connection - Connection
      tableName - Table name, it shouldn't be null or empty.
      columnFamily - The column family. Optional argument, can be empty. If empty then validation will happen at table level.
      columnQualifier - The column qualifier. Optional argument, can be empty. If empty then validation will happen at table and column family level. columnQualifier will not be considered if columnFamily is passed as null or empty.
      userName - User name, it shouldn't be null or empty.
      actions - Actions
      Returns:
      true if access allowed to the specified user, otherwise false.
      Throws:
      Throwable - on failure