Class AuthManager

java.lang.Object
org.apache.hadoop.hbase.security.access.AuthManager

@Private public final class AuthManager extends Object
Performs authorization checks for a given user's assigned permissions.

There're following scopes: Global, Namespace, Table, Family, Qualifier, Cell. Generally speaking, higher scopes can overrides lower scopes, except for Cell permission can be granted even a user has not permission on specified table, which means the user can get/scan only those granted cells parts.

e.g, if user A has global permission R(ead), he can read table T without checking table scope permission, so authorization checks alway starts from Global scope.

For each scope, not only user but also groups he belongs to will be checked.