Class NoopAccessChecker
java.lang.Object
org.apache.hadoop.hbase.security.access.AccessChecker
org.apache.hadoop.hbase.security.access.NoopAccessChecker
NoopAccessChecker is returned when hbase.security.authorization is not enabled. Always allow
authorization if any user require any permission.
-
Nested Class Summary
Nested classes/interfaces inherited from class org.apache.hadoop.hbase.security.access.AccessChecker
AccessChecker.InputUser -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionvoidcheckLockPermissions(User user, String namespace, TableName tableName, RegionInfo[] regionInfos, String reason) booleanhasUserPermission(User user, String request, Permission permission) Authorizes that if the current user has the given permissions.voidperformOnSuperuser(String request, User caller, String userToBeChecked) Check if caller is granting or revoking superusers's or supergroups's permissions.permissionGranted(String request, User user, Permission.Action permRequest, TableName tableName, Map<byte[], ? extends Collection<?>> families) Check the current user for authorization to perform a specific action against the given set of row data.voidrequireAccess(User user, String request, TableName tableName, Permission.Action... permissions) Authorizes that the current user has any of the given permissions to access the table.voidrequireGlobalPermission(User user, String request, Permission.Action perm, String namespace) Checks that the user has the given global permission.voidrequireGlobalPermission(User user, String request, Permission.Action perm, TableName tableName, Map<byte[], ? extends Collection<byte[]>> familyMap, String filterUser) Checks that the user has the given global permission.voidrequireNamespacePermission(User user, String request, String namespace, String filterUser, Permission.Action... permissions) Checks that the user has the given global or namespace permission.voidrequireNamespacePermission(User user, String request, String namespace, TableName tableName, Map<byte[], ? extends Collection<byte[]>> familyMap, Permission.Action... permissions) Checks that the user has the given global or namespace permission.voidrequirePermission(User user, String request, String filterUser, Permission.Action perm) Authorizes that the current user has global privileges for the given action.voidrequirePermission(User user, String request, TableName tableName, byte[] family, byte[] qualifier, String filterUser, Permission.Action... permissions) Authorizes that the current user has any of the given permissions for the given table, column family and column qualifier.voidrequireTablePermission(User user, String request, TableName tableName, byte[] family, byte[] qualifier, Permission.Action... permissions) Authorizes that the current user has any of the given permissions for the given table, column family and column qualifier.Methods inherited from class org.apache.hadoop.hbase.security.access.AccessChecker
getAuthManager, getUserGroups, isAuthorizationSupported, logResult, validateCallerWithFilterUser
-
Constructor Details
-
NoopAccessChecker
- Throws:
RuntimeException
-
-
Method Details
-
requireAccess
public void requireAccess(User user, String request, TableName tableName, Permission.Action... permissions) Description copied from class:AccessCheckerAuthorizes that the current user has any of the given permissions to access the table.- Overrides:
requireAccessin classAccessChecker- Parameters:
user- Active user to which authorization checks should be appliedrequest- Request type.tableName- Table requestedpermissions- Actions being requested
-
requirePermission
Description copied from class:AccessCheckerAuthorizes that the current user has global privileges for the given action.- Overrides:
requirePermissionin classAccessChecker- Parameters:
user- Active user to which authorization checks should be appliedrequest- Request typefilterUser- User name to be filtered from permission as requestedperm- The action being requested
-
requireGlobalPermission
public void requireGlobalPermission(User user, String request, Permission.Action perm, TableName tableName, Map<byte[], ? extends Collection<byte[]>> familyMap, String filterUser) Description copied from class:AccessCheckerChecks that the user has the given global permission. The generated audit log message will contain context information for the operation being authorized, based on the given parameters.- Overrides:
requireGlobalPermissionin classAccessChecker- Parameters:
user- Active user to which authorization checks should be appliedrequest- Request typeperm- Action being requestedtableName- Affected table name.familyMap- Affected column families.filterUser- User name to be filtered from permission as requested
-
requireGlobalPermission
public void requireGlobalPermission(User user, String request, Permission.Action perm, String namespace) Description copied from class:AccessCheckerChecks that the user has the given global permission. The generated audit log message will contain context information for the operation being authorized, based on the given parameters.- Overrides:
requireGlobalPermissionin classAccessChecker- Parameters:
user- Active user to which authorization checks should be appliedrequest- Request typeperm- Action being requestednamespace- The given namespace
-
requireNamespacePermission
public void requireNamespacePermission(User user, String request, String namespace, String filterUser, Permission.Action... permissions) Description copied from class:AccessCheckerChecks that the user has the given global or namespace permission.- Overrides:
requireNamespacePermissionin classAccessChecker- Parameters:
user- Active user to which authorization checks should be appliedrequest- Request typenamespace- Name space as requestedfilterUser- User name to be filtered from permission as requestedpermissions- Actions being requested
-
requireNamespacePermission
public void requireNamespacePermission(User user, String request, String namespace, TableName tableName, Map<byte[], ? extends Collection<byte[]>> familyMap, Permission.Action... permissions) Description copied from class:AccessCheckerChecks that the user has the given global or namespace permission.- Overrides:
requireNamespacePermissionin classAccessChecker- Parameters:
user- Active user to which authorization checks should be appliedrequest- Request typenamespace- The given namespacetableName- Table requestedfamilyMap- Column family map requestedpermissions- Actions being requested
-
requirePermission
public void requirePermission(User user, String request, TableName tableName, byte[] family, byte[] qualifier, String filterUser, Permission.Action... permissions) Description copied from class:AccessCheckerAuthorizes that the current user has any of the given permissions for the given table, column family and column qualifier.- Overrides:
requirePermissionin classAccessChecker- Parameters:
user- Active user to which authorization checks should be appliedrequest- Request typetableName- Table requestedfamily- Column family requestedqualifier- Column qualifier requestedfilterUser- User name to be filtered from permission as requestedpermissions- Actions being requested
-
requireTablePermission
public void requireTablePermission(User user, String request, TableName tableName, byte[] family, byte[] qualifier, Permission.Action... permissions) Description copied from class:AccessCheckerAuthorizes that the current user has any of the given permissions for the given table, column family and column qualifier.- Overrides:
requireTablePermissionin classAccessChecker- Parameters:
user- Active user to which authorization checks should be appliedrequest- Request typetableName- Table requestedfamily- Column family paramqualifier- Column qualifier param
-
performOnSuperuser
Description copied from class:AccessCheckerCheck if caller is granting or revoking superusers's or supergroups's permissions.- Overrides:
performOnSuperuserin classAccessChecker- Parameters:
request- request namecaller- calleruserToBeChecked- target user or group
-
checkLockPermissions
public void checkLockPermissions(User user, String namespace, TableName tableName, RegionInfo[] regionInfos, String reason) - Overrides:
checkLockPermissionsin classAccessChecker
-
hasUserPermission
Description copied from class:AccessCheckerAuthorizes that if the current user has the given permissions.- Overrides:
hasUserPermissionin classAccessChecker- Parameters:
user- Active user to which authorization checks should be appliedrequest- Request typepermission- Actions being requested- Returns:
- True if the user has the specific permission
-
permissionGranted
public AuthResult permissionGranted(String request, User user, Permission.Action permRequest, TableName tableName, Map<byte[], ? extends Collection<?>> families) Description copied from class:AccessCheckerCheck the current user for authorization to perform a specific action against the given set of row data.Note: Ordering of the authorization checks has been carefully optimized to short-circuit the most common requests and minimize the amount of processing required.
- Overrides:
permissionGrantedin classAccessChecker- Parameters:
request- User requestuser- User namepermRequest- the action being requestedtableName- Table namefamilies- the map of column families to qualifiers present in the request- Returns:
- an authorization result
-