@InterfaceAudience.Private public class TableAuthManager extends Object
Modifier and Type | Method and Description |
---|---|
boolean |
authorize(User user,
Permission.Action action)
Authorize a global permission based on ACLs for the given user and the
user's groups.
|
boolean |
authorize(User user,
String namespace,
Permission.Action action) |
boolean |
authorize(User user,
TableName table,
byte[] family,
byte[] qualifier,
Permission.Action action) |
boolean |
authorize(User user,
TableName table,
byte[] family,
Permission.Action action) |
boolean |
authorize(User user,
TableName table,
Cell cell,
Permission.Action action)
Authorize a user for a given KV.
|
boolean |
authorizeGroup(String groupName,
Permission.Action action)
Checks global authorization for a given action for a group, based on the stored
permissions.
|
boolean |
authorizeGroup(String groupName,
TableName table,
byte[] family,
Permission.Action action)
Checks authorization to a given table and column family for a group, based
on the stored permissions.
|
boolean |
authorizeUser(User user,
Permission.Action action)
Checks global authorization for a specific action for a user, based on the
stored user permissions.
|
boolean |
authorizeUser(User user,
TableName table,
byte[] family,
byte[] qualifier,
Permission.Action action) |
boolean |
authorizeUser(User user,
TableName table,
byte[] family,
Permission.Action action)
Checks authorization to a given table and column family for a user, based on the
stored user permissions.
|
static TableAuthManager |
get(ZooKeeperWatcher watcher,
org.apache.hadoop.conf.Configuration conf) |
long |
getMTime() |
ZKPermissionWatcher |
getZKPermissionWatcher() |
boolean |
matchPermission(User user,
TableName table,
byte[] family,
byte[] qualifier,
Permission.Action action) |
boolean |
matchPermission(User user,
TableName table,
byte[] family,
Permission.Action action)
Returns true if the given user has a
TablePermission matching up
to the column family portion of a permission. |
void |
refreshNamespaceCacheFromWritable(String namespace,
byte[] data) |
void |
refreshTableCacheFromWritable(TableName table,
byte[] data) |
void |
removeNamespace(byte[] ns) |
void |
removeTable(TableName table) |
void |
setNamespaceGroupPermissions(String group,
String namespace,
List<TablePermission> perms)
Overwrites the existing permission set for a group and triggers an update
for zookeeper synchronization.
|
void |
setNamespaceUserPermissions(String username,
String namespace,
List<TablePermission> perms)
Overwrites the existing permission set for a given user for a table, and
triggers an update for zookeeper synchronization.
|
void |
setTableGroupPermissions(String group,
TableName table,
List<TablePermission> perms)
Overwrites the existing permission set for a group and triggers an update
for zookeeper synchronization.
|
void |
setTableUserPermissions(String username,
TableName table,
List<TablePermission> perms)
Overwrites the existing permission set for a given user for a table, and
triggers an update for zookeeper synchronization.
|
void |
writeNamespaceToZooKeeper(String namespace,
org.apache.hadoop.hbase.security.access.TableAuthManager.PermissionCache<TablePermission> tablePerms) |
void |
writeTableToZooKeeper(TableName table,
org.apache.hadoop.hbase.security.access.TableAuthManager.PermissionCache<TablePermission> tablePerms) |
public ZKPermissionWatcher getZKPermissionWatcher()
public void refreshTableCacheFromWritable(TableName table, byte[] data) throws IOException
IOException
public void refreshNamespaceCacheFromWritable(String namespace, byte[] data) throws IOException
IOException
public boolean authorize(User user, Permission.Action action)
user
- action
- public boolean authorize(User user, TableName table, Cell cell, Permission.Action action)
public boolean authorize(User user, String namespace, Permission.Action action)
public boolean authorizeUser(User user, Permission.Action action)
public boolean authorizeUser(User user, TableName table, byte[] family, Permission.Action action)
user
- table
- family
- action
- public boolean authorizeUser(User user, TableName table, byte[] family, byte[] qualifier, Permission.Action action)
public boolean authorizeGroup(String groupName, Permission.Action action)
public boolean authorizeGroup(String groupName, TableName table, byte[] family, Permission.Action action)
groupName
- table
- family
- action
- public boolean authorize(User user, TableName table, byte[] family, byte[] qualifier, Permission.Action action)
public boolean authorize(User user, TableName table, byte[] family, Permission.Action action)
public boolean matchPermission(User user, TableName table, byte[] family, Permission.Action action)
TablePermission
matching up
to the column family portion of a permission. Note that this permission
may be scoped to a given column qualifier and does not guarantee that
authorize() on the same column family would return true.public boolean matchPermission(User user, TableName table, byte[] family, byte[] qualifier, Permission.Action action)
public void removeNamespace(byte[] ns)
public void removeTable(TableName table)
public void setTableUserPermissions(String username, TableName table, List<TablePermission> perms)
username
- table
- perms
- public void setTableGroupPermissions(String group, TableName table, List<TablePermission> perms)
group
- table
- perms
- public void setNamespaceUserPermissions(String username, String namespace, List<TablePermission> perms)
username
- namespace
- perms
- public void setNamespaceGroupPermissions(String group, String namespace, List<TablePermission> perms)
group
- namespace
- perms
- public void writeTableToZooKeeper(TableName table, org.apache.hadoop.hbase.security.access.TableAuthManager.PermissionCache<TablePermission> tablePerms)
public void writeNamespaceToZooKeeper(String namespace, org.apache.hadoop.hbase.security.access.TableAuthManager.PermissionCache<TablePermission> tablePerms)
public long getMTime()
public static TableAuthManager get(ZooKeeperWatcher watcher, org.apache.hadoop.conf.Configuration conf) throws IOException
IOException
Copyright © 2014 The Apache Software Foundation. All rights reserved.