@InterfaceAudience.Private public class TableAuthManager extends Object implements Closeable
Modifier and Type | Method and Description |
---|---|
boolean |
authorize(User user,
Permission.Action action)
Authorize a global permission based on ACLs for the given user and the
user's groups.
|
boolean |
authorize(User user,
String namespace,
Permission.Action action) |
boolean |
authorize(User user,
TableName table,
byte[] family,
byte[] qualifier,
Permission.Action action) |
boolean |
authorize(User user,
TableName table,
byte[] family,
Permission.Action action) |
boolean |
authorize(User user,
TableName table,
Cell cell,
Permission.Action action)
Authorize a user for a given KV.
|
boolean |
authorizeGroup(String groupName,
Permission.Action action)
Checks global authorization for a given action for a group, based on the stored
permissions.
|
boolean |
authorizeGroup(String groupName,
TableName table,
byte[] family,
byte[] qualifier,
Permission.Action action)
Checks authorization to a given table, column family and column for a group, based
on the stored permissions.
|
boolean |
authorizeUser(User user,
TableName table,
byte[] family,
byte[] qualifier,
Permission.Action action) |
boolean |
authorizeUser(User user,
TableName table,
byte[] family,
Permission.Action action)
Checks authorization to a given table and column family for a user, based on the
stored user permissions.
|
void |
close() |
long |
getMTime() |
static TableAuthManager |
getOrCreate(ZKWatcher watcher,
org.apache.hadoop.conf.Configuration conf)
Returns a TableAuthManager from the cache.
|
static int |
getTotalRefCount() |
ZKPermissionWatcher |
getZKPermissionWatcher() |
boolean |
groupHasAccess(String groupName,
TableName table,
Permission.Action action)
Checks if the user has access to the full table or at least a family/qualifier
for the specified action.
|
boolean |
hasAccess(User user,
TableName table,
Permission.Action action) |
boolean |
matchPermission(User user,
TableName table,
byte[] family,
byte[] qualifier,
Permission.Action action) |
boolean |
matchPermission(User user,
TableName table,
byte[] family,
Permission.Action action)
Returns true if the given user has a
TablePermission matching up
to the column family portion of a permission. |
void |
refreshNamespaceCacheFromWritable(String namespace,
byte[] data) |
void |
refreshTableCacheFromWritable(TableName table,
byte[] data) |
static void |
release(TableAuthManager instance)
Releases the resources for the given TableAuthManager if the reference count is down to 0.
|
void |
removeNamespace(byte[] ns) |
void |
removeTable(TableName table) |
void |
setNamespaceGroupPermissions(String group,
String namespace,
List<TablePermission> perms)
Overwrites the existing permission set for a group and triggers an update
for zookeeper synchronization.
|
void |
setNamespaceUserPermissions(String username,
String namespace,
List<TablePermission> perms)
Overwrites the existing permission set for a given user for a table, and
triggers an update for zookeeper synchronization.
|
void |
setTableGroupPermissions(String group,
TableName table,
List<TablePermission> perms)
Overwrites the existing permission set for a group and triggers an update
for zookeeper synchronization.
|
void |
setTableUserPermissions(String username,
TableName table,
List<TablePermission> perms)
Overwrites the existing permission set for a given user for a table, and
triggers an update for zookeeper synchronization.
|
boolean |
userHasAccess(User user,
TableName table,
Permission.Action action)
Checks if the user has access to the full table or at least a family/qualifier
for the specified action.
|
void |
writeNamespaceToZooKeeper(String namespace,
org.apache.hadoop.hbase.security.access.TableAuthManager.PermissionCache<TablePermission> tablePerms) |
void |
writeTableToZooKeeper(TableName table,
org.apache.hadoop.hbase.security.access.TableAuthManager.PermissionCache<TablePermission> tablePerms) |
public void close()
close
in interface Closeable
close
in interface AutoCloseable
public ZKPermissionWatcher getZKPermissionWatcher()
public void refreshTableCacheFromWritable(TableName table, byte[] data) throws IOException
IOException
public void refreshNamespaceCacheFromWritable(String namespace, byte[] data) throws IOException
IOException
public boolean authorize(User user, Permission.Action action)
user
- action
- public boolean authorize(User user, TableName table, Cell cell, Permission.Action action)
public boolean authorize(User user, String namespace, Permission.Action action)
public boolean authorizeUser(User user, TableName table, byte[] family, Permission.Action action)
user
- table
- family
- action
- public boolean authorizeUser(User user, TableName table, byte[] family, byte[] qualifier, Permission.Action action)
public boolean userHasAccess(User user, TableName table, Permission.Action action)
user
- table
- action
- public boolean authorizeGroup(String groupName, Permission.Action action)
public boolean authorizeGroup(String groupName, TableName table, byte[] family, byte[] qualifier, Permission.Action action)
groupName
- table
- family
- qualifier
- action
- public boolean groupHasAccess(String groupName, TableName table, Permission.Action action)
groupName
- table
- action
- public boolean authorize(User user, TableName table, byte[] family, byte[] qualifier, Permission.Action action)
public boolean hasAccess(User user, TableName table, Permission.Action action)
public boolean authorize(User user, TableName table, byte[] family, Permission.Action action)
public boolean matchPermission(User user, TableName table, byte[] family, Permission.Action action)
TablePermission
matching up
to the column family portion of a permission. Note that this permission
may be scoped to a given column qualifier and does not guarantee that
authorize() on the same column family would return true.public boolean matchPermission(User user, TableName table, byte[] family, byte[] qualifier, Permission.Action action)
public void removeNamespace(byte[] ns)
public void removeTable(TableName table)
public void setTableUserPermissions(String username, TableName table, List<TablePermission> perms)
username
- table
- perms
- public void setTableGroupPermissions(String group, TableName table, List<TablePermission> perms)
group
- table
- perms
- public void setNamespaceUserPermissions(String username, String namespace, List<TablePermission> perms)
username
- namespace
- perms
- public void setNamespaceGroupPermissions(String group, String namespace, List<TablePermission> perms)
group
- namespace
- perms
- public void writeTableToZooKeeper(TableName table, org.apache.hadoop.hbase.security.access.TableAuthManager.PermissionCache<TablePermission> tablePerms)
public void writeNamespaceToZooKeeper(String namespace, org.apache.hadoop.hbase.security.access.TableAuthManager.PermissionCache<TablePermission> tablePerms)
public long getMTime()
public static TableAuthManager getOrCreate(ZKWatcher watcher, org.apache.hadoop.conf.Configuration conf) throws IOException
release(TableAuthManager)
.IOException
public static int getTotalRefCount()
public static void release(TableAuthManager instance)
instance
- TableAuthManager to be releasedCopyright © 2007–2019 Cloudera. All rights reserved.