org.apache.accumulo.core.client.admin
Interface SecurityOperations

All Known Implementing Classes:
MockSecurityOperations, SecurityOperationsImpl, SecurityOperationsImpl

public interface SecurityOperations

Provides a class for managing users and permissions


Method Summary
 boolean authenticateUser(String principal, AuthenticationToken token)
          Verify a username/password combination is valid
 boolean authenticateUser(String user, byte[] password)
          Deprecated. since 1.5.0; use authenticateUser(String, AuthenticationToken) instead.
 void changeLocalUserPassword(String principal, PasswordToken token)
          Set the user's password
 void changeUserAuthorizations(String principal, Authorizations authorizations)
          Set the user's record-level authorizations
 void changeUserPassword(String user, byte[] password)
          Deprecated. since 1.5.0; use changeLocalUserPassword(String, PasswordToken) or the user management functions of your configured authenticator instead.
 void createLocalUser(String principal, PasswordToken password)
          Create a user
 void createUser(String user, byte[] password, Authorizations authorizations)
          Deprecated. since 1.5.0; use createLocalUser(String, PasswordToken) or the user management functions of your configured authenticator instead.
 void dropLocalUser(String principal)
          Delete a user
 void dropUser(String user)
          Deprecated. since 1.5.0; use dropUser(String) or the user management functions of your configured authenticator instead.
 Authorizations getUserAuthorizations(String principal)
          Retrieves the user's authorizations for scanning
 void grantNamespacePermission(String principal, String namespace, NamespacePermission permission)
          Grant a user a specific permission for a specific namespace
 void grantSystemPermission(String principal, SystemPermission permission)
          Grant a user a system permission
 void grantTablePermission(String principal, String table, TablePermission permission)
          Grant a user a specific permission for a specific table
 boolean hasNamespacePermission(String principal, String namespace, NamespacePermission perm)
          Verify the user has a particular namespace permission
 boolean hasSystemPermission(String principal, SystemPermission perm)
          Verify the user has a particular system permission
 boolean hasTablePermission(String principal, String table, TablePermission perm)
          Verify the user has a particular table permission
 Set<String> listLocalUsers()
          Return a list of users in accumulo
 Set<String> listUsers()
          Deprecated. since 1.5.0; use listLocalUsers() or the user management functions of your configured authenticator instead.
 void revokeNamespacePermission(String principal, String namespace, NamespacePermission permission)
          Revoke a namespace permission for a specific user on a specific namespace
 void revokeSystemPermission(String principal, SystemPermission permission)
          Revoke a system permission from a user
 void revokeTablePermission(String principal, String table, TablePermission permission)
          Revoke a table permission for a specific user on a specific table
 

Method Detail

createUser

@Deprecated
void createUser(String user,
                           byte[] password,
                           Authorizations authorizations)
                throws AccumuloException,
                       AccumuloSecurityException
Deprecated. since 1.5.0; use createLocalUser(String, PasswordToken) or the user management functions of your configured authenticator instead.

Create a user

Parameters:
user - the name of the user to create
password - the plaintext password for the user
authorizations - the authorizations that the user has for scanning
Throws:
AccumuloException - if a general error occurs
AccumuloSecurityException - if the user does not have permission to create a user

createLocalUser

void createLocalUser(String principal,
                     PasswordToken password)
                     throws AccumuloException,
                            AccumuloSecurityException
Create a user

Parameters:
principal - the name of the user to create
password - the plaintext password for the user
Throws:
AccumuloException - if a general error occurs
AccumuloSecurityException - if the user does not have permission to create a user
Since:
1.5.0

dropUser

@Deprecated
void dropUser(String user)
              throws AccumuloException,
                     AccumuloSecurityException
Deprecated. since 1.5.0; use dropUser(String) or the user management functions of your configured authenticator instead.

Delete a user

Parameters:
user - the user name to delete
Throws:
AccumuloException - if a general error occurs
AccumuloSecurityException - if the user does not have permission to delete a user

dropLocalUser

void dropLocalUser(String principal)
                   throws AccumuloException,
                          AccumuloSecurityException
Delete a user

Parameters:
principal - the user name to delete
Throws:
AccumuloException - if a general error occurs
AccumuloSecurityException - if the user does not have permission to delete a user
Since:
1.5.0

authenticateUser

@Deprecated
boolean authenticateUser(String user,
                                    byte[] password)
                         throws AccumuloException,
                                AccumuloSecurityException
Deprecated. since 1.5.0; use authenticateUser(String, AuthenticationToken) instead.

Verify a username/password combination is valid

Parameters:
user - the name of the user to authenticate
password - the plaintext password for the user
Returns:
true if the user asking is allowed to know and the specified user/password is valid, false otherwise
Throws:
AccumuloException - if a general error occurs
AccumuloSecurityException - if the user does not have permission to ask

authenticateUser

boolean authenticateUser(String principal,
                         AuthenticationToken token)
                         throws AccumuloException,
                                AccumuloSecurityException
Verify a username/password combination is valid

Parameters:
principal - the name of the user to authenticate
token - the SecurityToken for the user
Returns:
true if the user asking is allowed to know and the specified principal/token is valid, false otherwise
Throws:
AccumuloException - if a general error occurs
AccumuloSecurityException - if the user does not have permission to ask
Since:
1.5.0

changeUserPassword

@Deprecated
void changeUserPassword(String user,
                                   byte[] password)
                        throws AccumuloException,
                               AccumuloSecurityException
Deprecated. since 1.5.0; use changeLocalUserPassword(String, PasswordToken) or the user management functions of your configured authenticator instead.

Set the user's password

Parameters:
user - the name of the user to modify
password - the plaintext password for the user
Throws:
AccumuloException - if a general error occurs
AccumuloSecurityException - if the user does not have permission to modify a user

changeLocalUserPassword

void changeLocalUserPassword(String principal,
                             PasswordToken token)
                             throws AccumuloException,
                                    AccumuloSecurityException
Set the user's password

Parameters:
principal - the name of the user to modify
token - the plaintext password for the user
Throws:
AccumuloException - if a general error occurs
AccumuloSecurityException - if the user does not have permission to modify a user
Since:
1.5.0

changeUserAuthorizations

void changeUserAuthorizations(String principal,
                              Authorizations authorizations)
                              throws AccumuloException,
                                     AccumuloSecurityException
Set the user's record-level authorizations

Parameters:
principal - the name of the user to modify
authorizations - the authorizations that the user has for scanning
Throws:
AccumuloException - if a general error occurs
AccumuloSecurityException - if the user does not have permission to modify a user

getUserAuthorizations

Authorizations getUserAuthorizations(String principal)
                                     throws AccumuloException,
                                            AccumuloSecurityException
Retrieves the user's authorizations for scanning

Parameters:
principal - the name of the user to query
Returns:
the set of authorizations the user has available for scanning
Throws:
AccumuloException - if a general error occurs
AccumuloSecurityException - if the user does not have permission to query a user

hasSystemPermission

boolean hasSystemPermission(String principal,
                            SystemPermission perm)
                            throws AccumuloException,
                                   AccumuloSecurityException
Verify the user has a particular system permission

Parameters:
principal - the name of the user to query
perm - the system permission to check for
Returns:
true if user has that permission; false otherwise
Throws:
AccumuloException - if a general error occurs
AccumuloSecurityException - if the user does not have permission to query a user

hasTablePermission

boolean hasTablePermission(String principal,
                           String table,
                           TablePermission perm)
                           throws AccumuloException,
                                  AccumuloSecurityException
Verify the user has a particular table permission

Parameters:
principal - the name of the user to query
table - the name of the table to query about
perm - the table permission to check for
Returns:
true if user has that permission; false otherwise
Throws:
AccumuloException - if a general error occurs
AccumuloSecurityException - if the user does not have permission to query a user

hasNamespacePermission

boolean hasNamespacePermission(String principal,
                               String namespace,
                               NamespacePermission perm)
                               throws AccumuloException,
                                      AccumuloSecurityException
Verify the user has a particular namespace permission

Parameters:
principal - the name of the user to query
namespace - the name of the namespace to query about
perm - the namespace permission to check for
Returns:
true if user has that permission; false otherwise
Throws:
AccumuloException - if a general error occurs
AccumuloSecurityException - if the user does not have permission to query a user

grantSystemPermission

void grantSystemPermission(String principal,
                           SystemPermission permission)
                           throws AccumuloException,
                                  AccumuloSecurityException
Grant a user a system permission

Parameters:
principal - the name of the user to modify
permission - the system permission to grant to the user
Throws:
AccumuloException - if a general error occurs
AccumuloSecurityException - if the user does not have permission to grant a user permissions

grantTablePermission

void grantTablePermission(String principal,
                          String table,
                          TablePermission permission)
                          throws AccumuloException,
                                 AccumuloSecurityException
Grant a user a specific permission for a specific table

Parameters:
principal - the name of the user to modify
table - the name of the table to modify for the user
permission - the table permission to grant to the user
Throws:
AccumuloException - if a general error occurs
AccumuloSecurityException - if the user does not have permission to grant a user permissions

grantNamespacePermission

void grantNamespacePermission(String principal,
                              String namespace,
                              NamespacePermission permission)
                              throws AccumuloException,
                                     AccumuloSecurityException
Grant a user a specific permission for a specific namespace

Parameters:
principal - the name of the user to modify
namespace - the name of the namespace to modify for the user
permission - the namespace permission to grant to the user
Throws:
AccumuloException - if a general error occurs
AccumuloSecurityException - if the user does not have permission to grant a user permissions

revokeSystemPermission

void revokeSystemPermission(String principal,
                            SystemPermission permission)
                            throws AccumuloException,
                                   AccumuloSecurityException
Revoke a system permission from a user

Parameters:
principal - the name of the user to modify
permission - the system permission to revoke for the user
Throws:
AccumuloException - if a general error occurs
AccumuloSecurityException - if the user does not have permission to revoke a user's permissions

revokeTablePermission

void revokeTablePermission(String principal,
                           String table,
                           TablePermission permission)
                           throws AccumuloException,
                                  AccumuloSecurityException
Revoke a table permission for a specific user on a specific table

Parameters:
principal - the name of the user to modify
table - the name of the table to modify for the user
permission - the table permission to revoke for the user
Throws:
AccumuloException - if a general error occurs
AccumuloSecurityException - if the user does not have permission to revoke a user's permissions

revokeNamespacePermission

void revokeNamespacePermission(String principal,
                               String namespace,
                               NamespacePermission permission)
                               throws AccumuloException,
                                      AccumuloSecurityException
Revoke a namespace permission for a specific user on a specific namespace

Parameters:
principal - the name of the user to modify
namespace - the name of the namespace to modify for the user
permission - the namespace permission to revoke for the user
Throws:
AccumuloException - if a general error occurs
AccumuloSecurityException - if the user does not have permission to revoke a user's permissions

listUsers

@Deprecated
Set<String> listUsers()
                      throws AccumuloException,
                             AccumuloSecurityException
Deprecated. since 1.5.0; use listLocalUsers() or the user management functions of your configured authenticator instead.

Return a list of users in accumulo

Returns:
a set of user names
Throws:
AccumuloException - if a general error occurs
AccumuloSecurityException - if the user does not have permission to query users

listLocalUsers

Set<String> listLocalUsers()
                           throws AccumuloException,
                                  AccumuloSecurityException
Return a list of users in accumulo

Returns:
a set of user names
Throws:
AccumuloException - if a general error occurs
AccumuloSecurityException - if the user does not have permission to query users
Since:
1.5.0


Copyright © 2015 Apache Accumulo Project. All rights reserved.