Interface SecurityOperations
-
- All Known Implementing Classes:
SecurityOperationsImpl
public interface SecurityOperationsProvides a class for managing users and permissions
-
-
Method Summary
All Methods Instance Methods Abstract Methods Modifier and Type Method Description booleanauthenticateUser(String principal, AuthenticationToken token)Verify a username/password combination is validvoidchangeLocalUserPassword(String principal, PasswordToken token)Set the user's passwordvoidchangeUserAuthorizations(String principal, Authorizations authorizations)Set the user's record-level authorizationsvoidcreateLocalUser(String principal, PasswordToken password)Create a uservoiddropLocalUser(String principal)Delete a userDelegationTokengetDelegationToken(DelegationTokenConfig cfg)Obtain aDelegationTokenfor use when Kerberos credentials cannot be used (e.g.AuthorizationsgetUserAuthorizations(String principal)Retrieves the user's authorizations for scanningvoidgrantNamespacePermission(String principal, String namespace, NamespacePermission permission)Grant a user a specific permission for a specific namespacevoidgrantSystemPermission(String principal, SystemPermission permission)Grant a user a system permissionvoidgrantTablePermission(String principal, String table, TablePermission permission)Grant a user a specific permission for a specific tablebooleanhasNamespacePermission(String principal, String namespace, NamespacePermission perm)Verify the user has a particular namespace permissionbooleanhasSystemPermission(String principal, SystemPermission perm)Verify the user has a particular system permissionbooleanhasTablePermission(String principal, String table, TablePermission perm)Verify the user has a particular table permissionSet<String>listLocalUsers()Return a list of users in accumulovoidrevokeNamespacePermission(String principal, String namespace, NamespacePermission permission)Revoke a namespace permission for a specific user on a specific namespacevoidrevokeSystemPermission(String principal, SystemPermission permission)Revoke a system permission from a uservoidrevokeTablePermission(String principal, String table, TablePermission permission)Revoke a table permission for a specific user on a specific table
-
-
-
Method Detail
-
createLocalUser
void createLocalUser(String principal, PasswordToken password) throws AccumuloException, AccumuloSecurityException
Create a user- Parameters:
principal- the name of the user to createpassword- the plaintext password for the user- Throws:
AccumuloException- if a general error occursAccumuloSecurityException- if the user does not have permission to create a user- Since:
- 1.5.0
-
dropLocalUser
void dropLocalUser(String principal) throws AccumuloException, AccumuloSecurityException
Delete a user- Parameters:
principal- the user name to delete- Throws:
AccumuloException- if a general error occursAccumuloSecurityException- if the user does not have permission to delete a user- Since:
- 1.5.0
-
authenticateUser
boolean authenticateUser(String principal, AuthenticationToken token) throws AccumuloException, AccumuloSecurityException
Verify a username/password combination is valid- Parameters:
principal- the name of the user to authenticatetoken- the SecurityToken for the user- Returns:
- true if the user asking is allowed to know and the specified principal/token is valid, false otherwise
- Throws:
AccumuloException- if a general error occursAccumuloSecurityException- if the user does not have permission to ask- Since:
- 1.5.0
-
changeLocalUserPassword
void changeLocalUserPassword(String principal, PasswordToken token) throws AccumuloException, AccumuloSecurityException
Set the user's password- Parameters:
principal- the name of the user to modifytoken- the plaintext password for the user- Throws:
AccumuloException- if a general error occursAccumuloSecurityException- if the user does not have permission to modify a user- Since:
- 1.5.0
-
changeUserAuthorizations
void changeUserAuthorizations(String principal, Authorizations authorizations) throws AccumuloException, AccumuloSecurityException
Set the user's record-level authorizations- Parameters:
principal- the name of the user to modifyauthorizations- the authorizations that the user has for scanning- Throws:
AccumuloException- if a general error occursAccumuloSecurityException- if the user does not have permission to modify a user
-
getUserAuthorizations
Authorizations getUserAuthorizations(String principal) throws AccumuloException, AccumuloSecurityException
Retrieves the user's authorizations for scanning- Parameters:
principal- the name of the user to query- Returns:
- the set of authorizations the user has available for scanning
- Throws:
AccumuloException- if a general error occursAccumuloSecurityException- if the user does not have permission to query a user
-
hasSystemPermission
boolean hasSystemPermission(String principal, SystemPermission perm) throws AccumuloException, AccumuloSecurityException
Verify the user has a particular system permission- Parameters:
principal- the name of the user to queryperm- the system permission to check for- Returns:
- true if user has that permission; false otherwise
- Throws:
AccumuloException- if a general error occursAccumuloSecurityException- if the user does not have permission to query a user
-
hasTablePermission
boolean hasTablePermission(String principal, String table, TablePermission perm) throws AccumuloException, AccumuloSecurityException
Verify the user has a particular table permission- Parameters:
principal- the name of the user to querytable- the name of the table to query aboutperm- the table permission to check for- Returns:
- true if user has that permission; false otherwise
- Throws:
AccumuloException- if a general error occursAccumuloSecurityException- if the user does not have permission to query a user
-
hasNamespacePermission
boolean hasNamespacePermission(String principal, String namespace, NamespacePermission perm) throws AccumuloException, AccumuloSecurityException
Verify the user has a particular namespace permission- Parameters:
principal- the name of the user to querynamespace- the name of the namespace to query aboutperm- the namespace permission to check for- Returns:
- true if user has that permission; false otherwise
- Throws:
AccumuloException- if a general error occursAccumuloSecurityException- if the user does not have permission to query a user
-
grantSystemPermission
void grantSystemPermission(String principal, SystemPermission permission) throws AccumuloException, AccumuloSecurityException
Grant a user a system permission- Parameters:
principal- the name of the user to modifypermission- the system permission to grant to the user- Throws:
AccumuloException- if a general error occursAccumuloSecurityException- if the user does not have permission to grant a user permissions
-
grantTablePermission
void grantTablePermission(String principal, String table, TablePermission permission) throws AccumuloException, AccumuloSecurityException
Grant a user a specific permission for a specific table- Parameters:
principal- the name of the user to modifytable- the name of the table to modify for the userpermission- the table permission to grant to the user- Throws:
AccumuloException- if a general error occursAccumuloSecurityException- if the user does not have permission to grant a user permissions
-
grantNamespacePermission
void grantNamespacePermission(String principal, String namespace, NamespacePermission permission) throws AccumuloException, AccumuloSecurityException
Grant a user a specific permission for a specific namespace- Parameters:
principal- the name of the user to modifynamespace- the name of the namespace to modify for the userpermission- the namespace permission to grant to the user- Throws:
AccumuloException- if a general error occursAccumuloSecurityException- if the user does not have permission to grant a user permissions
-
revokeSystemPermission
void revokeSystemPermission(String principal, SystemPermission permission) throws AccumuloException, AccumuloSecurityException
Revoke a system permission from a user- Parameters:
principal- the name of the user to modifypermission- the system permission to revoke for the user- Throws:
AccumuloException- if a general error occursAccumuloSecurityException- if the user does not have permission to revoke a user's permissions
-
revokeTablePermission
void revokeTablePermission(String principal, String table, TablePermission permission) throws AccumuloException, AccumuloSecurityException
Revoke a table permission for a specific user on a specific table- Parameters:
principal- the name of the user to modifytable- the name of the table to modify for the userpermission- the table permission to revoke for the user- Throws:
AccumuloException- if a general error occursAccumuloSecurityException- if the user does not have permission to revoke a user's permissions
-
revokeNamespacePermission
void revokeNamespacePermission(String principal, String namespace, NamespacePermission permission) throws AccumuloException, AccumuloSecurityException
Revoke a namespace permission for a specific user on a specific namespace- Parameters:
principal- the name of the user to modifynamespace- the name of the namespace to modify for the userpermission- the namespace permission to revoke for the user- Throws:
AccumuloException- if a general error occursAccumuloSecurityException- if the user does not have permission to revoke a user's permissions
-
listLocalUsers
Set<String> listLocalUsers() throws AccumuloException, AccumuloSecurityException
Return a list of users in accumulo- Returns:
- a set of user names
- Throws:
AccumuloException- if a general error occursAccumuloSecurityException- if the user does not have permission to query users- Since:
- 1.5.0
-
getDelegationToken
DelegationToken getDelegationToken(DelegationTokenConfig cfg) throws AccumuloException, AccumuloSecurityException
Obtain aDelegationTokenfor use when Kerberos credentials cannot be used (e.g. YARN Jobs)- Throws:
AccumuloExceptionAccumuloSecurityException- Since:
- 1.7.0
-
-