Interface SecurityOperations
-
- All Known Implementing Classes:
SecurityOperationsImpl
public interface SecurityOperations
Provides a class for managing users and permissions
-
-
Method Summary
All Methods Instance Methods Abstract Methods Modifier and Type Method Description boolean
authenticateUser(String principal, AuthenticationToken token)
Verify a username/password combination is validvoid
changeLocalUserPassword(String principal, PasswordToken token)
Set the user's passwordvoid
changeUserAuthorizations(String principal, Authorizations authorizations)
Set the user's record-level authorizationsvoid
createLocalUser(String principal, PasswordToken password)
Create a uservoid
dropLocalUser(String principal)
Delete a userDelegationToken
getDelegationToken(DelegationTokenConfig cfg)
Obtain aDelegationToken
for use when Kerberos credentials cannot be used (e.g.Authorizations
getUserAuthorizations(String principal)
Retrieves the user's authorizations for scanningvoid
grantNamespacePermission(String principal, String namespace, NamespacePermission permission)
Grant a user a specific permission for a specific namespacevoid
grantSystemPermission(String principal, SystemPermission permission)
Grant a user a system permissionvoid
grantTablePermission(String principal, String table, TablePermission permission)
Grant a user a specific permission for a specific tableboolean
hasNamespacePermission(String principal, String namespace, NamespacePermission perm)
Verify the user has a particular namespace permissionboolean
hasSystemPermission(String principal, SystemPermission perm)
Verify the user has a particular system permissionboolean
hasTablePermission(String principal, String table, TablePermission perm)
Verify the user has a particular table permissionSet<String>
listLocalUsers()
Return a list of users in accumulovoid
revokeNamespacePermission(String principal, String namespace, NamespacePermission permission)
Revoke a namespace permission for a specific user on a specific namespacevoid
revokeSystemPermission(String principal, SystemPermission permission)
Revoke a system permission from a uservoid
revokeTablePermission(String principal, String table, TablePermission permission)
Revoke a table permission for a specific user on a specific table
-
-
-
Method Detail
-
createLocalUser
void createLocalUser(String principal, PasswordToken password) throws AccumuloException, AccumuloSecurityException
Create a user- Parameters:
principal
- the name of the user to createpassword
- the plaintext password for the user- Throws:
AccumuloException
- if a general error occursAccumuloSecurityException
- if the user does not have permission to create a user- Since:
- 1.5.0
-
dropLocalUser
void dropLocalUser(String principal) throws AccumuloException, AccumuloSecurityException
Delete a user- Parameters:
principal
- the user name to delete- Throws:
AccumuloException
- if a general error occursAccumuloSecurityException
- if the user does not have permission to delete a user- Since:
- 1.5.0
-
authenticateUser
boolean authenticateUser(String principal, AuthenticationToken token) throws AccumuloException, AccumuloSecurityException
Verify a username/password combination is valid- Parameters:
principal
- the name of the user to authenticatetoken
- the SecurityToken for the user- Returns:
- true if the user asking is allowed to know and the specified principal/token is valid, false otherwise
- Throws:
AccumuloException
- if a general error occursAccumuloSecurityException
- if the user does not have permission to ask- Since:
- 1.5.0
-
changeLocalUserPassword
void changeLocalUserPassword(String principal, PasswordToken token) throws AccumuloException, AccumuloSecurityException
Set the user's password- Parameters:
principal
- the name of the user to modifytoken
- the plaintext password for the user- Throws:
AccumuloException
- if a general error occursAccumuloSecurityException
- if the user does not have permission to modify a user- Since:
- 1.5.0
-
changeUserAuthorizations
void changeUserAuthorizations(String principal, Authorizations authorizations) throws AccumuloException, AccumuloSecurityException
Set the user's record-level authorizations- Parameters:
principal
- the name of the user to modifyauthorizations
- the authorizations that the user has for scanning- Throws:
AccumuloException
- if a general error occursAccumuloSecurityException
- if the user does not have permission to modify a user
-
getUserAuthorizations
Authorizations getUserAuthorizations(String principal) throws AccumuloException, AccumuloSecurityException
Retrieves the user's authorizations for scanning- Parameters:
principal
- the name of the user to query- Returns:
- the set of authorizations the user has available for scanning
- Throws:
AccumuloException
- if a general error occursAccumuloSecurityException
- if the user does not have permission to query a user
-
hasSystemPermission
boolean hasSystemPermission(String principal, SystemPermission perm) throws AccumuloException, AccumuloSecurityException
Verify the user has a particular system permission- Parameters:
principal
- the name of the user to queryperm
- the system permission to check for- Returns:
- true if user has that permission; false otherwise
- Throws:
AccumuloException
- if a general error occursAccumuloSecurityException
- if the user does not have permission to query a user
-
hasTablePermission
boolean hasTablePermission(String principal, String table, TablePermission perm) throws AccumuloException, AccumuloSecurityException
Verify the user has a particular table permission- Parameters:
principal
- the name of the user to querytable
- the name of the table to query aboutperm
- the table permission to check for- Returns:
- true if user has that permission; false otherwise
- Throws:
AccumuloException
- if a general error occursAccumuloSecurityException
- if the user does not have permission to query a user
-
hasNamespacePermission
boolean hasNamespacePermission(String principal, String namespace, NamespacePermission perm) throws AccumuloException, AccumuloSecurityException
Verify the user has a particular namespace permission- Parameters:
principal
- the name of the user to querynamespace
- the name of the namespace to query aboutperm
- the namespace permission to check for- Returns:
- true if user has that permission; false otherwise
- Throws:
AccumuloException
- if a general error occursAccumuloSecurityException
- if the user does not have permission to query a user
-
grantSystemPermission
void grantSystemPermission(String principal, SystemPermission permission) throws AccumuloException, AccumuloSecurityException
Grant a user a system permission- Parameters:
principal
- the name of the user to modifypermission
- the system permission to grant to the user- Throws:
AccumuloException
- if a general error occursAccumuloSecurityException
- if the user does not have permission to grant a user permissions
-
grantTablePermission
void grantTablePermission(String principal, String table, TablePermission permission) throws AccumuloException, AccumuloSecurityException
Grant a user a specific permission for a specific table- Parameters:
principal
- the name of the user to modifytable
- the name of the table to modify for the userpermission
- the table permission to grant to the user- Throws:
AccumuloException
- if a general error occursAccumuloSecurityException
- if the user does not have permission to grant a user permissions
-
grantNamespacePermission
void grantNamespacePermission(String principal, String namespace, NamespacePermission permission) throws AccumuloException, AccumuloSecurityException
Grant a user a specific permission for a specific namespace- Parameters:
principal
- the name of the user to modifynamespace
- the name of the namespace to modify for the userpermission
- the namespace permission to grant to the user- Throws:
AccumuloException
- if a general error occursAccumuloSecurityException
- if the user does not have permission to grant a user permissions
-
revokeSystemPermission
void revokeSystemPermission(String principal, SystemPermission permission) throws AccumuloException, AccumuloSecurityException
Revoke a system permission from a user- Parameters:
principal
- the name of the user to modifypermission
- the system permission to revoke for the user- Throws:
AccumuloException
- if a general error occursAccumuloSecurityException
- if the user does not have permission to revoke a user's permissions
-
revokeTablePermission
void revokeTablePermission(String principal, String table, TablePermission permission) throws AccumuloException, AccumuloSecurityException
Revoke a table permission for a specific user on a specific table- Parameters:
principal
- the name of the user to modifytable
- the name of the table to modify for the userpermission
- the table permission to revoke for the user- Throws:
AccumuloException
- if a general error occursAccumuloSecurityException
- if the user does not have permission to revoke a user's permissions
-
revokeNamespacePermission
void revokeNamespacePermission(String principal, String namespace, NamespacePermission permission) throws AccumuloException, AccumuloSecurityException
Revoke a namespace permission for a specific user on a specific namespace- Parameters:
principal
- the name of the user to modifynamespace
- the name of the namespace to modify for the userpermission
- the namespace permission to revoke for the user- Throws:
AccumuloException
- if a general error occursAccumuloSecurityException
- if the user does not have permission to revoke a user's permissions
-
listLocalUsers
Set<String> listLocalUsers() throws AccumuloException, AccumuloSecurityException
Return a list of users in accumulo- Returns:
- a set of user names
- Throws:
AccumuloException
- if a general error occursAccumuloSecurityException
- if the user does not have permission to query users- Since:
- 1.5.0
-
getDelegationToken
DelegationToken getDelegationToken(DelegationTokenConfig cfg) throws AccumuloException, AccumuloSecurityException
Obtain aDelegationToken
for use when Kerberos credentials cannot be used (e.g. YARN Jobs)- Throws:
AccumuloException
AccumuloSecurityException
- Since:
- 1.7.0
-
-