JobACLsManager (hadoop-mapreduce-client-core 0.23.5 API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.apache.hadoop.mapred
Class JobACLsManager

java.lang.Object
  org.apache.hadoop.mapred.JobACLsManager

@InterfaceAudience.Private public class JobACLsManager
extends Object
extends Object

Constructor Summary
`JobACLsManager(org.apache.hadoop.conf.Configuration conf)`

Method Summary
`boolean`	`areACLsEnabled()`
`boolean`	`checkAccess(org.apache.hadoop.security.UserGroupInformation callerUGI, JobACL jobOperation, String jobOwner, org.apache.hadoop.security.authorize.AccessControlList jobACL)` If authorization is enabled, checks whether the user (in the callerUGI) is authorized to perform the operation specified by 'jobOperation' on the job by checking if the user is jobOwner or part of job ACL for the specific job operation.
`Map<JobACL,org.apache.hadoop.security.authorize.AccessControlList>`	`constructJobACLs(org.apache.hadoop.conf.Configuration conf)` Construct the jobACLs from the configuration so that they can be kept in the memory.

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Constructor Detail

JobACLsManager

public JobACLsManager(org.apache.hadoop.conf.Configuration conf)

Method Detail

areACLsEnabled

public boolean areACLsEnabled()

constructJobACLs

public Map<JobACL,org.apache.hadoop.security.authorize.AccessControlList> constructJobACLs(org.apache.hadoop.conf.Configuration conf)

Construct the jobACLs from the configuration so that they can be kept in the memory. If authorization is disabled on the JT, nothing is constructed and an empty map is returned.

Returns:: JobACL to AccessControlList map.

checkAccess

public boolean checkAccess(org.apache.hadoop.security.UserGroupInformation callerUGI,
                           JobACL jobOperation,
                           String jobOwner,
                           org.apache.hadoop.security.authorize.AccessControlList jobACL)

If authorization is enabled, checks whether the user (in the callerUGI) is authorized to perform the operation specified by 'jobOperation' on the job by checking if the user is jobOwner or part of job ACL for the specific job operation.

The owner of the job can do any operation on the job
For all other users/groups job-acls are checked

Parameters:: callerUGI -; jobOperation -; jobOwner -; jobACL -
Throws:: org.apache.hadoop.security.AccessControlException