@InterfaceAudience.Private public class AccessControlLists extends Object
AccessController
.
Access control lists are stored in an "internal" metadata table named
_acl_
. Each table's permission grants are stored as a separate row,
keyed by the table name. KeyValues for permissions assignments are stored
in one of the formats:
Key Desc -------- -------- user table level permissions for a user [R=read, W=write] group table level permissions for a group user,family column family level permissions for a user group,family column family level permissions for a group user,family,qualifier column qualifier level permissions for a user group,family,qualifier column qualifier level permissions for a groupAll values are encoded as byte arrays containing the codes from the org.apache.hadoop.hbase.security.access.TablePermission.Action enum.
Modifier and Type | Field and Description |
---|---|
static byte[] |
ACL_GLOBAL_NAME |
static char |
ACL_KEY_DELIMITER
Delimiter to separate user, column family, and qualifier in
_acl_ table info: column keys
|
static byte[] |
ACL_LIST_FAMILY |
static String |
ACL_LIST_FAMILY_STR
Column family used to store ACL grants
|
static TableName |
ACL_TABLE_NAME
Internal storage table for access control lists
|
static byte |
ACL_TAG_TYPE
KV tag to store per cell access control lists
|
static String |
GROUP_PREFIX
Prefix character to denote group names
|
static char |
NAMESPACE_PREFIX |
static String |
SUPERUSER_CONF_KEY
Configuration key for superusers
|
Constructor and Description |
---|
AccessControlLists() |
Modifier and Type | Method and Description |
---|---|
static byte[] |
fromNamespaceEntry(byte[] namespace) |
static String |
fromNamespaceEntry(String namespace) |
static List<Permission> |
getCellPermissionsForUser(User user,
Cell cell) |
static String |
getGroupName(String aclKey)
Returns the actual name for a group principal (stripped of the
group prefix).
|
static boolean |
isGroupPrincipal(String name)
Returns whether or not the given name should be interpreted as a group
principal.
|
static boolean |
isNamespaceEntry(byte[] entryName) |
static boolean |
isNamespaceEntry(String entryName) |
static com.google.common.collect.ListMultimap<String,TablePermission> |
readPermissions(byte[] data,
org.apache.hadoop.conf.Configuration conf)
Reads a set of permissions as
Writable instances
from the input stream. |
static String |
toGroupEntry(String name)
Returns the group entry with the group prefix for a group principal.
|
static byte[] |
toNamespaceEntry(byte[] namespace) |
static String |
toNamespaceEntry(String namespace) |
static byte[] |
writePermissionsAsBytes(com.google.common.collect.ListMultimap<String,TablePermission> perms,
org.apache.hadoop.conf.Configuration conf)
Writes a set of permissions as
Writable instances
and returns the resulting byte array. |
public static final TableName ACL_TABLE_NAME
public static final byte[] ACL_GLOBAL_NAME
public static final String ACL_LIST_FAMILY_STR
public static final byte[] ACL_LIST_FAMILY
public static final byte ACL_TAG_TYPE
public static final char NAMESPACE_PREFIX
public static final char ACL_KEY_DELIMITER
public static final String GROUP_PREFIX
public static final String SUPERUSER_CONF_KEY
public static byte[] writePermissionsAsBytes(com.google.common.collect.ListMultimap<String,TablePermission> perms, org.apache.hadoop.conf.Configuration conf)
Writable
instances
and returns the resulting byte array.
Writes a set of permission [user: table permission]public static com.google.common.collect.ListMultimap<String,TablePermission> readPermissions(byte[] data, org.apache.hadoop.conf.Configuration conf) throws DeserializationException
Writable
instances
from the input stream.DeserializationException
public static boolean isGroupPrincipal(String name)
public static String getGroupName(String aclKey)
public static String toGroupEntry(String name)
public static boolean isNamespaceEntry(String entryName)
public static boolean isNamespaceEntry(byte[] entryName)
public static byte[] toNamespaceEntry(byte[] namespace)
public static byte[] fromNamespaceEntry(byte[] namespace)
public static List<Permission> getCellPermissionsForUser(User user, Cell cell) throws IOException
IOException
Copyright © 2015 The Apache Software Foundation. All rights reserved.