Package org.apache.accumulo.core.client.admin

Interface SecurityOperations

public interface SecurityOperations

Provides a class for managing users and permissions

Method Summary

Modifier and Type	Method	Description
boolean	authenticateUser(String user, byte[] password)	Deprecated. since 1.5.0; use authenticateUser(String, AuthenticationToken) instead.
boolean	authenticateUser(String principal, AuthenticationToken token)	Verify a username/password combination is valid
void	changeLocalUserPassword(String principal, PasswordToken token)	Set the user's password
void	changeUserAuthorizations(String principal, Authorizations authorizations)	Set the user's record-level authorizations
void	changeUserPassword(String user, byte[] password)	Deprecated. since 1.5.0; use changeLocalUserPassword(String, PasswordToken) or the user management functions of your configured authenticator instead.
void	createLocalUser(String principal, PasswordToken password)	Create a user
void	createUser(String user, byte[] password, Authorizations authorizations)	Deprecated. since 1.5.0; use createLocalUser(String, PasswordToken) or the user management functions of your configured authenticator instead.
void	dropLocalUser(String principal)	Delete a user
void	dropUser(String user)	Deprecated. since 1.5.0; use dropUser(String) or the user management functions of your configured authenticator instead.
DelegationToken	getDelegationToken(DelegationTokenConfig cfg)	Obtain a DelegationToken for use when Kerberos credentials cannot be used (e.g.
Authorizations	getUserAuthorizations(String principal)	Retrieves the user's authorizations for scanning
void	grantNamespacePermission(String principal, String namespace, NamespacePermission permission)	Grant a user a specific permission for a specific namespace
void	grantSystemPermission(String principal, SystemPermission permission)	Grant a user a system permission
void	grantTablePermission(String principal, String table, TablePermission permission)	Grant a user a specific permission for a specific table
boolean	hasNamespacePermission(String principal, String namespace, NamespacePermission perm)	Verify the user has a particular namespace permission
boolean	hasSystemPermission(String principal, SystemPermission perm)	Verify the user has a particular system permission
boolean	hasTablePermission(String principal, String table, TablePermission perm)	Verify the user has a particular table permission
Set<String>	listLocalUsers()	Return a list of users in accumulo
Set<String>	listUsers()	Deprecated. since 1.5.0; use listLocalUsers() or the user management functions of your configured authenticator instead.
void	revokeNamespacePermission(String principal, String namespace, NamespacePermission permission)	Revoke a namespace permission for a specific user on a specific namespace
void	revokeSystemPermission(String principal, SystemPermission permission)	Revoke a system permission from a user
void	revokeTablePermission(String principal, String table, TablePermission permission)	Revoke a table permission for a specific user on a specific table

Method Details

createUser

@Deprecated
void createUser(String user,
 byte[] password,
 Authorizations authorizations)
         throws AccumuloException,
AccumuloSecurityException

Deprecated.

since 1.5.0; use createLocalUser(String, PasswordToken) or the user management functions of your configured authenticator instead.

Create a user

Parameters:

user - the name of the user to create

password - the plaintext password for the user

authorizations - the authorizations that the user has for scanning

Throws:

AccumuloException - if a general error occurs

AccumuloSecurityException - if the user does not have permission to create a user

createLocalUser

void createLocalUser(String principal,
 PasswordToken password)
              throws AccumuloException,
AccumuloSecurityException

Create a user

Parameters:

principal - the name of the user to create

password - the plaintext password for the user

Throws:

AccumuloException - if a general error occurs

AccumuloSecurityException - if the user does not have permission to create a user

Since:

1.5.0

dropUser

@Deprecated
void dropUser(String user)
       throws AccumuloException,
AccumuloSecurityException

Deprecated.

since 1.5.0; use dropUser(String) or the user management functions of your configured authenticator instead.

Delete a user

Parameters:

user - the user name to delete

Throws:

AccumuloException - if a general error occurs

AccumuloSecurityException - if the user does not have permission to delete a user

dropLocalUser

void dropLocalUser(String principal)
            throws AccumuloException,
AccumuloSecurityException

Delete a user

Parameters:

principal - the user name to delete

Throws:

AccumuloException - if a general error occurs

AccumuloSecurityException - if the user does not have permission to delete a user

Since:

1.5.0

authenticateUser

@Deprecated
boolean authenticateUser(String user,
 byte[] password)
                  throws AccumuloException,
AccumuloSecurityException

Deprecated.

since 1.5.0; use authenticateUser(String, AuthenticationToken) instead.

Verify a username/password combination is valid

Parameters:

user - the name of the user to authenticate

password - the plaintext password for the user

Returns:

true if the user asking is allowed to know and the specified user/password is valid, false otherwise

Throws:

AccumuloException - if a general error occurs

AccumuloSecurityException - if the user does not have permission to ask

authenticateUser

boolean authenticateUser(String principal,
 AuthenticationToken token)
                  throws AccumuloException,
AccumuloSecurityException

Verify a username/password combination is valid

Parameters:

principal - the name of the user to authenticate

token - the SecurityToken for the user

Returns:

true if the user asking is allowed to know and the specified principal/token is valid, false otherwise

Throws:

AccumuloException - if a general error occurs

AccumuloSecurityException - if the user does not have permission to ask

Since:

1.5.0

changeUserPassword

@Deprecated
void changeUserPassword(String user,
 byte[] password)
                 throws AccumuloException,
AccumuloSecurityException

Deprecated.

since 1.5.0; use changeLocalUserPassword(String, PasswordToken) or the user management functions of your configured authenticator instead.

Set the user's password

Parameters:

user - the name of the user to modify

password - the plaintext password for the user

Throws:

AccumuloException - if a general error occurs

AccumuloSecurityException - if the user does not have permission to modify a user

changeLocalUserPassword

void changeLocalUserPassword(String principal,
 PasswordToken token)
                      throws AccumuloException,
AccumuloSecurityException

Set the user's password

Parameters:

principal - the name of the user to modify

token - the plaintext password for the user

Throws:

AccumuloException - if a general error occurs

AccumuloSecurityException - if the user does not have permission to modify a user

Since:

1.5.0

changeUserAuthorizations

void changeUserAuthorizations(String principal,
 Authorizations authorizations)
                       throws AccumuloException,
AccumuloSecurityException

Set the user's record-level authorizations

Parameters:

principal - the name of the user to modify

authorizations - the authorizations that the user has for scanning

Throws:

AccumuloException - if a general error occurs

AccumuloSecurityException - if the user does not have permission to modify a user

getUserAuthorizations

Authorizations getUserAuthorizations(String principal)
                              throws AccumuloException,
AccumuloSecurityException

Retrieves the user's authorizations for scanning

Parameters:

principal - the name of the user to query

Returns:

the set of authorizations the user has available for scanning

Throws:

AccumuloException - if a general error occurs

AccumuloSecurityException - if the user does not have permission to query a user

hasSystemPermission

boolean hasSystemPermission(String principal,
 SystemPermission perm)
                     throws AccumuloException,
AccumuloSecurityException

Verify the user has a particular system permission

Parameters:

principal - the name of the user to query

perm - the system permission to check for

Returns:

true if user has that permission; false otherwise

Throws:

AccumuloException - if a general error occurs

AccumuloSecurityException - if the user does not have permission to query a user

hasTablePermission

boolean hasTablePermission(String principal,
 String table,
 TablePermission perm)
                    throws AccumuloException,
AccumuloSecurityException

Verify the user has a particular table permission

Parameters:

principal - the name of the user to query

table - the name of the table to query about

perm - the table permission to check for

Returns:

true if user has that permission; false otherwise

Throws:

AccumuloException - if a general error occurs

AccumuloSecurityException - if the user does not have permission to query a user

hasNamespacePermission

boolean hasNamespacePermission(String principal,
 String namespace,
 NamespacePermission perm)
                        throws AccumuloException,
AccumuloSecurityException

Verify the user has a particular namespace permission

Parameters:

principal - the name of the user to query

namespace - the name of the namespace to query about

perm - the namespace permission to check for

Returns:

true if user has that permission; false otherwise

Throws:

AccumuloException - if a general error occurs

AccumuloSecurityException - if the user does not have permission to query a user

grantSystemPermission

void grantSystemPermission(String principal,
 SystemPermission permission)
                    throws AccumuloException,
AccumuloSecurityException

Grant a user a system permission

Parameters:

principal - the name of the user to modify

permission - the system permission to grant to the user

Throws:

AccumuloException - if a general error occurs

AccumuloSecurityException - if the user does not have permission to grant a user permissions

grantTablePermission

void grantTablePermission(String principal,
 String table,
 TablePermission permission)
                   throws AccumuloException,
AccumuloSecurityException

Grant a user a specific permission for a specific table

Parameters:

principal - the name of the user to modify

table - the name of the table to modify for the user

permission - the table permission to grant to the user

Throws:

AccumuloException - if a general error occurs

AccumuloSecurityException - if the user does not have permission to grant a user permissions

grantNamespacePermission

void grantNamespacePermission(String principal,
 String namespace,
 NamespacePermission permission)
                       throws AccumuloException,
AccumuloSecurityException

Grant a user a specific permission for a specific namespace

Parameters:

principal - the name of the user to modify

namespace - the name of the namespace to modify for the user

permission - the namespace permission to grant to the user

Throws:

AccumuloException - if a general error occurs

AccumuloSecurityException - if the user does not have permission to grant a user permissions

revokeSystemPermission

void revokeSystemPermission(String principal,
 SystemPermission permission)
                     throws AccumuloException,
AccumuloSecurityException

Revoke a system permission from a user

Parameters:

principal - the name of the user to modify

permission - the system permission to revoke for the user

Throws:

AccumuloException - if a general error occurs

AccumuloSecurityException - if the user does not have permission to revoke a user's permissions

revokeTablePermission

void revokeTablePermission(String principal,
 String table,
 TablePermission permission)
                    throws AccumuloException,
AccumuloSecurityException

Revoke a table permission for a specific user on a specific table

Parameters:

principal - the name of the user to modify

table - the name of the table to modify for the user

permission - the table permission to revoke for the user

Throws:

AccumuloException - if a general error occurs

AccumuloSecurityException - if the user does not have permission to revoke a user's permissions

revokeNamespacePermission

void revokeNamespacePermission(String principal,
 String namespace,
 NamespacePermission permission)
                        throws AccumuloException,
AccumuloSecurityException

Revoke a namespace permission for a specific user on a specific namespace

Parameters:

principal - the name of the user to modify

namespace - the name of the namespace to modify for the user

permission - the namespace permission to revoke for the user

Throws:

AccumuloException - if a general error occurs

AccumuloSecurityException - if the user does not have permission to revoke a user's permissions

listUsers

@Deprecated
Set<String> listUsers()
               throws AccumuloException,
AccumuloSecurityException

Deprecated.

since 1.5.0; use listLocalUsers() or the user management functions of your configured authenticator instead.

Return a list of users in accumulo

Returns:

a set of user names

Throws:

AccumuloException - if a general error occurs

AccumuloSecurityException - if the user does not have permission to query users

listLocalUsers

Set<String> listLocalUsers()
                    throws AccumuloException,
AccumuloSecurityException

Return a list of users in accumulo

Returns:

a set of user names

Throws:

AccumuloException - if a general error occurs

AccumuloSecurityException - if the user does not have permission to query users

Since:

1.5.0

getDelegationToken

DelegationToken getDelegationToken(DelegationTokenConfig cfg)
                            throws AccumuloException,
AccumuloSecurityException

Obtain a DelegationToken for use when Kerberos credentials cannot be used (e.g. YARN Jobs)

Throws:

AccumuloException

AccumuloSecurityException

Since:

1.7.0