org.apache.accumulo.core.client.admin

Class SecurityOperationsImpl

java.lang.Object

org.apache.accumulo.core.client.admin.SecurityOperationsImpl

All Implemented Interfaces:

SecurityOperations

public class SecurityOperationsImpl
extends Object
implements SecurityOperations

Constructor Summary

Constructors

Constructor and Description
SecurityOperationsImpl(Instance instance, org.apache.accumulo.core.security.thrift.AuthInfo credentials)

Method Summary

Methods

Modifier and Type	Method and Description
boolean	authenticateUser(String user, byte[] password) Verify a username/password combination is valid
void	changeUserAuthorizations(String user, Authorizations authorizations) Set the user's record-level authorizations
void	changeUserPassword(String user, byte[] password) Set the user's password
void	createUser(String user, byte[] password, Authorizations authorizations) Create a user
void	dropUser(String user) Delete a user
Authorizations	getUserAuthorizations(String user) Retrieves the user's authorizations for scanning
void	grantSystemPermission(String user, SystemPermission permission) Grant a user a system permission
void	grantTablePermission(String user, String table, TablePermission permission) Grant a user a specific permission for a specific table
boolean	hasSystemPermission(String user, SystemPermission perm) Verify the user has a particular system permission
boolean	hasTablePermission(String user, String table, TablePermission perm) Verify the user has a particular table permission
Set<String>	listUsers() Return a list of users in accumulo
void	revokeSystemPermission(String user, SystemPermission permission) Revoke a system permission from a user
void	revokeTablePermission(String user, String table, TablePermission permission) Revoke a table permission for a specific user on a specific table

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

SecurityOperationsImpl

public SecurityOperationsImpl(Instance instance,
                      org.apache.accumulo.core.security.thrift.AuthInfo credentials)

Parameters:

instance - the connection information

credentials - the user credentials to use for security operations

Method Detail

createUser

public void createUser(String user,
              byte[] password,
              Authorizations authorizations)
                throws AccumuloException,
                       AccumuloSecurityException

Create a user

Specified by:

createUser in interface SecurityOperations

Parameters:

user - the name of the user to create

password - the plaintext password for the user

authorizations - the authorizations that the user has for scanning

Throws:

AccumuloException - if a general error occurs

AccumuloSecurityException - if the user does not have permission to create a user

dropUser

public void dropUser(String user)
              throws AccumuloException,
                     AccumuloSecurityException

Delete a user

Specified by:

dropUser in interface SecurityOperations

Parameters:

user - the user name to delete

Throws:

AccumuloException - if a general error occurs

AccumuloSecurityException - if the user does not have permission to delete a user

authenticateUser

public boolean authenticateUser(String user,
                       byte[] password)
                         throws AccumuloException,
                                AccumuloSecurityException

Verify a username/password combination is valid

Specified by:

authenticateUser in interface SecurityOperations

Parameters:

user - the name of the user to authenticate

password - the plaintext password for the user

Returns:

true if the user asking is allowed to know and the specified user/password is valid, false otherwise

Throws:

AccumuloException - if a general error occurs

AccumuloSecurityException - if the user does not have permission to ask

changeUserPassword

public void changeUserPassword(String user,
                      byte[] password)
                        throws AccumuloException,
                               AccumuloSecurityException

Set the user's password

Specified by:

changeUserPassword in interface SecurityOperations

Parameters:

user - the name of the user to modify

password - the plaintext password for the user

Throws:

AccumuloException - if a general error occurs

AccumuloSecurityException - if the user does not have permission to modify a user

changeUserAuthorizations

public void changeUserAuthorizations(String user,
                            Authorizations authorizations)
                              throws AccumuloException,
                                     AccumuloSecurityException

Set the user's record-level authorizations

Specified by:

changeUserAuthorizations in interface SecurityOperations

Parameters:

user - the name of the user to modify

authorizations - the authorizations that the user has for scanning

Throws:

AccumuloException - if a general error occurs

AccumuloSecurityException - if the user does not have permission to modify a user

getUserAuthorizations

public Authorizations getUserAuthorizations(String user)
                                     throws AccumuloException,
                                            AccumuloSecurityException

Retrieves the user's authorizations for scanning

Specified by:

getUserAuthorizations in interface SecurityOperations

Parameters:

user - the name of the user to query

Returns:

the set of authorizations the user has available for scanning

Throws:

AccumuloException - if a general error occurs

AccumuloSecurityException - if the user does not have permission to query a user

hasSystemPermission

public boolean hasSystemPermission(String user,
                          SystemPermission perm)
                            throws AccumuloException,
                                   AccumuloSecurityException

Verify the user has a particular system permission

Specified by:

hasSystemPermission in interface SecurityOperations

Parameters:

user - the name of the user to query

perm - the system permission to check for

Returns:

true if user has that permission; false otherwise

Throws:

AccumuloException - if a general error occurs

AccumuloSecurityException - if the user does not have permission to query a user

hasTablePermission

public boolean hasTablePermission(String user,
                         String table,
                         TablePermission perm)
                           throws AccumuloException,
                                  AccumuloSecurityException

Verify the user has a particular table permission

Specified by:

hasTablePermission in interface SecurityOperations

Parameters:

user - the name of the user to query

table - the name of the table to query about

perm - the table permission to check for

Returns:

true if user has that permission; false otherwise

Throws:

AccumuloException - if a general error occurs

AccumuloSecurityException - if the user does not have permission to query a user

grantSystemPermission

public void grantSystemPermission(String user,
                         SystemPermission permission)
                           throws AccumuloException,
                                  AccumuloSecurityException

Grant a user a system permission

Specified by:

grantSystemPermission in interface SecurityOperations

Parameters:

user - the name of the user to modify

permission - the system permission to grant to the user

Throws:

AccumuloException - if a general error occurs

AccumuloSecurityException - if the user does not have permission to grant a user permissions

grantTablePermission

public void grantTablePermission(String user,
                        String table,
                        TablePermission permission)
                          throws AccumuloException,
                                 AccumuloSecurityException

Grant a user a specific permission for a specific table

Specified by:

grantTablePermission in interface SecurityOperations

Parameters:

user - the name of the user to modify

table - the name of the table to modify for the user

permission - the table permission to grant to the user

Throws:

AccumuloException - if a general error occurs

AccumuloSecurityException - if the user does not have permission to grant a user permissions

revokeSystemPermission

public void revokeSystemPermission(String user,
                          SystemPermission permission)
                            throws AccumuloException,
                                   AccumuloSecurityException

Revoke a system permission from a user

Specified by:

revokeSystemPermission in interface SecurityOperations

Parameters:

user - the name of the user to modify

permission - the system permission to revoke for the user

Throws:

AccumuloException - if a general error occurs

AccumuloSecurityException - if the user does not have permission to revoke a user's permissions

revokeTablePermission

public void revokeTablePermission(String user,
                         String table,
                         TablePermission permission)
                           throws AccumuloException,
                                  AccumuloSecurityException

Revoke a table permission for a specific user on a specific table

Specified by:

revokeTablePermission in interface SecurityOperations

Parameters:

user - the name of the user to modify

table - the name of the table to modify for the user

permission - the table permission to revoke for the user

Throws:

AccumuloException - if a general error occurs

AccumuloSecurityException - if the user does not have permission to revoke a user's permissions

listUsers

public Set<String> listUsers()
                      throws AccumuloException,
                             AccumuloSecurityException

Return a list of users in accumulo

Specified by:

listUsers in interface SecurityOperations

Returns:

a set of user names

Throws:

AccumuloException - if a general error occurs

AccumuloSecurityException - if the user does not have permission to query users