org.apache.accumulo.core.client.admin

Interface SecurityOperations

public interface SecurityOperations

Provides a class for managing users and permissions

Method Summary

Modifier and Type	Method and Description
boolean	authenticateUser(String principal, AuthenticationToken token) Verify a username/password combination is valid
boolean	authenticateUser(String user, byte[] password) Deprecated. since 1.5.0; use authenticateUser(String, AuthenticationToken) instead.
void	changeLocalUserPassword(String principal, PasswordToken token) Set the user's password
void	changeUserAuthorizations(String principal, Authorizations authorizations) Set the user's record-level authorizations
void	changeUserPassword(String user, byte[] password) Deprecated. since 1.5.0; use changeLocalUserPassword(String, PasswordToken) or the user management functions of your configured authenticator instead.
void	createLocalUser(String principal, PasswordToken password) Create a user
void	createUser(String user, byte[] password, Authorizations authorizations) Deprecated. since 1.5.0; use createLocalUser(String, PasswordToken) or the user management functions of your configured authenticator instead.
void	dropLocalUser(String principal) Delete a user
void	dropUser(String user) Deprecated. since 1.5.0; use dropUser(String) or the user management functions of your configured authenticator instead.
DelegationToken	getDelegationToken(DelegationTokenConfig cfg) Obtain a DelegationToken for use when Kerberos credentials cannot be used (e.g.
Authorizations	getUserAuthorizations(String principal) Retrieves the user's authorizations for scanning
void	grantNamespacePermission(String principal, String namespace, NamespacePermission permission) Grant a user a specific permission for a specific namespace
void	grantSystemPermission(String principal, SystemPermission permission) Grant a user a system permission
void	grantTablePermission(String principal, String table, TablePermission permission) Grant a user a specific permission for a specific table
boolean	hasNamespacePermission(String principal, String namespace, NamespacePermission perm) Verify the user has a particular namespace permission
boolean	hasSystemPermission(String principal, SystemPermission perm) Verify the user has a particular system permission
boolean	hasTablePermission(String principal, String table, TablePermission perm) Verify the user has a particular table permission
Set<String>	listLocalUsers() Return a list of users in accumulo
Set<String>	listUsers() Deprecated. since 1.5.0; use listLocalUsers() or the user management functions of your configured authenticator instead.
void	revokeNamespacePermission(String principal, String namespace, NamespacePermission permission) Revoke a namespace permission for a specific user on a specific namespace
void	revokeSystemPermission(String principal, SystemPermission permission) Revoke a system permission from a user
void	revokeTablePermission(String principal, String table, TablePermission permission) Revoke a table permission for a specific user on a specific table

Method Detail

createUser

@Deprecated
void createUser(String user,
                            byte[] password,
                            Authorizations authorizations)
                     throws AccumuloException,
                            AccumuloSecurityException

Deprecated. since 1.5.0; use createLocalUser(String, PasswordToken) or the user management functions of your configured authenticator instead.

Create a user

Parameters:

user - the name of the user to create

password - the plaintext password for the user

authorizations - the authorizations that the user has for scanning

Throws:

AccumuloException - if a general error occurs

AccumuloSecurityException - if the user does not have permission to create a user

createLocalUser

void createLocalUser(String principal,
                     PasswordToken password)
              throws AccumuloException,
                     AccumuloSecurityException

Create a user

Parameters:

principal - the name of the user to create

password - the plaintext password for the user

Throws:

AccumuloException - if a general error occurs

AccumuloSecurityException - if the user does not have permission to create a user

Since:

1.5.0

dropUser

@Deprecated
void dropUser(String user)
                   throws AccumuloException,
                          AccumuloSecurityException

Deprecated. since 1.5.0; use dropUser(String) or the user management functions of your configured authenticator instead.

Delete a user

Parameters:

user - the user name to delete

Throws:

AccumuloException - if a general error occurs

AccumuloSecurityException - if the user does not have permission to delete a user

dropLocalUser

void dropLocalUser(String principal)
            throws AccumuloException,
                   AccumuloSecurityException

Delete a user

Parameters:

principal - the user name to delete

Throws:

AccumuloException - if a general error occurs

AccumuloSecurityException - if the user does not have permission to delete a user

Since:

1.5.0

authenticateUser

@Deprecated
boolean authenticateUser(String user,
                                     byte[] password)
                              throws AccumuloException,
                                     AccumuloSecurityException

Deprecated. since 1.5.0; use authenticateUser(String, AuthenticationToken) instead.

Verify a username/password combination is valid

Parameters:

user - the name of the user to authenticate

password - the plaintext password for the user

Returns:

true if the user asking is allowed to know and the specified user/password is valid, false otherwise

Throws:

AccumuloException - if a general error occurs

AccumuloSecurityException - if the user does not have permission to ask

authenticateUser

boolean authenticateUser(String principal,
                         AuthenticationToken token)
                  throws AccumuloException,
                         AccumuloSecurityException

Verify a username/password combination is valid

Parameters:

principal - the name of the user to authenticate

token - the SecurityToken for the user

Returns:

true if the user asking is allowed to know and the specified principal/token is valid, false otherwise

Throws:

AccumuloException - if a general error occurs

AccumuloSecurityException - if the user does not have permission to ask

Since:

1.5.0

changeUserPassword

@Deprecated
void changeUserPassword(String user,
                                    byte[] password)
                             throws AccumuloException,
                                    AccumuloSecurityException

Deprecated. since 1.5.0; use changeLocalUserPassword(String, PasswordToken) or the user management functions of your configured authenticator instead.

Set the user's password

Parameters:

user - the name of the user to modify

password - the plaintext password for the user

Throws:

AccumuloException - if a general error occurs

AccumuloSecurityException - if the user does not have permission to modify a user

changeLocalUserPassword

void changeLocalUserPassword(String principal,
                             PasswordToken token)
                      throws AccumuloException,
                             AccumuloSecurityException

Set the user's password

Parameters:

principal - the name of the user to modify

token - the plaintext password for the user

Throws:

AccumuloException - if a general error occurs

AccumuloSecurityException - if the user does not have permission to modify a user

Since:

1.5.0

changeUserAuthorizations

void changeUserAuthorizations(String principal,
                              Authorizations authorizations)
                       throws AccumuloException,
                              AccumuloSecurityException

Set the user's record-level authorizations

Parameters:

principal - the name of the user to modify

authorizations - the authorizations that the user has for scanning

Throws:

AccumuloException - if a general error occurs

AccumuloSecurityException - if the user does not have permission to modify a user

getUserAuthorizations

Authorizations getUserAuthorizations(String principal)
                              throws AccumuloException,
                                     AccumuloSecurityException

Retrieves the user's authorizations for scanning

Parameters:

principal - the name of the user to query

Returns:

the set of authorizations the user has available for scanning

Throws:

AccumuloException - if a general error occurs

AccumuloSecurityException - if the user does not have permission to query a user

hasSystemPermission

boolean hasSystemPermission(String principal,
                            SystemPermission perm)
                     throws AccumuloException,
                            AccumuloSecurityException

Verify the user has a particular system permission

Parameters:

principal - the name of the user to query

perm - the system permission to check for

Returns:

true if user has that permission; false otherwise

Throws:

AccumuloException - if a general error occurs

AccumuloSecurityException - if the user does not have permission to query a user

hasTablePermission

boolean hasTablePermission(String principal,
                           String table,
                           TablePermission perm)
                    throws AccumuloException,
                           AccumuloSecurityException

Verify the user has a particular table permission

Parameters:

principal - the name of the user to query

table - the name of the table to query about

perm - the table permission to check for

Returns:

true if user has that permission; false otherwise

Throws:

AccumuloException - if a general error occurs

AccumuloSecurityException - if the user does not have permission to query a user

hasNamespacePermission

boolean hasNamespacePermission(String principal,
                               String namespace,
                               NamespacePermission perm)
                        throws AccumuloException,
                               AccumuloSecurityException

Verify the user has a particular namespace permission

Parameters:

principal - the name of the user to query

namespace - the name of the namespace to query about

perm - the namespace permission to check for

Returns:

true if user has that permission; false otherwise

Throws:

AccumuloException - if a general error occurs

AccumuloSecurityException - if the user does not have permission to query a user

grantSystemPermission

void grantSystemPermission(String principal,
                           SystemPermission permission)
                    throws AccumuloException,
                           AccumuloSecurityException

Grant a user a system permission

Parameters:

principal - the name of the user to modify

permission - the system permission to grant to the user

Throws:

AccumuloException - if a general error occurs

AccumuloSecurityException - if the user does not have permission to grant a user permissions

grantTablePermission

void grantTablePermission(String principal,
                          String table,
                          TablePermission permission)
                   throws AccumuloException,
                          AccumuloSecurityException

Grant a user a specific permission for a specific table

Parameters:

principal - the name of the user to modify

table - the name of the table to modify for the user

permission - the table permission to grant to the user

Throws:

AccumuloException - if a general error occurs

AccumuloSecurityException - if the user does not have permission to grant a user permissions

grantNamespacePermission

void grantNamespacePermission(String principal,
                              String namespace,
                              NamespacePermission permission)
                       throws AccumuloException,
                              AccumuloSecurityException

Grant a user a specific permission for a specific namespace

Parameters:

principal - the name of the user to modify

namespace - the name of the namespace to modify for the user

permission - the namespace permission to grant to the user

Throws:

AccumuloException - if a general error occurs

AccumuloSecurityException - if the user does not have permission to grant a user permissions

revokeSystemPermission

void revokeSystemPermission(String principal,
                            SystemPermission permission)
                     throws AccumuloException,
                            AccumuloSecurityException

Revoke a system permission from a user

Parameters:

principal - the name of the user to modify

permission - the system permission to revoke for the user

Throws:

AccumuloException - if a general error occurs

AccumuloSecurityException - if the user does not have permission to revoke a user's permissions

revokeTablePermission

void revokeTablePermission(String principal,
                           String table,
                           TablePermission permission)
                    throws AccumuloException,
                           AccumuloSecurityException

Revoke a table permission for a specific user on a specific table

Parameters:

principal - the name of the user to modify

table - the name of the table to modify for the user

permission - the table permission to revoke for the user

Throws:

AccumuloException - if a general error occurs

AccumuloSecurityException - if the user does not have permission to revoke a user's permissions

revokeNamespacePermission

void revokeNamespacePermission(String principal,
                               String namespace,
                               NamespacePermission permission)
                        throws AccumuloException,
                               AccumuloSecurityException

Revoke a namespace permission for a specific user on a specific namespace

Parameters:

principal - the name of the user to modify

namespace - the name of the namespace to modify for the user

permission - the namespace permission to revoke for the user

Throws:

AccumuloException - if a general error occurs

AccumuloSecurityException - if the user does not have permission to revoke a user's permissions

listUsers

@Deprecated
Set<String> listUsers()
                           throws AccumuloException,
                                  AccumuloSecurityException

Deprecated. since 1.5.0; use listLocalUsers() or the user management functions of your configured authenticator instead.

Return a list of users in accumulo

Returns:

a set of user names

Throws:

AccumuloException - if a general error occurs

AccumuloSecurityException - if the user does not have permission to query users

listLocalUsers

Set<String> listLocalUsers()
                    throws AccumuloException,
                           AccumuloSecurityException

Return a list of users in accumulo

Returns:

a set of user names

Throws:

AccumuloException - if a general error occurs

AccumuloSecurityException - if the user does not have permission to query users

Since:

1.5.0

getDelegationToken

DelegationToken getDelegationToken(DelegationTokenConfig cfg)
                            throws AccumuloException,
                                   AccumuloSecurityException

Obtain a DelegationToken for use when Kerberos credentials cannot be used (e.g. YARN Jobs)

Throws:

AccumuloException

AccumuloSecurityException

Since:

1.7.0