Interface SecurityOperations
public interface SecurityOperations
Provides a class for managing users and permissions
-
Method Summary
Modifier and TypeMethodDescriptionbooleanauthenticateUser(String principal, AuthenticationToken token) Verify a username/password combination is validvoidchangeLocalUserPassword(String principal, PasswordToken token) Set the user's passwordvoidchangeUserAuthorizations(String principal, Authorizations authorizations) Set the user's record-level authorizationsvoidcreateLocalUser(String principal, PasswordToken password) Create a uservoiddropLocalUser(String principal) Delete a userObtain aDelegationTokenfor use when Kerberos credentials cannot be used (e.g.getUserAuthorizations(String principal) Retrieves the user's authorizations for scanningvoidgrantNamespacePermission(String principal, String namespace, NamespacePermission permission) Grant a user a specific permission for a specific namespacevoidgrantSystemPermission(String principal, SystemPermission permission) Grant a user a system permissionvoidgrantTablePermission(String principal, String table, TablePermission permission) Grant a user a specific permission for a specific tablebooleanhasNamespacePermission(String principal, String namespace, NamespacePermission perm) Verify the user has a particular namespace permissionbooleanhasSystemPermission(String principal, SystemPermission perm) Verify the user has a particular system permissionbooleanhasTablePermission(String principal, String table, TablePermission perm) Verify the user has a particular table permissionReturn a list of users in accumulovoidrevokeNamespacePermission(String principal, String namespace, NamespacePermission permission) Revoke a namespace permission for a specific user on a specific namespacevoidrevokeSystemPermission(String principal, SystemPermission permission) Revoke a system permission from a uservoidrevokeTablePermission(String principal, String table, TablePermission permission) Revoke a table permission for a specific user on a specific table
-
Method Details
-
createLocalUser
void createLocalUser(String principal, PasswordToken password) throws AccumuloException, AccumuloSecurityException Create a user- Parameters:
principal- the name of the user to createpassword- the plaintext password for the user- Throws:
AccumuloException- if a general error occursAccumuloSecurityException- if the user does not have permission to create a user- Since:
- 1.5.0
-
dropLocalUser
Delete a user- Parameters:
principal- the user name to delete- Throws:
AccumuloException- if a general error occursAccumuloSecurityException- if the user does not have permission to delete a user- Since:
- 1.5.0
-
authenticateUser
boolean authenticateUser(String principal, AuthenticationToken token) throws AccumuloException, AccumuloSecurityException Verify a username/password combination is valid- Parameters:
principal- the name of the user to authenticatetoken- the SecurityToken for the user- Returns:
- true if the user asking is allowed to know and the specified principal/token is valid, false otherwise
- Throws:
AccumuloException- if a general error occursAccumuloSecurityException- if the user does not have permission to ask- Since:
- 1.5.0
-
changeLocalUserPassword
void changeLocalUserPassword(String principal, PasswordToken token) throws AccumuloException, AccumuloSecurityException Set the user's password- Parameters:
principal- the name of the user to modifytoken- the plaintext password for the user- Throws:
AccumuloException- if a general error occursAccumuloSecurityException- if the user does not have permission to modify a user- Since:
- 1.5.0
-
changeUserAuthorizations
void changeUserAuthorizations(String principal, Authorizations authorizations) throws AccumuloException, AccumuloSecurityException Set the user's record-level authorizations- Parameters:
principal- the name of the user to modifyauthorizations- the authorizations that the user has for scanning- Throws:
AccumuloException- if a general error occursAccumuloSecurityException- if the user does not have permission to modify a user
-
getUserAuthorizations
Authorizations getUserAuthorizations(String principal) throws AccumuloException, AccumuloSecurityException Retrieves the user's authorizations for scanning- Parameters:
principal- the name of the user to query- Returns:
- the set of authorizations the user has available for scanning
- Throws:
AccumuloException- if a general error occursAccumuloSecurityException- if the user does not have permission to query a user
-
hasSystemPermission
boolean hasSystemPermission(String principal, SystemPermission perm) throws AccumuloException, AccumuloSecurityException Verify the user has a particular system permission- Parameters:
principal- the name of the user to queryperm- the system permission to check for- Returns:
- true if user has that permission; false otherwise
- Throws:
AccumuloException- if a general error occursAccumuloSecurityException- if the user does not have permission to query a user
-
hasTablePermission
boolean hasTablePermission(String principal, String table, TablePermission perm) throws AccumuloException, AccumuloSecurityException Verify the user has a particular table permission- Parameters:
principal- the name of the user to querytable- the name of the table to query aboutperm- the table permission to check for- Returns:
- true if user has that permission; false otherwise
- Throws:
AccumuloException- if a general error occursAccumuloSecurityException- if the user does not have permission to query a user
-
hasNamespacePermission
boolean hasNamespacePermission(String principal, String namespace, NamespacePermission perm) throws AccumuloException, AccumuloSecurityException Verify the user has a particular namespace permission- Parameters:
principal- the name of the user to querynamespace- the name of the namespace to query aboutperm- the namespace permission to check for- Returns:
- true if user has that permission; false otherwise
- Throws:
AccumuloException- if a general error occursAccumuloSecurityException- if the user does not have permission to query a user
-
grantSystemPermission
void grantSystemPermission(String principal, SystemPermission permission) throws AccumuloException, AccumuloSecurityException Grant a user a system permission- Parameters:
principal- the name of the user to modifypermission- the system permission to grant to the user- Throws:
AccumuloException- if a general error occursAccumuloSecurityException- if the user does not have permission to grant a user permissions
-
grantTablePermission
void grantTablePermission(String principal, String table, TablePermission permission) throws AccumuloException, AccumuloSecurityException Grant a user a specific permission for a specific table- Parameters:
principal- the name of the user to modifytable- the name of the table to modify for the userpermission- the table permission to grant to the user- Throws:
AccumuloException- if a general error occursAccumuloSecurityException- if the user does not have permission to grant a user permissions
-
grantNamespacePermission
void grantNamespacePermission(String principal, String namespace, NamespacePermission permission) throws AccumuloException, AccumuloSecurityException Grant a user a specific permission for a specific namespace- Parameters:
principal- the name of the user to modifynamespace- the name of the namespace to modify for the userpermission- the namespace permission to grant to the user- Throws:
AccumuloException- if a general error occursAccumuloSecurityException- if the user does not have permission to grant a user permissions
-
revokeSystemPermission
void revokeSystemPermission(String principal, SystemPermission permission) throws AccumuloException, AccumuloSecurityException Revoke a system permission from a user- Parameters:
principal- the name of the user to modifypermission- the system permission to revoke for the user- Throws:
AccumuloException- if a general error occursAccumuloSecurityException- if the user does not have permission to revoke a user's permissions
-
revokeTablePermission
void revokeTablePermission(String principal, String table, TablePermission permission) throws AccumuloException, AccumuloSecurityException Revoke a table permission for a specific user on a specific table- Parameters:
principal- the name of the user to modifytable- the name of the table to modify for the userpermission- the table permission to revoke for the user- Throws:
AccumuloException- if a general error occursAccumuloSecurityException- if the user does not have permission to revoke a user's permissions
-
revokeNamespacePermission
void revokeNamespacePermission(String principal, String namespace, NamespacePermission permission) throws AccumuloException, AccumuloSecurityException Revoke a namespace permission for a specific user on a specific namespace- Parameters:
principal- the name of the user to modifynamespace- the name of the namespace to modify for the userpermission- the namespace permission to revoke for the user- Throws:
AccumuloException- if a general error occursAccumuloSecurityException- if the user does not have permission to revoke a user's permissions
-
listLocalUsers
Return a list of users in accumulo- Returns:
- a set of user names
- Throws:
AccumuloException- if a general error occursAccumuloSecurityException- if the user does not have permission to query users- Since:
- 1.5.0
-
getDelegationToken
DelegationToken getDelegationToken(DelegationTokenConfig cfg) throws AccumuloException, AccumuloSecurityException Obtain aDelegationTokenfor use when Kerberos credentials cannot be used (e.g. YARN Jobs)- Throws:
AccumuloExceptionAccumuloSecurityException- Since:
- 1.7.0
-