Chapter 5. Security API
Accumulo controls access to data in its tables in a number of ways: authentication, permissions, and authorizations.
These can be thought of as applying at two levels: authentication and permissions at the higher application and table level, and authorizations—which are used along with column visibilities—at the lower, key-value–pair level. Authentication relates to Accumulo users and how a user confirms its identity to Accumulo. Permissions control what operations Accumulo users are allowed to perform. Authorizations control which key-value pairs Accumulo users are allowed to see.
Accumulo provides the ability to create accounts, grant permissions, and grant authorizations. All of these mechanisms are pluggable, with their defaults being to store and retrieve user information in ZooKeeper. Custom security mechanisms are discussed in “Custom Authentication, Permissions, and Authorization”.
High-level security-related operations such as creating users and granting permissions and authorizations are carried out via the SecurityOperations
object, obtained from a Connector
object:
SecurityOperations
secOps
=
conn
.
securityOperations
();
Security operations can be logged to an audit log if Accumulo is configured to do so (see “Auditing Security Operations”).
Low-level key-value–pair security occurs naturally whenever ColumnVisibility
and Authorizations
objects are used when reading and writing data.
For any given set of security mechanisms, there are essentially ...
Get Accumulo now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.