if (cl.hasOption(systemOpt.getOpt()) && permission[0].equalsIgnoreCase("System")) { try { shellState.getAccumuloClient().securityOperations().grantSystemPermission(user, SystemPermission.valueOf(permission[1])); Shell.log.debug("Granted " + user + " the " + permission[1] + " permission");
private void grantEverySystemPriv(Connector conn, String user) throws AccumuloSecurityException, AccumuloException { SystemPermission[] arrayOfP = new SystemPermission[] {SystemPermission.SYSTEM, SystemPermission.ALTER_TABLE, SystemPermission.ALTER_USER, SystemPermission.CREATE_TABLE, SystemPermission.CREATE_USER, SystemPermission.DROP_TABLE, SystemPermission.DROP_USER}; for (SystemPermission p : arrayOfP) { conn.securityOperations().grantSystemPermission(user, p); } }
private void changeSystemPermission(Connector conn, Random rand, String userName) throws AccumuloException, AccumuloSecurityException { EnumSet<SystemPermission> perms = EnumSet.noneOf(SystemPermission.class); for (SystemPermission p : SystemPermission.values()) { if (conn.securityOperations().hasSystemPermission(userName, p)) perms.add(p); } EnumSet<SystemPermission> more = EnumSet.allOf(SystemPermission.class); more.removeAll(perms); more.remove(SystemPermission.GRANT); if (rand.nextBoolean() && more.size() > 0) { List<SystemPermission> moreList = new ArrayList<>(more); SystemPermission choice = moreList.get(rand.nextInt(moreList.size())); log.debug("adding permission " + choice); conn.securityOperations().grantSystemPermission(userName, choice); } else { if (perms.size() > 0) { List<SystemPermission> permList = new ArrayList<>(perms); SystemPermission choice = permList.get(rand.nextInt(permList.size())); log.debug("removing permission " + choice); conn.securityOperations().revokeSystemPermission(userName, choice); } } }
if (cl.hasOption(systemOpt.getOpt()) && permission[0].equalsIgnoreCase("System")) { try { shellState.getConnector().securityOperations().grantSystemPermission(user, SystemPermission.valueOf(permission[1])); Shell.log.debug("Granted " + user + " the " + permission[1] + " permission");
@Override public Void run() throws Exception { Connector conn = mac.getConnector(rootUser.getPrincipal(), new KerberosToken()); conn.securityOperations().grantSystemPermission(qualifiedUser1, SystemPermission.CREATE_TABLE); return null; } });
@Override public void grantSystemPermission(ByteBuffer login, String user, org.apache.accumulo.proxy.thrift.SystemPermission perm) throws org.apache.accumulo.proxy.thrift.AccumuloException, org.apache.accumulo.proxy.thrift.AccumuloSecurityException, TException { try { getConnector(login).securityOperations().grantSystemPermission(user, SystemPermission.getPermissionById((byte) perm.getValue())); } catch (Exception e) { handleException(e); } }
connection = connectionFactory.getConnection(priority, trackingMap); SecurityOperations ops = connection.securityOperations(); ops.grantSystemPermission(userName, SystemPermission.valueOf(permission)); } catch (AccumuloSecurityException e) { log.error(e.getMessage(), e);
conn.securityOperations().grantSystemPermission(AUDIT_USER_1, SystemPermission.SYSTEM); conn.securityOperations().changeUserAuthorizations(AUDIT_USER_1, auths); grantEverySystemPriv(conn, AUDIT_USER_1);
conn.securityOperations().grantSystemPermission(AUDIT_USER_1, SystemPermission.SYSTEM); conn.securityOperations().changeUserAuthorizations(AUDIT_USER_1, auths); grantEverySystemPriv(conn, AUDIT_USER_1);
conn.securityOperations().grantSystemPermission(AUDIT_USER_1, SystemPermission.SYSTEM); conn.securityOperations().grantSystemPermission(AUDIT_USER_1, SystemPermission.CREATE_TABLE);
} else if ("give".equals(action)) { try { conn.securityOperations().grantSystemPermission(targetUser, sysPerm); } catch (AccumuloSecurityException ae) { switch (ae.getSecurityErrorCode()) {
conn.securityOperations().grantSystemPermission(AUDIT_USER_1, SystemPermission.SYSTEM); conn.securityOperations().grantSystemPermission(AUDIT_USER_1, SystemPermission.CREATE_USER); grantEverySystemPriv(conn, AUDIT_USER_1); conn.securityOperations().grantSystemPermission(AUDIT_USER_2, SystemPermission.ALTER_TABLE); conn.securityOperations().revokeSystemPermission(AUDIT_USER_2, SystemPermission.ALTER_TABLE); auditConnector.tableOperations().create(NEW_TEST_TABLE_NAME);
case GRANT: loginAs(rootUser); root_conn.securityOperations().grantSystemPermission(testUser.getPrincipal(), SystemPermission.GRANT); loginAs(testUser); test_user_conn.securityOperations().grantSystemPermission(testUser.getPrincipal(), SystemPermission.CREATE_TABLE); loginAs(rootUser);
loginAs(testUser); try { test_user_conn.securityOperations().grantSystemPermission(testUser.getPrincipal(), SystemPermission.GRANT); throw new IllegalStateException("Should NOT be able to grant System.GRANT to yourself");
testMissingSystemPermission(tableNamePrefix, c, rootUser, test_user_conn, testUser, perm); loginAs(rootUser); c.securityOperations().grantSystemPermission(principal, perm); verifyHasOnlyTheseSystemPermissions(c, principal, perm); testGrantedSystemPermission(tableNamePrefix, c, rootUser, test_user_conn, testUser, perm);
c.securityOperations().grantSystemPermission(u1, SystemPermission.CREATE_NAMESPACE); loginAs(user1); user1Con.namespaceOperations().create(n2); c.securityOperations().grantSystemPermission(u1, SystemPermission.DROP_NAMESPACE); loginAs(user1); user1Con.namespaceOperations().delete(n2); c.securityOperations().grantSystemPermission(u1, SystemPermission.ALTER_NAMESPACE); loginAs(user1); user1Con.namespaceOperations().setProperty(n1, Property.TABLE_FILE_MAX.getKey(), "33");
conn.securityOperations().grantSystemPermission(user, SystemPermission.CREATE_TABLE);