| blob | 3142a12b4ac9509381765117d358eab40ea2134d |
1 /**
2 * Licensed to the Apache Software Foundation (ASF) under one
3 * or more contributor license agreements. See the NOTICE file
4 * distributed with this work for additional information
5 * regarding copyright ownership. The ASF licenses this file
6 * to you under the Apache License, Version 2.0 (the
7 * "License"); you may not use this file except in compliance
8 * with the License. You may obtain a copy of the License at
9 *
10 * http://www.apache.org/licenses/LICENSE-2.0
11 *
12 * Unless required by applicable law or agreed to in writing, software
13 * distributed under the License is distributed on an "AS IS" BASIS,
14 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 * See the License for the specific language governing permissions and
16 * limitations under the License.
17 */
18 syntax = "proto2";
19 package hbase.pb;
21 option java_package = "org.apache.hadoop.hbase.shaded.protobuf.generated";
22 option java_outer_classname = "AccessControlProtos";
23 option java_generic_services = true;
24 option java_generate_equals_and_hash = true;
25 option optimize_for = SPEED;
27 import "HBase.proto";
29 /**
30 * Messages and services in shaded AccessControl.proto only use for serializing/deserializing permissions
31 * in .snapshotinfo, and should not use for access control logic for coprocessor endpoints compatibility
32 * (use AccessControl.proto under hbase-protocol module instead).
33 */
35 message Permission {
36 enum Action {
37 READ = 0;
38 WRITE = 1;
39 EXEC = 2;
40 CREATE = 3;
41 ADMIN = 4;
42 }
43 enum Type {
44 Global = 1;
45 Namespace = 2;
46 Table = 3;
47 }
48 required Type type = 1;
49 optional GlobalPermission global_permission = 2;
50 optional NamespacePermission namespace_permission = 3;
51 optional TablePermission table_permission = 4;
52 }
54 message TablePermission {
55 optional TableName table_name = 1;
56 optional bytes family = 2;
57 optional bytes qualifier = 3;
58 repeated Permission.Action action = 4;
59 }
61 message NamespacePermission {
62 optional bytes namespace_name = 1;
63 repeated Permission.Action action = 2;
64 }
66 message GlobalPermission {
67 repeated Permission.Action action = 1;
68 }
70 message UserPermission {
71 required bytes user = 1;
72 required Permission permission = 3;
73 }
75 /**
76 * Content of the /hbase/acl/<table or namespace> znode.
77 */
78 message UsersAndPermissions {
79 message UserPermissions {
80 required bytes user = 1;
81 repeated Permission permissions = 2;
82 }
84 repeated UserPermissions user_permissions = 1;
85 }
87 message GrantRequest {
88 required UserPermission user_permission = 1;
89 optional bool merge_existing_permissions = 2 [default = false];
90 }
92 message GrantResponse {
93 }
95 message RevokeRequest {
96 required UserPermission user_permission = 1;
97 }
99 message RevokeResponse {
100 }
102 message GetUserPermissionsRequest {
103 optional Permission.Type type = 1;
104 optional TableName table_name = 2;
105 optional bytes namespace_name = 3;
106 optional bytes column_family = 4;
107 optional bytes column_qualifier = 5;
108 optional bytes user_name = 6;
109 }
111 message GetUserPermissionsResponse {
112 repeated UserPermission user_permission = 1;
113 }
115 message CheckPermissionsRequest {
116 repeated Permission permission = 1;
117 }
119 message CheckPermissionsResponse {
120 }
122 message HasUserPermissionsRequest {
123 optional bytes user_name = 1;
124 repeated Permission permission = 2;
125 }
127 message HasUserPermissionsResponse {
128 repeated bool has_user_permission = 1;
129 }
131 service AccessControlService {
132 rpc Grant(GrantRequest)
133 returns (GrantResponse);
135 rpc Revoke(RevokeRequest)
136 returns (RevokeResponse);
138 rpc GetUserPermissions(GetUserPermissionsRequest)
139 returns (GetUserPermissionsResponse);
141 rpc CheckPermissions(CheckPermissionsRequest)
142 returns (CheckPermissionsResponse);
143 }