O'Reilly logo

Accumulo by Billie Rinaldi, Aaron Cordova, Michael Wall

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 5. Security API

Accumulo controls access to data in its tables in a number of ways: authentication, permissions, and authorizations.

These can be thought of as applying at two levels: authentication and permissions at the higher application and table level, and authorizations—which are used along with column visibilities—at the lower, key-value–pair level. Authentication relates to Accumulo users and how a user confirms its identity to Accumulo. Permissions control what operations Accumulo users are allowed to perform. Authorizations control which key-value pairs Accumulo users are allowed to see.

Accumulo provides the ability to create accounts, grant permissions, and grant authorizations. All of these mechanisms are pluggable, with their defaults being to store and retrieve user information in ZooKeeper. Custom security mechanisms are discussed in “Custom Authentication, Permissions, and Authorization”.

High-level security-related operations such as creating users and granting permissions and authorizations are carried out via the SecurityOperations object, obtained from a Connector object:

SecurityOperations secOps = conn.securityOperations();

Security operations can be logged to an audit log if Accumulo is configured to do so (see “Auditing Security Operations”).

Low-level key-value–pair security occurs naturally whenever ColumnVisibility and Authorizations objects are used when reading and writing data.

For any given set of security mechanisms, there are essentially ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required