You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@accumulo.apache.org by bi...@apache.org on 2012/01/06 18:58:34 UTC
svn commit: r1228308 - in /incubator/accumulo/branches/1.4/docs/examples:
README.dirlist README.visibility
Author: billie
Date: Fri Jan 6 17:58:33 2012
New Revision: 1228308
URL: http://svn.apache.org/viewvc?rev=1228308&view=rev
Log:
ACCUMULO-280 wrote a visibility example
Added:
incubator/accumulo/branches/1.4/docs/examples/README.visibility
Modified:
incubator/accumulo/branches/1.4/docs/examples/README.dirlist
Modified: incubator/accumulo/branches/1.4/docs/examples/README.dirlist
URL: http://svn.apache.org/viewvc/incubator/accumulo/branches/1.4/docs/examples/README.dirlist?rev=1228308&r1=1228307&r2=1228308&view=diff
==============================================================================
--- incubator/accumulo/branches/1.4/docs/examples/README.dirlist (original)
+++ incubator/accumulo/branches/1.4/docs/examples/README.dirlist Fri Jan 6 17:58:33 2012
@@ -37,8 +37,7 @@ This may take some time if there are lar
Note that running this example will create tables dirTable, indexTable, and dataTable in Accumulo that you should delete when you have completed the example.
If you modify a file or add new files in the directory ingested (e.g. /local/username/workspace), you can run Ingest again to add new information into the Accumulo tables.
-To browse the data ingested, use Viewer.java. Be sure to give the "username" user the authorizations to see the data (in this case, run "setauths -u username -s exampleVis" in the shell, and use the string "exampleVis" as the "auths" in command lines below)
-.
+To browse the data ingested, use Viewer.java. Be sure to give the "username" user the authorizations to see the data (in this case, run "setauths -u username -s exampleVis" in the shell, and use the string "exampleVis" as the "auths" in command lines below).
$ ./bin/accumulo org.apache.accumulo.examples.dirlist.Viewer instance zookeepers username password dirTable dataTable auths /local/username/workspace
@@ -56,7 +55,8 @@ To perform searches on file or directory
$ ./bin/accumulo org.apache.accumulo.examples.dirlist.QueryUtil instance zookeepers username password indexTable exampleVis filename*jar -search
To count the number of direct children (directories and files) and descendants (children and children's descendants, directories and files), run the FileCount over the dirTable table.
-The results are written back to the same table.
+The results are written back to the same table. FileCount reads from and writes to Accumulo. This requires scan authorizations for the read and a visibility for the data written.
+In this example, the authorizations and visibility are set to the same value, exampleVis. See README.visibility for more information on visibility and authorizations.
$ ./bin/accumulo org.apache.accumulo.examples.dirlist.FileCount instance zookeepers username password dirTable exampleVis exampleVis
Added: incubator/accumulo/branches/1.4/docs/examples/README.visibility
URL: http://svn.apache.org/viewvc/incubator/accumulo/branches/1.4/docs/examples/README.visibility?rev=1228308&view=auto
==============================================================================
--- incubator/accumulo/branches/1.4/docs/examples/README.visibility (added)
+++ incubator/accumulo/branches/1.4/docs/examples/README.visibility Fri Jan 6 17:58:33 2012
@@ -0,0 +1,111 @@
+Title: Visibility, Authorizations, and Permissions Example
+Notice: Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+ .
+ http://www.apache.org/licenses/LICENSE-2.0
+ .
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+
+## Creating a new user
+
+ root@instance> createuser username
+ Enter new password for 'username': ********
+ Please confirm new password for 'username': ********
+ root@instance> user username
+ Enter password for user username: ********
+ username@instance> createtable vistest
+ 06 10:48:47,931 [shell.Shell] ERROR: org.apache.accumulo.core.client.AccumuloSecurityException: Error PERMISSION_DENIED - User does not have permission to perform this action
+ username@instance> userpermissions
+ System permissions:
+
+ Table permissions (!METADATA): Table.READ
+ username@instance>
+
+A user does not by default have permission to create a table.
+
+## Granting permissions to a user
+
+ username@instance> user root
+ Enter password for user root: ********
+ root@instance> grant -s System.CREATE_TABLE -u username
+ root@instance> user username
+ Enter password for user username: ********
+ username@instance> createtable vistest
+ username@instance> userpermissions
+ System permissions: System.CREATE_TABLE
+
+ Table permissions (!METADATA): Table.READ
+ Table permissions (vistest): Table.READ, Table.WRITE, Table.BULK_IMPORT, Table.ALTER_TABLE, Table.GRANT, Table.DROP_TABLE
+ username@instance vistest>
+
+## Inserting data with visibilities
+
+Visibilities are boolean AND (&) and OR (|) combinations of authorization
+tokens. Authorization tokens are arbitrary strings taken from a restricted
+ASCII character set. Parentheses are required to specify order of operations
+in visibilities.
+
+ username@instance vistest> insert row f1 q1 v1 -l A
+ username@instance vistest> insert row f2 q2 v2 -l A&B
+ username@instance vistest> insert row f3 q3 v3 -l apple&carrot|broccoli|spinach
+ 06 11:19:01,432 [shell.Shell] ERROR: org.apache.accumulo.core.util.BadArgumentException: cannot mix | and & near index 12
+ apple&carrot|broccoli|spinach
+ ^
+ username@instance vistest> insert row f3 q3 v3 -l (apple&carrot)|broccoli|spinach
+ username@instance vistest>
+
+## Scanning with authorizations
+
+Authorizations are sets of authorization tokens. Each Accumulo user has
+authorizations and each Accumulo scan has authorizations. Scan authorizations
+are only allowed to be a subset of the user's authorizations. By default, a
+user's authorizations set is empty.
+
+ username@instance vistest> scan
+ username@instance vistest> scan -s A
+ 06 11:43:14,951 [shell.Shell] ERROR: java.lang.RuntimeException: org.apache.accumulo.core.client.AccumuloSecurityException: Error BAD_AUTHORIZATIONS - The user does not have the specified authorizations assigned
+ username@instance vistest>
+
+## Setting authorizations for a user
+
+ username@instance vistest> setauths -s A
+ 06 11:53:42,056 [shell.Shell] ERROR: org.apache.accumulo.core.client.AccumuloSecurityException: Error PERMISSION_DENIED - User does not have permission to perform this action
+ username@instance vistest>
+
+A user cannot set authorizations unless the user has the System.ALTER_USER permission.
+The root user has this permission.
+
+ username@instance vistest> user root
+ Enter password for user root: ********
+ root@instance vistest> setauths -s A -u username
+ root@instance vistest> user username
+ Enter password for user username: ********
+ username@instance vistest> scan -s A
+ row f1:q1 [A] v1
+ username@instance vistest> scan
+ row f1:q1 [A] v1
+ username@instance vistest>
+
+The default authorizations for a scan are the user's entire set of authorizations.
+
+ username@instance vistest> user root
+ Enter password for user root: ********
+ root@instance vistest> setauths -s A,B,broccoli -u username
+ root@instance vistest> user username
+ Enter password for user username: ********
+ username@instance vistest> scan
+ row f1:q1 [A] v1
+ row f2:q2 [A&B] v2
+ row f3:q3 [(apple&carrot)|broccoli|spinach] v3
+ username@instance vistest> scan -s B
+ username@instance vistest>