Accumulo users can only perform actions if they are given permission.

Accumulo has three types of permissions:

These permissions are managed by SecurityOperations in Java API or the Accumulo shell.

Configuration

Accumulo’s PermissionHandler is configured by setting instance.security.permissionHandler.

The default permission handler is described below.

Granting permission

Users can be granted permissions in the shell:

  1. root@uno> grant System.CREATE_TABLE -s -u bob

Or in the Java API using SecurityOperations:

  1. client.securityOperations().grantSystem("bob", SystemPermission.CREATE_TABLE);

View permissions

Permissions can be listed for a user in the shell:

  1. root@uno> userpermissions -u bob
  2. System permissions: System.CREATE_TABLE, System.DROP_TABLE
  4. Namespace permissions (accumulo): Namespace.READ
  6. Table permissions (accumulo.metadata): Table.READ
  7. Table permissions (accumulo.replication): Table.READ
  8. Table permissions (accumulo.root): Table.READ

Revoking permissions

Permissions can be revoked for a user in the shell

  1. root@uno> revoke System.CREATE_TABLE -s -u bob

Or in the Java API using SecurityOperations:

  1. client.securityOperations().revokeSystemPermission("bob", SystemPermission.CREATE_TABLE);