hadoop.kms.acl.CREATE * ACL for create-key operations. If the user is not in the GET ACL, the key material is not returned as part of the response. hadoop.kms.acl.DELETE * ACL for delete-key operations. hadoop.kms.acl.ROLLOVER * ACL for rollover-key operations. If the user is not in the GET ACL, the key material is not returned as part of the response. hadoop.kms.acl.GET * ACL for get-key-version and get-current-key operations. hadoop.kms.acl.GET_KEYS * ACL for get-keys operations. hadoop.kms.acl.GET_METADATA * ACL for get-key-metadata and get-keys-metadata operations. hadoop.kms.acl.SET_KEY_MATERIAL * Complementary ACL for CREATE and ROLLOVER operations to allow the client to provide the key material when creating or rolling a key. hadoop.kms.acl.GENERATE_EEK * ACL for generateEncryptedKey CryptoExtension operations. hadoop.kms.acl.DECRYPT_EEK * ACL for decryptEncryptedKey CryptoExtension operations. default.key.acl.MANAGEMENT * default ACL for MANAGEMENT operations for all key acls that are not explicitly defined. default.key.acl.GENERATE_EEK * default ACL for GENERATE_EEK operations for all key acls that are not explicitly defined. default.key.acl.DECRYPT_EEK * default ACL for DECRYPT_EEK operations for all key acls that are not explicitly defined. default.key.acl.READ * default ACL for READ operations for all key acls that are not explicitly defined.