@Override public void revokePrivileges(List<HivePrincipal> hivePrincipals, List<HivePrivilege> hivePrivileges, HivePrivilegeObject hivePrivObject, HivePrincipal grantorPrincipal, boolean grantOption) throws HiveAuthzPluginException, HiveAccessControlException { hivePrivileges = expandAndValidatePrivileges(hivePrivileges); IMetaStoreClient metastoreClient = metastoreClientFactory.getHiveMetastoreClient(); // authorize the revoke, and get the set of privileges to be revoked List<HiveObjectPrivilege> revokePrivs = RevokePrivAuthUtils .authorizeAndGetRevokePrivileges(hivePrincipals, hivePrivileges, hivePrivObject, grantOption, metastoreClient, authenticator.getUserName()); try { // unfortunately, the metastore api revokes all privileges that match on // principal, privilege object type it does not filter on the grator // username. // So this will revoke privileges that are granted by other users.This is // not SQL compliant behavior. Need to change/add a metastore api // that has desired behavior. metastoreClient.revoke_privileges(new PrivilegeBag(revokePrivs), grantOption); } catch (Exception e) { throw SQLAuthorizationUtils.getPluginException("Error revoking privileges", e); } }
@Override public void revokePrivileges(List<HivePrincipal> hivePrincipals, List<HivePrivilege> hivePrivileges, HivePrivilegeObject hivePrivObject, HivePrincipal grantorPrincipal, boolean grantOption) throws HiveAuthzPluginException, HiveAccessControlException { hivePrivileges = expandAndValidatePrivileges(hivePrivileges); IMetaStoreClient metastoreClient = metastoreClientFactory.getHiveMetastoreClient(); // authorize the revoke, and get the set of privileges to be revoked List<HiveObjectPrivilege> revokePrivs = RevokePrivAuthUtils .authorizeAndGetRevokePrivileges(hivePrincipals, hivePrivileges, hivePrivObject, grantOption, metastoreClient, authenticator.getUserName()); try { // unfortunately, the metastore api revokes all privileges that match on // principal, privilege object type it does not filter on the grator // username. // So this will revoke privileges that are granted by other users.This is // not SQL compliant behavior. Need to change/add a metastore api // that has desired behavior. metastoreClient.revoke_privileges(new PrivilegeBag(revokePrivs), grantOption); } catch (Exception e) { throw SQLAuthorizationUtils.getPluginException("Error revoking privileges", e); } }
@Override public void revokePrivileges(List<HivePrincipal> hivePrincipals, List<HivePrivilege> hivePrivileges, HivePrivilegeObject hivePrivObject, HivePrincipal grantorPrincipal, boolean grantOption) throws HiveAuthzPluginException, HiveAccessControlException { hivePrivileges = expandAndValidatePrivileges(hivePrivileges); IMetaStoreClient metastoreClient = metastoreClientFactory.getHiveMetastoreClient(); // authorize the revoke, and get the set of privileges to be revoked List<HiveObjectPrivilege> revokePrivs = RevokePrivAuthUtils .authorizeAndGetRevokePrivileges(hivePrincipals, hivePrivileges, hivePrivObject, grantOption, metastoreClient, authenticator.getUserName()); try { // unfortunately, the metastore api revokes all privileges that match on // principal, privilege object type it does not filter on the grator // username. // So this will revoke privileges that are granted by other users.This is // not SQL compliant behavior. Need to change/add a metastore api // that has desired behavior. metastoreClient.revoke_privileges(new PrivilegeBag(revokePrivs), grantOption); } catch (Exception e) { throw SQLAuthorizationUtils.getPluginException("Error revoking privileges", e); } }