@Override public List<HiveRoleGrant> getRoleGrantInfoForPrincipal(HivePrincipal principal) throws HiveAuthzPluginException, HiveAccessControlException { PrincipalType type = AuthorizationUtils.getThriftPrincipalType(principal.getType()); try { List<HiveRoleGrant> grants = new ArrayList<HiveRoleGrant>(); Hive hive = Hive.getWithFastCheck(this.conf); for (RolePrincipalGrant grant : hive.getRoleGrantInfoForPrincipal(principal.getName(), type)) { grants.add(new HiveRoleGrant(grant)); } return grants; } catch (HiveException e) { throw new HiveAuthzPluginException(e); } }
@Override public List<HiveRoleGrant> getRoleGrantInfoForPrincipal(HivePrincipal principal) throws HiveAuthzPluginException, HiveAccessControlException { PrincipalType type = AuthorizationUtils.getThriftPrincipalType(principal.getType()); try { List<HiveRoleGrant> grants = new ArrayList<HiveRoleGrant>(); Hive hive = Hive.getWithFastCheck(this.conf); for (RolePrincipalGrant grant : hive.getRoleGrantInfoForPrincipal(principal.getName(), type)) { grants.add(new HiveRoleGrant(grant)); } return grants; } catch (HiveException e) { throw new HiveAuthzPluginException(e); } }
try { msObjPrivs = mClient.list_privileges(principal.getName(), AuthorizationUtils.getThriftPrincipalType(principal.getType()), SQLAuthorizationUtils.getThriftHiveObjectRef(hivePrivObject)); } catch (MetaException e) {
private void grantOrRevokeRole(List<HivePrincipal> principals, List<String> roles, boolean grantOption, HivePrincipal grantor, boolean isGrant) throws HiveException { PrincipalType grantorType = AuthorizationUtils.getThriftPrincipalType(grantor.getType()); Hive hive = Hive.getWithFastCheck(this.conf); for (HivePrincipal principal : principals) { PrincipalType principalType = AuthorizationUtils.getThriftPrincipalType(principal.getType()); String userName = principal.getName(); for (String roleName : roles) { if (isGrant) { hive.grantRole(roleName, userName, principalType, grantor.getName(), grantorType, grantOption); } else { hive.revokeRole(roleName, userName, principalType, grantOption); } } } }
/** * Get thrift privilege grant info * @param privilege * @param grantorPrincipal * @param grantOption * @param grantTime * @return * @throws HiveException */ public static PrivilegeGrantInfo getThriftPrivilegeGrantInfo(HivePrivilege privilege, HivePrincipal grantorPrincipal, boolean grantOption, int grantTime) throws HiveException { return new PrivilegeGrantInfo(privilege.getName(), grantTime, grantorPrincipal.getName(), getThriftPrincipalType(grantorPrincipal.getType()), grantOption); }
private void grantOrRevokeRole(List<HivePrincipal> principals, List<String> roles, boolean grantOption, HivePrincipal grantor, boolean isGrant) throws HiveException { PrincipalType grantorType = AuthorizationUtils.getThriftPrincipalType(grantor.getType()); Hive hive = Hive.getWithFastCheck(this.conf); for (HivePrincipal principal : principals) { PrincipalType principalType = AuthorizationUtils.getThriftPrincipalType(principal.getType()); String userName = principal.getName(); for (String roleName : roles) { if (isGrant) { hive.grantRole(roleName, userName, principalType, grantor.getName(), grantorType, grantOption); } else { hive.revokeRole(roleName, userName, principalType, grantOption); } } } }
/** * Get thrift privilege grant info * @param privilege * @param grantorPrincipal * @param grantOption * @param grantTime * @return * @throws HiveException */ public static PrivilegeGrantInfo getThriftPrivilegeGrantInfo(HivePrivilege privilege, HivePrincipal grantorPrincipal, boolean grantOption, int grantTime) throws HiveException { return new PrivilegeGrantInfo(privilege.getName(), grantTime, grantorPrincipal.getName(), getThriftPrincipalType(grantorPrincipal.getType()), grantOption); }
@Override public List<HiveRoleGrant> getRoleGrantInfoForPrincipal(HivePrincipal principal) throws HiveAuthzPluginException, HiveAccessControlException { try { // first authorize the call if (!isUserAdmin()) { ensureShowGrantAllowed(principal); } List<RolePrincipalGrant> roleGrants = getRoleGrants(principal.getName(), AuthorizationUtils.getThriftPrincipalType(principal.getType())); List<HiveRoleGrant> hiveRoleGrants = new ArrayList<HiveRoleGrant>(roleGrants.size()); for (RolePrincipalGrant roleGrant : roleGrants) { hiveRoleGrants.add(new HiveRoleGrant(roleGrant)); } return hiveRoleGrants; } catch (Exception e) { throw SQLAuthorizationUtils.getPluginException("Error getting role grant information for user " + principal.getName(), e); } }
@Override public List<HiveRoleGrant> getRoleGrantInfoForPrincipal(HivePrincipal principal) throws HiveAuthzPluginException, HiveAccessControlException { try { // first authorize the call if (!isUserAdmin()) { ensureShowGrantAllowed(principal); } List<RolePrincipalGrant> roleGrants = getRoleGrants(principal.getName(), AuthorizationUtils.getThriftPrincipalType(principal.getType())); List<HiveRoleGrant> hiveRoleGrants = new ArrayList<HiveRoleGrant>(roleGrants.size()); for (RolePrincipalGrant roleGrant : roleGrants) { hiveRoleGrants.add(new HiveRoleGrant(roleGrant)); } return hiveRoleGrants; } catch (Exception e) { throw SQLAuthorizationUtils.getPluginException("Error getting role grant information for user " + principal.getName(), e); } }
@Override public void grantRole(List<HivePrincipal> hivePrincipals, List<String> roleNames, boolean grantOption, HivePrincipal grantorPrinc) throws HiveAuthzPluginException, HiveAccessControlException { if (!(isUserAdmin() || doesUserHasAdminOption(roleNames))) { throw new HiveAccessControlException("Current user : " + currentUserName+ " is not" + " allowed to grant role. " + ADMIN_ONLY_MSG + " Otherwise, " + HAS_ADMIN_PRIV_MSG); } for (HivePrincipal hivePrincipal : hivePrincipals) { for (String roleName : roleNames) { try { IMetaStoreClient mClient = metastoreClientFactory.getHiveMetastoreClient(); mClient.grant_role(roleName, hivePrincipal.getName(), AuthorizationUtils.getThriftPrincipalType(hivePrincipal.getType()), grantorPrinc.getName(), AuthorizationUtils.getThriftPrincipalType(grantorPrinc.getType()), grantOption); } catch (MetaException e) { throw SQLAuthorizationUtils.getPluginException("Error granting role", e); } catch (Exception e) { String msg = "Error granting roles for " + hivePrincipal.getName() + " to role " + roleName; throw SQLAuthorizationUtils.getPluginException(msg, e); } } } }
for (HivePrincipal principal : hivePrincipals) { HiveObjectPrivilege objPriv = new HiveObjectPrivilege(privObj, principal.getName(), AuthorizationUtils.getThriftPrincipalType(principal.getType()), grantInfo, "SQL"); privBag.addToPrivileges(objPriv);
private void grantOrRevokePrivs(List<HivePrincipal> principals, PrivilegeBag privBag, boolean isGrant, boolean grantOption) throws HiveException { for (HivePrincipal principal : principals) { PrincipalType type = AuthorizationUtils.getThriftPrincipalType(principal.getType()); for (HiveObjectPrivilege priv : privBag.getPrivileges()) { priv.setPrincipalName(principal.getName()); priv.setPrincipalType(type); } Hive hive = Hive.getWithFastCheck(this.conf); if (isGrant) { hive.grantPrivileges(privBag); } else { hive.revokePrivileges(privBag, grantOption); } } }
@Override public void grantRole(List<HivePrincipal> hivePrincipals, List<String> roleNames, boolean grantOption, HivePrincipal grantorPrinc) throws HiveAuthzPluginException, HiveAccessControlException { if (!(isUserAdmin() || doesUserHasAdminOption(roleNames))) { throw new HiveAccessControlException("Current user : " + currentUserName+ " is not" + " allowed to grant role. " + ADMIN_ONLY_MSG + " Otherwise, " + HAS_ADMIN_PRIV_MSG); } for (HivePrincipal hivePrincipal : hivePrincipals) { for (String roleName : roleNames) { try { IMetaStoreClient mClient = metastoreClientFactory.getHiveMetastoreClient(); mClient.grant_role(roleName, hivePrincipal.getName(), AuthorizationUtils.getThriftPrincipalType(hivePrincipal.getType()), grantorPrinc.getName(), AuthorizationUtils.getThriftPrincipalType(grantorPrinc.getType()), grantOption); } catch (MetaException e) { throw SQLAuthorizationUtils.getPluginException("Error granting role", e); } catch (Exception e) { String msg = "Error granting roles for " + hivePrincipal.getName() + " to role " + roleName; throw SQLAuthorizationUtils.getPluginException(msg, e); } } } }
private void grantOrRevokePrivs(List<HivePrincipal> principals, PrivilegeBag privBag, boolean isGrant, boolean grantOption) throws HiveException { for (HivePrincipal principal : principals) { PrincipalType type = AuthorizationUtils.getThriftPrincipalType(principal.getType()); for (HiveObjectPrivilege priv : privBag.getPrivileges()) { priv.setPrincipalName(principal.getName()); priv.setPrincipalType(type); } Hive hive = Hive.getWithFastCheck(this.conf); if (isGrant) { hive.grantPrivileges(privBag); } else { hive.revokePrivileges(privBag, grantOption); } } }
for (HivePrincipal principal : hivePrincipals) { HiveObjectPrivilege objPriv = new HiveObjectPrivilege(privObj, principal.getName(), AuthorizationUtils.getThriftPrincipalType(principal.getType()), grantInfo); privBag.addToPrivileges(objPriv);
String name = principal == null ? null : principal.getName(); PrincipalType type = AuthorizationUtils.getThriftPrincipalType(principal == null ? null : principal.getType());
@Override public void revokeRole(List<HivePrincipal> hivePrincipals, List<String> roleNames, boolean grantOption, HivePrincipal grantorPrinc) throws HiveAuthzPluginException, HiveAccessControlException { if (!(isUserAdmin() || doesUserHasAdminOption(roleNames))) { throw new HiveAccessControlException("Current user : " + currentUserName+ " is not" + " allowed to revoke role. " + ADMIN_ONLY_MSG + " Otherwise, " + HAS_ADMIN_PRIV_MSG); } for (HivePrincipal hivePrincipal : hivePrincipals) { for (String roleName : roleNames) { try { IMetaStoreClient mClient = metastoreClientFactory.getHiveMetastoreClient(); mClient.revoke_role(roleName, hivePrincipal.getName(), AuthorizationUtils.getThriftPrincipalType(hivePrincipal.getType()), grantOption); } catch (Exception e) { String msg = "Error revoking roles for " + hivePrincipal.getName() + " to role " + roleName; throw SQLAuthorizationUtils.getPluginException(msg, e); } } } }
String name = principal == null ? null : principal.getName(); PrincipalType type = AuthorizationUtils.getThriftPrincipalType(principal == null ? null : principal.getType());
@Override public void revokeRole(List<HivePrincipal> hivePrincipals, List<String> roleNames, boolean grantOption, HivePrincipal grantorPrinc) throws HiveAuthzPluginException, HiveAccessControlException { if (!(isUserAdmin() || doesUserHasAdminOption(roleNames))) { throw new HiveAccessControlException("Current user : " + currentUserName+ " is not" + " allowed to revoke role. " + ADMIN_ONLY_MSG + " Otherwise, " + HAS_ADMIN_PRIV_MSG); } for (HivePrincipal hivePrincipal : hivePrincipals) { for (String roleName : roleNames) { try { IMetaStoreClient mClient = metastoreClientFactory.getHiveMetastoreClient(); mClient.revoke_role(roleName, hivePrincipal.getName(), AuthorizationUtils.getThriftPrincipalType(hivePrincipal.getType()), grantOption); } catch (Exception e) { String msg = "Error revoking roles for " + hivePrincipal.getName() + " to role " + roleName; throw SQLAuthorizationUtils.getPluginException(msg, e); } } } }
String principalName = principal == null ? null : principal.getName(); PrincipalType principalType = principal == null ? null : AuthorizationUtils.getThriftPrincipalType(principal.getType());