@Override public String toString() { return this.getPriv().toString(); }
@Override public String toString() { return this.getPriv().toString(); }
/** * Given a privilege, return what FsActions are required */ protected FsAction getFsAction(Privilege priv) { switch (priv.getPriv()) { case ALL: return FsAction.READ_WRITE; case ALTER_DATA: return FsAction.WRITE; case ALTER_METADATA: return FsAction.WRITE; case CREATE: return FsAction.WRITE; case DROP: return FsAction.WRITE; case LOCK: throw new AuthorizationException( "StorageBasedAuthorizationProvider cannot handle LOCK privilege"); case SELECT: return FsAction.READ; case SHOW_DATABASE: return FsAction.READ; case UNKNOWN: default: throw new AuthorizationException("Unknown privilege"); } }
/** * Given a privilege, return what FsActions are required */ protected FsAction getFsAction(Privilege priv) { switch (priv.getPriv()) { case ALL: return FsAction.READ_WRITE; case ALTER_DATA: return FsAction.WRITE; case ALTER_METADATA: return FsAction.WRITE; case CREATE: return FsAction.WRITE; case DROP: return FsAction.WRITE; case INDEX: throw new AuthorizationException( "StorageBasedAuthorizationProvider cannot handle INDEX privilege"); case LOCK: throw new AuthorizationException( "StorageBasedAuthorizationProvider cannot handle LOCK privilege"); case SELECT: return FsAction.READ; case SHOW_DATABASE: return FsAction.READ; case UNKNOWN: default: throw new AuthorizationException("Unknown privilege"); } }
public static void grantUserTable(String privStr, PrivilegeType privType, QueryState queryState, Hive db) throws Exception { DDLWork work = AuthorizationTestUtil.analyze("GRANT " + privStr + " ON TABLE " + TABLE + " TO USER " + USER, queryState, db); GrantDesc grantDesc = work.getGrantDesc(); Assert.assertNotNull("Grant should not be null", grantDesc); //check privileges for(PrivilegeDesc privilege : ListSizeMatcher.inList(grantDesc.getPrivileges()).ofSize(1)) { Assert.assertEquals(privType, privilege.getPrivilege().getPriv()); } //check other parts for(PrincipalDesc principal : ListSizeMatcher.inList(grantDesc.getPrincipals()).ofSize(1)) { Assert.assertEquals(PrincipalType.USER, principal.getType()); Assert.assertEquals(USER, principal.getName()); } Assert.assertTrue("Expected table", grantDesc.getPrivilegeSubjectDesc().getTable()); Assert.assertEquals(TABLE_QNAME, grantDesc.getPrivilegeSubjectDesc().getObject()); }
@Override public String toString() { return this.getPriv().toString(); }
private List<PrivilegeDesc> analyzePrivilegeListDef(ASTNode node) throws SemanticException { List<PrivilegeDesc> ret = new ArrayList<PrivilegeDesc>(); for (int i = 0; i < node.getChildCount(); i++) { ASTNode privilegeDef = (ASTNode) node.getChild(i); ASTNode privilegeType = (ASTNode) privilegeDef.getChild(0); Privilege privObj = PrivilegeRegistry.getPrivilege(privilegeType.getType()); if (privObj == null) { throw new SemanticException("undefined privilege " + privilegeType.getType()); } if (!SentryHiveConstants.ALLOWED_PRIVS.contains(privObj.getPriv())) { String msg = SentryHiveConstants.PRIVILEGE_NOT_SUPPORTED + privObj.getPriv(); throw new SemanticException(msg); } List<String> cols = null; if (privilegeDef.getChildCount() > 1) { cols = BaseSemanticAnalyzer.getColumnNames((ASTNode) privilegeDef.getChild(1)); } if (cols != null && (privObj.getPriv().equals(PrivilegeType.INSERT) || privObj.getPriv().equals(PrivilegeType.ALL))) { String msg = SentryHiveConstants.PRIVILEGE_NOT_SUPPORTED + privObj.getPriv() + " on Column"; throw new SemanticException(msg); } PrivilegeDesc privilegeDesc = new PrivilegeDesc(privObj, cols); ret.add(privilegeDesc); } return ret; }
/** * Given a privilege, return what FsActions are required */ protected FsAction getFsAction(Privilege priv) { switch (priv.getPriv()) { case ALL: return FsAction.READ_WRITE; case ALTER_DATA: return FsAction.WRITE; case ALTER_METADATA: return FsAction.WRITE; case CREATE: return FsAction.WRITE; case DROP: return FsAction.WRITE; case INDEX: throw new AuthorizationException( "StorageBasedAuthorizationProvider cannot handle INDEX privilege"); case LOCK: throw new AuthorizationException( "StorageBasedAuthorizationProvider cannot handle LOCK privilege"); case SELECT: return FsAction.READ; case SHOW_DATABASE: return FsAction.READ; case UNKNOWN: default: throw new AuthorizationException("Unknown privilege"); } }
if (!SentryHiveConstants.ALLOWED_PRIVS.contains(privDesc.getPrivilege().getPriv())) { String msg = SentryHiveConstants.PRIVILEGE_NOT_SUPPORTED + privDesc.getPrivilege().getPriv(); throw new HiveException(msg); if (columnNames != null && (privDesc.getPrivilege().getPriv().equals(PrivilegeType.INSERT) || privDesc.getPrivilege().getPriv().equals(PrivilegeType.ALL))) { String msg = SentryHiveConstants.PRIVILEGE_NOT_SUPPORTED + privDesc.getPrivilege().getPriv() + " on Column"; throw new SemanticException(msg); if (serverName != null) { sentryClient.grantServerPrivilege(subject, princ.getName(), serverName, toSentryAction(privDesc.getPrivilege().getPriv()), grantOption); } else if (uriPath != null) { sentryClient.grantURIPrivilege(subject, princ.getName(), server, uriPath, grantOption); } else if (tableName == null) { sentryClient.grantDatabasePrivilege(subject, princ.getName(), server, dbName, toDbSentryAction(privDesc.getPrivilege().getPriv()), grantOption); } else if (columnNames == null) { sentryClient.grantTablePrivilege(subject, princ.getName(), server, dbName, tableName, toSentryAction(privDesc.getPrivilege().getPriv()), grantOption); } else { sentryClient.grantColumnsPrivileges(subject, princ.getName(), server, dbName, tableName, columnNames, toSentryAction(privDesc.getPrivilege().getPriv()), grantOption); toSentryAction(privDesc.getPrivilege().getPriv()), grantOption); } else if (uriPath != null) { sentryClient.revokeURIPrivilege(subject, princ.getName(), server, uriPath, grantOption); } else if (tableName == null) {