public void removePrivilege(MSentryPrivilege privilege) { if (privileges.remove(privilege)) { privilege.removePrincipal(this); } }
public void removePrivileges() { // As we iterate through the loop below Method removeRole will modify the privileges set // will be updated. // Copy of the <code>privileges<code> is taken at the beginning of the loop to avoid using // the actual privilege set in MSentryRole instance. for (MSentryPrivilege privilege : ImmutableSet.copyOf(privileges)) { privilege.removePrincipal(this); } Preconditions.checkState(privileges.isEmpty(), "Privileges should be empty: " + privileges); }
/** * Revoke privilege from role */ private void revokePrivilege(PersistenceManager pm, TSentryPrivilege tPrivilege, PrivilegePrincipal mEntity, MSentryPrivilege mPrivilege) throws SentryInvalidInputException { if (PARTIAL_REVOKE_ACTIONS.contains(mPrivilege.getAction())) { // if this privilege is in partial revoke actions // we will do partial revoke revokePartial(pm, tPrivilege, mEntity, mPrivilege); } else { // otherwise, // we will revoke it from role directly MSentryPrivilege persistedPriv = getMSentryPrivilege(convertToTSentryPrivilege(mPrivilege), pm); if (persistedPriv != null) { persistedPriv.removePrincipal(mEntity); persistPrivilege(pm, persistedPriv); } } }
if ((!persistedPriv.getRoles().isEmpty() || !persistedPriv.getUsers().isEmpty()) && mEntity != null) { persistedPriv.removePrincipal(mEntity); persistPrivilege(pm, persistedPriv);
/** * Drop all individual privileges from the privilege entity that form the grant all operation. * * @param pm The PersistenceManager to persist the changes. * @param principal The Sentry principal from where to drop the privileges. * @param privilege The Sentry privilege that has the authorizable object from where to drop the privileges. * @throws SentryInvalidInputException If an error occurs when dropping the privileges. */ private void dropPrivilegesForGrantAll(PersistenceManager pm, PrivilegePrincipal principal, TSentryPrivilege privilege) throws SentryInvalidInputException { // Re-use this object to search for the specific privilege TSentryPrivilege tNotAll = new TSentryPrivilege(privilege); for (String action : ALL_ACTIONS) { // These privileges do not form part of the grant all operation. // For instance, a role/user may have the OWNER and ALL privileges together. if (action.equalsIgnoreCase(AccessConstants.OWNER)) { continue; } // Set the action to search in the set of privileges of the entity tNotAll.setAction(action); MSentryPrivilege mAction = findMatchPrivilege(principal.getPrivileges(), convertToMSentryPrivilege(tNotAll)); if (mAction != null) { mAction.removePrincipal(principal); persistPrivilege(pm, mAction); } } }
private void revokePrivilegeAndGrantPartial(PersistenceManager pm, PrivilegePrincipal mEntity, MSentryPrivilege currentPrivilege, MSentryPrivilege persistedPriv, Set<String> addActions) throws SentryInvalidInputException { // If table / URI, remove ALL persistedPriv = getMSentryPrivilege(convertToTSentryPrivilege(persistedPriv), pm); if (persistedPriv != null) { persistedPriv.removePrincipal(mEntity); persistPrivilege(pm, persistedPriv); } currentPrivilege.setAction(AccessConstants.ALL); persistedPriv = getMSentryPrivilege(convertToTSentryPrivilege(currentPrivilege), pm); if (persistedPriv != null && mEntity.getPrivileges().contains(persistedPriv)) { persistedPriv.removePrincipal(mEntity); persistPrivilege(pm, persistedPriv); // add decomposed actions for (String addAction : addActions) { currentPrivilege.setAction(addAction); TSentryPrivilege tSentryPrivilege = convertToTSentryPrivilege(currentPrivilege); persistedPriv = getMSentryPrivilege(tSentryPrivilege, pm); if (persistedPriv == null) { persistedPriv = convertToMSentryPrivilege(tSentryPrivilege); } mEntity.appendPrivilege(persistedPriv); } persistedPriv.appendPrincipal(mEntity); pm.makePersistent(persistedPriv); } }
pm.retrieve(role); hivePrivilege = (MSentryPrivilege)role.getPrivileges().toArray()[0]; hivePrivilege.removePrincipal(role); pm.makePersistent(hivePrivilege); commitTransaction(pm);