@Override public void grantRole(List<HivePrincipal> hivePrincipals, List<String> roles, boolean grantOption, HivePrincipal grantorPrinc) throws HiveAuthzPluginException, HiveAccessControlException { // validate principals hivePrincipals = SQLAuthorizationUtils.getValidatedPrincipals(hivePrincipals); roles = getLowerCaseRoleNames(roles); grantorPrinc = SQLAuthorizationUtils.getValidatedPrincipal(grantorPrinc); hiveAccessController.grantRole(hivePrincipals, roles, grantOption, grantorPrinc); }
@Override public void revokeRole(List<HivePrincipal> hivePrincipals, List<String> roles, boolean grantOption, HivePrincipal grantorPrinc) throws HiveAuthzPluginException, HiveAccessControlException { // validate hivePrincipals = SQLAuthorizationUtils.getValidatedPrincipals(hivePrincipals); roles = getLowerCaseRoleNames(roles); grantorPrinc = SQLAuthorizationUtils.getValidatedPrincipal(grantorPrinc); hiveAccessController.revokeRole(hivePrincipals, roles, grantOption, grantorPrinc); }
@Override public void grantPrivileges(List<HivePrincipal> hivePrincipals, List<HivePrivilege> hivePrivileges, HivePrivilegeObject hivePrivObject, HivePrincipal grantorPrincipal, boolean grantOption) throws HiveAuthzPluginException, HiveAccessControlException { // validate principals hivePrincipals = SQLAuthorizationUtils.getValidatedPrincipals(hivePrincipals); grantorPrincipal = SQLAuthorizationUtils.getValidatedPrincipal(grantorPrincipal); hiveAccessController.grantPrivileges(hivePrincipals, hivePrivileges, hivePrivObject, grantorPrincipal, grantOption); }
@Override public void revokePrivileges(List<HivePrincipal> hivePrincipals, List<HivePrivilege> hivePrivileges, HivePrivilegeObject hivePrivObject, HivePrincipal grantorPrincipal, boolean grantOption) throws HiveAuthzPluginException, HiveAccessControlException { // validate principals hivePrincipals = SQLAuthorizationUtils.getValidatedPrincipals(hivePrincipals); grantorPrincipal = SQLAuthorizationUtils.getValidatedPrincipal(grantorPrincipal); hiveAccessController.revokePrivileges(hivePrincipals, hivePrivileges, hivePrivObject, grantorPrincipal, grantOption); }
@Override public List<HivePrivilegeInfo> showPrivileges(HivePrincipal principal, HivePrivilegeObject privObj) throws HiveAuthzPluginException, HiveAccessControlException { // validate principal = SQLAuthorizationUtils.getValidatedPrincipal(principal); return hiveAccessController.showPrivileges(principal, privObj); }
@Override public List<HiveRoleGrant> getRoleGrantInfoForPrincipal(HivePrincipal principal) throws HiveAuthzPluginException, HiveAccessControlException { // validate principal = SQLAuthorizationUtils.getValidatedPrincipal(principal); return hiveAccessController.getRoleGrantInfoForPrincipal(principal); }
private List<HivePrivilege> expandAndValidatePrivileges(List<HivePrivilege> hivePrivileges) throws HiveAuthzPluginException { // expand ALL privileges, if any hivePrivileges = expandAllPrivileges(hivePrivileges); SQLAuthorizationUtils.validatePrivileges(hivePrivileges); return hivePrivileges; }
/** * Find matching enum * * @param privTypeStr * privilege type string * @param isGrant * @return * @throws HiveAuthzPluginException */ public static SQLPrivTypeGrant getSQLPrivTypeGrant(String privTypeStr, boolean isGrant) throws HiveAuthzPluginException { SQLPrivilegeType ptype = SQLPrivilegeType.getRequirePrivilege(privTypeStr); return getSQLPrivTypeGrant(ptype, isGrant); }
static void authorize(List<HivePrincipal> hivePrincipals, List<HivePrivilege> hivePrivileges, HivePrivilegeObject hivePrivObject, boolean grantOption, IMetaStoreClient metastoreClient, String userName, List<String> curRoles, boolean isAdmin) throws HiveAuthzPluginException, HiveAccessControlException { // check if this user has grant privileges for this privileges on this // object // map priv being granted to required privileges RequiredPrivileges reqPrivs = getGrantRequiredPrivileges(hivePrivileges); // check if this user has necessary privileges (reqPrivs) on this object checkRequiredPrivileges(reqPrivs, hivePrivObject, metastoreClient, userName, curRoles, isAdmin, HiveOperationType.GRANT_PRIVILEGE); }
@Override public HiveAuthorizer createHiveAuthorizer(HiveMetastoreClientFactory metastoreClientFactory, HiveConf conf, HiveAuthenticationProvider authenticator, HiveAuthzSessionContext ctx) throws HiveAuthzPluginException { SQLStdHiveAccessControllerWrapper privilegeManager = new SQLStdHiveAccessControllerWrapper(metastoreClientFactory, conf, authenticator, ctx); return new HiveAuthorizerImpl(privilegeManager, new DummyHiveAuthorizationValidator()); } }
private static void addPrivilegesFromFS( String userName, RequiredPrivileges availPrivs, FileSystem fs, FileStatus fileStatus, boolean recurse) throws Exception { Set<SQLPrivTypeGrant> privs = getPrivilegesFromFS(userName, fs, fileStatus, recurse); availPrivs.addAll(privs.toArray(new SQLPrivTypeGrant[privs.size()])); }
public void addAll(SQLPrivTypeGrant[] inputPrivs) { if (inputPrivs == null) { return; } for (SQLPrivTypeGrant privType : inputPrivs) { addPrivilege(privType); } }
SQLPrivTypeGrant(SQLPrivilegeType privType, boolean isGrant){ this.privType = privType; this.withGrant = isGrant; this.privDesc = privType.toString() + (withGrant ? " with grant" : ""); }
@Override public void grantRole(List<HivePrincipal> hivePrincipals, List<String> roles, boolean grantOption, HivePrincipal grantorPrinc) throws HiveAuthzPluginException, HiveAccessControlException { // validate principals hivePrincipals = SQLAuthorizationUtils.getValidatedPrincipals(hivePrincipals); roles = getLowerCaseRoleNames(roles); grantorPrinc = SQLAuthorizationUtils.getValidatedPrincipal(grantorPrinc); hiveAccessController.grantRole(hivePrincipals, roles, grantOption, grantorPrinc); }
@Override public void revokeRole(List<HivePrincipal> hivePrincipals, List<String> roles, boolean grantOption, HivePrincipal grantorPrinc) throws HiveAuthzPluginException, HiveAccessControlException { // validate hivePrincipals = SQLAuthorizationUtils.getValidatedPrincipals(hivePrincipals); roles = getLowerCaseRoleNames(roles); grantorPrinc = SQLAuthorizationUtils.getValidatedPrincipal(grantorPrinc); hiveAccessController.revokeRole(hivePrincipals, roles, grantOption, grantorPrinc); }
@Override public void grantPrivileges(List<HivePrincipal> hivePrincipals, List<HivePrivilege> hivePrivileges, HivePrivilegeObject hivePrivObject, HivePrincipal grantorPrincipal, boolean grantOption) throws HiveAuthzPluginException, HiveAccessControlException { // validate principals hivePrincipals = SQLAuthorizationUtils.getValidatedPrincipals(hivePrincipals); grantorPrincipal = SQLAuthorizationUtils.getValidatedPrincipal(grantorPrincipal); hiveAccessController.grantPrivileges(hivePrincipals, hivePrivileges, hivePrivObject, grantorPrincipal, grantOption); }
@Override public List<HivePrivilegeInfo> showPrivileges(HivePrincipal principal, HivePrivilegeObject privObj) throws HiveAuthzPluginException, HiveAccessControlException { // validate principal = SQLAuthorizationUtils.getValidatedPrincipal(principal); return hiveAccessController.showPrivileges(principal, privObj); }
@Override public List<HiveRoleGrant> getRoleGrantInfoForPrincipal(HivePrincipal principal) throws HiveAuthzPluginException, HiveAccessControlException { // validate principal = SQLAuthorizationUtils.getValidatedPrincipal(principal); return hiveAccessController.getRoleGrantInfoForPrincipal(principal); }