private AuthorizationException authorizationException(Exception e) { return new AuthorizationException(e); }
doAuthorization(queryState.getHiveOperation(), sem, command); } catch (AuthorizationException authExp) { console.printError("Authorization failed:" + authExp.getMessage() + ". Use SHOW GRANT to get more details."); errorMessage = authExp.getMessage(); SQLState = "42000"; return 403;
console.printError("Authorization failed:" + authExp.getMessage() + ". Use SHOW GRANT to get more details."); errorMessage = authExp.getMessage(); SQLState = "42000"; throw createProcessorResponse(403);
private AuthorizationException authorizationException(Exception e) { return new AuthorizationException(e); }
+ permsRequired; String msgForConsole = HiveAuthzConf.HIVE_SENTRY_PRIVILEGE_ERROR_MESSAGE + "\n " + e.getMessage()+ "\n The required privileges: " + permsRequired;
@Override public void authorizeAuthorizationApiInvocation() throws AuthorizationException { if (HiveMetaStore.isMetaStoreRemote()) { throw new AuthorizationException(errMsg); } }
doAuthorization(sem); } catch (AuthorizationException authExp) { console.printError("Authorization failed:" + authExp.getMessage() + ". Use show grant to get more details."); return 403;
/** * Given a privilege, return what FsActions are required */ protected FsAction getFsAction(Privilege priv) { switch (priv.getPriv()) { case ALL: return FsAction.READ_WRITE; case ALTER_DATA: return FsAction.WRITE; case ALTER_METADATA: return FsAction.WRITE; case CREATE: return FsAction.WRITE; case DROP: return FsAction.WRITE; case INDEX: throw new AuthorizationException( "StorageBasedAuthorizationProvider cannot handle INDEX privilege"); case LOCK: throw new AuthorizationException( "StorageBasedAuthorizationProvider cannot handle LOCK privilege"); case SELECT: return FsAction.READ; case SHOW_DATABASE: return FsAction.READ; case UNKNOWN: default: throw new AuthorizationException("Unknown privilege"); } }
doAuthorization(sem, command); } catch (AuthorizationException authExp) { console.printError("Authorization failed:" + authExp.getMessage() + ". Use SHOW GRANT to get more details."); errorMessage = authExp.getMessage(); SQLState = "42000"; return 403;
/** * Given a privilege, return what FsActions are required */ protected FsAction getFsAction(Privilege priv) { switch (priv.getPriv()) { case ALL: return FsAction.READ_WRITE; case ALTER_DATA: return FsAction.WRITE; case ALTER_METADATA: return FsAction.WRITE; case CREATE: return FsAction.WRITE; case DROP: return FsAction.WRITE; case LOCK: throw new AuthorizationException( "StorageBasedAuthorizationProvider cannot handle LOCK privilege"); case SELECT: return FsAction.READ; case SHOW_DATABASE: return FsAction.READ; case UNKNOWN: default: throw new AuthorizationException("Unknown privilege"); } }
@Override public void authorizeAuthorizationApiInvocation() throws AuthorizationException { if (HiveMetaStore.isMetaStoreRemote()) { throw new AuthorizationException(errMsg); } }
int input = this.firstFalseIndex(inputCheck); if (input >= 0) { throw new AuthorizationException("No privilege '" + inputRequiredPriv[input].toString() + "' found for inputs " + hiveObject); int output = this.firstFalseIndex(outputCheck); if (output >= 0) { throw new AuthorizationException("No privilege '" + outputRequiredPriv[output].toString() + "' found for outputs " + hiveObject);
int input = this.firstFalseIndex(inputCheck); if (input >= 0) { throw new AuthorizationException("No privilege '" + inputRequiredPriv[input].toString() + "' found for inputs " + hiveObject); int output = this.firstFalseIndex(outputCheck); if (output >= 0) { throw new AuthorizationException("No privilege '" + outputRequiredPriv[output].toString() + "' found for outputs " + hiveObject);
private AuthorizationException authorizationException(Exception e) { return new AuthorizationException(e); }
/** * Given a privilege, return what FsActions are required */ protected FsAction getFsAction(Privilege priv) { switch (priv.getPriv()) { case ALL: return FsAction.READ_WRITE; case ALTER_DATA: return FsAction.WRITE; case ALTER_METADATA: return FsAction.WRITE; case CREATE: return FsAction.WRITE; case DROP: return FsAction.WRITE; case INDEX: throw new AuthorizationException( "StorageBasedAuthorizationProvider cannot handle INDEX privilege"); case LOCK: throw new AuthorizationException( "StorageBasedAuthorizationProvider cannot handle LOCK privilege"); case SELECT: return FsAction.READ; case SHOW_DATABASE: return FsAction.READ; case UNKNOWN: default: throw new AuthorizationException("Unknown privilege"); } }
@Override public void authorizeAuthorizationApiInvocation() throws AuthorizationException { if (HiveMetaStore.isMetaStoreRemote()) { throw new AuthorizationException(errMsg); } }
int input = this.firstFalseIndex(inputCheck); if (input >= 0) { throw new AuthorizationException("No privilege '" + inputRequiredPriv[input].toString() + "' found for inputs " + hiveObject); int output = this.firstFalseIndex(outputCheck); if (output >= 0) { throw new AuthorizationException("No privilege '" + outputRequiredPriv[output].toString() + "' found for outputs " + hiveObject);
int input = this.firstFalseIndex(inputCheck); if (input >= 0) { throw new AuthorizationException("No privilege '" + inputRequiredPriv[input].toString() + "' found for inputs " + hiveObject); int output = this.firstFalseIndex(outputCheck); if (output >= 0) { throw new AuthorizationException("No privilege '" + outputRequiredPriv[output].toString() + "' found for outputs " + hiveObject);
throw new AuthorizationException("Unknown operation scope type " + stmtAuthObject.getOperationScope().toString());
found = true; if (!authProvider.hasAccess(subject, inputHierarchy, entry.getValue(), activeRoleSet)) { throw new AuthorizationException("User " + subject.getName() + " does not have privileges for " + hiveOp.name()); throw new AuthorizationException("Required privilege( " + key.name() + ") not available in input privileges"); found = true; if (!authProvider.hasAccess(subject, outputHierarchy, requiredOutputPrivileges.get(key), activeRoleSet)) { throw new AuthorizationException("User " + subject.getName() + " does not have privileges for " + hiveOp.name()); throw new AuthorizationException("Required privilege( " + key.name() + ") not available in output privileges");