/** * Create HivePrivilegeObject of type {@link HivePrivilegeObjectType.COMMAND_PARAMS} * @param cmdParams * @return */ public static HivePrivilegeObject createHivePrivilegeObject(List<String> cmdParams) { return new HivePrivilegeObject(HivePrivilegeObjectType.COMMAND_PARAMS, null, null, null, null, cmdParams); }
/** * Create HivePrivilegeObject of type {@link HivePrivilegeObjectType.COMMAND_PARAMS} * @param cmdParams * @return */ public static HivePrivilegeObject createHivePrivilegeObject(List<String> cmdParams) { return new HivePrivilegeObject(HivePrivilegeObjectType.COMMAND_PARAMS, null, null, null, null, cmdParams); }
/** * Convert list of dbnames into list of HivePrivilegeObject * @param dbList * @return */ public static List<HivePrivilegeObject> getHivePrivDbObjects(List<String> dbList) { List<HivePrivilegeObject> objs = new ArrayList<HivePrivilegeObject>(); for (String dbname : dbList) { objs.add(new HivePrivilegeObject(HivePrivilegeObjectType.DATABASE, dbname, dbname)); } return objs; }
private List<HivePrivilegeObject> getHivePrivObjects(String dbName, List<String> tableList) { List<HivePrivilegeObject> objs = new ArrayList<HivePrivilegeObject>(); for(String tname : tableList) { objs.add(new HivePrivilegeObject(HivePrivilegeObjectType.TABLE_OR_VIEW, dbName, tname)); } return objs; }
/** * Convert list of dbnames into list of HivePrivilegeObject * @param dbList * @return */ public static List<HivePrivilegeObject> getHivePrivDbObjects(List<String> dbList) { List<HivePrivilegeObject> objs = new ArrayList<HivePrivilegeObject>(); for (String dbname : dbList) { objs.add(new HivePrivilegeObject(HivePrivilegeObjectType.DATABASE, dbname, dbname)); } return objs; }
private List<HivePrivilegeObject> getHivePrivObjects(String dbName, List<String> tableList) { List<HivePrivilegeObject> objs = new ArrayList<HivePrivilegeObject>(); for(String tname : tableList) { objs.add(new HivePrivilegeObject(HivePrivilegeObjectType.TABLE_OR_VIEW, dbName, tname)); } return objs; }
private List<HivePrivilegeObject> getPrivObjs(Map<String, List<String>> db2Tabs) { List<HivePrivilegeObject> privObjs = new ArrayList<>(); for (Entry<String, List<String>> dbTabs : db2Tabs.entrySet()) { for (String tabName : dbTabs.getValue()) { privObjs.add(new HivePrivilegeObject(HivePrivilegeObjectType.TABLE_OR_VIEW, dbTabs.getKey(), tabName)); } } return privObjs; }
/** * Check authorization for "SHOW TABLES" command in given Hive db. A {@link HiveAccessControlException} is thrown * for illegal access. * @param dbName */ public void authorizeShowTables(final String dbName) throws HiveAccessControlException { if (!authzEnabled) { return; } final HivePrivilegeObject toRead = new HivePrivilegeObject(HivePrivilegeObjectType.DATABASE, dbName, null); authorize(HiveOperationType.SHOWTABLES, ImmutableList.of(toRead), Collections.<HivePrivilegeObject> emptyList(), "SHOW TABLES"); }
/** * Check authorization for "READ TABLE" for given db.table. A {@link HiveAccessControlException} is thrown * for illegal access. * @param dbName * @param tableName */ public void authorizeReadTable(final String dbName, final String tableName) throws HiveAccessControlException { if (!authzEnabled) { return; } HivePrivilegeObject toRead = new HivePrivilegeObject(HivePrivilegeObjectType.TABLE_OR_VIEW, dbName, tableName); authorize(HiveOperationType.QUERY, ImmutableList.of(toRead), Collections.<HivePrivilegeObject> emptyList(), "READ TABLE"); }
private void addGrantPrivilegesToBag(HivePolicyProvider policyProvider, PrivilegeBag privBag, HiveObjectType type, String dbName, String tblName, String columnName, String authorizer) throws Exception { HiveResourceACLs objectAcls = null; switch (type) { case DATABASE: objectAcls = policyProvider .getResourceACLs(new HivePrivilegeObject(HivePrivilegeObjectType.DATABASE, dbName, null)); break; case TABLE: objectAcls = policyProvider .getResourceACLs(new HivePrivilegeObject(HivePrivilegeObjectType.TABLE_OR_VIEW, dbName, tblName)); break; case COLUMN: objectAcls = policyProvider .getResourceACLs(new HivePrivilegeObject(HivePrivilegeObjectType.COLUMN, dbName, tblName, null, columnName)); break; default: throw new RuntimeException("Get unknown object type " + type); } if (objectAcls == null) { return; } addACLsToBag(objectAcls.getUserPermissions(), privBag, type, dbName, tblName, columnName, PrincipalType.USER, authorizer); addACLsToBag(objectAcls.getGroupPermissions(), privBag, type, dbName, tblName, columnName, PrincipalType.GROUP, authorizer); }
private static void authorizeCommandThrowEx(SessionState ss, HiveOperationType type, List<String> command, String serviceObject) throws HiveAuthzPluginException, HiveAccessControlException { HivePrivilegeObject commandObj = HivePrivilegeObject.createHivePrivilegeObject(command); HivePrivilegeObject serviceObj = new HivePrivilegeObject(HivePrivilegeObject.HivePrivilegeObjectType.SERVICE_NAME, null, serviceObject, null, null, null); HiveAuthzContext.Builder ctxBuilder = new HiveAuthzContext.Builder(); ctxBuilder.setCommandString(Joiner.on(' ').join(command)); ctxBuilder.setUserIpAddress(ss.getUserIpAddress()); ctxBuilder.setForwardedAddresses(ss.getForwardedAddresses()); ss.getAuthorizerV2().checkPrivileges(type, Collections.singletonList(commandObj), Collections.singletonList(serviceObj), ctxBuilder.build()); } }
public static HivePrivilegeObject getHiveObjectRef(HiveObjectRef privObj) throws HiveException { if (privObj == null) { return null; } HivePrivilegeObjectType objType = getHiveObjType(privObj.getObjectType()); return new HivePrivilegeObject(objType, privObj.getDbName(), privObj.getObjectName(), privObj.getPartValues(), privObj.getColumnName()); }
@Override public HivePrivilegeObject getHivePrivilegeObject(PrivilegeObjectDesc privSubjectDesc) throws HiveException { // null means ALL for show grants, GLOBAL for grant/revoke HivePrivilegeObjectType objectType = null; String[] dbTable; List<String> partSpec = null; List<String> columns = null; if (privSubjectDesc == null) { dbTable = new String[] {null, null}; } else { if (privSubjectDesc.getTable()) { dbTable = Utilities.getDbTableName(privSubjectDesc.getObject()); } else { dbTable = new String[] {privSubjectDesc.getObject(), null}; } if (privSubjectDesc.getPartSpec() != null) { partSpec = new ArrayList<String>(privSubjectDesc.getPartSpec().values()); } columns = privSubjectDesc.getColumns(); objectType = AuthorizationUtils.getPrivObjectType(privSubjectDesc); } return new HivePrivilegeObject(objectType, dbTable[0], dbTable[1], partSpec, columns, null); }
public static HivePrivilegeObject getHiveObjectRef(HiveObjectRef privObj) throws HiveException { if (privObj == null) { return null; } HivePrivilegeObjectType objType = getHiveObjType(privObj.getObjectType()); return new HivePrivilegeObject(objType, privObj.getDbName(), privObj.getObjectName(), privObj.getPartValues(), privObj.getColumnName()); }
@Override public HivePrivilegeObject getHivePrivilegeObject(PrivilegeObjectDesc privSubjectDesc) throws HiveException { // null means ALL for show grants, GLOBAL for grant/revoke HivePrivilegeObjectType objectType = null; String[] dbTable; List<String> partSpec = null; List<String> columns = null; if (privSubjectDesc == null) { dbTable = new String[] {null, null}; } else { if (privSubjectDesc.getTable()) { dbTable = Utilities.getDbTableName(privSubjectDesc.getObject()); } else { dbTable = new String[] {privSubjectDesc.getObject(), null}; } if (privSubjectDesc.getPartSpec() != null) { partSpec = new ArrayList<String>(privSubjectDesc.getPartSpec().values()); } columns = privSubjectDesc.getColumns(); objectType = AuthorizationUtils.getPrivObjectType(privSubjectDesc); } return new HivePrivilegeObject(objectType, dbTable[0], dbTable[1], partSpec, columns, null); }
extractColumnInfos(table, colNames, new ArrayList<>()); basicInfos.put(new HivePrivilegeObject(table.getDbName(), table.getTableName(), colNames), null); extractColumnInfos(table, colNames, colTypes); basicInfos.put(new HivePrivilegeObject(table.getDbName(), table.getTableName(), colNames), new MaskAndFilterInfo(colTypes, additionalTabInfo.toString(), alias, astNode, table.isView(), table.isNonNative()));
HivePrivilegeObject hPrivObject = new HivePrivilegeObject(privObjType, dbname, objName, partKeys, columns, actionType, null); hivePrivobjs.add(hPrivObject);
HivePrivilegeObject hPrivObject = new HivePrivilegeObject(privObjType, dbname, objName, partKeys, columns, actionType, null, className); hivePrivobjs.add(hPrivObject);
HivePrivilegeObject resPrivObj = new HivePrivilegeObject( getPluginPrivilegeObjType(msObjRef.getObjectType()), msObjRef.getDbName(), msObjRef.getObjectName(), msObjRef.getPartValues(), msObjRef.getColumnName());
HivePrivilegeObject resPrivObj = new HivePrivilegeObject( getPluginPrivilegeObjType(msObjRef.getObjectType()), msObjRef.getDbName(), msObjRef.getObjectName(), msObjRef.getPartValues(), msObjRef.getColumnName());