/** * revoke privilege * * @param requestorUserName: user on whose behalf the request is issued * @param roleName: Name of the role * @param component: The request is issued to which component * @param privilege * @throws SentryUserException */ @Override public void revokePrivilege(String requestorUserName, String roleName, String component, TSentryPrivilege privilege) throws SentryUserException { TAlterSentryRoleRevokePrivilegeRequest request = new TAlterSentryRoleRevokePrivilegeRequest(); request.setProtocol_version(sentry_common_serviceConstants.TSENTRY_SERVICE_V2); request.setComponent(component); request.setRequestorUserName(requestorUserName); request.setRoleName(roleName); request.setPrivilege(privilege); try { TAlterSentryRoleRevokePrivilegeResponse response = client.alter_sentry_role_revoke_privilege(request); Status.throwIfNotOk(response.getStatus()); } catch (TException e) { throw new SentryUserException(THRIFT_EXCEPTION_MESSAGE, e); } }
unsetRequestorUserName(); } else { setRequestorUserName((String)value);
revokeRequest.setRequestorUserName(ADMIN_USER); revokeRequest.setRoleName("r1"); revokeRequest.setPrivilege(tprivilege);
@Test public void testGrantAndRevokePrivilege() throws Exception { setup(); TSentryPrivilege tprivilege = new TSentryPrivilege("test", "test", new ArrayList<TAuthorizable>(), "test"); tprivilege.setGrantOption(TSentryGrantOption.UNSET); TAlterSentryRoleGrantPrivilegeRequest grantRequest = new TAlterSentryRoleGrantPrivilegeRequest(); grantRequest.setRequestorUserName(ADMIN_USER); grantRequest.setRoleName("r1"); grantRequest.setPrivilege(tprivilege); assertEquals(Status.OK, fromTSentryStatus(processor.alter_sentry_role_grant_privilege(grantRequest).getStatus())); TAlterSentryRoleRevokePrivilegeRequest revokeRequest = new TAlterSentryRoleRevokePrivilegeRequest(); revokeRequest.setRequestorUserName(ADMIN_USER); revokeRequest.setRoleName("r1"); revokeRequest.setPrivilege(tprivilege); assertEquals(Status.OK, fromTSentryStatus(processor.alter_sentry_role_revoke_privilege(revokeRequest).getStatus())); }
@Test public void testRevokeRole() { TAlterSentryRoleRevokePrivilegeRequest request = new TAlterSentryRoleRevokePrivilegeRequest(); TAlterSentryRoleRevokePrivilegeResponse response = new TAlterSentryRoleRevokePrivilegeResponse(); request.setRequestorUserName(TEST_USER_NAME); request.setRoleName(TEST_ROLE_NAME); TSentryPrivilege privilege = getPrivilege(); request.setPrivilege(privilege); response.setStatus(Status.OK()); GMAuditMetadataLogEntity amle = (GMAuditMetadataLogEntity) JsonLogEntityFactory.getInstance() .createJsonLogEntity(request, response, conf); assertCommon( amle, Constants.TRUE, Constants.OPERATION_REVOKE_PRIVILEGE, "REVOKE ACTION ON resourceType1 resourceName1 resourceType2 resourceName2 resourceType3 resourceName3 FROM ROLE testRole", Constants.OBJECT_TYPE_PRINCIPAL, TEST_PRIVILEGES_MAP); response.setStatus(Status.InvalidInput("", null)); amle = (GMAuditMetadataLogEntity) JsonLogEntityFactory.getInstance().createJsonLogEntity( request, response, conf); assertCommon( amle, Constants.FALSE, Constants.OPERATION_REVOKE_PRIVILEGE, "REVOKE ACTION ON resourceType1 resourceName1 resourceType2 resourceName2 resourceType3 resourceName3 FROM ROLE testRole", Constants.OBJECT_TYPE_PRINCIPAL, TEST_PRIVILEGES_MAP); }