@Override public Set<String> listPrivilegesForGroup(String groupName) throws SentryConfigurationException { return policy.getPrivileges(Sets.newHashSet(groupName), ActiveRoleSet.ALL); }
private Iterable<Privilege> getPrivileges(Set<String> groups, ActiveRoleSet roleSet, Authorizable[] authorizables) { return Iterables.transform(appendDefaultDBPriv(policy.getPrivileges(groups, roleSet, authorizables), authorizables), new Function<String, Privilege>() { @Override public Privilege apply(String privilege) { return privilegeFactory.createPrivilege(privilege); } }); }
@Override public Set<String> listPrivilegesForSubject(Subject subject) throws SentryConfigurationException { return policy.getPrivileges(getGroups(subject), ActiveRoleSet.ALL); }
private static HiveAuthzBinding getHiveBindingWithPrivilegeCache(HiveAuthzBinding hiveAuthzBinding, String userName) throws SemanticException { // get the original HiveAuthzBinding, and get the user's privileges by AuthorizationProvider AuthorizationProvider authProvider = hiveAuthzBinding.getCurrentAuthProvider(); Set<String> userPrivileges = authProvider.getPolicyEngine().getPrivileges( authProvider.getGroupMapping().getGroups(userName), hiveAuthzBinding.getActiveRoleSet(), hiveAuthzBinding.getAuthServer()); // create PrivilegeCache using user's privileges PrivilegeCache privilegeCache = new SimplePrivilegeCache(userPrivileges); try { // create new instance of HiveAuthzBinding whose backend provider should be SimpleCacheProviderBackend return new HiveAuthzBinding(HiveAuthzBinding.HiveHook.HiveServer2, hiveAuthzBinding.getHiveConf(), hiveAuthzBinding.getAuthzConf(), privilegeCache); } catch (Exception e) { LOG.error("Can not create HiveAuthzBinding with privilege cache."); throw new SemanticException(e); } }