assertAuditLog(fieldValueMap); client.grantDatabasePrivilege(requestorUserName, roleName, serverName, dbName, "ALL"); fieldValueMap.clear(); fieldValueMap.put(Constants.LOG_FIELD_OPERATION, Constants.OPERATION_GRANT_PRIVILEGE); .grantDatabasePrivilege(requestorUserName, errorRoleName, serverName, dbName, "ALL"); fail("Exception should have been thrown"); } catch (Exception e) { client.grantDatabasePrivilege(requestorUserName, errorRoleName, serverName, dbName, "INSERT"); fail("Exception should have been thrown"); client.grantDatabasePrivilege(requestorUserName, errorRoleName, serverName, dbName, "SELECT"); fail("Exception should have been thrown");
client.createRole(requestorUserName, roleName2); client.grantDatabasePrivilege( requestorUserName, roleName1, server, db, AccessConstants.SELECT); client.grantTablePrivilege(requestorUserName, roleName1, server, db, tab, AccessConstants.SELECT); client.grantDatabasePrivilege( requestorUserName, roleName2, server, db, AccessConstants.ALL); client.grantDatabasePrivilege(requestorUserName, roleName2, server, db2, AccessConstants.SELECT); TSentryPrivilege role2db2tab = client.grantTablePrivilege(
@Override public void runTestAsSubject() throws Exception { String requestorUserName = ADMIN_USER; Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP); String roleName = "admin_testdb"; String server = "server1"; String db = "testDB"; setLocalGroupMapping(requestorUserName, requestorUserGroupNames); writePolicyFile(); client.dropRoleIfExists(requestorUserName, roleName); client.createRole(requestorUserName, roleName); Set<TSentryRole> roles = client.listRoles(requestorUserName); assertEquals("Incorrect number of roles", 1, roles.size()); client.grantDatabasePrivilege(requestorUserName, roleName, server, db, AccessConstants.ALL); Set<TSentryPrivilege> privileges = client.listAllPrivilegesByRoleName(requestorUserName, roleName); assertTrue(privileges.size() == 1); client.revokeDatabasePrivilege(requestorUserName, roleName, server, db, AccessConstants.ALL); client.dropRole(requestorUserName, roleName); }}); }
client.createRole(requestorUserName, roleName2); client.grantDatabasePrivilege(requestorUserName, roleName1, server, db, AccessConstants.SELECT); client.grantTablePrivilege(requestorUserName, roleName1, server, db, tab, roleName1, server, uri1); client.grantDatabasePrivilege(requestorUserName, roleName2, server, db, AccessConstants.ALL); client.grantDatabasePrivilege(requestorUserName, roleName2, server, db2, AccessConstants.SELECT); client.grantTablePrivilege(requestorUserName, roleName2, server, db2, tab,
@Override public void execute(SentryPolicyServiceClient client, String requestorName) throws Exception { TSentryPrivilege tSentryPrivilege = CommandUtil.convertToTSentryPrivilege(privilegeStr); boolean grantOption = tSentryPrivilege.getGrantOption().equals(TSentryGrantOption.TRUE) ? true : false; if (ServiceConstants.PrivilegeScope.SERVER.toString().equals(tSentryPrivilege.getPrivilegeScope())) { client.grantServerPrivilege(requestorName, roleName, tSentryPrivilege.getServerName(), tSentryPrivilege.getAction(), grantOption); } else if (ServiceConstants.PrivilegeScope.DATABASE.toString().equals(tSentryPrivilege.getPrivilegeScope())) { client.grantDatabasePrivilege(requestorName, roleName, tSentryPrivilege.getServerName(), tSentryPrivilege.getDbName(), tSentryPrivilege.getAction(), grantOption); } else if (ServiceConstants.PrivilegeScope.TABLE.toString().equals(tSentryPrivilege.getPrivilegeScope())) { client.grantTablePrivilege(requestorName, roleName, tSentryPrivilege.getServerName(), tSentryPrivilege.getDbName(), tSentryPrivilege.getTableName(), tSentryPrivilege.getAction(), grantOption); } else if (ServiceConstants.PrivilegeScope.COLUMN.toString().equals(tSentryPrivilege.getPrivilegeScope())) { client.grantColumnPrivilege(requestorName, roleName, tSentryPrivilege.getServerName(), tSentryPrivilege.getDbName(), tSentryPrivilege.getTableName(), tSentryPrivilege.getColumnName(), tSentryPrivilege.getAction(), grantOption); } else if (ServiceConstants.PrivilegeScope.URI.toString().equals(tSentryPrivilege.getPrivilegeScope())) { client.grantURIPrivilege(requestorName, roleName, tSentryPrivilege.getServerName(), tSentryPrivilege.getURI(), grantOption); } } }
client.createRole(requestorUserName, roleName2); TSentryPrivilege role1db1 = client.grantDatabasePrivilege( requestorUserName, roleName1, server, db, AccessConstants.SELECT); client.grantTablePrivilege(requestorUserName, roleName1, server, db, tab, client.grantRoleToGroup(requestorUserName, group1, roleName1); TSentryPrivilege role2db1 = client.grantDatabasePrivilege( requestorUserName, roleName2, server, db, AccessConstants.ALL); client.grantDatabasePrivilege(requestorUserName, roleName2, server, db2, AccessConstants.SELECT); client.grantTablePrivilege(requestorUserName, roleName2, server, db2, tab,
client.createRole(requestorUserName, roleName); client.grantRoleToGroup(requestorUserName, ADMIN_GROUP, roleName); client.grantDatabasePrivilege(requestorUserName, roleName, "server1", "db2", AccessConstants.ALL); client.grantTablePrivilege(requestorUserName, roleName, "server1", "db3", "tab3", "ALL"); assertEquals(2, client.listPrivilegesForProvider(requestorUserGroupNames, client.grantDatabasePrivilege(requestorUserName, roleName, "server1", "db2", AccessConstants.ALL); assertEquals(1, client.listPrivilegesForProvider(requestorUserGroupNames, ActiveRoleSet.ALL).size());
client.createRole(requestorUserName, roleName2); client.grantDatabasePrivilege(requestorUserName, roleName1, server, db, AccessConstants.SELECT); client.grantTablePrivilege(requestorUserName, roleName1, server, db, tab, client.grantRoleToGroup(requestorUserName, group1, roleName1); client.grantDatabasePrivilege(requestorUserName, roleName2, server, db, AccessConstants.ALL); client.grantDatabasePrivilege(requestorUserName, roleName2, server, db2, AccessConstants.SELECT); client.grantTablePrivilege(requestorUserName, roleName2, server, db2, tab,
client.createRole(requestorUserName, roleName); client.grantRoleToGroup(requestorUserName, ADMIN_GROUP, roleName); client.grantDatabasePrivilege(requestorUserName, roleName, "server1", "db2", AccessConstants.ALL); client.grantTablePrivilege(requestorUserName, roleName, "server1", "db3", "tab3", "ALL"); assertEquals(2, client.listPrivilegesForProvider(requestorUserGroupNames, client.grantDatabasePrivilege(requestorUserName, roleName, "server1", "db2", AccessConstants.ALL); assertEquals(1, client.listPrivilegesForProvider(requestorUserGroupNames, ActiveRoleSet.ALL).size());
sentryClient.grantURIPrivilege(subject, princ.getName(), server, uriPath, grantOption); } else if (tableName == null) { sentryClient.grantDatabasePrivilege(subject, princ.getName(), server, dbName, toDbSentryAction(privDesc.getPrivilege().getPriv()), grantOption); } else if (columnNames == null) {