@Override public void runTestAsSubject() throws Exception { String requestorUserName = ADMIN_USER; Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP); setLocalGroupMapping(requestorUserName, requestorUserGroupNames); writePolicyFile(); String roleName = "admin_r1"; client.createRole(requestorUserName, roleName); client.grantTablePrivilege(requestorUserName, roleName, "server", "db1", "table1", "ALL"); client.grantTablePrivilege(requestorUserName, roleName, "server", "db1", "table1", "ALL"); assertEquals(1, client.listAllPrivilegesByRoleName(requestorUserName, roleName).size()); }}); }
@Override public void runTestAsSubject() throws Exception { // Grant a privilege with 'Grant Option'. String requestorUserName = ADMIN_USER; Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP); setLocalGroupMapping(requestorUserName, requestorUserGroupNames); writePolicyFile(); String roleName = "admin_r1"; boolean grantOption = true; boolean withoutGrantOption = false; client.dropRoleIfExists(requestorUserName, roleName); client.createRole(requestorUserName, roleName); client.grantTablePrivilege(requestorUserName, roleName, "server", "db1", "table1", "ALL", grantOption); assertEquals(1, client.listAllPrivilegesByRoleName(requestorUserName, roleName).size()); // Grant a privilege without 'Grant Option'. client.grantTablePrivilege(requestorUserName, roleName, "server", "db1", "table1", "ALL", withoutGrantOption); assertEquals(2, client.listAllPrivilegesByRoleName(requestorUserName, roleName).size()); // Use 'grantOption = null', the two privileges will be revoked. client.revokeTablePrivilege(requestorUserName, roleName, "server", "db1", "table1", "ALL", null); assertEquals(0, client.listAllPrivilegesByRoleName(requestorUserName, roleName).size()); }}); }
@Override public void runTestAsSubject() throws Exception { String requestorUserName = ADMIN_USER; Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP); setLocalGroupMapping(requestorUserName, requestorUserGroupNames); writePolicyFile(); String roleName1 = "admin_r1"; String roleName2 = "admin_r2"; client.dropRoleIfExists(requestorUserName, roleName1); client.createRole(requestorUserName, roleName1); client.dropRoleIfExists(requestorUserName, roleName2); client.createRole(requestorUserName, roleName2); client.grantTablePrivilege(requestorUserName, roleName1, "server", "db", "table", "ALL"); Set<TSentryPrivilege> listPrivilegesByRoleName = client.listAllPrivilegesByRoleName(requestorUserName, roleName1); assertTrue("Privilege not assigned to role1 !!", listPrivilegesByRoleName.size() == 1); client.grantTablePrivilege(requestorUserName, roleName2, "server", "db", "table", "ALL"); listPrivilegesByRoleName = client.listAllPrivilegesByRoleName(requestorUserName, roleName2); assertTrue("Privilege not assigned to role2 !!", listPrivilegesByRoleName.size() == 1); }}); }
client.grantTablePrivilege(requestorUserName, roleName1, server, db, tab, AccessConstants.ALL); client.grantTablePrivilege(requestorUserName, roleName1, server, db2, tab, AccessConstants.SELECT); TSentryPrivilege role1uri1 = client.grantURIPrivilege(requestorUserName, client.grantDatabasePrivilege(requestorUserName, roleName2, server, db2, AccessConstants.SELECT); client.grantTablePrivilege(requestorUserName, roleName2, server, db2, tab, AccessConstants.ALL); TSentryPrivilege role2uri2 = client.grantURIPrivilege(requestorUserName,
client.createRole(requestorUserName, roleName1); client.grantTablePrivilege(requestorUserName, roleName1, "server", "db1", "table1", "ALL"); client.grantTablePrivilege(requestorUserName, roleName1, "server", "db1", "table2", "ALL"); client.grantTablePrivilege(requestorUserName, roleName1, "server", "db2", "table3", "ALL"); client.grantTablePrivilege(requestorUserName, roleName1, "server", "db2", "table4", "ALL"); client.createRole(requestorUserName, roleName2); client.grantTablePrivilege(requestorUserName, roleName2, "server", "db1", "table1", "ALL"); client.grantTablePrivilege(requestorUserName, roleName2, "server", "db1", "table2", "ALL"); client.grantTablePrivilege(requestorUserName, roleName2, "server", "db2", "table3", "ALL"); client.grantTablePrivilege(requestorUserName, roleName2, "server", "db2", "table4", "ALL");
assertAuditLog(fieldValueMap); client.grantTablePrivilege(requestorUserName, roleName, serverName, dbName, tableName, "SELECT", true); fieldValueMap.clear(); client.grantTablePrivilege(requestorUserName, errorRoleName, serverName, dbName, tableName, "SELECT"); fail("Exception should have been thrown");
client.grantTablePrivilege(requestorUserName, roleName1, server, db, tab, AccessConstants.ALL); TSentryPrivilege role1db2tab = client.grantTablePrivilege( requestorUserName, roleName1, server, db2, tab, AccessConstants.SELECT); client.grantDatabasePrivilege(requestorUserName, roleName2, server, db2, AccessConstants.SELECT); TSentryPrivilege role2db2tab = client.grantTablePrivilege( requestorUserName, roleName2, server, db2, tab, AccessConstants.ALL);
@Override public void runTestAsSubject() throws Exception { // Grant a privilege with Grant Option String requestorUserName = ADMIN_USER; Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP); setLocalGroupMapping(requestorUserName, requestorUserGroupNames); writePolicyFile(); String roleName = "admin_r1"; boolean grantOption = true; boolean withoutGrantOption = false; client.dropRoleIfExists(requestorUserName, roleName); client.createRole(requestorUserName, roleName); client.grantTablePrivilege(requestorUserName, roleName, "server", "db1", "table1", "ALL", grantOption); assertEquals(1, client.listAllPrivilegesByRoleName(requestorUserName, roleName).size()); // Try to revoke the privilege without grantOption and can't revoke the privilege. client.revokeTablePrivilege(requestorUserName, roleName, "server", "db1", "table1", "ALL", withoutGrantOption); assertEquals(1, client.listAllPrivilegesByRoleName(requestorUserName, roleName).size()); // Try to revoke the privilege with grantOption, the privilege will be revoked. client.revokeTablePrivilege(requestorUserName, roleName, "server", "db1", "table1", "ALL", grantOption); assertEquals(0, client.listAllPrivilegesByRoleName(requestorUserName, roleName).size()); }}); }
client.grantRoleToGroup(requestorUserName, group1, roleName1); client.grantTablePrivilege(requestorUserName, roleName1, "server", "db1", "table1", "ALL"); client.grantTablePrivilege(requestorUserName, roleName1, "server", "db1", "table2", "ALL"); client.grantTablePrivilege(requestorUserName, roleName1, "server", "db2", "table3", "ALL"); client.grantTablePrivilege(requestorUserName, roleName1, "server", "db2", "table4", "ALL"); client.grantRoleToGroup(requestorUserName, group2, roleName2); client.grantTablePrivilege(requestorUserName, roleName2, "server", "db1", "table1", "ALL"); client.grantTablePrivilege(requestorUserName, roleName2, "server", "db1", "table2", "ALL"); client.grantTablePrivilege(requestorUserName, roleName2, "server", "db2", "table3", "ALL"); client.grantTablePrivilege(requestorUserName, roleName2, "server", "db2", "table4", "ALL"); client.grantTablePrivilege(requestorUserName, roleName2, "server", "db3", "table5", "ALL");
client.grantRoleToGroup(requestorUserName, group1, roleName1); client.grantTablePrivilege(requestorUserName, roleName1, "server", "db1", "table1", "ALL"); client.grantTablePrivilege(requestorUserName, roleName1, "server", "db1", "table2", "ALL"); client.grantTablePrivilege(requestorUserName, roleName1, "server", "db2", "table3", "ALL"); client.grantTablePrivilege(requestorUserName, roleName1, "server", "db2", "table4", "ALL"); client.grantRoleToGroup(requestorUserName, group2, roleName2); client.grantTablePrivilege(requestorUserName, roleName2, "server", "db1", "table1", "ALL"); client.grantTablePrivilege(requestorUserName, roleName2, "server", "db1", "table2", "ALL"); client.grantTablePrivilege(requestorUserName, roleName2, "server", "db2", "table3", "ALL"); client.grantTablePrivilege(requestorUserName, roleName2, "server", "db2", "table4", "ALL"); client.grantTablePrivilege(requestorUserName, roleName2, "server", "db3", "table5", "ALL");
@Override public void execute(SentryPolicyServiceClient client, String requestorName) throws Exception { TSentryPrivilege tSentryPrivilege = CommandUtil.convertToTSentryPrivilege(privilegeStr); boolean grantOption = tSentryPrivilege.getGrantOption().equals(TSentryGrantOption.TRUE) ? true : false; if (ServiceConstants.PrivilegeScope.SERVER.toString().equals(tSentryPrivilege.getPrivilegeScope())) { client.grantServerPrivilege(requestorName, roleName, tSentryPrivilege.getServerName(), tSentryPrivilege.getAction(), grantOption); } else if (ServiceConstants.PrivilegeScope.DATABASE.toString().equals(tSentryPrivilege.getPrivilegeScope())) { client.grantDatabasePrivilege(requestorName, roleName, tSentryPrivilege.getServerName(), tSentryPrivilege.getDbName(), tSentryPrivilege.getAction(), grantOption); } else if (ServiceConstants.PrivilegeScope.TABLE.toString().equals(tSentryPrivilege.getPrivilegeScope())) { client.grantTablePrivilege(requestorName, roleName, tSentryPrivilege.getServerName(), tSentryPrivilege.getDbName(), tSentryPrivilege.getTableName(), tSentryPrivilege.getAction(), grantOption); } else if (ServiceConstants.PrivilegeScope.COLUMN.toString().equals(tSentryPrivilege.getPrivilegeScope())) { client.grantColumnPrivilege(requestorName, roleName, tSentryPrivilege.getServerName(), tSentryPrivilege.getDbName(), tSentryPrivilege.getTableName(), tSentryPrivilege.getColumnName(), tSentryPrivilege.getAction(), grantOption); } else if (ServiceConstants.PrivilegeScope.URI.toString().equals(tSentryPrivilege.getPrivilegeScope())) { client.grantURIPrivilege(requestorName, roleName, tSentryPrivilege.getServerName(), tSentryPrivilege.getURI(), grantOption); } } }
client.grantTablePrivilege(requestorUserName, roleName1, server, db, tab, AccessConstants.ALL); client.grantTablePrivilege(requestorUserName, roleName1, server, db2, tab, AccessConstants.SELECT); client.grantURIPrivilege(requestorUserName, roleName1, server, "hdfs:///fooUri"); client.grantDatabasePrivilege(requestorUserName, roleName2, server, db2, AccessConstants.SELECT); client.grantTablePrivilege(requestorUserName, roleName2, server, db2, tab, AccessConstants.ALL); client.grantRoleToGroup(requestorUserName, group2, roleName2);
client.grantTablePrivilege(requestorUserName, roleName1, server, db, tab, AccessConstants.ALL); TSentryPrivilege role1db2tab = client.grantTablePrivilege( requestorUserName, roleName1, server, db2, tab, AccessConstants.SELECT); client.grantRoleToGroup(requestorUserName, group1, roleName1); client.grantDatabasePrivilege(requestorUserName, roleName2, server, db2, AccessConstants.SELECT); client.grantTablePrivilege(requestorUserName, roleName2, server, db2, tab, AccessConstants.ALL); client.grantURIPrivilege(requestorUserName, roleName1, server,
client.grantRoleToGroup(requestorUserName, ADMIN_GROUP, roleName); client.grantDatabasePrivilege(requestorUserName, roleName, "server1", "db2", AccessConstants.ALL); client.grantTablePrivilege(requestorUserName, roleName, "server1", "db3", "tab3", "ALL"); assertEquals(2, client.listPrivilegesForProvider(requestorUserGroupNames, ActiveRoleSet.ALL).size());
client.grantRoleToGroup(requestorUserName, ADMIN_GROUP, roleName); client.grantDatabasePrivilege(requestorUserName, roleName, "server1", "db2", AccessConstants.ALL); client.grantTablePrivilege(requestorUserName, roleName, "server1", "db3", "tab3", "ALL"); assertEquals(2, client.listPrivilegesForProvider(requestorUserGroupNames, ActiveRoleSet.ALL).size());
toDbSentryAction(privDesc.getPrivilege().getPriv()), grantOption); } else if (columnNames == null) { sentryClient.grantTablePrivilege(subject, princ.getName(), server, dbName, tableName, toSentryAction(privDesc.getPrivilege().getPriv()), grantOption); } else {