client.grantTablePrivilege(requestorUserName, roleName1, server, db2, tab, AccessConstants.SELECT); TSentryPrivilege role1uri1 = client.grantURIPrivilege(requestorUserName, roleName1, server, uri1); client.grantTablePrivilege(requestorUserName, roleName2, server, db2, tab, AccessConstants.ALL); TSentryPrivilege role2uri2 = client.grantURIPrivilege(requestorUserName, roleName2, server, uri1);
@Override public void runTestAsSubject() throws Exception { String requestorUserName = ADMIN_USER; Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP); String roleName = "admin_testdb"; String server = "server1"; String uri = "file://u/w/h/t/partition=value/"; setLocalGroupMapping(requestorUserName, requestorUserGroupNames); writePolicyFile(); // Creating associated role client.dropRoleIfExists(requestorUserName, roleName); client.createRole(requestorUserName, roleName); Set<TSentryRole> roles = client.listRoles(requestorUserName); assertEquals("Incorrect number of roles", 1, roles.size()); client.grantURIPrivilege(requestorUserName, roleName, server, uri); Set<TSentryPrivilege> privileges = client.listAllPrivilegesByRoleName(requestorUserName, roleName); assertTrue(privileges.size() == 1); // Revoking the same privilege client.revokeURIPrivilege(requestorUserName, roleName, server, uri); privileges = client.listAllPrivilegesByRoleName(requestorUserName, roleName); assertTrue(privileges.size() == 0); // Clean up client.dropRole(requestorUserName, roleName); }}); }
@Override public void execute(SentryPolicyServiceClient client, String requestorName) throws Exception { TSentryPrivilege tSentryPrivilege = CommandUtil.convertToTSentryPrivilege(privilegeStr); boolean grantOption = tSentryPrivilege.getGrantOption().equals(TSentryGrantOption.TRUE) ? true : false; if (ServiceConstants.PrivilegeScope.SERVER.toString().equals(tSentryPrivilege.getPrivilegeScope())) { client.grantServerPrivilege(requestorName, roleName, tSentryPrivilege.getServerName(), tSentryPrivilege.getAction(), grantOption); } else if (ServiceConstants.PrivilegeScope.DATABASE.toString().equals(tSentryPrivilege.getPrivilegeScope())) { client.grantDatabasePrivilege(requestorName, roleName, tSentryPrivilege.getServerName(), tSentryPrivilege.getDbName(), tSentryPrivilege.getAction(), grantOption); } else if (ServiceConstants.PrivilegeScope.TABLE.toString().equals(tSentryPrivilege.getPrivilegeScope())) { client.grantTablePrivilege(requestorName, roleName, tSentryPrivilege.getServerName(), tSentryPrivilege.getDbName(), tSentryPrivilege.getTableName(), tSentryPrivilege.getAction(), grantOption); } else if (ServiceConstants.PrivilegeScope.COLUMN.toString().equals(tSentryPrivilege.getPrivilegeScope())) { client.grantColumnPrivilege(requestorName, roleName, tSentryPrivilege.getServerName(), tSentryPrivilege.getDbName(), tSentryPrivilege.getTableName(), tSentryPrivilege.getColumnName(), tSentryPrivilege.getAction(), grantOption); } else if (ServiceConstants.PrivilegeScope.URI.toString().equals(tSentryPrivilege.getPrivilegeScope())) { client.grantURIPrivilege(requestorName, roleName, tSentryPrivilege.getServerName(), tSentryPrivilege.getURI(), grantOption); } } }
requestorUserName, roleName2, server, db2, tab, AccessConstants.ALL); client.grantURIPrivilege(requestorUserName, roleName1, server, "hdfs:///fooUri");
client.grantTablePrivilege(requestorUserName, roleName1, server, db2, tab, AccessConstants.SELECT); client.grantURIPrivilege(requestorUserName, roleName1, server, "hdfs:///fooUri"); client.grantRoleToGroup(requestorUserName, group1, roleName1);
client.grantTablePrivilege(requestorUserName, roleName2, server, db2, tab, AccessConstants.ALL); client.grantURIPrivilege(requestorUserName, roleName1, server, "hdfs:///fooUri");
toSentryAction(privDesc.getPrivilege().getPriv()), grantOption); } else if (uriPath != null) { sentryClient.grantURIPrivilege(subject, princ.getName(), server, uriPath, grantOption); } else if (tableName == null) { sentryClient.grantDatabasePrivilege(subject, princ.getName(), server, dbName,