See: Description
Interface | Description |
---|---|
HiveAccessController |
Interface that is invoked by access control commands, including grant/revoke role/privileges,
create/drop roles, and commands to read the state of authorization rules.
|
HiveAuthorizationTranslator |
This interface has functions that provide the ability to customize the translation
from Hive internal representations of Authorization objects to the public API objects
This is an interface that is not meant for general use, it is targeted to some
specific use cases of Apache Sentry (incubating).
|
HiveAuthorizationValidator |
Interface used to check if user has privileges to perform certain action.
|
HiveAuthorizer |
Interface for hive authorization plugins.
|
HiveAuthorizerFactory |
Implementation of this interface specified through hive configuration will be used to
create
HiveAuthorizer instance used for hive authorization. |
HiveMetastoreClientFactory |
Factory for getting current valid instance of IMetaStoreClient
Metastore client cannot be cached in authorization interface as that
can get invalidated between the calls with the logic in Hive class.
|
Class | Description |
---|---|
AbstractHiveAuthorizer |
Abstract class that extends HiveAuthorizer.
|
AuthorizationMetaStoreFilterHook |
Metastore filter hook for filtering out the list of objects that the current authorization
implementation does not allow user to see
|
DisallowTransformHook | |
HiveAuthorizerImpl |
Convenience implementation of HiveAuthorizer.
|
HiveAuthzContext |
Provides context information in authorization check call that can be used for
auditing and/or authorization.
|
HiveAuthzContext.Builder | |
HiveAuthzSessionContext |
Provides session context information.
|
HiveAuthzSessionContext.Builder | |
HiveMetastoreClientFactoryImpl |
Private implementaiton that returns instance of IMetaStoreClient
|
HivePrincipal |
Represents the user or role in grant/revoke statements
|
HivePrivilege |
Represents the hive privilege being granted/revoked
|
HivePrivilegeInfo |
Represents a privilege granted for an object to a principal
|
HivePrivilegeObject |
Represents the object on which privilege is being granted/revoked, and objects
being used in queries.
|
HivePrivilegeObjectUtils |
Utility functions for working with HivePrivilegeObject
|
HiveRoleGrant |
Represents a grant of a role to a principal
|
HiveV1Authorizer | |
SettableConfigUpdater |
Helper class that can be used by authorization implementations to set a
default list of 'safe' HiveConf parameters that can be edited by user.
|
Enum | Description |
---|---|
HiveAuthorizer.VERSION | |
HiveAuthzSessionContext.CLIENT_TYPE | |
HiveOperationType |
List of hive operations types.
|
HivePrincipal.HivePrincipalType | |
HivePrivilegeObject.HivePrivilegeObjectType |
Note that GLOBAL, PARTITION, COLUMN fields are populated only for Hive's old default
authorization mode.
|
HivePrivilegeObject.HivePrivObjectActionType |
When
HiveOperationType is QUERY, this action type is set so that it is possible
to determine if the action type on this object is an INSERT or INSERT_OVERWRITE |
Exception | Description |
---|---|
HiveAccessControlException |
Exception thrown by the Authorization plugin api (v2).
|
HiveAuthzPluginException |
Exception thrown by the Authorization plugin api (v2).
|
Copyright © 2016 The Apache Software Foundation. All rights reserved.