@InterfaceAudience.LimitedPrivate(value="Apache Argus (incubating)") @InterfaceStability.Evolving public interface HiveAuthorizer
HiveAuthorizationProvider
that lets you define the behavior of access control
statements and does not make assumptions about the privileges needed for a hive operation.
This is referred to as V2 authorizer in other parts of the code.Modifier and Type | Interface and Description |
---|---|
static class |
HiveAuthorizer.VERSION |
Modifier and Type | Method and Description |
---|---|
void |
applyAuthorizationConfigPolicy(HiveConf hiveConf)
Modify the given HiveConf object to configure authorization related parameters
or other parameters related to hive security
|
List<HivePrivilegeObject> |
applyRowFilterAndColumnMasking(HiveAuthzContext context,
List<HivePrivilegeObject> privObjs)
applyRowFilterAndColumnMasking is called once for each table in a query.
|
void |
checkPrivileges(HiveOperationType hiveOpType,
List<HivePrivilegeObject> inputsHObjs,
List<HivePrivilegeObject> outputHObjs,
HiveAuthzContext context)
Check if user has privileges to do this action on these objects
|
void |
createRole(String roleName,
HivePrincipal adminGrantor)
Create role
|
void |
dropRole(String roleName)
Drop role
|
List<HivePrivilegeObject> |
filterListCmdObjects(List<HivePrivilegeObject> listObjs,
HiveAuthzContext context)
Filter out any objects that should not be shown to the user, from the list of
tables or databases coming from a 'show tables' or 'show databases' command
|
List<String> |
getAllRoles() |
List<String> |
getCurrentRoleNames() |
Object |
getHiveAuthorizationTranslator()
Get a
HiveAuthorizationTranslator implementation. |
List<HiveRoleGrant> |
getPrincipalGrantInfoForRole(String roleName)
Get the grant information for principals granted the given role
|
List<HiveRoleGrant> |
getRoleGrantInfoForPrincipal(HivePrincipal principal)
Get the grant information of roles the given principal belongs to
|
HiveAuthorizer.VERSION |
getVersion() |
void |
grantPrivileges(List<HivePrincipal> hivePrincipals,
List<HivePrivilege> hivePrivileges,
HivePrivilegeObject hivePrivObject,
HivePrincipal grantorPrincipal,
boolean grantOption)
Grant privileges for principals on the object
|
void |
grantRole(List<HivePrincipal> hivePrincipals,
List<String> roles,
boolean grantOption,
HivePrincipal grantorPrinc)
Grant roles in given roles list to principals in given hivePrincipals list
|
boolean |
needTransform()
needTransform() is called once per user in a query.
|
void |
revokePrivileges(List<HivePrincipal> hivePrincipals,
List<HivePrivilege> hivePrivileges,
HivePrivilegeObject hivePrivObject,
HivePrincipal grantorPrincipal,
boolean grantOption)
Revoke privileges for principals on the object
|
void |
revokeRole(List<HivePrincipal> hivePrincipals,
List<String> roles,
boolean grantOption,
HivePrincipal grantorPrinc)
Revoke roles in given roles list to principals in given hivePrincipals list
|
void |
setCurrentRole(String roleName)
Set the current role to roleName argument
|
List<HivePrivilegeInfo> |
showPrivileges(HivePrincipal principal,
HivePrivilegeObject privObj)
Show privileges for given principal on given object
|
HiveAuthorizer.VERSION getVersion()
void grantPrivileges(List<HivePrincipal> hivePrincipals, List<HivePrivilege> hivePrivileges, HivePrivilegeObject hivePrivObject, HivePrincipal grantorPrincipal, boolean grantOption) throws HiveAuthzPluginException, HiveAccessControlException
hivePrincipals
- hivePrivileges
- hivePrivObject
- grantorPrincipal
- grantOption
- HiveAuthzPluginException
HiveAccessControlException
void revokePrivileges(List<HivePrincipal> hivePrincipals, List<HivePrivilege> hivePrivileges, HivePrivilegeObject hivePrivObject, HivePrincipal grantorPrincipal, boolean grantOption) throws HiveAuthzPluginException, HiveAccessControlException
hivePrincipals
- hivePrivileges
- hivePrivObject
- grantorPrincipal
- grantOption
- HiveAuthzPluginException
HiveAccessControlException
void createRole(String roleName, HivePrincipal adminGrantor) throws HiveAuthzPluginException, HiveAccessControlException
roleName
- adminGrantor
- - The user in "[ WITH ADMIN HiveAuthzPluginException
HiveAccessControlException
void dropRole(String roleName) throws HiveAuthzPluginException, HiveAccessControlException
roleName
- HiveAuthzPluginException
HiveAccessControlException
List<HiveRoleGrant> getPrincipalGrantInfoForRole(String roleName) throws HiveAuthzPluginException, HiveAccessControlException
roleName
- HiveAuthzPluginException
HiveAccessControlException
List<HiveRoleGrant> getRoleGrantInfoForPrincipal(HivePrincipal principal) throws HiveAuthzPluginException, HiveAccessControlException
principal
- HiveAuthzPluginException
HiveAccessControlException
void grantRole(List<HivePrincipal> hivePrincipals, List<String> roles, boolean grantOption, HivePrincipal grantorPrinc) throws HiveAuthzPluginException, HiveAccessControlException
hivePrincipals
- roles
- grantOption
- grantorPrinc
- HiveAuthzPluginException
HiveAccessControlException
void revokeRole(List<HivePrincipal> hivePrincipals, List<String> roles, boolean grantOption, HivePrincipal grantorPrinc) throws HiveAuthzPluginException, HiveAccessControlException
hivePrincipals
- roles
- grantOption
- grantorPrinc
- HiveAuthzPluginException
HiveAccessControlException
void checkPrivileges(HiveOperationType hiveOpType, List<HivePrivilegeObject> inputsHObjs, List<HivePrivilegeObject> outputHObjs, HiveAuthzContext context) throws HiveAuthzPluginException, HiveAccessControlException
hiveOpType
- inputsHObjs
- outputHObjs
- context
- HiveAuthzPluginException
HiveAccessControlException
List<HivePrivilegeObject> filterListCmdObjects(List<HivePrivilegeObject> listObjs, HiveAuthzContext context) throws HiveAuthzPluginException, HiveAccessControlException
listObjs
- List of all objects obtained as result of a show commandcontext
- HiveAuthzPluginException
HiveAccessControlException
List<String> getAllRoles() throws HiveAuthzPluginException, HiveAccessControlException
HiveAuthzPluginException
HiveAccessControlException
List<HivePrivilegeInfo> showPrivileges(HivePrincipal principal, HivePrivilegeObject privObj) throws HiveAuthzPluginException, HiveAccessControlException
principal
- privObj
- HiveAuthzPluginException
HiveAccessControlException
void setCurrentRole(String roleName) throws HiveAccessControlException, HiveAuthzPluginException
roleName
- HiveAccessControlException
HiveAuthzPluginException
List<String> getCurrentRoleNames() throws HiveAuthzPluginException
HiveAuthzPluginException
void applyAuthorizationConfigPolicy(HiveConf hiveConf) throws HiveAuthzPluginException
hiveConf
- HiveAuthzPluginException
Object getHiveAuthorizationTranslator() throws HiveAuthzPluginException
HiveAuthorizationTranslator
implementation. See
HiveAuthorizationTranslator
for details. Return null if no
customization is needed. Most implementations are expected to return null.
The java signature of the method makes it necessary to only return Object
type so that older implementations can extend the interface to build
against older versions of Hive that don't include this additional method
and HiveAuthorizationTranslator class. However, if a non null value is
returned, the Object has to be of type HiveAuthorizationTranslatorHiveException
HiveAuthzPluginException
List<HivePrivilegeObject> applyRowFilterAndColumnMasking(HiveAuthzContext context, List<HivePrivilegeObject> privObjs) throws SemanticException
SemanticException
boolean needTransform()
SemanticException
Copyright © 2021 The Apache Software Foundation. All rights reserved.