public class StorageBasedAuthorizationProvider extends HiveAuthorizationProviderBase implements HiveMetastoreAuthorizationProvider
Modifier and Type | Class and Description |
---|---|
class |
StorageBasedAuthorizationProvider.DropPrivilegeExtractor |
HiveAuthorizationProviderBase.HiveProxy
authenticator, hive_db
Constructor and Description |
---|
StorageBasedAuthorizationProvider() |
Modifier and Type | Method and Description |
---|---|
void |
authorize(Database db,
Privilege[] readRequiredPriv,
Privilege[] writeRequiredPriv)
Authorization privileges against a database object.
|
void |
authorize(Partition part,
Privilege[] readRequiredPriv,
Privilege[] writeRequiredPriv)
Authorization privileges against a hive partition object.
|
void |
authorize(org.apache.hadoop.fs.Path path,
Privilege[] readRequiredPriv,
Privilege[] writeRequiredPriv)
Authorization privileges against a path.
|
void |
authorize(Privilege[] readRequiredPriv,
Privilege[] writeRequiredPriv)
Authorization user level privileges.
|
void |
authorize(Table table,
Partition part,
List<String> columns,
Privilege[] readRequiredPriv,
Privilege[] writeRequiredPriv)
Authorization privileges against a list of columns.
|
void |
authorize(Table table,
Privilege[] readRequiredPriv,
Privilege[] writeRequiredPriv)
Authorization privileges against a hive table object.
|
void |
authorizeAuthorizationApiInvocation()
Authorize metastore authorization api call.
|
protected void |
checkPermissions(org.apache.hadoop.conf.Configuration conf,
org.apache.hadoop.fs.Path path,
EnumSet<org.apache.hadoop.fs.permission.FsAction> actions)
Checks the permissions for the given path and current user on Hadoop FS.
|
protected static void |
checkPermissions(org.apache.hadoop.fs.FileSystem fs,
org.apache.hadoop.fs.FileStatus stat,
EnumSet<org.apache.hadoop.fs.permission.FsAction> actions,
String user)
Checks the permissions for the given path and current user on Hadoop FS.
|
protected org.apache.hadoop.fs.Path |
getDbLocation(Database db) |
protected org.apache.hadoop.fs.permission.FsAction |
getFsAction(Privilege priv)
Given a privilege, return what FsActions are required
|
protected EnumSet<org.apache.hadoop.fs.permission.FsAction> |
getFsActions(Privilege[] privs)
Given a Privilege[], find out what all FsActions are required
|
HivePolicyProvider |
getHivePolicyProvider() |
void |
init(org.apache.hadoop.conf.Configuration conf) |
void |
setMetaStoreHandler(IHMSHandler handler)
Allows invoker of HiveMetaStoreAuthorizationProvider to send in a
hive metastore handler that can be used to make calls to test
whether or not authorizations can/will succeed.
|
getAuthenticator, getConf, setAuthenticator, setConf
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
getAuthenticator, setAuthenticator
public void init(org.apache.hadoop.conf.Configuration conf) throws HiveException
init
in interface HiveAuthorizationProvider
HiveException
public void authorize(Privilege[] readRequiredPriv, Privilege[] writeRequiredPriv) throws HiveException, AuthorizationException
HiveAuthorizationProvider
authorize
in interface HiveAuthorizationProvider
readRequiredPriv
- a list of privileges needed for inputs.writeRequiredPriv
- a list of privileges needed for outputs.HiveException
AuthorizationException
public void authorize(Database db, Privilege[] readRequiredPriv, Privilege[] writeRequiredPriv) throws HiveException, AuthorizationException
HiveAuthorizationProvider
authorize
in interface HiveAuthorizationProvider
db
- databasereadRequiredPriv
- a list of privileges needed for inputs.writeRequiredPriv
- a list of privileges needed for outputs.HiveException
AuthorizationException
public void authorize(Table table, Privilege[] readRequiredPriv, Privilege[] writeRequiredPriv) throws HiveException, AuthorizationException
HiveAuthorizationProvider
authorize
in interface HiveAuthorizationProvider
table
- table objectreadRequiredPriv
- a list of privileges needed for inputs.writeRequiredPriv
- a list of privileges needed for outputs.HiveException
AuthorizationException
public void authorize(Partition part, Privilege[] readRequiredPriv, Privilege[] writeRequiredPriv) throws HiveException, AuthorizationException
HiveAuthorizationProvider
authorize
in interface HiveAuthorizationProvider
part
- partition objectreadRequiredPriv
- a list of privileges needed for inputs.writeRequiredPriv
- a list of privileges needed for outputs.HiveException
AuthorizationException
public void authorize(Table table, Partition part, List<String> columns, Privilege[] readRequiredPriv, Privilege[] writeRequiredPriv) throws HiveException, AuthorizationException
HiveAuthorizationProvider
authorize
in interface HiveAuthorizationProvider
table
- table objectpart
- partition objectcolumns
- a list of columnsreadRequiredPriv
- a list of privileges needed for inputs.writeRequiredPriv
- a list of privileges needed for outputs.HiveException
AuthorizationException
public void setMetaStoreHandler(IHMSHandler handler)
HiveMetastoreAuthorizationProvider
setMetaStoreHandler
in interface HiveMetastoreAuthorizationProvider
protected org.apache.hadoop.fs.permission.FsAction getFsAction(Privilege priv)
protected EnumSet<org.apache.hadoop.fs.permission.FsAction> getFsActions(Privilege[] privs)
public void authorize(org.apache.hadoop.fs.Path path, Privilege[] readRequiredPriv, Privilege[] writeRequiredPriv) throws HiveException, AuthorizationException
path
- a filesystem pathreadRequiredPriv
- a list of privileges needed for inputs.writeRequiredPriv
- a list of privileges needed for outputs.HiveException
AuthorizationException
protected void checkPermissions(org.apache.hadoop.conf.Configuration conf, org.apache.hadoop.fs.Path path, EnumSet<org.apache.hadoop.fs.permission.FsAction> actions) throws IOException, LoginException, HiveException
IOException
LoginException
HiveException
protected static void checkPermissions(org.apache.hadoop.fs.FileSystem fs, org.apache.hadoop.fs.FileStatus stat, EnumSet<org.apache.hadoop.fs.permission.FsAction> actions, String user) throws IOException, AccessControlException, HiveException
protected org.apache.hadoop.fs.Path getDbLocation(Database db) throws HiveException
HiveException
public void authorizeAuthorizationApiInvocation() throws HiveException, AuthorizationException
HiveMetastoreAuthorizationProvider
authorizeAuthorizationApiInvocation
in interface HiveMetastoreAuthorizationProvider
HiveException
AuthorizationException
public HivePolicyProvider getHivePolicyProvider() throws HiveAuthzPluginException
getHivePolicyProvider
in interface HiveAuthorizationProvider
getHivePolicyProvider
in interface HiveMetastoreAuthorizationProvider
getHivePolicyProvider
in class HiveAuthorizationProviderBase
HiveAuthzPluginException
Copyright © 2022 The Apache Software Foundation. All rights reserved.