|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object org.apache.hadoop.hive.ql.security.authorization.HiveAuthorizationProviderBase org.apache.hadoop.hive.ql.security.authorization.StorageBasedAuthorizationProvider
public class StorageBasedAuthorizationProvider
StorageBasedAuthorizationProvider is an implementation of HiveMetastoreAuthorizationProvider that tries to look at the hdfs permissions of files and directories associated with objects like databases, tables and partitions to determine whether or not an operation is allowed. The rule of thumb for which location to check in hdfs is as follows: CREATE : on location specified, or on location determined from metadata READS : not checked (the preeventlistener does not have an event to fire) UPDATES : on location in metadata DELETES : on location in metadata If the location does not yet exist, as the case is with creates, it steps out to the parent directory recursively to determine its permissions till it finds a parent that does exist.
Constructor Summary | |
---|---|
StorageBasedAuthorizationProvider()
|
Method Summary | |
---|---|
void |
authorize(org.apache.hadoop.hive.metastore.api.Database db,
Privilege[] readRequiredPriv,
Privilege[] writeRequiredPriv)
Authorization privileges against a database object. |
void |
authorize(Partition part,
Privilege[] readRequiredPriv,
Privilege[] writeRequiredPriv)
Authorization privileges against a hive partition object. |
void |
authorize(org.apache.hadoop.fs.Path path,
Privilege[] readRequiredPriv,
Privilege[] writeRequiredPriv)
Authorization privileges against a path. |
void |
authorize(Privilege[] readRequiredPriv,
Privilege[] writeRequiredPriv)
Authorization user level privileges. |
void |
authorize(Table table,
Partition part,
List<String> columns,
Privilege[] readRequiredPriv,
Privilege[] writeRequiredPriv)
Authorization privileges against a list of columns. |
void |
authorize(Table table,
Privilege[] readRequiredPriv,
Privilege[] writeRequiredPriv)
Authorization privileges against a hive table object. |
void |
init(org.apache.hadoop.conf.Configuration conf)
|
void |
setMetaStoreHandler(HiveMetaStore.HMSHandler handler)
Allows invoker of HiveMetaStoreAuthorizationProvider to send in a hive metastore handler that can be used to make calls to test whether or not authorizations can/will succeed. |
Methods inherited from class org.apache.hadoop.hive.ql.security.authorization.HiveAuthorizationProviderBase |
---|
getAuthenticator, getConf, setAuthenticator, setConf |
Methods inherited from class java.lang.Object |
---|
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Methods inherited from interface org.apache.hadoop.hive.ql.security.authorization.HiveAuthorizationProvider |
---|
getAuthenticator, setAuthenticator |
Methods inherited from interface org.apache.hadoop.conf.Configurable |
---|
getConf, setConf |
Constructor Detail |
---|
public StorageBasedAuthorizationProvider()
Method Detail |
---|
public void init(org.apache.hadoop.conf.Configuration conf) throws HiveException
init
in interface HiveAuthorizationProvider
HiveException
public void authorize(Privilege[] readRequiredPriv, Privilege[] writeRequiredPriv) throws HiveException, AuthorizationException
HiveAuthorizationProvider
authorize
in interface HiveAuthorizationProvider
readRequiredPriv
- a list of privileges needed for inputs.writeRequiredPriv
- a list of privileges needed for outputs.
HiveException
AuthorizationException
public void authorize(org.apache.hadoop.hive.metastore.api.Database db, Privilege[] readRequiredPriv, Privilege[] writeRequiredPriv) throws HiveException, AuthorizationException
HiveAuthorizationProvider
authorize
in interface HiveAuthorizationProvider
db
- databasereadRequiredPriv
- a list of privileges needed for inputs.writeRequiredPriv
- a list of privileges needed for outputs.
HiveException
AuthorizationException
public void authorize(Table table, Privilege[] readRequiredPriv, Privilege[] writeRequiredPriv) throws HiveException, AuthorizationException
HiveAuthorizationProvider
authorize
in interface HiveAuthorizationProvider
table
- table objectreadRequiredPriv
- a list of privileges needed for inputs.writeRequiredPriv
- a list of privileges needed for outputs.
HiveException
AuthorizationException
public void authorize(Partition part, Privilege[] readRequiredPriv, Privilege[] writeRequiredPriv) throws HiveException, AuthorizationException
HiveAuthorizationProvider
authorize
in interface HiveAuthorizationProvider
part
- partition objectreadRequiredPriv
- a list of privileges needed for inputs.writeRequiredPriv
- a list of privileges needed for outputs.
HiveException
AuthorizationException
public void authorize(Table table, Partition part, List<String> columns, Privilege[] readRequiredPriv, Privilege[] writeRequiredPriv) throws HiveException, AuthorizationException
HiveAuthorizationProvider
authorize
in interface HiveAuthorizationProvider
table
- table objectpart
- partition objectcolumns
- a list of columnsreadRequiredPriv
- a list of privileges needed for inputs.writeRequiredPriv
- a list of privileges needed for outputs.
HiveException
AuthorizationException
public void setMetaStoreHandler(HiveMetaStore.HMSHandler handler)
HiveMetastoreAuthorizationProvider
setMetaStoreHandler
in interface HiveMetastoreAuthorizationProvider
public void authorize(org.apache.hadoop.fs.Path path, Privilege[] readRequiredPriv, Privilege[] writeRequiredPriv) throws HiveException, AuthorizationException
path
- a filesystem pathreadRequiredPriv
- a list of privileges needed for inputs.writeRequiredPriv
- a list of privileges needed for outputs.
HiveException
AuthorizationException
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |