|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
@InterfaceAudience.LimitedPrivate(value="") @InterfaceStability.Evolving public interface HiveAuthorizer
Interface for hive authorization plugins.
Used by the DDLTasks for access control statement,
and for checking authorization from Driver.doAuthorization()
This a more generic version of
HiveAuthorizationProvider
that lets you define the behavior of access control
statements and does not make assumptions about the privileges needed for a hive operation.
This is referred to as V2 authorizer in other parts of the code.
Nested Class Summary | |
---|---|
static class |
HiveAuthorizer.VERSION
|
Method Summary | |
---|---|
void |
applyAuthorizationConfigPolicy(HiveConf hiveConf)
Modify the given HiveConf object to configure authorization related parameters or other parameters related to hive security |
void |
checkPrivileges(HiveOperationType hiveOpType,
List<HivePrivilegeObject> inputsHObjs,
List<HivePrivilegeObject> outputHObjs)
Check if user has privileges to do this action on these objects |
void |
createRole(String roleName,
HivePrincipal adminGrantor)
Create role |
void |
dropRole(String roleName)
Drop role |
List<String> |
getAllRoles()
|
List<String> |
getCurrentRoleNames()
|
List<HiveRoleGrant> |
getPrincipalGrantInfoForRole(String roleName)
Get the grant information for principals granted the given role |
List<HiveRoleGrant> |
getRoleGrantInfoForPrincipal(HivePrincipal principal)
Get the grant information of roles the given principal belongs to |
HiveAuthorizer.VERSION |
getVersion()
|
void |
grantPrivileges(List<HivePrincipal> hivePrincipals,
List<HivePrivilege> hivePrivileges,
HivePrivilegeObject hivePrivObject,
HivePrincipal grantorPrincipal,
boolean grantOption)
Grant privileges for principals on the object |
void |
grantRole(List<HivePrincipal> hivePrincipals,
List<String> roles,
boolean grantOption,
HivePrincipal grantorPrinc)
Grant roles in given roles list to principals in given hivePrincipals list |
void |
revokePrivileges(List<HivePrincipal> hivePrincipals,
List<HivePrivilege> hivePrivileges,
HivePrivilegeObject hivePrivObject,
HivePrincipal grantorPrincipal,
boolean grantOption)
Revoke privileges for principals on the object |
void |
revokeRole(List<HivePrincipal> hivePrincipals,
List<String> roles,
boolean grantOption,
HivePrincipal grantorPrinc)
Revoke roles in given roles list to principals in given hivePrincipals list |
void |
setCurrentRole(String roleName)
Set the current role to roleName argument |
List<HivePrivilegeInfo> |
showPrivileges(HivePrincipal principal,
HivePrivilegeObject privObj)
Show privileges for given principal on given object |
Method Detail |
---|
HiveAuthorizer.VERSION getVersion()
void grantPrivileges(List<HivePrincipal> hivePrincipals, List<HivePrivilege> hivePrivileges, HivePrivilegeObject hivePrivObject, HivePrincipal grantorPrincipal, boolean grantOption) throws HiveAuthzPluginException, HiveAccessControlException
hivePrincipals
- hivePrivileges
- hivePrivObject
- grantorPrincipal
- grantOption
-
HiveAuthzPluginException
HiveAccessControlException
void revokePrivileges(List<HivePrincipal> hivePrincipals, List<HivePrivilege> hivePrivileges, HivePrivilegeObject hivePrivObject, HivePrincipal grantorPrincipal, boolean grantOption) throws HiveAuthzPluginException, HiveAccessControlException
hivePrincipals
- hivePrivileges
- hivePrivObject
- grantorPrincipal
- grantOption
-
HiveAuthzPluginException
HiveAccessControlException
void createRole(String roleName, HivePrincipal adminGrantor) throws HiveAuthzPluginException, HiveAccessControlException
roleName
- adminGrantor
- - The user in "[ WITH ADMIN HiveAuthzPluginException
HiveAccessControlException
void dropRole(String roleName) throws HiveAuthzPluginException, HiveAccessControlException
roleName
-
HiveAuthzPluginException
HiveAccessControlException
List<HiveRoleGrant> getPrincipalGrantInfoForRole(String roleName) throws HiveAuthzPluginException, HiveAccessControlException
roleName
-
HiveAuthzPluginException
HiveAccessControlException
List<HiveRoleGrant> getRoleGrantInfoForPrincipal(HivePrincipal principal) throws HiveAuthzPluginException, HiveAccessControlException
principal
-
HiveAuthzPluginException
HiveAccessControlException
void grantRole(List<HivePrincipal> hivePrincipals, List<String> roles, boolean grantOption, HivePrincipal grantorPrinc) throws HiveAuthzPluginException, HiveAccessControlException
hivePrincipals
- roles
- grantOption
- grantorPrinc
-
HiveAuthzPluginException
HiveAccessControlException
void revokeRole(List<HivePrincipal> hivePrincipals, List<String> roles, boolean grantOption, HivePrincipal grantorPrinc) throws HiveAuthzPluginException, HiveAccessControlException
hivePrincipals
- roles
- grantOption
- grantorPrinc
-
HiveAuthzPluginException
HiveAccessControlException
void checkPrivileges(HiveOperationType hiveOpType, List<HivePrivilegeObject> inputsHObjs, List<HivePrivilegeObject> outputHObjs) throws HiveAuthzPluginException, HiveAccessControlException
hiveOpType
- inputsHObjs
- outputHObjs
-
HiveAuthzPluginException
HiveAccessControlException
List<String> getAllRoles() throws HiveAuthzPluginException, HiveAccessControlException
HiveAuthzPluginException
HiveAccessControlException
List<HivePrivilegeInfo> showPrivileges(HivePrincipal principal, HivePrivilegeObject privObj) throws HiveAuthzPluginException, HiveAccessControlException
principal
- privObj
-
HiveAuthzPluginException
HiveAccessControlException
void setCurrentRole(String roleName) throws HiveAccessControlException, HiveAuthzPluginException
roleName
-
HiveAccessControlException
HiveAuthzPluginException
List<String> getCurrentRoleNames() throws HiveAuthzPluginException
HiveAuthzPluginException
void applyAuthorizationConfigPolicy(HiveConf hiveConf)
hiveConf
-
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |