Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.apache.hadoop.hive.ql.security.authorization.plugin
Interface HiveAuthorizer

All Known Implementing Classes:
HiveAuthorizerImpl
@InterfaceAudience.LimitedPrivate(value="")
@InterfaceStability.Evolving
public interface HiveAuthorizer

Interface for hive authorization plugins. Used by the DDLTasks for access control statement, and for checking authorization from Driver.doAuthorization() This a more generic version of HiveAuthorizationProvider that lets you define the behavior of access control statements and does not make assumptions about the privileges needed for a hive operation. This is referred to as V2 authorizer in other parts of the code.

Nested Class Summary
static class HiveAuthorizer.VERSION
           
 
Method Summary
 void applyAuthorizationConfigPolicy(HiveConf hiveConf)
          Modify the given HiveConf object to configure authorization related parameters or other parameters related to hive security
 void checkPrivileges(HiveOperationType hiveOpType, List<HivePrivilegeObject> inputsHObjs, List<HivePrivilegeObject> outputHObjs)
          Check if user has privileges to do this action on these objects
 void createRole(String roleName, HivePrincipal adminGrantor)
          Create role
 void dropRole(String roleName)
          Drop role
 List<String> getAllRoles()
           
 List<String> getCurrentRoleNames()
           
 List<HiveRoleGrant> getPrincipalGrantInfoForRole(String roleName)
          Get the grant information for principals granted the given role
 List<HiveRoleGrant> getRoleGrantInfoForPrincipal(HivePrincipal principal)
          Get the grant information of roles the given principal belongs to
 HiveAuthorizer.VERSION getVersion()
           
 void grantPrivileges(List<HivePrincipal> hivePrincipals, List<HivePrivilege> hivePrivileges, HivePrivilegeObject hivePrivObject, HivePrincipal grantorPrincipal, boolean grantOption)
          Grant privileges for principals on the object
 void grantRole(List<HivePrincipal> hivePrincipals, List<String> roles, boolean grantOption, HivePrincipal grantorPrinc)
          Grant roles in given roles list to principals in given hivePrincipals list
 void revokePrivileges(List<HivePrincipal> hivePrincipals, List<HivePrivilege> hivePrivileges, HivePrivilegeObject hivePrivObject, HivePrincipal grantorPrincipal, boolean grantOption)
          Revoke privileges for principals on the object
 void revokeRole(List<HivePrincipal> hivePrincipals, List<String> roles, boolean grantOption, HivePrincipal grantorPrinc)
          Revoke roles in given roles list to principals in given hivePrincipals list
 void setCurrentRole(String roleName)
          Set the current role to roleName argument
 List<HivePrivilegeInfo> showPrivileges(HivePrincipal principal, HivePrivilegeObject privObj)
          Show privileges for given principal on given object
 

Method Detail

getVersion

HiveAuthorizer.VERSION getVersion()
Returns:
version of HiveAuthorizer interface that is implemented by this instance

grantPrivileges

void grantPrivileges(List<HivePrincipal> hivePrincipals,
                     List<HivePrivilege> hivePrivileges,
                     HivePrivilegeObject hivePrivObject,
                     HivePrincipal grantorPrincipal,
                     boolean grantOption)
                     throws HiveAuthzPluginException,
                            HiveAccessControlException
Grant privileges for principals on the object

Parameters:
hivePrincipals -
hivePrivileges -
hivePrivObject -
grantorPrincipal -
grantOption -
Throws:
HiveAuthzPluginException
HiveAccessControlException

revokePrivileges

void revokePrivileges(List<HivePrincipal> hivePrincipals,
                      List<HivePrivilege> hivePrivileges,
                      HivePrivilegeObject hivePrivObject,
                      HivePrincipal grantorPrincipal,
                      boolean grantOption)
                      throws HiveAuthzPluginException,
                             HiveAccessControlException
Revoke privileges for principals on the object

Parameters:
hivePrincipals -
hivePrivileges -
hivePrivObject -
grantorPrincipal -
grantOption -
Throws:
HiveAuthzPluginException
HiveAccessControlException

createRole

void createRole(String roleName,
                HivePrincipal adminGrantor)
                throws HiveAuthzPluginException,
                       HiveAccessControlException
Create role

Parameters:
roleName -
adminGrantor - - The user in "[ WITH ADMIN ]" clause of "create role"
Throws:
HiveAuthzPluginException
HiveAccessControlException

dropRole

void dropRole(String roleName)
              throws HiveAuthzPluginException,
                     HiveAccessControlException
Drop role

Parameters:
roleName -
Throws:
HiveAuthzPluginException
HiveAccessControlException

getPrincipalGrantInfoForRole

List<HiveRoleGrant> getPrincipalGrantInfoForRole(String roleName)
                                                 throws HiveAuthzPluginException,
                                                        HiveAccessControlException
Get the grant information for principals granted the given role

Parameters:
roleName -
Returns:
Throws:
HiveAuthzPluginException
HiveAccessControlException

getRoleGrantInfoForPrincipal

List<HiveRoleGrant> getRoleGrantInfoForPrincipal(HivePrincipal principal)
                                                 throws HiveAuthzPluginException,
                                                        HiveAccessControlException
Get the grant information of roles the given principal belongs to

Parameters:
principal -
Returns:
Throws:
HiveAuthzPluginException
HiveAccessControlException

grantRole

void grantRole(List<HivePrincipal> hivePrincipals,
               List<String> roles,
               boolean grantOption,
               HivePrincipal grantorPrinc)
               throws HiveAuthzPluginException,
                      HiveAccessControlException
Grant roles in given roles list to principals in given hivePrincipals list

Parameters:
hivePrincipals -
roles -
grantOption -
grantorPrinc -
Throws:
HiveAuthzPluginException
HiveAccessControlException

revokeRole

void revokeRole(List<HivePrincipal> hivePrincipals,
                List<String> roles,
                boolean grantOption,
                HivePrincipal grantorPrinc)
                throws HiveAuthzPluginException,
                       HiveAccessControlException
Revoke roles in given roles list to principals in given hivePrincipals list

Parameters:
hivePrincipals -
roles -
grantOption -
grantorPrinc -
Throws:
HiveAuthzPluginException
HiveAccessControlException

checkPrivileges

void checkPrivileges(HiveOperationType hiveOpType,
                     List<HivePrivilegeObject> inputsHObjs,
                     List<HivePrivilegeObject> outputHObjs)
                     throws HiveAuthzPluginException,
                            HiveAccessControlException
Check if user has privileges to do this action on these objects

Parameters:
hiveOpType -
inputsHObjs -
outputHObjs -
Throws:
HiveAuthzPluginException
HiveAccessControlException

getAllRoles

List<String> getAllRoles()
                         throws HiveAuthzPluginException,
                                HiveAccessControlException
Returns:
all existing roles
Throws:
HiveAuthzPluginException
HiveAccessControlException

showPrivileges

List<HivePrivilegeInfo> showPrivileges(HivePrincipal principal,
                                       HivePrivilegeObject privObj)
                                       throws HiveAuthzPluginException,
                                              HiveAccessControlException
Show privileges for given principal on given object

Parameters:
principal -
privObj -
Returns:
Throws:
HiveAuthzPluginException
HiveAccessControlException

setCurrentRole

void setCurrentRole(String roleName)
                    throws HiveAccessControlException,
                           HiveAuthzPluginException
Set the current role to roleName argument

Parameters:
roleName -
Throws:
HiveAccessControlException
HiveAuthzPluginException

getCurrentRoleNames

List<String> getCurrentRoleNames()
                                 throws HiveAuthzPluginException
Returns:
List having names of current roles
Throws:
HiveAuthzPluginException

applyAuthorizationConfigPolicy

void applyAuthorizationConfigPolicy(HiveConf hiveConf)
Modify the given HiveConf object to configure authorization related parameters or other parameters related to hive security

Parameters:
hiveConf -
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2014 The Apache Software Foundation. All rights reserved.