org.apache.hadoop.hive.ql.security.authorization.plugin
Class HiveAuthorizerImpl

java.lang.Object
  org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizerImpl

All Implemented Interfaces:

HiveAuthorizer

@InterfaceAudience.LimitedPrivate(value="")
@InterfaceStability.Evolving
public class HiveAuthorizerImpl
extends Object
implements HiveAuthorizer

Convenience implementation of HiveAuthorizer. You can customize the behavior by passing different implementations of HiveAccessController and HiveAuthorizationValidator to constructor.

Nested Class Summary

Nested classes/interfaces inherited from interface org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer

HiveAuthorizer.VERSION

Constructor Summary

HiveAuthorizerImpl(HiveAccessController accessController, HiveAuthorizationValidator authValidator)

Method Summary

void	applyAuthorizationConfigPolicy(HiveConf hiveConf) Modify the given HiveConf object to configure authorization related parameters or other parameters related to hive security
void	checkPrivileges(HiveOperationType hiveOpType, List<HivePrivilegeObject> inputHObjs, List<HivePrivilegeObject> outputHObjs) Check if user has privileges to do this action on these objects
void	createRole(String roleName, HivePrincipal adminGrantor) Create role
void	dropRole(String roleName) Drop role
List<String>	getAllRoles()
List<String>	getCurrentRoleNames()
List<HiveRoleGrant>	getPrincipalGrantInfoForRole(String roleName) Get the grant information for principals granted the given role
List<HiveRoleGrant>	getRoleGrantInfoForPrincipal(HivePrincipal principal) Get the grant information of roles the given principal belongs to
HiveAuthorizer.VERSION	getVersion()
void	grantPrivileges(List<HivePrincipal> hivePrincipals, List<HivePrivilege> hivePrivileges, HivePrivilegeObject hivePrivObject, HivePrincipal grantorPrincipal, boolean grantOption) Grant privileges for principals on the object
void	grantRole(List<HivePrincipal> hivePrincipals, List<String> roles, boolean grantOption, HivePrincipal grantorPrinc) Grant roles in given roles list to principals in given hivePrincipals list
void	revokePrivileges(List<HivePrincipal> hivePrincipals, List<HivePrivilege> hivePrivileges, HivePrivilegeObject hivePrivObject, HivePrincipal grantorPrincipal, boolean grantOption) Revoke privileges for principals on the object
void	revokeRole(List<HivePrincipal> hivePrincipals, List<String> roles, boolean grantOption, HivePrincipal grantorPrinc) Revoke roles in given roles list to principals in given hivePrincipals list
void	setCurrentRole(String roleName) Set the current role to roleName argument
List<HivePrivilegeInfo>	showPrivileges(HivePrincipal principal, HivePrivilegeObject privObj) Show privileges for given principal on given object

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

HiveAuthorizerImpl

public HiveAuthorizerImpl(HiveAccessController accessController,
                          HiveAuthorizationValidator authValidator)

Method Detail

grantPrivileges

public void grantPrivileges(List<HivePrincipal> hivePrincipals,
                            List<HivePrivilege> hivePrivileges,
                            HivePrivilegeObject hivePrivObject,
                            HivePrincipal grantorPrincipal,
                            boolean grantOption)
                     throws HiveAuthzPluginException,
                            HiveAccessControlException

Description copied from interface: HiveAuthorizer

Grant privileges for principals on the object

Specified by:

grantPrivileges in interface HiveAuthorizer

Throws:

HiveAuthzPluginException

HiveAccessControlException

revokePrivileges

public void revokePrivileges(List<HivePrincipal> hivePrincipals,
                             List<HivePrivilege> hivePrivileges,
                             HivePrivilegeObject hivePrivObject,
                             HivePrincipal grantorPrincipal,
                             boolean grantOption)
                      throws HiveAuthzPluginException,
                             HiveAccessControlException

Description copied from interface: HiveAuthorizer

Revoke privileges for principals on the object

Specified by:

revokePrivileges in interface HiveAuthorizer

Throws:

HiveAuthzPluginException

HiveAccessControlException

createRole

public void createRole(String roleName,
                       HivePrincipal adminGrantor)
                throws HiveAuthzPluginException,
                       HiveAccessControlException

Description copied from interface: HiveAuthorizer

Create role

Specified by:

createRole in interface HiveAuthorizer

adminGrantor - - The user in "[ WITH ADMIN ]" clause of "create role"

Throws:

HiveAuthzPluginException

HiveAccessControlException

dropRole

public void dropRole(String roleName)
              throws HiveAuthzPluginException,
                     HiveAccessControlException

Description copied from interface: HiveAuthorizer

Drop role

Specified by:

dropRole in interface HiveAuthorizer

Throws:

HiveAuthzPluginException

HiveAccessControlException

grantRole

public void grantRole(List<HivePrincipal> hivePrincipals,
                      List<String> roles,
                      boolean grantOption,
                      HivePrincipal grantorPrinc)
               throws HiveAuthzPluginException,
                      HiveAccessControlException

Description copied from interface: HiveAuthorizer

Grant roles in given roles list to principals in given hivePrincipals list

Specified by:

grantRole in interface HiveAuthorizer

Throws:

HiveAuthzPluginException

HiveAccessControlException

revokeRole

public void revokeRole(List<HivePrincipal> hivePrincipals,
                       List<String> roles,
                       boolean grantOption,
                       HivePrincipal grantorPrinc)
                throws HiveAuthzPluginException,
                       HiveAccessControlException

Description copied from interface: HiveAuthorizer

Revoke roles in given roles list to principals in given hivePrincipals list

Specified by:

revokeRole in interface HiveAuthorizer

Throws:

HiveAuthzPluginException

HiveAccessControlException

checkPrivileges

public void checkPrivileges(HiveOperationType hiveOpType,
                            List<HivePrivilegeObject> inputHObjs,
                            List<HivePrivilegeObject> outputHObjs)
                     throws HiveAuthzPluginException,
                            HiveAccessControlException

Description copied from interface: HiveAuthorizer

Check if user has privileges to do this action on these objects

Specified by:

checkPrivileges in interface HiveAuthorizer

Throws:

HiveAuthzPluginException

HiveAccessControlException

getAllRoles

public List<String> getAllRoles()
                         throws HiveAuthzPluginException,
                                HiveAccessControlException

Specified by:

getAllRoles in interface HiveAuthorizer

Returns:

all existing roles

Throws:

HiveAuthzPluginException

HiveAccessControlException

showPrivileges

public List<HivePrivilegeInfo> showPrivileges(HivePrincipal principal,
                                              HivePrivilegeObject privObj)
                                       throws HiveAuthzPluginException,
                                              HiveAccessControlException

Description copied from interface: HiveAuthorizer

Show privileges for given principal on given object

Specified by:

showPrivileges in interface HiveAuthorizer

Returns:

Throws:

HiveAuthzPluginException

HiveAccessControlException

getVersion

public HiveAuthorizer.VERSION getVersion()

Specified by:

getVersion in interface HiveAuthorizer

Returns:

version of HiveAuthorizer interface that is implemented by this instance

setCurrentRole

public void setCurrentRole(String roleName)
                    throws HiveAccessControlException,
                           HiveAuthzPluginException

Description copied from interface: HiveAuthorizer

Set the current role to roleName argument

Specified by:

setCurrentRole in interface HiveAuthorizer

Throws:

HiveAccessControlException

HiveAuthzPluginException

getCurrentRoleNames

public List<String> getCurrentRoleNames()
                                 throws HiveAuthzPluginException

Specified by:

getCurrentRoleNames in interface HiveAuthorizer

Returns:

List having names of current roles

Throws:

HiveAuthzPluginException

getPrincipalGrantInfoForRole

public List<HiveRoleGrant> getPrincipalGrantInfoForRole(String roleName)
                                                 throws HiveAuthzPluginException,
                                                        HiveAccessControlException

Description copied from interface: HiveAuthorizer

Get the grant information for principals granted the given role

Specified by:

getPrincipalGrantInfoForRole in interface HiveAuthorizer

Returns:

Throws:

HiveAuthzPluginException

HiveAccessControlException

getRoleGrantInfoForPrincipal

public List<HiveRoleGrant> getRoleGrantInfoForPrincipal(HivePrincipal principal)
                                                 throws HiveAuthzPluginException,
                                                        HiveAccessControlException

Description copied from interface: HiveAuthorizer

Get the grant information of roles the given principal belongs to

Specified by:

getRoleGrantInfoForPrincipal in interface HiveAuthorizer

Returns:

Throws:

HiveAuthzPluginException

HiveAccessControlException

applyAuthorizationConfigPolicy

public void applyAuthorizationConfigPolicy(HiveConf hiveConf)

Description copied from interface: HiveAuthorizer

Modify the given HiveConf object to configure authorization related parameters or other parameters related to hive security

Specified by:

applyAuthorizationConfigPolicy in interface HiveAuthorizer