Search in sources :

Example 16 with HiveObjectPrivilege

use of org.apache.hadoop.hive.metastore.api.HiveObjectPrivilege in project hive by apache.

the class ObjectStore method listTableGrantsAll.

@Override
public List<HiveObjectPrivilege> listTableGrantsAll(String dbName, String tableName) {
    boolean success = false;
    Query query = null;
    dbName = normalizeIdentifier(dbName);
    tableName = normalizeIdentifier(tableName);
    try {
        openTransaction();
        LOG.debug("Executing listTableGrantsAll");
        query = pm.newQuery(MTablePrivilege.class, "table.tableName == t1 && table.database.name == t2");
        query.declareParameters("java.lang.String t1, java.lang.String t2");
        List<MTablePrivilege> mSecurityTabPartList = (List<MTablePrivilege>) query.executeWithArray(tableName, dbName);
        LOG.debug("Done executing query for listTableGrantsAll");
        pm.retrieveAll(mSecurityTabPartList);
        List<HiveObjectPrivilege> result = convertTable(mSecurityTabPartList);
        success = commitTransaction();
        LOG.debug("Done retrieving all objects for listPrincipalAllTableGrants");
        return result;
    } finally {
        rollbackAndCleanup(success, query);
    }
}
Also used : HiveObjectPrivilege(org.apache.hadoop.hive.metastore.api.HiveObjectPrivilege) Query(javax.jdo.Query) LinkedList(java.util.LinkedList) MStringList(org.apache.hadoop.hive.metastore.model.MStringList) ArrayList(java.util.ArrayList) List(java.util.List) MTablePrivilege(org.apache.hadoop.hive.metastore.model.MTablePrivilege)

Example 17 with HiveObjectPrivilege

use of org.apache.hadoop.hive.metastore.api.HiveObjectPrivilege in project hive by apache.

the class ObjectStore method revokePrivileges.

@Override
public boolean revokePrivileges(PrivilegeBag privileges, boolean grantOption) throws InvalidObjectException, MetaException, NoSuchObjectException {
    boolean committed = false;
    try {
        openTransaction();
        List<Object> persistentObjs = new ArrayList<>();
        List<HiveObjectPrivilege> privilegeList = privileges.getPrivileges();
        if (CollectionUtils.isNotEmpty(privilegeList)) {
            Iterator<HiveObjectPrivilege> privIter = privilegeList.iterator();
            while (privIter.hasNext()) {
                HiveObjectPrivilege privDef = privIter.next();
                HiveObjectRef hiveObject = privDef.getHiveObject();
                String privilegeStr = privDef.getGrantInfo().getPrivilege();
                if (privilegeStr == null || privilegeStr.trim().equals("")) {
                    continue;
                }
                String[] privs = privilegeStr.split(",");
                String userName = privDef.getPrincipalName();
                PrincipalType principalType = privDef.getPrincipalType();
                if (hiveObject.getObjectType() == HiveObjectType.GLOBAL) {
                    List<MGlobalPrivilege> mSecUser = this.listPrincipalMGlobalGrants(userName, principalType);
                    boolean found = false;
                    if (mSecUser != null) {
                        for (String privilege : privs) {
                            for (MGlobalPrivilege userGrant : mSecUser) {
                                String userGrantPrivs = userGrant.getPrivilege();
                                if (privilege.equals(userGrantPrivs)) {
                                    found = true;
                                    if (grantOption) {
                                        if (userGrant.getGrantOption()) {
                                            userGrant.setGrantOption(false);
                                        } else {
                                            throw new MetaException("User " + userName + " does not have grant option with privilege " + privilege);
                                        }
                                    }
                                    persistentObjs.add(userGrant);
                                    break;
                                }
                            }
                            if (!found) {
                                throw new InvalidObjectException("No user grant found for privileges " + privilege);
                            }
                        }
                    }
                } else if (hiveObject.getObjectType() == HiveObjectType.DATABASE) {
                    MDatabase dbObj = getMDatabase(hiveObject.getDbName());
                    if (dbObj != null) {
                        String db = hiveObject.getDbName();
                        boolean found = false;
                        List<MDBPrivilege> dbGrants = this.listPrincipalMDBGrants(userName, principalType, db);
                        for (String privilege : privs) {
                            for (MDBPrivilege dbGrant : dbGrants) {
                                String dbGrantPriv = dbGrant.getPrivilege();
                                if (privilege.equals(dbGrantPriv)) {
                                    found = true;
                                    if (grantOption) {
                                        if (dbGrant.getGrantOption()) {
                                            dbGrant.setGrantOption(false);
                                        } else {
                                            throw new MetaException("User " + userName + " does not have grant option with privilege " + privilege);
                                        }
                                    }
                                    persistentObjs.add(dbGrant);
                                    break;
                                }
                            }
                            if (!found) {
                                throw new InvalidObjectException("No database grant found for privileges " + privilege + " on database " + db);
                            }
                        }
                    }
                } else if (hiveObject.getObjectType() == HiveObjectType.TABLE) {
                    boolean found = false;
                    List<MTablePrivilege> tableGrants = this.listAllMTableGrants(userName, principalType, hiveObject.getDbName(), hiveObject.getObjectName());
                    for (String privilege : privs) {
                        for (MTablePrivilege tabGrant : tableGrants) {
                            String tableGrantPriv = tabGrant.getPrivilege();
                            if (privilege.equalsIgnoreCase(tableGrantPriv)) {
                                found = true;
                                if (grantOption) {
                                    if (tabGrant.getGrantOption()) {
                                        tabGrant.setGrantOption(false);
                                    } else {
                                        throw new MetaException("User " + userName + " does not have grant option with privilege " + privilege);
                                    }
                                }
                                persistentObjs.add(tabGrant);
                                break;
                            }
                        }
                        if (!found) {
                            throw new InvalidObjectException("No grant (" + privilege + ") found " + " on table " + hiveObject.getObjectName() + ", database is " + hiveObject.getDbName());
                        }
                    }
                } else if (hiveObject.getObjectType() == HiveObjectType.PARTITION) {
                    boolean found = false;
                    Table tabObj = this.getTable(hiveObject.getDbName(), hiveObject.getObjectName());
                    String partName = null;
                    if (hiveObject.getPartValues() != null) {
                        partName = Warehouse.makePartName(tabObj.getPartitionKeys(), hiveObject.getPartValues());
                    }
                    List<MPartitionPrivilege> partitionGrants = this.listPrincipalMPartitionGrants(userName, principalType, hiveObject.getDbName(), hiveObject.getObjectName(), partName);
                    for (String privilege : privs) {
                        for (MPartitionPrivilege partGrant : partitionGrants) {
                            String partPriv = partGrant.getPrivilege();
                            if (partPriv.equalsIgnoreCase(privilege)) {
                                found = true;
                                if (grantOption) {
                                    if (partGrant.getGrantOption()) {
                                        partGrant.setGrantOption(false);
                                    } else {
                                        throw new MetaException("User " + userName + " does not have grant option with privilege " + privilege);
                                    }
                                }
                                persistentObjs.add(partGrant);
                                break;
                            }
                        }
                        if (!found) {
                            throw new InvalidObjectException("No grant (" + privilege + ") found " + " on table " + tabObj.getTableName() + ", partition is " + partName + ", database is " + tabObj.getDbName());
                        }
                    }
                } else if (hiveObject.getObjectType() == HiveObjectType.COLUMN) {
                    Table tabObj = this.getTable(hiveObject.getDbName(), hiveObject.getObjectName());
                    String partName = null;
                    if (hiveObject.getPartValues() != null) {
                        partName = Warehouse.makePartName(tabObj.getPartitionKeys(), hiveObject.getPartValues());
                    }
                    if (partName != null) {
                        List<MPartitionColumnPrivilege> mSecCol = listPrincipalMPartitionColumnGrants(userName, principalType, hiveObject.getDbName(), hiveObject.getObjectName(), partName, hiveObject.getColumnName());
                        boolean found = false;
                        if (mSecCol != null) {
                            for (String privilege : privs) {
                                for (MPartitionColumnPrivilege col : mSecCol) {
                                    String colPriv = col.getPrivilege();
                                    if (colPriv.equalsIgnoreCase(privilege)) {
                                        found = true;
                                        if (grantOption) {
                                            if (col.getGrantOption()) {
                                                col.setGrantOption(false);
                                            } else {
                                                throw new MetaException("User " + userName + " does not have grant option with privilege " + privilege);
                                            }
                                        }
                                        persistentObjs.add(col);
                                        break;
                                    }
                                }
                                if (!found) {
                                    throw new InvalidObjectException("No grant (" + privilege + ") found " + " on table " + tabObj.getTableName() + ", partition is " + partName + ", column name = " + hiveObject.getColumnName() + ", database is " + tabObj.getDbName());
                                }
                            }
                        }
                    } else {
                        List<MTableColumnPrivilege> mSecCol = listPrincipalMTableColumnGrants(userName, principalType, hiveObject.getDbName(), hiveObject.getObjectName(), hiveObject.getColumnName());
                        boolean found = false;
                        if (mSecCol != null) {
                            for (String privilege : privs) {
                                for (MTableColumnPrivilege col : mSecCol) {
                                    String colPriv = col.getPrivilege();
                                    if (colPriv.equalsIgnoreCase(privilege)) {
                                        found = true;
                                        if (grantOption) {
                                            if (col.getGrantOption()) {
                                                col.setGrantOption(false);
                                            } else {
                                                throw new MetaException("User " + userName + " does not have grant option with privilege " + privilege);
                                            }
                                        }
                                        persistentObjs.add(col);
                                        break;
                                    }
                                }
                                if (!found) {
                                    throw new InvalidObjectException("No grant (" + privilege + ") found " + " on table " + tabObj.getTableName() + ", column name = " + hiveObject.getColumnName() + ", database is " + tabObj.getDbName());
                                }
                            }
                        }
                    }
                }
            }
        }
        if (CollectionUtils.isNotEmpty(persistentObjs)) {
            if (grantOption) {
            // If grant option specified, only update the privilege, don't remove it.
            // Grant option has already been removed from the privileges in the section above
            } else {
                pm.deletePersistentAll(persistentObjs);
            }
        }
        committed = commitTransaction();
    } finally {
        if (!committed) {
            rollbackTransaction();
        }
    }
    return committed;
}
Also used : ArrayList(java.util.ArrayList) MPartitionColumnPrivilege(org.apache.hadoop.hive.metastore.model.MPartitionColumnPrivilege) InvalidObjectException(org.apache.hadoop.hive.metastore.api.InvalidObjectException) LinkedList(java.util.LinkedList) MStringList(org.apache.hadoop.hive.metastore.model.MStringList) ArrayList(java.util.ArrayList) List(java.util.List) MTableColumnPrivilege(org.apache.hadoop.hive.metastore.model.MTableColumnPrivilege) MetaException(org.apache.hadoop.hive.metastore.api.MetaException) MVersionTable(org.apache.hadoop.hive.metastore.model.MVersionTable) Table(org.apache.hadoop.hive.metastore.api.Table) MTable(org.apache.hadoop.hive.metastore.model.MTable) HiveObjectRef(org.apache.hadoop.hive.metastore.api.HiveObjectRef) MDBPrivilege(org.apache.hadoop.hive.metastore.model.MDBPrivilege) MGlobalPrivilege(org.apache.hadoop.hive.metastore.model.MGlobalPrivilege) MDatabase(org.apache.hadoop.hive.metastore.model.MDatabase) HiveObjectPrivilege(org.apache.hadoop.hive.metastore.api.HiveObjectPrivilege) MPartitionPrivilege(org.apache.hadoop.hive.metastore.model.MPartitionPrivilege) PrincipalType(org.apache.hadoop.hive.metastore.api.PrincipalType) MTablePrivilege(org.apache.hadoop.hive.metastore.model.MTablePrivilege)

Example 18 with HiveObjectPrivilege

use of org.apache.hadoop.hive.metastore.api.HiveObjectPrivilege in project hive by apache.

the class ObjectStore method listPrincipalGlobalGrants.

@Override
public List<HiveObjectPrivilege> listPrincipalGlobalGrants(String principalName, PrincipalType principalType) {
    List<MGlobalPrivilege> mUsers = listPrincipalMGlobalGrants(principalName, principalType);
    if (mUsers.isEmpty()) {
        return Collections.emptyList();
    }
    List<HiveObjectPrivilege> result = new ArrayList<>();
    for (int i = 0; i < mUsers.size(); i++) {
        MGlobalPrivilege sUsr = mUsers.get(i);
        HiveObjectRef objectRef = new HiveObjectRef(HiveObjectType.GLOBAL, null, null, null, null);
        HiveObjectPrivilege secUser = new HiveObjectPrivilege(objectRef, sUsr.getPrincipalName(), principalType, new PrivilegeGrantInfo(sUsr.getPrivilege(), sUsr.getCreateTime(), sUsr.getGrantor(), PrincipalType.valueOf(sUsr.getGrantorType()), sUsr.getGrantOption()));
        result.add(secUser);
    }
    return result;
}
Also used : HiveObjectPrivilege(org.apache.hadoop.hive.metastore.api.HiveObjectPrivilege) PrivilegeGrantInfo(org.apache.hadoop.hive.metastore.api.PrivilegeGrantInfo) HiveObjectRef(org.apache.hadoop.hive.metastore.api.HiveObjectRef) ArrayList(java.util.ArrayList) MGlobalPrivilege(org.apache.hadoop.hive.metastore.model.MGlobalPrivilege) MConstraint(org.apache.hadoop.hive.metastore.model.MConstraint) SQLUniqueConstraint(org.apache.hadoop.hive.metastore.api.SQLUniqueConstraint) SQLCheckConstraint(org.apache.hadoop.hive.metastore.api.SQLCheckConstraint) SQLDefaultConstraint(org.apache.hadoop.hive.metastore.api.SQLDefaultConstraint) SQLNotNullConstraint(org.apache.hadoop.hive.metastore.api.SQLNotNullConstraint)

Example 19 with HiveObjectPrivilege

use of org.apache.hadoop.hive.metastore.api.HiveObjectPrivilege in project hive by apache.

the class SQLStdHiveAccessController method showPrivileges.

@Override
public List<HivePrivilegeInfo> showPrivileges(HivePrincipal principal, HivePrivilegeObject privObj) throws HiveAuthzPluginException {
    try {
        // First authorize the call
        if (principal == null) {
            // only the admin is allowed to list privileges for any user
            if (!isUserAdmin()) {
                throw new HiveAccessControlException("User : " + currentUserName + " has to specify" + " a user name or role in the show grant. " + ADMIN_ONLY_MSG);
            }
        } else {
            // principal is specified, authorize on it
            if (!isUserAdmin()) {
                ensureShowGrantAllowed(principal);
            }
        }
        IMetaStoreClient mClient = metastoreClientFactory.getHiveMetastoreClient();
        List<HivePrivilegeInfo> resPrivInfos = new ArrayList<HivePrivilegeInfo>();
        String principalName = principal == null ? null : principal.getName();
        PrincipalType principalType = principal == null ? null : AuthorizationUtils.getThriftPrincipalType(principal.getType());
        // get metastore/thrift privilege object using metastore api
        List<HiveObjectPrivilege> msObjPrivs = mClient.list_privileges(principalName, principalType, SQLAuthorizationUtils.getThriftHiveObjectRef(privObj));
        // convert the metastore thrift objects to result objects
        for (HiveObjectPrivilege msObjPriv : msObjPrivs) {
            // result principal
            HivePrincipal resPrincipal = new HivePrincipal(msObjPriv.getPrincipalName(), AuthorizationUtils.getHivePrincipalType(msObjPriv.getPrincipalType()));
            // result privilege
            PrivilegeGrantInfo msGrantInfo = msObjPriv.getGrantInfo();
            HivePrivilege resPrivilege = new HivePrivilege(msGrantInfo.getPrivilege(), null);
            // result object
            HiveObjectRef msObjRef = msObjPriv.getHiveObject();
            if (!isSupportedObjectType(msObjRef.getObjectType())) {
                // ignore them
                continue;
            }
            HivePrivilegeObject resPrivObj = new HivePrivilegeObject(getPluginPrivilegeObjType(msObjRef.getObjectType()), msObjRef.getDbName(), msObjRef.getObjectName(), msObjRef.getPartValues(), msObjRef.getColumnName());
            // result grantor principal
            HivePrincipal grantorPrincipal = new HivePrincipal(msGrantInfo.getGrantor(), AuthorizationUtils.getHivePrincipalType(msGrantInfo.getGrantorType()));
            HivePrivilegeInfo resPrivInfo = new HivePrivilegeInfo(resPrincipal, resPrivilege, resPrivObj, grantorPrincipal, msGrantInfo.isGrantOption(), msGrantInfo.getCreateTime());
            resPrivInfos.add(resPrivInfo);
        }
        return resPrivInfos;
    } catch (Exception e) {
        throw SQLAuthorizationUtils.getPluginException("Error showing privileges", e);
    }
}
Also used : HivePrivilegeInfo(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeInfo) PrivilegeGrantInfo(org.apache.hadoop.hive.metastore.api.PrivilegeGrantInfo) HivePrivilege(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilege) HiveObjectRef(org.apache.hadoop.hive.metastore.api.HiveObjectRef) ArrayList(java.util.ArrayList) HivePrivilegeObject(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject) IMetaStoreClient(org.apache.hadoop.hive.metastore.IMetaStoreClient) MetaException(org.apache.hadoop.hive.metastore.api.MetaException) HiveAccessControlException(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAccessControlException) HiveAuthzPluginException(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException) TException(org.apache.thrift.TException) HiveAccessControlException(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAccessControlException) HiveObjectPrivilege(org.apache.hadoop.hive.metastore.api.HiveObjectPrivilege) HivePrincipal(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal) PrincipalType(org.apache.hadoop.hive.metastore.api.PrincipalType)

Example 20 with HiveObjectPrivilege

use of org.apache.hadoop.hive.metastore.api.HiveObjectPrivilege in project hive by apache.

the class HiveV1Authorizer method toPrivilegeBag.

private PrivilegeBag toPrivilegeBag(List<HivePrivilege> privileges, HivePrivilegeObject privObject, HivePrincipal grantor, boolean grantOption) throws HiveException {
    PrivilegeBag privBag = new PrivilegeBag();
    if (privileges.isEmpty()) {
        return privBag;
    }
    String grantorName = grantor.getName();
    PrincipalType grantorType = AuthorizationUtils.getThriftPrincipalType(grantor.getType());
    if (privObject.getType() == null || privObject.getType() == HivePrivilegeObject.HivePrivilegeObjectType.GLOBAL) {
        for (HivePrivilege priv : privileges) {
            List<String> columns = priv.getColumns();
            if (columns != null && !columns.isEmpty()) {
                throw new HiveException("For user-level privileges, column sets should be null. columns=" + columns.toString());
            }
            privBag.addToPrivileges(new HiveObjectPrivilege(new HiveObjectRef(HiveObjectType.GLOBAL, null, null, null, null), null, null, new PrivilegeGrantInfo(priv.getName(), 0, grantor.getName(), grantorType, grantOption)));
        }
        return privBag;
    }
    if (privObject.getPartKeys() != null && grantOption) {
        throw new HiveException("Grant does not support partition level.");
    }
    Hive hive = Hive.getWithFastCheck(this.conf);
    Database dbObj = hive.getDatabase(privObject.getDbname());
    if (dbObj == null) {
        throw new HiveException("Database " + privObject.getDbname() + " does not exists");
    }
    Table tableObj = null;
    if (privObject.getObjectName() != null) {
        tableObj = hive.getTable(dbObj.getName(), privObject.getObjectName());
    }
    List<String> partValues = null;
    if (tableObj != null) {
        if ((!tableObj.isPartitioned()) && privObject.getPartKeys() != null) {
            throw new HiveException("Table is not partitioned, but partition name is present: partSpec=" + privObject.getPartKeys());
        }
        if (privObject.getPartKeys() != null) {
            Map<String, String> partSpec = Warehouse.makeSpecFromValues(tableObj.getPartitionKeys(), privObject.getPartKeys());
            Partition partObj = hive.getPartition(tableObj, partSpec, false).getTPartition();
            partValues = partObj.getValues();
        }
    }
    for (HivePrivilege priv : privileges) {
        List<String> columns = priv.getColumns();
        if (columns != null && !columns.isEmpty()) {
            if (!priv.supportsScope(PrivilegeScope.COLUMN_LEVEL_SCOPE)) {
                throw new HiveException(priv.getName() + " does not support column level privilege.");
            }
            if (tableObj == null) {
                throw new HiveException("For user-level/database-level privileges, column sets should be null. columns=" + columns);
            }
            for (int i = 0; i < columns.size(); i++) {
                privBag.addToPrivileges(new HiveObjectPrivilege(new HiveObjectRef(HiveObjectType.COLUMN, dbObj.getName(), tableObj.getTableName(), partValues, columns.get(i)), null, null, new PrivilegeGrantInfo(priv.getName(), 0, grantorName, grantorType, grantOption)));
            }
        } else if (tableObj == null) {
            privBag.addToPrivileges(new HiveObjectPrivilege(new HiveObjectRef(HiveObjectType.DATABASE, dbObj.getName(), null, null, null), null, null, new PrivilegeGrantInfo(priv.getName(), 0, grantorName, grantorType, grantOption)));
        } else if (partValues == null) {
            privBag.addToPrivileges(new HiveObjectPrivilege(new HiveObjectRef(HiveObjectType.TABLE, dbObj.getName(), tableObj.getTableName(), null, null), null, null, new PrivilegeGrantInfo(priv.getName(), 0, grantorName, grantorType, grantOption)));
        } else {
            privBag.addToPrivileges(new HiveObjectPrivilege(new HiveObjectRef(HiveObjectType.PARTITION, dbObj.getName(), tableObj.getTableName(), partValues, null), null, null, new PrivilegeGrantInfo(priv.getName(), 0, grantorName, grantorType, grantOption)));
        }
    }
    return privBag;
}
Also used : PrivilegeBag(org.apache.hadoop.hive.metastore.api.PrivilegeBag) Partition(org.apache.hadoop.hive.metastore.api.Partition) HiveException(org.apache.hadoop.hive.ql.metadata.HiveException) Table(org.apache.hadoop.hive.ql.metadata.Table) PrivilegeGrantInfo(org.apache.hadoop.hive.metastore.api.PrivilegeGrantInfo) HiveObjectRef(org.apache.hadoop.hive.metastore.api.HiveObjectRef) HiveObjectPrivilege(org.apache.hadoop.hive.metastore.api.HiveObjectPrivilege) Hive(org.apache.hadoop.hive.ql.metadata.Hive) Database(org.apache.hadoop.hive.metastore.api.Database) PrincipalType(org.apache.hadoop.hive.metastore.api.PrincipalType)

Aggregations

HiveObjectPrivilege (org.apache.hadoop.hive.metastore.api.HiveObjectPrivilege)45 ArrayList (java.util.ArrayList)35 HiveObjectRef (org.apache.hadoop.hive.metastore.api.HiveObjectRef)31 PrivilegeGrantInfo (org.apache.hadoop.hive.metastore.api.PrivilegeGrantInfo)31 List (java.util.List)16 LinkedList (java.util.LinkedList)14 PrincipalType (org.apache.hadoop.hive.metastore.api.PrincipalType)12 PrincipalPrivilegeSet (org.apache.hadoop.hive.metastore.api.PrincipalPrivilegeSet)9 IOException (java.io.IOException)8 Query (javax.jdo.Query)8 Database (org.apache.hadoop.hive.metastore.api.Database)8 PrivilegeBag (org.apache.hadoop.hive.metastore.api.PrivilegeBag)8 SQLCheckConstraint (org.apache.hadoop.hive.metastore.api.SQLCheckConstraint)7 SQLDefaultConstraint (org.apache.hadoop.hive.metastore.api.SQLDefaultConstraint)7 SQLNotNullConstraint (org.apache.hadoop.hive.metastore.api.SQLNotNullConstraint)7 SQLUniqueConstraint (org.apache.hadoop.hive.metastore.api.SQLUniqueConstraint)7 MConstraint (org.apache.hadoop.hive.metastore.model.MConstraint)7 Table (org.apache.hadoop.hive.metastore.api.Table)6 MPartitionColumnPrivilege (org.apache.hadoop.hive.metastore.model.MPartitionColumnPrivilege)6 MPartitionPrivilege (org.apache.hadoop.hive.metastore.model.MPartitionPrivilege)6