Examples with PrincipalPrivilegeSet org.apache.hadoop.hive.metastore.api.PrincipalPrivilegeSet used on opensource projects

Example 1 with PrincipalPrivilegeSet

use of org.apache.hadoop.hive.metastore.api.PrincipalPrivilegeSet in project hive by apache.

the class ObjectStore method getColumnPrivilegeSet.

@Override
public PrincipalPrivilegeSet getColumnPrivilegeSet(String dbName, String tableName, String partitionName, String columnName, String userName, List<String> groupNames) throws InvalidObjectException, MetaException {
    tableName = HiveStringUtils.normalizeIdentifier(tableName);
    dbName = HiveStringUtils.normalizeIdentifier(dbName);
    columnName = HiveStringUtils.normalizeIdentifier(columnName);
    boolean commited = false;
    PrincipalPrivilegeSet ret = new PrincipalPrivilegeSet();
    try {
        openTransaction();
        if (userName != null) {
            Map<String, List<PrivilegeGrantInfo>> columnUserPriv = new HashMap<String, List<PrivilegeGrantInfo>>();
            columnUserPriv.put(userName, getColumnPrivilege(dbName, tableName, columnName, partitionName, userName, PrincipalType.USER));
            ret.setUserPrivileges(columnUserPriv);
        }
        if (groupNames != null && groupNames.size() > 0) {
            Map<String, List<PrivilegeGrantInfo>> columnGroupPriv = new HashMap<String, List<PrivilegeGrantInfo>>();
            for (String groupName : groupNames) {
                columnGroupPriv.put(groupName, getColumnPrivilege(dbName, tableName, columnName, partitionName, groupName, PrincipalType.GROUP));
            }
            ret.setGroupPrivileges(columnGroupPriv);
        }
        Set<String> roleNames = listAllRolesInHierarchy(userName, groupNames);
        if (roleNames != null && roleNames.size() > 0) {
            Map<String, List<PrivilegeGrantInfo>> columnRolePriv = new HashMap<String, List<PrivilegeGrantInfo>>();
            for (String roleName : roleNames) {
                columnRolePriv.put(roleName, getColumnPrivilege(dbName, tableName, columnName, partitionName, roleName, PrincipalType.ROLE));
            }
            ret.setRolePrivileges(columnRolePriv);
        }
        commited = commitTransaction();
    } finally {
        if (!commited) {
            rollbackTransaction();
        }
    }
    return ret;
}

Example 2 with PrincipalPrivilegeSet

use of org.apache.hadoop.hive.metastore.api.PrincipalPrivilegeSet in project hive by apache.

the class ObjectStore method getPartitionWithAuth.

@Override
public Partition getPartitionWithAuth(String dbName, String tblName, List<String> partVals, String user_name, List<String> group_names) throws NoSuchObjectException, MetaException, InvalidObjectException {
    boolean success = false;
    try {
        openTransaction();
        MPartition mpart = getMPartition(dbName, tblName, partVals);
        if (mpart == null) {
            commitTransaction();
            throw new NoSuchObjectException("partition values=" + partVals.toString());
        }
        Partition part = null;
        MTable mtbl = mpart.getTable();
        part = convertToPart(mpart);
        if ("TRUE".equalsIgnoreCase(mtbl.getParameters().get("PARTITION_LEVEL_PRIVILEGE"))) {
            String partName = Warehouse.makePartName(this.convertToFieldSchemas(mtbl.getPartitionKeys()), partVals);
            PrincipalPrivilegeSet partAuth = this.getPartitionPrivilegeSet(dbName, tblName, partName, user_name, group_names);
            part.setPrivileges(partAuth);
        }
        success = commitTransaction();
        return part;
    } finally {
        if (!success) {
            rollbackTransaction();
        }
    }
}

Example 3 with PrincipalPrivilegeSet

use of org.apache.hadoop.hive.metastore.api.PrincipalPrivilegeSet in project hive by apache.

the class ObjectStore method getTablePrivilegeSet.

@Override
public PrincipalPrivilegeSet getTablePrivilegeSet(String dbName, String tableName, String userName, List<String> groupNames) throws InvalidObjectException, MetaException {
    boolean commited = false;
    PrincipalPrivilegeSet ret = new PrincipalPrivilegeSet();
    tableName = HiveStringUtils.normalizeIdentifier(tableName);
    dbName = HiveStringUtils.normalizeIdentifier(dbName);
    try {
        openTransaction();
        if (userName != null) {
            Map<String, List<PrivilegeGrantInfo>> tableUserPriv = new HashMap<String, List<PrivilegeGrantInfo>>();
            tableUserPriv.put(userName, getTablePrivilege(dbName, tableName, userName, PrincipalType.USER));
            ret.setUserPrivileges(tableUserPriv);
        }
        if (groupNames != null && groupNames.size() > 0) {
            Map<String, List<PrivilegeGrantInfo>> tableGroupPriv = new HashMap<String, List<PrivilegeGrantInfo>>();
            for (String groupName : groupNames) {
                tableGroupPriv.put(groupName, getTablePrivilege(dbName, tableName, groupName, PrincipalType.GROUP));
            }
            ret.setGroupPrivileges(tableGroupPriv);
        }
        Set<String> roleNames = listAllRolesInHierarchy(userName, groupNames);
        if (roleNames != null && roleNames.size() > 0) {
            Map<String, List<PrivilegeGrantInfo>> tableRolePriv = new HashMap<String, List<PrivilegeGrantInfo>>();
            for (String roleName : roleNames) {
                tableRolePriv.put(roleName, getTablePrivilege(dbName, tableName, roleName, PrincipalType.ROLE));
            }
            ret.setRolePrivileges(tableRolePriv);
        }
        commited = commitTransaction();
    } finally {
        if (!commited) {
            rollbackTransaction();
        }
    }
    return ret;
}

Example 4 with PrincipalPrivilegeSet

use of org.apache.hadoop.hive.metastore.api.PrincipalPrivilegeSet in project hive by apache.

the class ObjectStore method getPartitionsWithAuth.

@Override
public List<Partition> getPartitionsWithAuth(String dbName, String tblName, short max, String userName, List<String> groupNames) throws MetaException, InvalidObjectException {
    boolean success = false;
    QueryWrapper queryWrapper = new QueryWrapper();
    try {
        openTransaction();
        List<MPartition> mparts = listMPartitions(dbName, tblName, max, queryWrapper);
        List<Partition> parts = new ArrayList<Partition>(mparts.size());
        if (mparts != null && mparts.size() > 0) {
            for (MPartition mpart : mparts) {
                MTable mtbl = mpart.getTable();
                Partition part = convertToPart(mpart);
                parts.add(part);
                if ("TRUE".equalsIgnoreCase(mtbl.getParameters().get("PARTITION_LEVEL_PRIVILEGE"))) {
                    String partName = Warehouse.makePartName(this.convertToFieldSchemas(mtbl.getPartitionKeys()), part.getValues());
                    PrincipalPrivilegeSet partAuth = this.getPartitionPrivilegeSet(dbName, tblName, partName, userName, groupNames);
                    part.setPrivileges(partAuth);
                }
            }
        }
        success = commitTransaction();
        return parts;
    } finally {
        if (!success) {
            rollbackTransaction();
        }
        queryWrapper.close();
    }
}

Example 5 with PrincipalPrivilegeSet

use of org.apache.hadoop.hive.metastore.api.PrincipalPrivilegeSet in project hive by apache.

the class SQLAuthorizationUtils method getPrivilegesFromMetaStore.

/**
   * Get the privileges this user(userName argument) has on the object
   * (hivePrivObject argument) If isAdmin is true, adds an admin privilege as
   * well.
   *
   * @param metastoreClient
   * @param userName
   * @param hivePrivObject
   * @param curRoles
   *          current active roles for user
   * @param isAdmin
   *          if user can run as admin user
   * @return
   * @throws HiveAuthzPluginException
   */
static RequiredPrivileges getPrivilegesFromMetaStore(IMetaStoreClient metastoreClient, String userName, HivePrivilegeObject hivePrivObject, List<String> curRoles, boolean isAdmin) throws HiveAuthzPluginException {
    // get privileges for this user and its role on this object
    PrincipalPrivilegeSet thrifPrivs = null;
    try {
        HiveObjectRef objectRef = AuthorizationUtils.getThriftHiveObjectRef(hivePrivObject);
        if (objectRef.getObjectType() == null) {
            objectRef.setObjectType(HiveObjectType.GLOBAL);
        }
        thrifPrivs = metastoreClient.get_privilege_set(objectRef, userName, null);
    } catch (MetaException e) {
        throwGetPrivErr(e, hivePrivObject, userName);
    } catch (TException e) {
        throwGetPrivErr(e, hivePrivObject, userName);
    } catch (HiveException e) {
        throwGetPrivErr(e, hivePrivObject, userName);
    }
    filterPrivsByCurrentRoles(thrifPrivs, curRoles);
    // convert to RequiredPrivileges
    RequiredPrivileges privs = getRequiredPrivsFromThrift(thrifPrivs);
    // add owner privilege if user is owner of the object
    if (isOwner(metastoreClient, userName, curRoles, hivePrivObject)) {
        privs.addPrivilege(SQLPrivTypeGrant.OWNER_PRIV);
    }
    if (isAdmin) {
        privs.addPrivilege(SQLPrivTypeGrant.ADMIN_PRIV);
    }
    return privs;
}