Example 1 with DAGAccessControls
use of org.apache.tez.common.security.DAGAccessControls in project hive by apache.
the class TezTask method setAccessControlsForCurrentUser.
private static void setAccessControlsForCurrentUser(DAG dag, String queryId, Configuration conf) throws IOException {
String user = SessionState.getUserFromAuthenticator();
UserGroupInformation loginUserUgi = UserGroupInformation.getLoginUser();
String loginUser = loginUserUgi == null ? null : loginUserUgi.getShortUserName();
boolean addHs2User = HiveConf.getBoolVar(conf, HiveConf.ConfVars.HIVETEZHS2USERACCESS);
// Temporarily re-using the TEZ AM View ACLs property for individual dag access control.
// Hive may want to setup it's own parameters if it wants to control per dag access.
// Setting the tez-property per dag should work for now.
String viewStr = Utilities.getAclStringWithHiveModification(conf, TezConfiguration.TEZ_AM_VIEW_ACLS, addHs2User, user, loginUser);
String modifyStr = Utilities.getAclStringWithHiveModification(conf, TezConfiguration.TEZ_AM_MODIFY_ACLS, addHs2User, user, loginUser);
if (LOG.isDebugEnabled()) {
LOG.debug("Setting Tez DAG access for queryId={} with viewAclString={}, modifyStr={}", queryId, viewStr, modifyStr);
}
// set permissions for current user on DAG
DAGAccessControls ac = new DAGAccessControls(viewStr, modifyStr);
dag.setAccessControls(ac);
}
Also used :
DAGAccessControls(org.apache.tez.common.security.DAGAccessControls)
UserGroupInformation(org.apache.hadoop.security.UserGroupInformation)
Aggregations
UserGroupInformation (org.apache.hadoop.security.UserGroupInformation)1
DAGAccessControls (org.apache.tez.common.security.DAGAccessControls)1
