Package org.apache.hadoop.hive.ql.security.authorization.plugin

Examples of org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAccessControlException

245
246
247
248
249
250
251
252
253
254
255
  @Override
  public void createRole(String roleName, HivePrincipal adminGrantor)
      throws HiveAuthzPluginException, HiveAccessControlException {
    // only user belonging to admin role can create new roles.
    if (!isUserAdmin()) {
      throw new HiveAccessControlException("Current user : " + currentUserName+ " is not"
      + " allowed to add roles. " + ADMIN_ONLY_MSG);
    }
    if (RESERVED_ROLE_NAMES.contains(roleName.trim().toUpperCase())) {
      throw new HiveAuthzPluginException("Role name cannot be one of the reserved roles: " +
          RESERVED_ROLE_NAMES);
View Full Code Here
265
266
267
268
269
270
271
272
273
274
275
  @Override
  public void dropRole(String roleName) throws HiveAuthzPluginException, HiveAccessControlException {
    // only user belonging to admin role can drop existing role
    if (!isUserAdmin()) {
      throw new HiveAccessControlException("Current user : " + currentUserName+ " is not"
      + " allowed to drop role. " + ADMIN_ONLY_MSG);
    }
    try {
      metastoreClientFactory.getHiveMetastoreClient().drop_role(roleName);
    } catch (Exception e) {
View Full Code Here
280
281
282
283
284
285
286
287
288
289
290
  @Override
  public void grantRole(List<HivePrincipal> hivePrincipals, List<String> roleNames,
    boolean grantOption, HivePrincipal grantorPrinc) throws HiveAuthzPluginException,
    HiveAccessControlException {
    if (!(isUserAdmin() || doesUserHasAdminOption(roleNames))) {
      throw new HiveAccessControlException("Current user : " + currentUserName+ " is not"
        + " allowed to grant role. " + ADMIN_ONLY_MSG + " Otherwise, " + HAS_ADMIN_PRIV_MSG);
    }
    for (HivePrincipal hivePrincipal : hivePrincipals) {
      for (String roleName : roleNames) {
        try {
View Full Code Here
312
313
314
315
316
317
318
319
320
321
322
      // removing grant privileges only is not supported in metastore api
      throw new HiveAuthzPluginException("Revoking only the admin privileges on "
        + "role is not currently supported");
    }
    if (!(isUserAdmin() || doesUserHasAdminOption(roleNames))) {
      throw new HiveAccessControlException("Current user : " + currentUserName+ " is not"
          + " allowed to revoke role. " + ADMIN_ONLY_MSG + " Otherwise, " + HAS_ADMIN_PRIV_MSG);
    }
    for (HivePrincipal hivePrincipal : hivePrincipals) {
      for (String roleName : roleNames) {
        try {
View Full Code Here
334
335
336
337
338
339
340
341
342
343
344
  @Override
  public List<String> getAllRoles() throws HiveAuthzPluginException, HiveAccessControlException {
    // only user belonging to admin role can list role
    if (!isUserAdmin()) {
      throw new HiveAccessControlException("Current user : " + currentUserName+ " is not"
        + " allowed to list roles. " + ADMIN_ONLY_MSG);
    }
    try {
      return metastoreClientFactory.getHiveMetastoreClient().listRoleNames();
    } catch (Exception e) {
View Full Code Here
349
350
351
352
353
354
355
356
357
358
359
  @Override
  public List<HiveRoleGrant> getPrincipalGrantInfoForRole(String roleName) throws HiveAuthzPluginException, HiveAccessControlException {
    // only user belonging to admin role can list role
    if (!isUserAdmin()) {
      throw new HiveAccessControlException("Current user : " + currentUserName+ " is not"
        + " allowed get principals in a role. " + ADMIN_ONLY_MSG);
    }
    try {
      GetPrincipalsInRoleResponse princGrantInfo =
          metastoreClientFactory.getHiveMetastoreClient().get_principals_in_role(new GetPrincipalsInRoleRequest(roleName));
View Full Code Here
456
457
458
459
460
461
462
463
      currentRoles.clear();
      currentRoles.add(adminRole);
      return;
    }
    // If we are here it means, user is requesting a role he doesn't belong to.
    throw new HiveAccessControlException(currentUserName +" doesn't belong to role "
      +roleName);
  }
View Full Code Here
92
93
94
95
96
97
98
99
100
      }

    }

    if (errMsg.length() != 0) {
      throw new HiveAccessControlException(errMsg.toString());
    }
    return matchingPrivs;
  }
View Full Code Here
356
357
358
359
360
361
362
363
      List<SQLPrivTypeGrant> sortedmissingPrivs = new ArrayList<SQLPrivTypeGrant>(missingPrivs);
      Collections.sort(sortedmissingPrivs);

      String errMsg = "Permission denied. " + hivePrincipal
          + " does not have following privileges on " + hivePrivObject + " : " + sortedmissingPrivs;
      throw new HiveAccessControlException(errMsg.toString());
    }
  }
View Full Code Here
409
410
411
412
413
414
415
416
    if (deniedMessages.size() != 0) {
      Collections.sort(deniedMessages);
      String errorMessage = "Permission denied: " + hivePrincipal
          + " does not have following privileges for operation " + hiveOpType + " "
          + deniedMessages;
      throw new HiveAccessControlException(errorMessage);
    }
  }
View Full Code Here
TOP

Related Classes of org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAccessControlException

  • org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.RevokePrivAuthUtils
  • org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLAuthorizationUtils
  • org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAccessController
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.