Package org.apache.hadoop.hive.ql.security.authorization.plugin

Examples of org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException

137
138
139
140
141
142
143
144
145
146
    case TABLE:
      return HivePrivilegeObjectType.TABLE_OR_VIEW;
    case COLUMN:
    case GLOBAL:
    case PARTITION:
      throw new HiveAuthzPluginException("Unsupported object type " + objectType);
    default:
      throw new AssertionError("Unexpected object type " + objectType);
    }
  }
View Full Code Here
151
152
153
154
155
156
157
158
159
160
161
   * @throws HiveAuthzPluginException
   */
  public static void validatePrivileges(List<HivePrivilege> hivePrivileges) throws HiveAuthzPluginException {
    for (HivePrivilege hivePrivilege : hivePrivileges) {
      if (hivePrivilege.getColumns() != null && hivePrivilege.getColumns().size() != 0) {
        throw new HiveAuthzPluginException(
            "Privilege with columns are not currently supported with sql standard authorization:"
                + hivePrivilege);
      }
      //try converting to the enum to verify that this is a valid privilege type
      SQLPrivilegeType.getRequirePrivilege(hivePrivilege.getName());
View Full Code Here
297
298
299
300
301
302
303
  }

  private static void throwGetObjErr(Exception e, HivePrivilegeObject hivePrivObject)
      throws HiveAuthzPluginException {
    String msg = "Error getting object from metastore for " + hivePrivObject;
    throw new HiveAuthzPluginException(msg, e);
  }
View Full Code Here
304
305
306
307
308
309
310
  private static void throwGetPrivErr(Exception e, HivePrivilegeObject hivePrivObject,
      String userName) throws HiveAuthzPluginException {
    String msg = "Error getting privileges on " + hivePrivObject + " for " + userName + ": "
      + e.getMessage();
    throw new HiveAuthzPluginException(msg, e);
  }
View Full Code Here
314
315
316
317
318
319
320
321
322
323
324
    RequiredPrivileges reqPrivs = new RequiredPrivileges();
    // add user privileges
    Map<String, List<PrivilegeGrantInfo>> userPrivs = thrifPrivs.getUserPrivileges();
    if (userPrivs != null && userPrivs.size() != 1) {
      throw new HiveAuthzPluginException("Invalid number of user privilege objects: "
          + userPrivs.size());
    }
    addRequiredPrivs(reqPrivs, userPrivs);

    // add role privileges
View Full Code Here
392
393
394
395
396
397
398
399
400
      if (FileUtils.isActionPermittedForFileHierarchy(fs, fileStatus, userName, FsAction.READ)) {
        availPrivs.addPrivilege(SQLPrivTypeGrant.SELECT_NOGRANT);
      }
    } catch (IOException e) {
      String msg = "Error getting permissions for " + filePath + ": " + e.getMessage();
      throw new HiveAuthzPluginException(msg, e);
    }
    return availPrivs;
  }
View Full Code Here
120
121
122
123
124
125
126
127
128
          this.adminRole = role;
        }
      }
      return currentRoles;
    } catch (Exception e) {
      throw new HiveAuthzPluginException("Failed to retrieve roles for " + currentUserName + ": "
          + e.getMessage(), e);
    }
  }
View Full Code Here
176
177
178
179
180
181
182
183
    PrivilegeBag privBag = SQLAuthorizationUtils.getThriftPrivilegesBag(hivePrincipals, hivePrivileges, hivePrivObject,
        grantorPrincipal, grantOption);
    try {
      metastoreClient.grant_privileges(privBag);
    } catch (Exception e) {
      throw new HiveAuthzPluginException("Error granting privileges: " + e.getMessage(), e);
    }
  }
View Full Code Here
236
237
238
239
240
241
242
243
      // So this will revoke privileges that are granted by other users.This is
      // not SQL compliant behavior. Need to change/add a metastore api
      // that has desired behavior.
      metastoreClient.revoke_privileges(new PrivilegeBag(revokePrivs));
    } catch (Exception e) {
      throw new HiveAuthzPluginException("Error revoking privileges", e);
    }
  }
View Full Code Here
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
    if (!isUserAdmin()) {
      throw new HiveAccessControlException("Current user : " + currentUserName+ " is not"
      + " allowed to add roles. " + ADMIN_ONLY_MSG);
    }
    if (RESERVED_ROLE_NAMES.contains(roleName.trim().toUpperCase())) {
      throw new HiveAuthzPluginException("Role name cannot be one of the reserved roles: " +
          RESERVED_ROLE_NAMES);
    }
    try {
      String grantorName = adminGrantor == null ? null : adminGrantor.getName();
      metastoreClientFactory.getHiveMetastoreClient().create_role(
        new Role(roleName, 0, grantorName));
    } catch (TException e) {
      throw new HiveAuthzPluginException("Error create role : " + e.getMessage(), e);
    }
  }
View Full Code Here
TOP

Related Classes of org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException

  • org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.RevokePrivAuthUtils
  • org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLAuthorizationUtils
  • org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAccessController
  • org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizationValidator
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.