Index: common/src/java/org/apache/hadoop/hive/conf/HiveConf.java
===================================================================
--- common/src/java/org/apache/hadoop/hive/conf/HiveConf.java (revision 1049263)
+++ common/src/java/org/apache/hadoop/hive/conf/HiveConf.java (working copy)
@@ -322,6 +322,13 @@
SEMANTIC_ANALYZER_HOOK("hive.semantic.analyzer.hook",null),
+ HIVE_AUTHORIZATION_ENABLED("hive.security.authorization.enabled", false),
+ HIVE_AUTHORIZATION_MANAGER("hive.security.authorization.manager", null),
+ HIVE_AUTHENTICATOR_MANAGER("hive.security.authenticator.manager", null),
+ HIVE_AUTHORIZATION_TABLE_OWNER_GRANTS("hive.security.authorization.table.owner.grants", null),
+ HIVE_AUTHORIZATION_TABLE_USER_GRANTS("hive.security.authorization.table.user.grants", null),
+ HIVE_AUTHORIZATION_TABLE_GROUP_GRANTS("hive.security.authorization.table.group.grants", null),
+ HIVE_AUTHORIZATION_TABLE_ROLE_GRANTS("hive.security.authorization.table.role.grants", null),
// Print column names in output
HIVE_CLI_PRINT_HEADER("hive.cli.print.header", false),
Index: conf/hive-default.xml
===================================================================
--- conf/hive-default.xml (revision 1049263)
+++ conf/hive-default.xml (working copy)
@@ -816,6 +816,63 @@
+ hive.security.authorization.enabled
+ false
+ enable or disable the hive client authorization
+
+
+
+ hive.security.authorization.manager
+ org.apache.hadoop.hive.ql.security.authorization.DefaultAuthorizationProviderManager
+ the hive client authorization manager class name.
+ The user defined authorization class should implement interface org.apache.hadoop.hive.ql.security.authorization.AuthorizationProviderManager.
+
+
+
+
+ hive.security.authenticator.manager
+ org.apache.hadoop.hive.ql.security.HadoopDefaultAuthenticator
+ hive client authenticator manager class name.
+ The user defined authenticator should implement interface org.apache.hadoop.hive.ql.security.Authenticator.
+
+
+
+ hive.security.authorization.table.owner.grants
+ ALL
+ the privileges automatically granted to the owner
+
+
+
+ hive.security.authorization.table.user.grants
+
+ the privileges automatically granted to some users whenever a table gets created.
+ An example like "userX,userY:select;userZ:create" will grant select privilege to userX and userY,
+ and grant create privilege to userZ whenever a new table created.
+
+
+
+ hive.security.authorization.table.group.grants
+
+ the privileges automatically granted to some groups whenever a table gets created.
+ An example like "groupX,groupY:select;groupZ:create" will grant select privilege to groupX and groupY,
+ and grant create privilege to groupZ whenever a new table created.
+
+
+
+ hive.security.authorization.table.role.grants
+
+ the privileges automatically granted to some roles whenever a table gets created.
+ An example like "roleX,roleY:select;roleZ:create" will grant select privilege to roleX and roleY,
+ and grant create privilege to roleZ whenever a new table created.
+
+
+
+ hive.variable.substitute
+ true
+ This enables substitution using syntax like ${var} ${system:var} and ${env:var}.
+
+
+
hive.error.on.empty.partition
false
Whether to throw an excpetion if dynamic partition insert generates empty results.
Index: metastore/if/hive_metastore.thrift
===================================================================
--- metastore/if/hive_metastore.thrift (revision 1049263)
+++ metastore/if/hive_metastore.thrift (working copy)
@@ -29,12 +29,26 @@
4: optional list fields // if the name is one of the user defined types
}
+struct PrincipalPrivilegeSet {
+ 1: map userPrivileges, // user name -> privilege set
+ 2: map groupPrivileges, // group name -> privilege set
+ 3: map rolePrivileges, //role name -> privilege set
+}
+
// namespace for tables
struct Database {
1: string name,
2: string description,
3: string locationUri,
- 4: map parameters // properties associated with the database
+ 4: map parameters, // properties associated with the database
+ 5: optional PrincipalPrivilegeSet privileges
+}
+
+struct Role {
+ 1: string roleName,
+ 2: i32 createTime,
+ 3: string ownerName,
+ 4: map parameters, // properties associated with the database
}
// This object holds the information needed by SerDes
@@ -77,7 +91,8 @@
9: map parameters, // to store comments or any other user level parameters
10: string viewOriginalText, // original view text, null for non-view
11: string viewExpandedText, // expanded view text, null for non-view
- 12: string tableType // table type enum, e.g. EXTERNAL_TABLE
+ 12: string tableType, // table type enum, e.g. EXTERNAL_TABLE
+ 13: optional PrincipalPrivilegeSet privileges,
}
struct Partition {
@@ -87,7 +102,8 @@
4: i32 createTime,
5: i32 lastAccessTime,
6: StorageDescriptor sd,
- 7: map parameters
+ 7: map parameters,
+ 8: optional PrincipalPrivilegeSet privileges
}
struct Index {
@@ -110,6 +126,66 @@
2: map properties
}
+struct ColumnPrivilegeBag {
+ 1: string dbName,
+ 2: string tableName,
+ 3: string partitionName,
+ 4: map columnPrivileges
+}
+
+struct PrivilegeBag {
+ 1: string userPrivileges, //user privileges
+ 2: map dbPrivileges, //database privileges
+ 3: map tablePrivileges, //table privileges
+ 4: map partitionPrivileges, //partition privileges
+ 5: list columnPrivileges, //column privileges
+}
+
+struct GlobalPrivileges {
+ 1: string principalName,
+ 2: bool isRole,
+ 3: bool isGroup,
+ 4: string privileges,
+ 5: i32 createTime,
+ 6: string grantor,
+ 7: bool grantOption,
+}
+
+struct DBPrivileges {
+ 1: string principalName,
+ 2: bool isRole,
+ 3: bool isGroup,
+ 4: string privileges,
+ 5: i32 createTime,
+ 6: string grantor,
+ 7: Database db,
+ 8: bool grantOption,
+}
+
+struct TablePartitionPrivileges {
+ 1: string principalName,
+ 2: bool isRole,
+ 3: bool isGroup,
+ 4: string privileges,
+ 5: i32 createTime,
+ 6: string grantor,
+ 7: Table table,
+ 8: Partition part,
+ 9: bool grantOption,
+}
+
+struct ColumnPrivileges {
+ 1: string principalName,
+ 2: bool isRole,
+ 3: bool isGroup,
+ 4: string privileges,
+ 5: i32 createTime,
+ 6: string grantor,
+ 7: Table table,
+ 8: Partition partition,
+ 9: string column,
+ 10: bool grantOption,
+}
exception MetaException {
1: string message
@@ -209,6 +285,10 @@
throws(1:NoSuchObjectException o1, 2:MetaException o2)
Partition get_partition(1:string db_name, 2:string tbl_name, 3:list part_vals)
throws(1:MetaException o1, 2:NoSuchObjectException o2)
+
+ Partition get_partition_with_auth(1:string db_name, 2:string tbl_name, 3:list part_vals,
+ 4: string user_name, 5: list group_names) throws(1:MetaException o1, 2:NoSuchObjectException o2)
+
Partition get_partition_by_name(1:string db_name 2:string tbl_name, 3:string part_name)
throws(1:MetaException o1, 2:NoSuchObjectException o2)
@@ -216,6 +296,9 @@
// If max parts is given then it will return only that many.
list get_partitions(1:string db_name, 2:string tbl_name, 3:i16 max_parts=-1)
throws(1:NoSuchObjectException o1, 2:MetaException o2)
+ list get_partitions_with_auth(1:string db_name, 2:string tbl_name, 3:i16 max_parts=-1,
+ 4: string user_name, 5: list group_names) throws(1:NoSuchObjectException o1, 2:MetaException o2)
+
list get_partition_names(1:string db_name, 2:string tbl_name, 3:i16 max_parts=-1)
throws(1:MetaException o2)
@@ -228,6 +311,9 @@
list get_partitions_ps(1:string db_name 2:string tbl_name
3:list part_vals, 4:i16 max_parts=-1)
throws(1:MetaException o1)
+ list get_partitions_ps_with_auth(1:string db_name, 2:string tbl_name, 3:list part_vals, 4:i16 max_parts=-1,
+ 5: string user_name, 6: list group_names) throws(1:NoSuchObjectException o1, 2:MetaException o2)
+
list get_partition_names_ps(1:string db_name,
2:string tbl_name, 3:list part_vals, 4:i16 max_parts=-1)
throws(1:MetaException o1)
@@ -272,6 +358,46 @@
throws(1:NoSuchObjectException o1, 2:MetaException o2)
list get_index_names(1:string db_name, 2:string tbl_name, 3:i16 max_indexes=-1)
throws(1:MetaException o2)
+
+ //authorization privileges
+ PrincipalPrivilegeSet get_user_privilege_set (1: string user_name, 2: list group_names)
+ throws(1:MetaException o1)
+ PrincipalPrivilegeSet get_db_privilege_set (1: string db_name, 2: string user_name, 3: list group_names)
+ throws(1:MetaException o1)
+ PrincipalPrivilegeSet get_table_privilege_set (1: string db_name, 2: string table_name, 3: string user_name, 4: list group_names)
+ throws(1:MetaException o1)
+ PrincipalPrivilegeSet get_partition_privilege_set (1: string db_name, 2: string table_name, 3: string part_name, 4: string user_name, 5: list group_names)
+ throws(1:MetaException o1)
+
+ PrincipalPrivilegeSet get_column_privilege_set (1: string db_name, 2: string table_name, 3: string part_name, 4: string column_name, 5: string user_name, 6: list group_names)
+ throws(1:MetaException o1)
+
+ bool create_role(1: string role_name, 2: string owner_name) throws(1:MetaException o1)
+
+ bool drop_role(1: string role_name) throws(1:MetaException o1)
+
+ bool add_role_member (1: string role_name, 2: string user_name, 3: bool is_role, 4: bool is_group) throws(1:MetaException o1)
+
+ bool remove_role_member (1: string role_name, 2: string user_name, 3: bool is_role, 4: bool is_group) throws(1:MetaException o1)
+
+ list list_roles(1: string principal_name, 2: bool is_role, 3: bool is_group) throws(1:MetaException o1)
+
+ list list_global_privileges(1: string principal_name, 2: bool is_role, 3: bool is_group) throws(1:MetaException o1)
+
+ list list_db_privileges(1: string principal_name, 2: bool is_group, 3: bool is_role, 4: string db_name) throws(1:MetaException o1)
+
+ list list_table_privileges(1: string principal_name, 2: bool is_group, 3: bool is_role, 4: string db_name, 5: string table_name) throws(1:MetaException o1)
+
+ list list_partition_privileges(1: string principal_name, 2: bool is_group, 3: bool is_role, 4: string db_name, 5: string table_name, 6: string part_name) throws(1:MetaException o1)
+
+ list list_column_privileges(1: string principal_name, 2: bool is_group, 3: bool is_role, 4: string db_name, 5: string table_name, 6: string part_name, 7: string column_name) throws(1:MetaException o1)
+
+ bool grant_privileges (1: string user_name, 2: bool is_role, 3: bool is_group, 4: PrivilegeBag privileges, 5: string grantor) throws(1:MetaException o1)
+
+ bool revoke_privileges (1: string user_name, 2: bool is_role, 3: bool is_group, 4: PrivilegeBag privileges) throws(1:MetaException o1)
+
+ bool revoke_all_privileges (1: string user_name, 2: bool is_role, 3: bool is_group, 4: bool remove_user_priv, 5: list dbs,
+ 6: list tables, 7: list parts, 8: map> columns) throws(1:MetaException o1)
}
// * Note about the DDL_TIME: When creating or altering a table or a partition,
Index: metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java
===================================================================
--- metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java (revision 1049263)
+++ metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java (working copy)
@@ -37,10 +37,13 @@
import org.apache.hadoop.hive.common.JavaUtils;
import org.apache.hadoop.hive.conf.HiveConf;
import org.apache.hadoop.hive.metastore.api.AlreadyExistsException;
+import org.apache.hadoop.hive.metastore.api.ColumnPrivileges;
import org.apache.hadoop.hive.metastore.api.ConfigValSecurityException;
import org.apache.hadoop.hive.metastore.api.Constants;
+import org.apache.hadoop.hive.metastore.api.DBPrivileges;
import org.apache.hadoop.hive.metastore.api.Database;
import org.apache.hadoop.hive.metastore.api.FieldSchema;
+import org.apache.hadoop.hive.metastore.api.GlobalPrivileges;
import org.apache.hadoop.hive.metastore.api.Index;
import org.apache.hadoop.hive.metastore.api.IndexAlreadyExistsException;
import org.apache.hadoop.hive.metastore.api.InvalidObjectException;
@@ -48,12 +51,22 @@
import org.apache.hadoop.hive.metastore.api.MetaException;
import org.apache.hadoop.hive.metastore.api.NoSuchObjectException;
import org.apache.hadoop.hive.metastore.api.Partition;
+import org.apache.hadoop.hive.metastore.api.PrincipalPrivilegeSet;
+import org.apache.hadoop.hive.metastore.api.PrivilegeBag;
+import org.apache.hadoop.hive.metastore.api.Role;
import org.apache.hadoop.hive.metastore.api.Table;
+import org.apache.hadoop.hive.metastore.api.TablePartitionPrivileges;
import org.apache.hadoop.hive.metastore.api.ThriftHiveMetastore;
import org.apache.hadoop.hive.metastore.api.Type;
import org.apache.hadoop.hive.metastore.api.UnknownDBException;
import org.apache.hadoop.hive.metastore.api.UnknownTableException;
import org.apache.hadoop.hive.metastore.hooks.JDOConnectionURLHook;
+import org.apache.hadoop.hive.metastore.model.MColumnPrivilege;
+import org.apache.hadoop.hive.metastore.model.MDBPrivilege;
+import org.apache.hadoop.hive.metastore.model.MRole;
+import org.apache.hadoop.hive.metastore.model.MTablePartitionPrivilege;
+import org.apache.hadoop.hive.metastore.model.MGlobalPrivilege;
+import org.apache.hadoop.hive.metastore.model.MRoleMap;
import org.apache.hadoop.hive.serde2.Deserializer;
import org.apache.hadoop.hive.serde2.SerDeException;
import org.apache.hadoop.hive.serde2.SerDeUtils;
@@ -1312,6 +1325,35 @@
}
return ret;
}
+
+ @Override
+ public Partition get_partition_with_auth(final String db_name,
+ final String tbl_name, final List part_vals,
+ final String user_name, final List group_names)
+ throws MetaException, NoSuchObjectException, TException {
+ incrementCounter("get_partition_with_auth");
+ logStartPartitionFunction("get_partition_with_auth", db_name, tbl_name,
+ part_vals);
+
+ Partition ret = null;
+ try {
+ ret = executeWithRetry(new Command() {
+ @Override
+ Partition run(RawStore ms) throws Exception {
+ return ms.getPartitionWithAuth(db_name, tbl_name, part_vals,
+ user_name, group_names);
+ }
+ });
+ } catch (MetaException e) {
+ throw e;
+ } catch (NoSuchObjectException e) {
+ throw e;
+ } catch (Exception e) {
+ assert (e instanceof RuntimeException);
+ throw (RuntimeException) e;
+ }
+ return ret;
+ }
public List get_partitions(final String db_name, final String tbl_name,
final short max_parts) throws NoSuchObjectException, MetaException {
@@ -1337,6 +1379,35 @@
return ret;
}
+
+ @Override
+ public List get_partitions_with_auth(final String dbName,
+ final String tblName, final short maxParts, final String userName,
+ final List groupNames) throws NoSuchObjectException,
+ MetaException, TException {
+ incrementCounter("get_partitions_with_auth");
+ logStartTableFunction("get_partitions_with_auth", dbName, tblName);
+
+ List ret = null;
+ try {
+ ret = executeWithRetry(new Command>() {
+ @Override
+ List run(RawStore ms) throws Exception {
+ return ms.getPartitionsWithAuth(dbName, tblName, maxParts,
+ userName, groupNames);
+ }
+ });
+ } catch (MetaException e) {
+ throw e;
+ } catch (NoSuchObjectException e) {
+ throw e;
+ } catch (Exception e) {
+ assert (e instanceof RuntimeException);
+ throw (RuntimeException) e;
+ }
+ return ret;
+
+ }
public List get_partition_names(final String db_name, final String tbl_name,
final short max_parts) throws MetaException {
@@ -1774,10 +1845,24 @@
@Override
public List get_partitions_ps(final String db_name,
- final String tbl_name, final List part_vals, final short max_parts)
- throws MetaException, TException {
+ final String tbl_name, final List part_vals,
+ final short max_parts) throws MetaException, TException {
+ incrementCounter("get_partitions_ps");
+ logStartPartitionFunction("get_partitions_ps", db_name, tbl_name,
+ part_vals);
+
+ return this.get_partitions_ps_with_auth(db_name, tbl_name, part_vals,
+ max_parts, null, null);
+ }
+
+ @Override
+ public List get_partitions_ps_with_auth(final String db_name,
+ final String tbl_name, final List part_vals,
+ final short max_parts, final String userName,
+ final List groupNames) throws MetaException, TException {
incrementCounter("get_partitions_ps");
- logStartPartitionFunction("get_partitions_ps", db_name, tbl_name, part_vals);
+ logStartPartitionFunction("get_partitions_ps", db_name, tbl_name,
+ part_vals);
Table t;
try {
@@ -1791,7 +1876,7 @@
}
// Create a map from the partition column name to the partition value
Map partKeyToValues = new LinkedHashMap();
- int i=0;
+ int i = 0;
for (String value : part_vals) {
String col = t.getPartitionKeys().get(i).getName();
if (value.length() > 0) {
@@ -1799,21 +1884,48 @@
}
i++;
}
- final String filter = MetaStoreUtils.makeFilterStringFromMap(partKeyToValues);
+ final String filter = MetaStoreUtils
+ .makeFilterStringFromMap(partKeyToValues);
List ret = null;
try {
ret = executeWithRetry(new Command>() {
@Override
List run(RawStore ms) throws Exception {
- return ms.getPartitionsByFilter(db_name, tbl_name, filter, max_parts);
+ return ms.getPartitionsByFilter(db_name, tbl_name, filter,
+ max_parts);
}
});
} catch (MetaException e) {
throw e;
} catch (Exception e) {
- assert(e instanceof RuntimeException);
- throw (RuntimeException)e;
+ assert (e instanceof RuntimeException);
+ throw (RuntimeException) e;
+ }
+
+ if (ret != null && ret.size() > 0) {
+ for (Partition part : ret) {
+ final String partName = Warehouse.makePartName(t.getPartitionKeys(),
+ part.getValues());
+ PrincipalPrivilegeSet partAuth = null;
+ try {
+ partAuth = executeWithRetry(new Command() {
+ @Override
+ PrincipalPrivilegeSet run(RawStore ms) throws Exception {
+ PrincipalPrivilegeSet auth = ms.getPartitionPrivilegeSet(
+ db_name, tbl_name, partName, userName, groupNames);
+ return auth;
+ }
+ });
+ } catch (MetaException e) {
+ throw e;
+ } catch (Exception e) {
+ assert (e instanceof RuntimeException);
+ throw (RuntimeException) e;
+ }
+
+ part.setPrivileges(partAuth);
+ }
}
return ret;
@@ -2163,6 +2275,503 @@
return ret;
}
+ @Override
+ public PrincipalPrivilegeSet get_column_privilege_set(final String dbName,
+ final String tableName, final String partName, final String columnName,
+ final String userName, final List groupNames) throws MetaException,
+ TException {
+ incrementCounter("get_column_privilege_set");
+
+ PrincipalPrivilegeSet ret = null;
+ try {
+ ret = executeWithRetry(new Command() {
+ @Override
+ PrincipalPrivilegeSet run(RawStore ms) throws Exception {
+ return ms.getColumnPrivilegeSet(dbName, tableName, partName, columnName, userName, groupNames);
+ }
+ });
+ } catch (MetaException e) {
+ throw e;
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ return ret;
+ }
+
+ @Override
+ public PrincipalPrivilegeSet get_db_privilege_set(final String dbName,
+ final String userName, final List groupNames) throws MetaException,
+ TException {
+ incrementCounter("get_db_privilege_set");
+
+ PrincipalPrivilegeSet ret = null;
+ try {
+ ret = executeWithRetry(new Command() {
+ @Override
+ PrincipalPrivilegeSet run(RawStore ms) throws Exception {
+ return ms.getDBPrivilegeSet(dbName, userName, groupNames);
+ }
+ });
+ } catch (MetaException e) {
+ throw e;
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ return ret;
+ }
+
+ @Override
+ public PrincipalPrivilegeSet get_partition_privilege_set(
+ final String dbName, final String tableName, final String partName,
+ final String userName, final List groupNames)
+ throws MetaException, TException {
+ incrementCounter("get_partition_privilege_set");
+
+ PrincipalPrivilegeSet ret = null;
+ try {
+ ret = executeWithRetry(new Command() {
+ @Override
+ PrincipalPrivilegeSet run(RawStore ms) throws Exception {
+ return ms.getPartitionPrivilegeSet(dbName, tableName, partName,
+ userName, groupNames);
+ }
+ });
+ } catch (MetaException e) {
+ throw e;
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ return ret;
+ }
+
+ @Override
+ public PrincipalPrivilegeSet get_table_privilege_set(final String dbName,
+ final String tableName, final String userName,
+ final List groupNames) throws MetaException, TException {
+ incrementCounter("get_table_privilege_set");
+
+ PrincipalPrivilegeSet ret = null;
+ try {
+ ret = executeWithRetry(new Command() {
+ @Override
+ PrincipalPrivilegeSet run(RawStore ms) throws Exception {
+ return ms.getTablePrivilegeSet(dbName, tableName, userName,
+ groupNames);
+ }
+ });
+ } catch (MetaException e) {
+ throw e;
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ return ret;
+ }
+
+ @Override
+ public boolean add_role_member(final String roleName,
+ final String userName, final boolean isRole, final boolean isGroup)
+ throws MetaException, TException {
+ incrementCounter("add_role_member");
+
+ Boolean ret = null;
+ try {
+ ret = executeWithRetry(new Command() {
+ @Override
+ Boolean run(RawStore ms) throws Exception {
+ Role role = ms.getRole(roleName);
+ return ms.addRoleMember(role, userName, isRole, isGroup);
+ }
+ });
+ } catch (MetaException e) {
+ throw e;
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ return ret;
+ }
+
+ public List list_roles(final String principalName,
+ final boolean isRole, final boolean isGroup) throws MetaException, TException {
+ incrementCounter("list_roles");
+
+ List ret = null;
+ try {
+ ret = executeWithRetry(new Command>() {
+ @Override
+ List run(RawStore ms) throws Exception {
+ List result = new ArrayList();
+ List roleMap = ms.listRoles(principalName,
+ isRole, isGroup);
+ if (roleMap!=null) {
+ for (MRoleMap role : roleMap) {
+ MRole r = role.getRole();
+ result.add(new Role(r.getRoleName(), r
+ .getCreateTime(), r.getOwnerName(), null));
+ }
+ }
+ return result;
+ }
+ });
+ } catch (MetaException e) {
+ throw e;
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ return ret;
+ }
+
+ @Override
+ public boolean create_role(final String roleName, final String ownerName)
+ throws MetaException, TException {
+ incrementCounter("create_role");
+
+ Boolean ret = null;
+ try {
+
+ ret = executeWithRetry(new Command() {
+ @Override
+ Boolean run(RawStore ms) throws Exception {
+ return ms.addRole(roleName, ownerName);
+ }
+ });
+ } catch (MetaException e) {
+ throw e;
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ return ret;
+ }
+
+ @Override
+ public boolean drop_role(final String roleName)
+ throws MetaException, TException {
+ incrementCounter("drop_role");
+
+ Boolean ret = null;
+ try {
+ ret = executeWithRetry(new Command() {
+ @Override
+ Boolean run(RawStore ms) throws Exception {
+ return ms.removeRole(roleName);
+ }
+ });
+ } catch (MetaException e) {
+ throw e;
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ return ret;
+ }
+
+ @Override
+ public boolean grant_privileges(final String userName, final boolean isRole,
+ final boolean isGroup, final PrivilegeBag privileges, final String grantor) throws MetaException,
+ TException {
+ incrementCounter("grant_privileges");
+
+ Boolean ret = null;
+ try {
+ ret = executeWithRetry(new Command() {
+ @Override
+ Boolean run(RawStore ms) throws Exception {
+ return ms.grantPrivileges(userName, isRole, isGroup, privileges, grantor);
+ }
+ });
+ } catch (MetaException e) {
+ throw e;
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ return ret;
+ }
+
+ @Override
+ public boolean remove_role_member(final String roleName, final String userName,
+ final boolean isRole, final boolean isGroup) throws MetaException, TException {
+ incrementCounter("remove_role_member");
+
+ Boolean ret = null;
+ try {
+ ret = executeWithRetry(new Command() {
+ @Override
+ Boolean run(RawStore ms) throws Exception {
+ Role mRole = ms.getRole(roleName);
+ return ms.removeRoleMember(mRole, userName, isRole, isGroup);
+ }
+ });
+ } catch (MetaException e) {
+ throw e;
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ return ret;
+ }
+
+ @Override
+ public boolean revoke_privileges(final String userName, final boolean isRole,
+ final boolean isGroup, final PrivilegeBag privileges) throws MetaException,
+ TException {
+ incrementCounter("revoke_privileges");
+
+ Boolean ret = null;
+ try {
+ ret = executeWithRetry(new Command() {
+ @Override
+ Boolean run(RawStore ms) throws Exception {
+ return ms.revokePrivileges(userName, isRole, isGroup, privileges);
+ }
+ });
+ } catch (MetaException e) {
+ throw e;
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ return ret;
+ }
+
+ @Override
+ public PrincipalPrivilegeSet get_user_privilege_set(final String userName,
+ final List groupNames) throws MetaException, TException {
+ incrementCounter("get_user_privilege_set");
+
+ PrincipalPrivilegeSet ret = null;
+ try {
+ ret = executeWithRetry(new Command() {
+ @Override
+ PrincipalPrivilegeSet run(RawStore ms) throws Exception {
+ return ms.getUserPrivilegeSet(userName, groupNames);
+ }
+ });
+ } catch (MetaException e) {
+ throw e;
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ return ret;
+ }
+
+ @Override
+ public boolean revoke_all_privileges(final String userName,
+ final boolean isRole, final boolean isGroup,
+ final boolean removeUserPriv, final List dbs,
+ final List tables, final List parts,
+ final Map> columns) throws MetaException,
+ TException {
+ incrementCounter("revoke_all_privileges");
+
+ Boolean ret = null;
+ try {
+ ret = executeWithRetry(new Command() {
+ @Override
+ Boolean run(RawStore ms) throws Exception {
+ return ms.revokeAllPrivileges(userName, isRole, isGroup,
+ removeUserPriv, dbs, tables, parts, columns);
+ }
+ });
+ } catch (MetaException e) {
+ throw e;
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ return ret;
+ }
+
+ @Override
+ public List list_column_privileges(
+ final String principalName, final boolean isGroup,
+ final boolean isRole, final String dbName, final String tableName,
+ final String partName, final String columnName) throws MetaException,
+ TException {
+ incrementCounter("list_security_column_grant");
+
+ List ret = null;
+ try {
+ ret = executeWithRetry(new Command>() {
+ @Override
+ List run(RawStore ms) throws Exception {
+ List mCols = ms.listMSecurityTabOrPartColumnGrant(principalName,
+ isGroup, isRole, dbName, tableName, partName, columnName);
+ Table tbl = ms.getTable(dbName, tableName);
+ Partition part = null;
+ if (partName != null) {
+ part = get_partition_by_name(dbName, tableName, partName);
+ }
+
+ if (mCols.size() > 0) {
+ List result = new ArrayList();
+ for (int i = 0; i < mCols.size(); i++) {
+ MColumnPrivilege sCol = mCols.get(i);
+ ColumnPrivileges col = new ColumnPrivileges(
+ sCol.getPrincipalName(), sCol.getIsRole(), sCol
+ .getIsGroup(), sCol.getPrivileges(), sCol
+ .getCreateTime(), sCol.getGrantor(), tbl, part, sCol
+ .getColumnName(), sCol.getGrantOption());
+ result.add(col);
+ }
+ return result;
+ }
+ return null;
+ }
+ });
+ } catch (MetaException e) {
+ throw e;
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ return ret;
+ }
+
+ @Override
+ public List list_db_privileges(final String principalName,
+ final boolean isGroup, final boolean isRole, final String dbName)
+ throws MetaException, TException {
+ incrementCounter("list_security_db_grant");
+
+ List ret = null;
+ try {
+ ret = executeWithRetry(new Command>() {
+ @Override
+ List run(RawStore ms) throws Exception {
+ List mDbs = ms.listMSecurityPrincipalDBGrant(
+ principalName, isGroup, isRole, dbName);
+ Database db = ms.getDatabase(dbName);
+ if (mDbs.size() > 0) {
+ List result = new ArrayList();
+ for (int i = 0; i < mDbs.size(); i++) {
+ MDBPrivilege sDB = mDbs.get(i);
+ DBPrivileges secdb = new DBPrivileges(sDB.getPrincipalName(), sDB
+ .getIsRole(), sDB.getIsGroup(), sDB.getPrivileges(), sDB
+ .getCreateTime(), sDB.getGrantor(), db, sDB.getGrantOption());
+ result.add(secdb);
+ }
+ return result;
+ }
+ return null;
+ }
+ });
+ } catch (MetaException e) {
+ throw e;
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ return ret;
+ }
+
+ @Override
+ public List list_partition_privileges(
+ final String principalName, final boolean isGroup,
+ final boolean isRole, final String dbName, final String tableName,
+ final String partName) throws MetaException, TException {
+ incrementCounter("list_security_partition_grant");
+
+ List ret = null;
+ try {
+ ret = executeWithRetry(new Command>() {
+ @Override
+ List run(RawStore ms) throws Exception {
+ List mParts = ms
+ .listMSecurityPrincipalPartitionGrant(principalName, isGroup,
+ isRole, dbName, tableName, partName);
+ Partition partObj = get_partition_by_name(dbName, tableName,
+ partName);
+ if (mParts.size() > 0) {
+ List result = new ArrayList();
+ for (int i = 0; i < mParts.size(); i++) {
+ MTablePartitionPrivilege sPart = mParts.get(i);
+ TablePartitionPrivileges secPart = new TablePartitionPrivileges(
+ sPart.getPrincipalName(), sPart.getIsRole(), sPart
+ .getIsGroup(), sPart.getPrivileges(), sPart
+ .getCreateTime(), sPart.getGrantor(), null, partObj, sPart.getGrantOption());
+ result.add(secPart);
+ }
+ return result;
+ }
+ return null;
+ }
+ });
+ } catch (MetaException e) {
+ throw e;
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ return ret;
+ }
+
+ @Override
+ public List list_table_privileges(
+ final String principalName, final boolean isGroup,
+ final boolean isRole, final String dbName, final String tableName)
+ throws MetaException, TException {
+ incrementCounter("list_security_table_grant");
+
+ List ret = null;
+ try {
+ ret = executeWithRetry(new Command>() {
+ @Override
+ List run(RawStore ms) throws Exception {
+ List mTbls = ms
+ .listMSecurityPrincipalTableGrant(principalName, isGroup,
+ isRole, dbName, tableName);
+ Table tblObj = ms.getTable(dbName, tableName);
+ if (mTbls.size() > 0) {
+ List result = new ArrayList();
+ for (int i = 0; i < mTbls.size(); i++) {
+ MTablePartitionPrivilege sTbl = mTbls.get(i);
+ TablePartitionPrivileges secPart = new TablePartitionPrivileges(
+ sTbl.getPrincipalName(), sTbl.getIsRole(), sTbl
+ .getIsGroup(), sTbl.getPrivileges(), sTbl
+ .getCreateTime(), sTbl.getGrantor(), tblObj, null, sTbl.getGrantOption());
+ result.add(secPart);
+ }
+ return result;
+ }
+ return null;
+ }
+ });
+ } catch (MetaException e) {
+ throw e;
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ return ret;
+ }
+
+ @Override
+ public List list_global_privileges(
+ final String principalName, final boolean isRole, final boolean isGroup)
+ throws MetaException, TException {
+ incrementCounter("list_security_user_grant");
+
+ List ret = null;
+ try {
+ ret = executeWithRetry(new Command>() {
+ @Override
+ List run(RawStore ms) throws Exception {
+ List mUsers = ms.listMSecurityPrincipalUserGrant(
+ principalName, isRole, isGroup);
+ if (mUsers.size() > 0) {
+ List result = new ArrayList();
+ for (int i = 0; i < mUsers.size(); i++) {
+ MGlobalPrivilege sUsr = mUsers.get(i);
+ GlobalPrivileges secUser = new GlobalPrivileges(
+ sUsr.getPrincipalName(), sUsr.getIsRole(), sUsr
+ .getIsGroup(), sUsr.getPrivileges(), sUsr
+ .getCreateTime(), sUsr.getGrantor(), sUsr.getGrantOption());
+ result.add(secUser);
+ }
+ return result;
+ }
+ return null;
+ }
+ });
+ } catch (MetaException e) {
+ throw e;
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ return ret;
+ }
+
}
/**
Index: metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStoreClient.java
===================================================================
--- metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStoreClient.java (revision 1049263)
+++ metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStoreClient.java (working copy)
@@ -31,16 +31,23 @@
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.hive.conf.HiveConf;
import org.apache.hadoop.hive.metastore.api.AlreadyExistsException;
+import org.apache.hadoop.hive.metastore.api.ColumnPrivileges;
import org.apache.hadoop.hive.metastore.api.ConfigValSecurityException;
+import org.apache.hadoop.hive.metastore.api.DBPrivileges;
import org.apache.hadoop.hive.metastore.api.Database;
import org.apache.hadoop.hive.metastore.api.FieldSchema;
+import org.apache.hadoop.hive.metastore.api.GlobalPrivileges;
import org.apache.hadoop.hive.metastore.api.Index;
import org.apache.hadoop.hive.metastore.api.InvalidObjectException;
import org.apache.hadoop.hive.metastore.api.InvalidOperationException;
import org.apache.hadoop.hive.metastore.api.MetaException;
import org.apache.hadoop.hive.metastore.api.NoSuchObjectException;
import org.apache.hadoop.hive.metastore.api.Partition;
+import org.apache.hadoop.hive.metastore.api.PrincipalPrivilegeSet;
+import org.apache.hadoop.hive.metastore.api.PrivilegeBag;
+import org.apache.hadoop.hive.metastore.api.Role;
import org.apache.hadoop.hive.metastore.api.Table;
+import org.apache.hadoop.hive.metastore.api.TablePartitionPrivileges;
import org.apache.hadoop.hive.metastore.api.ThriftHiveMetastore;
import org.apache.hadoop.hive.metastore.api.Type;
import org.apache.hadoop.hive.metastore.api.UnknownDBException;
@@ -515,6 +522,23 @@
return deepCopyPartitions(
client.get_partitions_ps(db_name, tbl_name, part_vals, max_parts));
}
+
+ @Override
+ public List listPartitionsWithAuthInfo(String db_name,
+ String tbl_name, short max_parts, String user_name, List group_names)
+ throws NoSuchObjectException, MetaException, TException {
+ return deepCopyPartitions(
+ client.get_partitions_with_auth(db_name, tbl_name, max_parts, user_name, group_names));
+ }
+
+ @Override
+ public List listPartitionsWithAuthInfo(String db_name,
+ String tbl_name, List part_vals, short max_parts,
+ String user_name, List group_names) throws NoSuchObjectException,
+ MetaException, TException {
+ return deepCopyPartitions(client.get_partitions_ps_with_auth(db_name,
+ tbl_name, part_vals, max_parts, user_name, group_names));
+ }
/**
* Get list of partitions matching specified filter
@@ -564,6 +588,14 @@
List part_vals) throws NoSuchObjectException, MetaException, TException {
return deepCopy(client.get_partition(db_name, tbl_name, part_vals));
}
+
+ @Override
+ public Partition getPartitionWithAuthInfo(String db_name, String tbl_name,
+ List part_vals, String user_name, List group_names)
+ throws MetaException, UnknownTableException, NoSuchObjectException,
+ TException {
+ return deepCopy(client.get_partition_with_auth(db_name, tbl_name, part_vals, user_name, group_names));
+ }
/**
* @param name
@@ -891,4 +923,132 @@
return client.drop_index_by_name(dbName, tblName, name, deleteData);
}
+ @Override
+ public boolean add_role_member(String roleName, String userName,
+ boolean isRole, boolean isGroup) throws MetaException, TException {
+ return client.add_role_member(roleName, userName, isRole, isGroup);
+ }
+
+ @Override
+ public boolean create_role(String roleName, String ownerName)
+ throws MetaException, TException {
+ return client.create_role(roleName, ownerName);
+ }
+
+ @Override
+ public boolean drop_role(String roleName) throws MetaException, TException {
+ return client.drop_role(roleName);
+ }
+
+ @Override
+ public List list_roles(String principalName,
+ boolean isRole, boolean isGroup) throws MetaException, TException {
+ return client.list_roles(principalName, isRole, isGroup);
+ }
+
+ @Override
+ public PrincipalPrivilegeSet get_column_privilege_set(String dbName,
+ String tableName, String partName, String columnName, String userName,
+ List groupNames) throws MetaException, TException {
+ return client.get_column_privilege_set(dbName, tableName, partName,
+ columnName, userName, groupNames);
+ }
+
+ @Override
+ public PrincipalPrivilegeSet get_db_privilege_set(String dbName,
+ String userName, List groupNames) throws MetaException,
+ TException {
+ return client.get_db_privilege_set(dbName, userName, groupNames);
+ }
+
+ @Override
+ public PrincipalPrivilegeSet get_partition_privilege_set(String dbName,
+ String tableName, String partName, String userName,
+ List groupNames) throws MetaException, TException {
+ return client.get_partition_privilege_set(dbName, tableName, partName,
+ userName, groupNames);
+ }
+
+ @Override
+ public PrincipalPrivilegeSet get_table_privilege_set(String dbName,
+ String tableName, String userName, List groupNames)
+ throws MetaException, TException {
+ return client.get_table_privilege_set(dbName, tableName, userName,
+ groupNames);
+ }
+
+ @Override
+ public PrincipalPrivilegeSet get_user_privilege_set(String userName,
+ List groupNames) throws MetaException, TException {
+ return client.get_user_privilege_set(userName, groupNames);
+ }
+
+ @Override
+ public boolean grant_privileges(String userName, boolean isRole,
+ boolean isGroup, PrivilegeBag privileges, String grantor)
+ throws MetaException, TException {
+ return client.grant_privileges(userName, isRole, isGroup, privileges,
+ grantor);
+ }
+
+ @Override
+ public boolean remove_role_member(String roleName, String userName,
+ boolean isRole, boolean isGroup) throws MetaException, TException {
+ return client.remove_role_member(roleName, userName, isRole, isGroup);
+ }
+
+ @Override
+ public boolean revoke_all_privileges(String userName, boolean isRole,
+ boolean isGroup, boolean removeUserPriv, List dbs,
+ List tables, List parts,
+ Map> columns) throws MetaException, TException {
+ return client.revoke_all_privileges(userName, isRole, isGroup,
+ removeUserPriv, dbs, tables, parts, columns);
+ }
+
+ @Override
+ public boolean revoke_privileges(String userName, boolean isRole,
+ boolean isGroup, PrivilegeBag privileges) throws MetaException,
+ TException {
+ return client.revoke_privileges(userName, isRole, isGroup, privileges);
+ }
+
+ @Override
+ public List list_column_privileges(String principalName,
+ boolean isGroup, boolean isRole, String dbName, String tableName,
+ String partName, String columnName) throws MetaException, TException {
+ return client.list_column_privileges(principalName, isGroup, isRole,
+ dbName, tableName, partName, columnName);
+ }
+
+ @Override
+ public List list_database_privileges(String principalName,
+ boolean isGroup, boolean isRole, String dbName) throws MetaException,
+ TException {
+ return client
+ .list_db_privileges(principalName, isGroup, isRole, dbName);
+ }
+
+ @Override
+ public List list_partition_privileges(
+ String principalName, boolean isGroup, boolean isRole, String dbName,
+ String tableName, String partName) throws MetaException, TException {
+ return client.list_partition_privileges(principalName, isGroup, isRole,
+ dbName, tableName, partName);
+ }
+
+ @Override
+ public List list_table_privileges(
+ String principalName, boolean isGroup, boolean isRole, String dbName,
+ String tableName) throws MetaException, TException {
+ return client.list_table_privileges(principalName, isGroup, isRole,
+ dbName, tableName);
+ }
+
+ @Override
+ public List list_global_privileges(String principalName,
+ boolean isRole, boolean isGroup) throws MetaException, TException {
+ return client.list_global_privileges(principalName, isRole, isGroup);
+ }
+
}
Index: metastore/src/java/org/apache/hadoop/hive/metastore/IMetaStoreClient.java
===================================================================
--- metastore/src/java/org/apache/hadoop/hive/metastore/IMetaStoreClient.java (revision 1049263)
+++ metastore/src/java/org/apache/hadoop/hive/metastore/IMetaStoreClient.java (working copy)
@@ -22,16 +22,23 @@
import java.util.Map;
import org.apache.hadoop.hive.metastore.api.AlreadyExistsException;
+import org.apache.hadoop.hive.metastore.api.ColumnPrivileges;
import org.apache.hadoop.hive.metastore.api.ConfigValSecurityException;
+import org.apache.hadoop.hive.metastore.api.DBPrivileges;
import org.apache.hadoop.hive.metastore.api.Database;
import org.apache.hadoop.hive.metastore.api.FieldSchema;
+import org.apache.hadoop.hive.metastore.api.GlobalPrivileges;
import org.apache.hadoop.hive.metastore.api.Index;
import org.apache.hadoop.hive.metastore.api.InvalidObjectException;
import org.apache.hadoop.hive.metastore.api.InvalidOperationException;
import org.apache.hadoop.hive.metastore.api.MetaException;
import org.apache.hadoop.hive.metastore.api.NoSuchObjectException;
import org.apache.hadoop.hive.metastore.api.Partition;
+import org.apache.hadoop.hive.metastore.api.PrincipalPrivilegeSet;
+import org.apache.hadoop.hive.metastore.api.PrivilegeBag;
+import org.apache.hadoop.hive.metastore.api.Role;
import org.apache.hadoop.hive.metastore.api.Table;
+import org.apache.hadoop.hive.metastore.api.TablePartitionPrivileges;
import org.apache.hadoop.hive.metastore.api.UnknownDBException;
import org.apache.hadoop.hive.metastore.api.UnknownTableException;
import org.apache.thrift.TException;
@@ -263,6 +270,23 @@
public Partition getPartition(String dbName, String tblName,
String name) throws MetaException, UnknownTableException, NoSuchObjectException, TException;
+
+ /**
+ * @param dbName
+ * @param tableName
+ * @param pvals
+ * @param userName
+ * @param groupNames
+ * @return
+ * @throws MetaException
+ * @throws UnknownTableException
+ * @throws NoSuchObjectException
+ * @throws TException
+ */
+ public Partition getPartitionWithAuthInfo(String dbName, String tableName,
+ List pvals, String userName, List groupNames)
+ throws MetaException, UnknownTableException, NoSuchObjectException, TException;
+
/**
* @param tbl_name
* @param db_name
@@ -285,6 +309,33 @@
List part_vals, short max_parts) throws MetaException, TException;
/**
+ * @param dbName
+ * @param tableName
+ * @param s
+ * @param userName
+ * @param groupNames
+ * @return
+ * @throws NoSuchObjectException
+ */
+ public List listPartitionsWithAuthInfo(String dbName,
+ String tableName, short s, String userName, List groupNames)
+ throws MetaException, TException, NoSuchObjectException;
+
+ /**
+ * @param dbName
+ * @param tableName
+ * @param partialPvals
+ * @param s
+ * @param userName
+ * @param groupNames
+ * @return
+ * @throws NoSuchObjectException
+ */
+ public List listPartitionsWithAuthInfo(String dbName,
+ String tableName, List partialPvals, short s, String userName,
+ List groupNames) throws MetaException, TException, NoSuchObjectException;
+
+ /**
* @param tbl
* @throws AlreadyExistsException
* @throws InvalidObjectException
@@ -478,4 +529,297 @@
public boolean dropIndex(String db_name, String tbl_name,
String name, boolean deleteData) throws NoSuchObjectException,
MetaException, TException;
+
+ /**
+ * @param user_name
+ * user name
+ * @param group_names
+ * group names
+ * @return
+ * @throws MetaException
+ * @throws TException
+ */
+ public PrincipalPrivilegeSet get_user_privilege_set(String user_name,
+ List group_names) throws MetaException, TException;
+
+ /**
+ * @param db_name
+ * database name
+ * @param user_name
+ * user name
+ * @param group_names
+ * group names
+ * @return
+ * @throws MetaException
+ * @throws TException
+ */
+ public PrincipalPrivilegeSet get_db_privilege_set(String db_name,
+ String user_name, List group_names) throws MetaException,
+ TException;
+
+ /**
+ * @param db_name
+ * db name
+ * @param table_name
+ * table name
+ * @param user_name
+ * user name
+ * @param group_names
+ * group names
+ * @return
+ * @throws MetaException
+ * @throws TException
+ */
+ public PrincipalPrivilegeSet get_table_privilege_set(String db_name,
+ String table_name, String user_name, List group_names)
+ throws MetaException, TException;
+
+ /**
+ * @param db_name
+ * db name
+ * @param table_name
+ * table name
+ * @param part_name
+ * partition name
+ * @param user_name
+ * user name
+ * @param group_names
+ * group names
+ * @return
+ * @throws MetaException
+ * @throws TException
+ */
+ public PrincipalPrivilegeSet get_partition_privilege_set(String db_name,
+ String table_name, String part_name, String user_name,
+ List group_names) throws MetaException, TException;
+
+ /**
+ * @param db_name
+ * database name
+ * @param table_name
+ * table name
+ * @param part_name
+ * partition name
+ * @param column_name
+ * column name
+ * @param user_name
+ * user name
+ * @param group_names
+ * group names
+ * @return
+ * @throws MetaException
+ * @throws TException
+ */
+ public PrincipalPrivilegeSet get_column_privilege_set(String db_name,
+ String table_name, String part_name, String column_name,
+ String user_name, List group_names) throws MetaException,
+ TException;
+
+ /**
+ * @param role_name
+ * role name
+ * @param owner_name
+ * owner name
+ * @param db_name
+ *
+ * @return
+ * @throws MetaException
+ * @throws TException
+ */
+ public boolean create_role(String role_name, String owner_name)
+ throws MetaException, TException;
+
+ /**
+ * @param role_name
+ * role name
+ * @param db_name
+ *
+ * @return
+ * @throws MetaException
+ * @throws TException
+ */
+ public boolean drop_role(String role_name) throws MetaException, TException;
+
+ /**
+ * @param role_name
+ * role name
+ * @param user_name
+ * user name
+ * @param is_role
+ * is the given user name a role name
+ * @param is_group
+ * is the given user name a group name
+ * @param db_name
+ *
+ * @return
+ * @throws MetaException
+ * @throws TException
+ */
+ public boolean add_role_member(String role_name, String user_name,
+ boolean is_role, boolean is_group) throws MetaException, TException;
+
+ /**
+ * @param role_name
+ * role name
+ * @param user_name
+ * user name
+ * @param is_role
+ * is the given user name a role
+ * @param is_group
+ * is the given group name a group
+ * @param db_name
+ *
+ * @return
+ * @throws MetaException
+ * @throws TException
+ */
+ public boolean remove_role_member(String role_name, String user_name,
+ boolean is_role, boolean is_group) throws MetaException, TException;
+
+ /**
+ * @param principalName
+ * @param isRole
+ * @param isGroup
+ * @return
+ * @throws MetaException
+ * @throws TException
+ */
+ public List list_roles(String principalName, boolean isRole,
+ boolean isGroup) throws MetaException, TException;
+
+ /**
+ * @param user_name
+ * user name
+ * @param is_role
+ * is the given user name a role
+ * @param is_group
+ * is the given user name a group
+ * @param privileges
+ * a bag of privilege - including user level, db level, table level,
+ * and column level
+ * @param grantor
+ * the name of the grantor
+ * @return
+ * @throws MetaException
+ * @throws TException
+ */
+ public boolean grant_privileges(String user_name, boolean is_role,
+ boolean is_group, PrivilegeBag privileges, String grantor)
+ throws MetaException, TException;
+
+ /**
+ * @param user_name
+ * user name
+ * @param is_role
+ * is the given user name a role
+ * @param is_group
+ * is the given user name a group
+ * @param privileges
+ * a bag of privileges
+ * @return
+ * @throws MetaException
+ * @throws TException
+ */
+ public boolean revoke_privileges(String user_name, boolean is_role,
+ boolean is_group, PrivilegeBag privileges) throws MetaException,
+ TException;
+
+ /**
+ * @param user_name
+ * user name
+ * @param is_role
+ * is the given user name a role
+ * @param is_group
+ * is the given user name a group
+ * @param remove_user_priv
+ * true if need to remove all user level privileges that were
+ * assigned the the given principal
+ * @param dbs
+ * a list of database on which all db level privileges for the given
+ * principal are going to be remove.
+ * @param tables
+ * a list of tables on which all table level privileges for the given
+ * principal are going to be removed.
+ * @param parts
+ * a list of partitions on on which all partition level privileges
+ * for the given principal are going to be removed.
+ * @param columns
+ * a list of columns on on which all column level privileges for the
+ * given principal are going to be removed.
+ * @return
+ * @throws MetaException
+ * @throws TException
+ */
+ public boolean revoke_all_privileges(String user_name, boolean is_role,
+ boolean is_group, boolean remove_user_priv, List dbs,
+ List tables, List parts,
+ Map> columns) throws MetaException, TException;
+
+ /**
+ * @param principal_name
+ * @param is_role
+ * @param is_group
+ * @return
+ * @throws MetaException
+ * @throws TException
+ */
+ public List list_global_privileges(String principal_name,
+ boolean is_role, boolean is_group) throws MetaException, TException;
+
+ /**
+ * @param principal_name
+ * @param is_group
+ * @param is_role
+ * @param db_name
+ * @return
+ * @throws MetaException
+ * @throws TException
+ */
+ public List list_database_privileges(String principal_name,
+ boolean is_group, boolean is_role, String db_name) throws MetaException,
+ TException;
+
+ /**
+ * @param principal_name
+ * @param is_group
+ * @param is_role
+ * @param db_name
+ * @param table_name
+ * @return
+ * @throws MetaException
+ * @throws TException
+ */
+ public List list_table_privileges(
+ String principal_name, boolean is_group, boolean is_role, String db_name,
+ String table_name) throws MetaException, TException;
+
+ /**
+ * @param principal_name
+ * @param is_group
+ * @param is_role
+ * @param db_name
+ * @param table_name
+ * @param part_name
+ * @return
+ * @throws MetaException
+ * @throws TException
+ */
+ public List list_partition_privileges(
+ String principal_name, boolean is_group, boolean is_role, String db_name,
+ String table_name, String part_name) throws MetaException, TException;
+
+ /**
+ * @param principal_name
+ * @param is_group
+ * @param is_role
+ * @param db_name
+ * @param table_name
+ * @param column_name
+ * @return
+ * @throws MetaException
+ * @throws TException
+ */
+ public List list_column_privileges(String principal_name,
+ boolean is_group, boolean is_role, String db_name, String table_name,
+ String part_name, String column_name) throws MetaException, TException;
}
Index: metastore/src/java/org/apache/hadoop/hive/metastore/ObjectStore.java
===================================================================
--- metastore/src/java/org/apache/hadoop/hive/metastore/ObjectStore.java (revision 1049263)
+++ metastore/src/java/org/apache/hadoop/hive/metastore/ObjectStore.java (working copy)
@@ -44,7 +44,9 @@
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.conf.Configurable;
import org.apache.hadoop.conf.Configuration;
+import org.apache.hadoop.hive.common.FileUtils;
import org.apache.hadoop.hive.conf.HiveConf;
+import org.apache.hadoop.hive.metastore.api.ColumnPrivilegeBag;
import org.apache.hadoop.hive.metastore.api.Database;
import org.apache.hadoop.hive.metastore.api.FieldSchema;
import org.apache.hadoop.hive.metastore.api.Index;
@@ -53,6 +55,9 @@
import org.apache.hadoop.hive.metastore.api.NoSuchObjectException;
import org.apache.hadoop.hive.metastore.api.Order;
import org.apache.hadoop.hive.metastore.api.Partition;
+import org.apache.hadoop.hive.metastore.api.PrincipalPrivilegeSet;
+import org.apache.hadoop.hive.metastore.api.PrivilegeBag;
+import org.apache.hadoop.hive.metastore.api.Role;
import org.apache.hadoop.hive.metastore.api.SerDeInfo;
import org.apache.hadoop.hive.metastore.api.StorageDescriptor;
import org.apache.hadoop.hive.metastore.api.Table;
@@ -62,6 +67,12 @@
import org.apache.hadoop.hive.metastore.model.MIndex;
import org.apache.hadoop.hive.metastore.model.MOrder;
import org.apache.hadoop.hive.metastore.model.MPartition;
+import org.apache.hadoop.hive.metastore.model.MColumnPrivilege;
+import org.apache.hadoop.hive.metastore.model.MDBPrivilege;
+import org.apache.hadoop.hive.metastore.model.MRole;
+import org.apache.hadoop.hive.metastore.model.MTablePartitionPrivilege;
+import org.apache.hadoop.hive.metastore.model.MGlobalPrivilege;
+import org.apache.hadoop.hive.metastore.model.MRoleMap;
import org.apache.hadoop.hive.metastore.model.MSerDeInfo;
import org.apache.hadoop.hive.metastore.model.MStorageDescriptor;
import org.apache.hadoop.hive.metastore.model.MTable;
@@ -527,6 +538,51 @@
openTransaction();
MTable mtbl = convertToMTable(tbl);
pm.makePersistent(mtbl);
+ PrincipalPrivilegeSet principalPrivs = tbl.getPrivileges();
+ List toPersistPrivObjs = new ArrayList();
+ if (principalPrivs != null) {
+ int now = (int)(System.currentTimeMillis()/1000);
+ Map userPrivs = principalPrivs.getUserPrivileges();
+ if (userPrivs != null) {
+ for (Map.Entry entry: userPrivs.entrySet()) {
+ String principalName = entry.getKey();
+ String privStr = entry.getValue();
+ if (privStr == null) {
+ continue;
+ }
+ MTablePartitionPrivilege mTblSec = new MTablePartitionPrivilege(
+ principalName, false, false, mtbl, null, privStr, now, null);
+ toPersistPrivObjs.add(mTblSec);
+ }
+ }
+ Map groupPrivs = principalPrivs.getGroupPrivileges();
+ if (groupPrivs != null) {
+ for (Map.Entry entry: groupPrivs.entrySet()) {
+ String principalName = entry.getKey();
+ String privStr = entry.getValue();
+ if (privStr == null) {
+ continue;
+ }
+ MTablePartitionPrivilege mTblSec = new MTablePartitionPrivilege(
+ principalName, false, true, mtbl, null, privStr, now, null);
+ toPersistPrivObjs.add(mTblSec);
+ }
+ }
+ Map rolePrivs = principalPrivs.getRolePrivileges();
+ if (rolePrivs != null) {
+ for (Map.Entry entry: rolePrivs.entrySet()) {
+ String principalName = entry.getKey();
+ String privStr = entry.getValue();
+ if (privStr == null) {
+ continue;
+ }
+ MTablePartitionPrivilege mTblSec = new MTablePartitionPrivilege(
+ principalName, true, false, mtbl, null, privStr, now, null);
+ toPersistPrivObjs.add(mTblSec);
+ }
+ }
+ }
+ pm.makePersistentAll(toPersistPrivObjs);
commited = commitTransaction();
} finally {
if (!commited) {
@@ -543,6 +599,16 @@
pm.retrieve(tbl);
if (tbl != null) {
// first remove all the partitions
+ List tabParts = listMSecurityTablePart(dbName,
+ tableName, false);
+ if (tabParts != null && tabParts.size() > 0) {
+ pm.deletePersistentAll(tabParts);
+ }
+ List colGrants = listMSecurityTablePartColumn(dbName,
+ tableName, false);
+ if (colGrants != null && colGrants.size() > 0) {
+ pm.deletePersistentAll(colGrants);
+ }
pm.deletePersistentAll(listMPartitions(dbName, tableName, -1));
// then remove the table
pm.deletePersistent(tbl);
@@ -555,7 +621,7 @@
}
return success;
}
-
+
public Table getTable(String dbName, String tableName) throws MetaException {
boolean commited = false;
Table tbl = null;
@@ -791,9 +857,39 @@
boolean success = false;
boolean commited = false;
try {
+ List tabGrants = this.listMSecurityTablePart(part
+ .getDbName(), part.getTableName(), true);
+ List tabColumnGrants = this.listMSecurityTablePartColumn(
+ part.getDbName(), part.getTableName(), true);
openTransaction();
MPartition mpart = convertToMPart(part);
pm.makePersistent(mpart);
+
+ int now = (int)(System.currentTimeMillis()/1000);
+ List toPersist = new ArrayList();
+ if (tabGrants != null) {
+ for (MTablePartitionPrivilege tab: tabGrants) {
+ MTablePartitionPrivilege partGrant = new MTablePartitionPrivilege(tab
+ .getPrincipalName(), tab.getIsRole(), tab.getIsGroup(), tab
+ .getTable(), mpart, tab.getPrivileges(), now, tab.getGrantor());
+ toPersist.add(partGrant);
+ }
+ }
+
+ if (tabColumnGrants != null) {
+ for (MColumnPrivilege col : tabColumnGrants) {
+ MColumnPrivilege partColumn = new MColumnPrivilege(col
+ .getPrincipalName(), col.getIsRole(), col.getIsGroup(), col
+ .getTable(), mpart, col.getColumnName(), col.getPrivileges(),
+ now, col.getGrantor());
+ toPersist.add(partColumn);
+ }
+
+ if (toPersist.size() > 0) {
+ pm.makePersistentAll(toPersist);
+ }
+ }
+
commited = commitTransaction();
success = true;
} finally {
@@ -810,8 +906,31 @@
Partition part = convertToPart(getMPartition(dbName, tableName, part_vals));
commitTransaction();
if(part == null) {
- throw new NoSuchObjectException();
+ throw new NoSuchObjectException("partition values="
+ + part_vals.toString());
+ }
+ return part;
+ }
+
+ @Override
+ public Partition getPartitionWithAuth(String dbName, String tblName,
+ List partVals, String user_name, List group_names)
+ throws NoSuchObjectException, MetaException, InvalidObjectException {
+ openTransaction();
+ MPartition mpart = getMPartition(dbName, tblName, partVals);
+ if (mpart == null) {
+ commitTransaction();
+ throw new NoSuchObjectException("partition values=" + partVals.toString());
}
+ Partition part = null;
+ MTable mtbl = mpart.getTable();
+ part = convertToPart(mpart);
+ String partName = Warehouse.makePartName(this.convertToFieldSchemas(mtbl
+ .getPartitionKeys()), partVals);
+ commitTransaction();
+ PrincipalPrivilegeSet partAuth = this.getPartitionPrivilegeSet(dbName,
+ tblName, partName, user_name, group_names);
+ part.setPrivileges(partAuth);
return part;
}
@@ -880,6 +999,26 @@
openTransaction();
MPartition part = getMPartition(dbName, tableName, part_vals);
if (part != null) {
+ List schemas = part.getTable().getPartitionKeys();
+ List colNames = new ArrayList();
+ for (MFieldSchema col: schemas) {
+ colNames.add(col.getName());
+ }
+ String partName = FileUtils.makePartName(colNames, part_vals);
+
+ List partGrants = listMSecurityPartition(
+ dbName, tableName, partName);
+
+ if (partGrants != null && partGrants.size() > 0) {
+ pm.deletePersistentAll(partGrants);
+ }
+
+ List partColumnGrants = listMSecurityPartitionColumn(
+ dbName, tableName, partName);
+ if (partColumnGrants != null && partColumnGrants.size() > 0) {
+ pm.deletePersistentAll(partColumnGrants);
+ }
+
pm.deletePersistent(part);
}
success = commitTransaction();
@@ -899,6 +1038,29 @@
commitTransaction();
return parts;
}
+
+ @Override
+ public List getPartitionsWithAuth(String dbName, String tblName,
+ short maxParts, String userName, List groupNames)
+ throws MetaException, NoSuchObjectException, InvalidObjectException {
+ openTransaction();
+ List mparts = listMPartitions(dbName, tblName, maxParts);
+ List parts = new ArrayList(mparts.size());
+ if (mparts != null && mparts.size()>0) {
+ for (MPartition mpart : mparts) {
+ MTable mtbl = mpart.getTable();
+ Partition part = convertToPart(mpart);
+ String partName = Warehouse.makePartName(this.convertToFieldSchemas(mtbl
+ .getPartitionKeys()), part.getValues());
+ PrincipalPrivilegeSet partAuth = this.getPartitionPrivilegeSet(dbName,
+ tblName, partName, userName, groupNames);
+ part.setPrivileges(partAuth);
+ }
+ }
+ commitTransaction();
+ return parts;
+ }
+
private List convertToParts(List mparts)
throws MetaException {
@@ -1434,4 +1596,1271 @@
}
return pns;
}
+
+ @Override
+ public boolean addRole(String roleName, String ownerName)
+ throws InvalidObjectException, MetaException, NoSuchObjectException {
+ boolean success = false;
+ boolean commited = false;
+ try {
+ openTransaction();
+ MRole nameCheck = this.getMRole(roleName);
+ if (nameCheck != null) {
+ throw new RuntimeException("Role " + roleName + " already exists.");
+ }
+ int now = (int)(System.currentTimeMillis()/1000);
+ MRole mRole = new MRole(roleName, now,
+ ownerName);
+ pm.makePersistent(mRole);
+ commited = commitTransaction();
+ success = true;
+ } finally {
+ if (!commited) {
+ rollbackTransaction();
+ }
+ }
+ return success;
+ }
+
+ @Override
+ public boolean addRoleMember(Role role, String userName, boolean isRole,
+ boolean isGroup) throws MetaException, NoSuchObjectException {
+ boolean success = false;
+ boolean commited = false;
+ try {
+ MRoleMap roleMap = null;
+ try {
+ roleMap = this.getMSecurityUserRoleMap(userName, isRole, isGroup, role
+ .getRoleName());
+ } catch (Exception e) {
+ }
+ if (roleMap != null) {
+ throw new RuntimeException("Principal " + userName
+ + " already has the role " + role.getRoleName());
+ }
+ openTransaction();
+ MRole mRole = getMRole(role.getRoleName());
+ long now = System.currentTimeMillis()/1000;
+ MRoleMap roleMember = new MRoleMap(userName,
+ isRole, isGroup, mRole, (int) now);
+ pm.makePersistent(roleMember);
+ commited = commitTransaction();
+ success = true;
+ } finally {
+ if (!commited) {
+ rollbackTransaction();
+ }
+ }
+ return success;
+ }
+
+ @Override
+ public boolean removeRoleMember(Role role, String userName, boolean isRole,
+ boolean isGroup) throws MetaException, NoSuchObjectException {
+ boolean success = false;
+ try {
+ openTransaction();
+ MRoleMap roleMember = getMSecurityUserRoleMap(userName,
+ isRole, isGroup, role.getRoleName());
+ pm.deletePersistent(roleMember);
+ success = commitTransaction();
+ } finally {
+ if (!success) {
+ rollbackTransaction();
+ }
+ }
+ return success;
+ }
+
+ private MRoleMap getMSecurityUserRoleMap(String userName,
+ boolean isRole, boolean isGroup, String roleName) {
+ MRoleMap mRoleMember = null;
+ boolean commited = false;
+ try {
+ openTransaction();
+ Query query = pm.newQuery(MRoleMap.class, "principalName == t1 && isRole==t2 && isGroup == t3 && role.roleName == t4");
+ query.declareParameters("java.lang.String t1, java.lang.Boolean t2, java.lang.Boolean t3, java.lang.String t4");
+ query.setUnique(true);
+ mRoleMember = (MRoleMap) query.executeWithArray(userName, isRole, isGroup, roleName);
+ pm.retrieve(mRoleMember);
+ commited = commitTransaction();
+ } finally {
+ if (!commited) {
+ rollbackTransaction();
+ }
+ }
+ return mRoleMember;
+ }
+
+ @Override
+ public boolean removeRole(String roleName) throws MetaException,
+ NoSuchObjectException {
+ boolean success = false;
+ try {
+ openTransaction();
+ MRole mRol = getMRole(roleName);
+ pm.retrieve(mRol);
+ if (mRol != null) {
+ // first remove all the membership, the membership that this role has
+ // been granted
+ List roleMap = listMSecurityUserRoleMember(mRol);
+ if (roleMap.size() > 0) {
+ pm.deletePersistentAll(roleMap);
+ }
+ List roleMember = listMSecurityPrincipalMembershipRole(
+ mRol.getRoleName(), true, false);
+ if (roleMember.size() > 0) {
+ pm.deletePersistentAll(roleMember);
+ }
+ // then remove all the grants
+ List userGrants = listMSecurityPrincipalUserGrant(
+ mRol.getRoleName(), true, false);
+ if (userGrants.size() > 0) {
+ pm.deletePersistentAll(userGrants);
+ }
+ List dbGrants = listAllMSecurityPrincipalDBGrant(
+ mRol.getRoleName(), true, false);
+ if (dbGrants.size() > 0) {
+ pm.deletePersistentAll(dbGrants);
+ }
+ List tabPartGrants = listAllMSecurityPrincipalTablePartGrant(
+ mRol.getRoleName(), true, false);
+ if (tabPartGrants.size() > 0) {
+ pm.deletePersistentAll(tabPartGrants);
+ }
+ List columnGrants = listAllMSecurityPrincipalColumnGrant(
+ mRol.getRoleName(), true, false);
+ if (columnGrants.size() > 0) {
+ pm.deletePersistentAll(columnGrants);
+ }
+ // last remove the role
+ pm.deletePersistent(mRol);
+ }
+ success = commitTransaction();
+ } finally {
+ if (!success) {
+ rollbackTransaction();
+ }
+ }
+ return success;
+ }
+
+ private List listRoles(String userName,
+ List groupNames, String databaseName) {
+ List ret = new ArrayList();
+ if(userName != null) {
+ ret.addAll(listRoles(userName, false, false));
+ }
+ if (groupNames != null) {
+ for (String groupName: groupNames) {
+ ret.addAll(listRoles(groupName, false, true));
+ }
+ }
+ return ret;
+ }
+
+ @SuppressWarnings("unchecked")
+ public List listRoles(String principalName,
+ boolean isRole, boolean isGroup) {
+ boolean success = false;
+ List mRoleMember = null;
+ try {
+ openTransaction();
+ LOG.debug("Executing listRoles");
+ Query query = pm
+ .newQuery(
+ MRoleMap.class,
+ "principalName == t1 && isGroup == t2 && isRole == t3");
+ query
+ .declareParameters("java.lang.String t1, java.lang.Boolean t2, java.lang.Boolean t3");
+ query.setUnique(false);
+ mRoleMember = (List) query.executeWithArray(
+ principalName, isGroup, isRole);
+ LOG.debug("Done executing query for listMSecurityUserRoleMap");
+ pm.retrieveAll(mRoleMember);
+ success = commitTransaction();
+ LOG.debug("Done retrieving all objects for listMSecurityUserRoleMap");
+ } finally {
+ if (!success) {
+ rollbackTransaction();
+ }
+ }
+ return mRoleMember;
+ }
+
+
+ @SuppressWarnings("unchecked")
+ private List listMSecurityPrincipalMembershipRole(final String roleName,
+ final boolean isRole, final boolean isGroup) {
+ boolean success = false;
+ List mRoleMemebership = null;
+ try {
+ openTransaction();
+ LOG.debug("Executing listMSecurityPrincipalMembershipRole");
+ Query query = pm.newQuery(MRoleMap.class,
+ "principalName == t1 && isRole == t2 && isGroup == t3");
+ query
+ .declareParameters("java.lang.String t1, java.lang.Boolean t2, java.lang.Boolean t3");
+ mRoleMemebership = (List) query.execute(roleName,
+ isRole, isGroup);
+ LOG
+ .debug("Done executing query for listMSecurityPrincipalMembershipRole");
+ pm.retrieveAll(mRoleMemebership);
+ success = commitTransaction();
+ LOG
+ .debug("Done retrieving all objects for listMSecurityPrincipalMembershipRole");
+ } finally {
+ if (!success) {
+ rollbackTransaction();
+ }
+ }
+ return mRoleMemebership;
+ }
+
+ public Role getRole(String roleName) throws NoSuchObjectException {
+ MRole mRole = this.getMRole(roleName);
+ if (mRole == null) {
+ throw new NoSuchObjectException(roleName + " role can not be found.");
+ }
+ Role ret = new Role(mRole.getRoleName(), mRole.getCreateTime(), mRole
+ .getOwnerName(), null);
+ return ret;
+ }
+
+ private MRole getMRole(String roleName) {
+ MRole mrole = null;
+ boolean commited = false;
+ try {
+ openTransaction();
+ Query query = pm.newQuery(MRole.class, "roleName == t1");
+ query.declareParameters("java.lang.String t1");
+ query.setUnique(true);
+ mrole = (MRole) query.execute(roleName);
+ pm.retrieve(mrole);
+ commited = commitTransaction();
+ } finally {
+ if (!commited) {
+ rollbackTransaction();
+ }
+ }
+ return mrole;
+ }
+
+ @Override
+ public PrincipalPrivilegeSet getUserPrivilegeSet(String userName,
+ List groupNames) throws InvalidObjectException, MetaException {
+ boolean commited = false;
+ PrincipalPrivilegeSet ret = new PrincipalPrivilegeSet();
+ try {
+ openTransaction();
+ if (userName != null) {
+ List user = this.listMSecurityPrincipalUserGrant(userName, false, false);
+ if(user.size()>0) {
+ Map userPriv = new HashMap();
+ String userPrivStr = user.get(0).getPrivileges();
+ for (int i = 1; i < user.size(); i++) {
+ userPrivStr = userPrivStr + ";" + user.get(i).getPrivileges();
+ }
+ userPriv.put(userName, userPrivStr);
+ ret.setUserPrivileges(userPriv);
+ }
+ }
+ if (groupNames != null && groupNames.size() > 0) {
+ Map groupPriv = new HashMap();
+ for(String groupName: groupNames) {
+ List group = this.listMSecurityPrincipalUserGrant(groupName, false, true);
+ if(group.size()>0) {
+ String groupPrivStr = group.get(0).getPrivileges();
+ for (int i = 1; i < group.size(); i++) {
+ groupPrivStr = groupPrivStr + ";" + group.get(i).getPrivileges();
+ }
+ groupPriv.put(groupName, groupPrivStr);
+ }
+ }
+ ret.setGroupPrivileges(groupPriv);
+ }
+ commited = commitTransaction();
+ } finally {
+ if (!commited) {
+ rollbackTransaction();
+ }
+ }
+ return ret;
+ }
+
+ @Override
+ public PrincipalPrivilegeSet getDBPrivilegeSet(String dbName,
+ String userName, List groupNames) throws InvalidObjectException,
+ MetaException {
+ boolean commited = false;
+ PrincipalPrivilegeSet ret = new PrincipalPrivilegeSet();
+ try {
+ openTransaction();
+ if (userName != null) {
+ Map userDbPriv = new HashMap();
+ userDbPriv.put(userName, getDBPrivilege(dbName, userName, false, false));
+ ret.setUserPrivileges(userDbPriv);
+ }
+ if (groupNames != null && groupNames.size() > 0) {
+ Map groupDbPriv = new HashMap();
+ for (String groupName : groupNames) {
+ groupDbPriv.put(groupName, getDBPrivilege(dbName, groupName, false,
+ true));
+ }
+ ret.setGroupPrivileges(groupDbPriv);
+ }
+ List roles = listRoles(userName, groupNames, dbName);
+ if (roles != null && roles.size() > 0) {
+ Map roleDbPriv = new HashMap();
+ for (MRoleMap role : roles) {
+ String name = role.getRole().getRoleName();
+ roleDbPriv.put(name, getDBPrivilege(dbName, name, true, false));
+ }
+ ret.setRolePrivileges(roleDbPriv);
+ }
+ commited = commitTransaction();
+ } finally {
+ if (!commited) {
+ rollbackTransaction();
+ }
+ }
+ return ret;
+ }
+
+ @Override
+ public PrincipalPrivilegeSet getPartitionPrivilegeSet(String dbName,
+ String tableName, String partition, String userName,
+ List groupNames) throws InvalidObjectException, MetaException {
+ boolean commited = false;
+ PrincipalPrivilegeSet ret = new PrincipalPrivilegeSet();
+ try {
+ openTransaction();
+ if (userName != null) {
+ Map userPartitionPriv = new HashMap();
+ userPartitionPriv.put(userName, getPartitionPrivilege(dbName,
+ tableName, partition, userName, false, false));
+ ret.setUserPrivileges(userPartitionPriv);
+ }
+ if (groupNames != null && groupNames.size() > 0) {
+ Map groupPartitionPriv = new HashMap();
+ for (String groupName : groupNames) {
+ groupPartitionPriv.put(groupName, getPartitionPrivilege(dbName, tableName,
+ partition, groupName, false, true));
+ }
+ ret.setGroupPrivileges(groupPartitionPriv);
+ }
+ List roles = listRoles(userName, groupNames, dbName);
+ if (roles != null && roles.size() > 0) {
+ Map rolePartPriv = new HashMap();
+ for (MRoleMap role : roles) {
+ String roleName = role.getRole().getRoleName();
+ rolePartPriv.put(roleName, getPartitionPrivilege(dbName, tableName,
+ partition, roleName, true, false));
+ }
+ ret.setRolePrivileges(rolePartPriv);
+ }
+ commited = commitTransaction();
+ } finally {
+ if (!commited) {
+ rollbackTransaction();
+ }
+ }
+ return ret;
+ }
+
+ @Override
+ public PrincipalPrivilegeSet getTablePrivilegeSet(String dbName,
+ String tableName, String userName, List groupNames)
+ throws InvalidObjectException, MetaException {
+ boolean commited = false;
+ PrincipalPrivilegeSet ret = new PrincipalPrivilegeSet();
+ try {
+ openTransaction();
+ if (userName != null) {
+ Map userPartitionPriv = new HashMap();
+ userPartitionPriv.put(userName, getTablePrivilege(dbName,
+ tableName, userName, false, false));
+ ret.setUserPrivileges(userPartitionPriv);
+ }
+ if (groupNames != null && groupNames.size() > 0) {
+ Map groupPartitionPriv = new HashMap();
+ for (String groupName : groupNames) {
+ groupPartitionPriv.put(groupName, getTablePrivilege(dbName, tableName,
+ groupName, false, true));
+ }
+ ret.setGroupPrivileges(groupPartitionPriv);
+ }
+ List roles = listRoles(userName, groupNames, dbName);
+ if (roles != null && roles.size() > 0) {
+ Map rolePartPriv = new HashMap();
+ for (MRoleMap role : roles) {
+ String roleName = role.getRole().getRoleName();
+ rolePartPriv.put(roleName, getTablePrivilege(dbName, tableName,
+ roleName, true, false));
+ }
+ ret.setRolePrivileges(rolePartPriv);
+ }
+ commited = commitTransaction();
+ } finally {
+ if (!commited) {
+ rollbackTransaction();
+ }
+ }
+ return ret;
+ }
+
+ @Override
+ public PrincipalPrivilegeSet getColumnPrivilegeSet(String dbName,
+ String tableName, String partitionName, String columnName,
+ String userName, List groupNames) throws InvalidObjectException,
+ MetaException {
+ boolean commited = false;
+ PrincipalPrivilegeSet ret = new PrincipalPrivilegeSet();
+ try {
+ openTransaction();
+ if (userName != null) {
+ Map