diff --git a/metastore/if/hive_metastore.thrift b/metastore/if/hive_metastore.thrift index 58b2357..3ff0ba5 100755 --- a/metastore/if/hive_metastore.thrift +++ b/metastore/if/hive_metastore.thrift @@ -107,6 +107,11 @@ struct Role { 1: string roleName, 2: i32 createTime, 3: string ownerName, + + // Following fields are populated by list_roles + // They are ignored during other commands such as role creation + // See RolePrincipalGrant which gives a 'normalized' representation + // of this information 4: optional string principalName, 5: optional string principalType, 6: optional bool grantOption, @@ -114,6 +119,17 @@ struct Role { 8: optional string grantor } +// Representation of a grant for a principal to a role +struct RolePrincipalGrant { + 1: string roleName, + 2: string principalName, + 3: PrincipalType principalType, + 4: bool grantOption, + 5: i32 grantTime, + 6: string grantor +} + + // namespace for tables struct Database { 1: string name, @@ -752,6 +768,11 @@ service ThriftHiveMetastore extends fb303.FacebookService throws(1:MetaException o1) list list_roles(1:string principal_name, 2:PrincipalType principal_type) throws(1:MetaException o1) + // get all role-grants for users/roles that have been granted the given role + // Note that in the returned list of RolePrincipalGrants, the roleName is + // redundant as it would match the role_name argument of this function + list get_principals_in_role(1:string role_name) throws(1:MetaException o1) + PrincipalPrivilegeSet get_privilege_set(1:HiveObjectRef hiveObject, 2:string user_name, 3: list group_names) throws(1:MetaException o1) list list_privileges(1:string principal_name, 2:PrincipalType principal_type,