diff --git a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HivePrivilegeObject.java b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HivePrivilegeObject.java index 9e9ef71..8acef9a 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HivePrivilegeObject.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HivePrivilegeObject.java @@ -26,9 +26,15 @@ import org.apache.hadoop.hive.common.classification.InterfaceAudience.LimitedPrivate; import org.apache.hadoop.hive.common.classification.InterfaceStability.Unstable; +import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject.HivePrivilegeObjectType; /** - * Represents the object on which privilege is being granted/revoked + * Represents the object on which privilege is being granted/revoked, and objects + * being used in queries. + * + * Check the get* function documentation for information on what value it returns based on + * the {@link HivePrivilegeObjectType}. + * */ @LimitedPrivate(value = { "" }) @Unstable @@ -79,9 +85,20 @@ private int compare(Collection o1, Collection o2) { return o1.size() > o2.size() ? 1 : (o1.size() < o2.size() ? -1 : 0); } + /** + * Note that GLOBAL, PARTITION, COLUMN fields are populated only for hive's old default + * authorization mode. + * When the authorization manager is an instance of HiveAuthorizerFactory, these types are not + * used. + */ public enum HivePrivilegeObjectType { GLOBAL, DATABASE, TABLE_OR_VIEW, PARTITION, COLUMN, LOCAL_URI, DFS_URI, COMMAND_PARAMS, FUNCTION - } ; + }; + + /** + * When {@link HiveOperationType} is QUERY, this action type is set so that it is possible + * to determine if the action type on this object is an INSERT or INSERT_OVERWRITE + */ public enum HivePrivObjectActionType { OTHER, INSERT, INSERT_OVERWRITE }; @@ -141,6 +158,9 @@ public HivePrivilegeObjectType getType() { return type; } + /** + * @return the db name if type is DATABASE, TABLE, or FUNCTION + */ public String getDbname() { return dbname; } @@ -152,6 +172,10 @@ public String getObjectName() { return objectName; } + /** + * See javadoc of {@link HivePrivObjectActionType} + * @return action type + */ public HivePrivObjectActionType getActionType() { return actionType; } @@ -160,12 +184,15 @@ public HivePrivObjectActionType getActionType() { return commandParams; } + /** + * @return return partiton key information. Used only for old default authorization mode. + */ public List getPartKeys() { return partKeys; } /** - * Applicable columns in this object + * Applicable columns in this object, when the type is {@link HivePrivilegeObjectType.TABLE} * In case of DML read operations, this is the set of columns being used. * Column information is not set for DDL operations and for tables being written into * @return list of applicable columns