diff --git ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HivePrivilegeObject.java ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HivePrivilegeObject.java index 0b3b19b03e..1dd12f85ea 100644 --- ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HivePrivilegeObject.java +++ ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HivePrivilegeObject.java @@ -24,6 +24,13 @@ import org.apache.hadoop.classification.InterfaceStability.Evolving; import org.apache.hadoop.hive.common.classification.InterfaceAudience.LimitedPrivate; +import org.apache.hadoop.hive.metastore.api.Database; +import org.apache.hadoop.hive.metastore.api.Function; +import org.apache.hadoop.hive.ql.metadata.Hive; +import org.apache.hadoop.hive.ql.metadata.HiveException; +import org.apache.hadoop.hive.ql.metadata.Table; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; /** * Represents the object on which privilege is being granted/revoked, and objects @@ -36,6 +43,7 @@ @LimitedPrivate(value = { "Apache Argus (incubating)" }) @Evolving public class HivePrivilegeObject implements Comparable { + private static final Logger LOG = LoggerFactory.getLogger(HivePrivilegeObject.class); @Override public int compareTo(HivePrivilegeObject o) { @@ -65,7 +73,11 @@ public int compareTo(HivePrivilegeObject o) { (o.className != null ? className.compareTo(o.className) : 1) : (o.className != null ? -1 : 0); } - + if(compare == 0) { + compare = objectOwner != null ? + (o.objectOwner != null ? objectOwner.compareTo(o.objectOwner) : 1) : + (o.objectOwner != null ? -1 : 0); + } return compare; } @@ -118,6 +130,7 @@ private int compare(Collection o1, Collection o2) { private final List columns; private final HivePrivObjectActionType actionType; private final String className; + private final String objectOwner; // cellValueTransformers is corresponding to the columns. // Its size should be the same as columns. // For example, if a table has two columns, "key" and "value" @@ -146,7 +159,7 @@ public HivePrivilegeObject(HivePrivilegeObjectType type, String dbname, String o } /** - * Create HivePrivilegeObject of type {@link HivePrivilegeObjectType.COMMAND_PARAMS} + * Create HivePrivilegeObject of type {@link HivePrivilegeObjectType#COMMAND_PARAMS} * @param cmdParams * @return */ @@ -175,6 +188,38 @@ public HivePrivilegeObject(HivePrivilegeObjectType type, String dbname, String o this.actionType = actionType; this.commandParams = commandParams; this.className = className; + this.objectOwner = fillInOwner(type, dbname, objectName); + } + private static String fillInOwner(HivePrivilegeObjectType type, String dbname, String objectName) { + if(type == null) { + return null; + } + try { + Hive db = Hive.get(); + switch (type) { + case DATABASE: + Database database = db.getDatabase(dbname); + return database == null ? null : database.getOwnerName(); + case TABLE_OR_VIEW: + case PARTITION: + case COLUMN: + Table table = db.getTable(dbname, objectName); + return table == null ? null : table.getOwner(); + case FUNCTION: + Function function = db.getFunction(dbname, objectName); + return function == null ? null : function.getOwnerName(); + default: + return null; + } + } + catch(HiveException ex) { + LOG.error("Unable to find objectOwner of " + dbname + "." + objectName + " due to: " + + ex.getMessage(), ex); + //for testing - let's see if this brakes anything + throw new RuntimeException("Unable to find objectOwner of " + dbname + "." + objectName + " due to: " + + ex.getMessage(), ex); + //return null; + } } public HivePrivilegeObjectType getType() { @@ -215,7 +260,7 @@ public HivePrivObjectActionType getActionType() { } /** - * Applicable columns in this object, when the type is {@link HivePrivilegeObjectType.TABLE} + * Applicable columns in this object, when the type is {@link HivePrivilegeObjectType#TABLE_OR_VIEW} * In case of DML read operations, this is the set of columns being used. * Column information is not set for DDL operations and for tables being written into * @return list of applicable columns @@ -225,7 +270,7 @@ public HivePrivObjectActionType getActionType() { } /** - * The class name when the type is {@link HivePrivilegeObjectType.FUNCTION} + * The class name when the type is {@link HivePrivilegeObjectType#FUNCTION} * @return the class name */ public String getClassName() {