From 7525a818c24dc8043ba07ca009f865f4001fe44c Mon Sep 17 00:00:00 2001 From: Sam An Date: Tue, 4 Jun 2019 11:15:49 -0700 Subject: [PATCH] HIVE-21833: Ranger Authorization in Hive based on object ownership (Sam An, reviewed by Daniel Dai) --- ql/src/java/org/apache/hadoop/hive/ql/Driver.java | 6 +++++- .../authorization/plugin/HivePrivilegeObject.java | 15 +++++++++++++++ 2 files changed, 20 insertions(+), 1 deletion(-) diff --git a/ql/src/java/org/apache/hadoop/hive/ql/Driver.java b/ql/src/java/org/apache/hadoop/hive/ql/Driver.java index 255c65aa73..d6f28270cd 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/Driver.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/Driver.java @@ -63,6 +63,7 @@ import org.apache.hadoop.hive.metastore.api.FieldSchema; import org.apache.hadoop.hive.metastore.api.LockComponent; import org.apache.hadoop.hive.metastore.api.LockType; +import org.apache.hadoop.hive.metastore.api.PrincipalType; import org.apache.hadoop.hive.metastore.api.Schema; import org.apache.hadoop.hive.metastore.utils.MetaStoreUtils; import org.apache.hadoop.hive.ql.cache.results.CacheUsage; @@ -1395,15 +1396,18 @@ private static void doAuthorizationV2(SessionState ss, HiveOperation op, List partKeys = null; List columns = null; String className = null; + String ownerName = null; switch(privObject.getType()){ case DATABASE: dbname = privObject.getDatabase().getName(); + ownerName = privObject.getDatabase().getOwnerName(); break; case TABLE: dbname = privObject.getTable().getDbName(); objName = privObject.getTable().getTableName(); columns = tableName2Cols == null ? null : tableName2Cols.get(Table.getCompleteName(dbname, objName)); + ownerName = privObject.getTable().getOwner(); break; case DFS_DIR: case LOCAL_DIR: @@ -1428,7 +1432,7 @@ private static void doAuthorizationV2(SessionState ss, HiveOperation op, List o1, Collection o2) { private final List columns; private final HivePrivObjectActionType actionType; private final String className; + private final String ownerName; // cellValueTransformers is corresponding to the columns. // Its size should be the same as columns. // For example, if a table has two columns, "key" and "value" @@ -175,6 +176,20 @@ public HivePrivilegeObject(HivePrivilegeObjectType type, String dbname, String o this.actionType = actionType; this.commandParams = commandParams; this.className = className; + this.ownerName = null; + } + public HivePrivilegeObject(HivePrivilegeObjectType type, String dbname, String objectName, + List partKeys, List columns, HivePrivObjectActionType actionType, + List commandParams, String className, String ownerName) { + this.type = type; + this.dbname = dbname; + this.objectName = objectName; + this.partKeys = partKeys; + this.columns = columns; + this.actionType = actionType; + this.commandParams = commandParams; + this.className = className; + this.ownerName = ownerName; } public HivePrivilegeObjectType getType() { -- 2.20.1 From 952c0cc158b4ddd9d9d008ca4c33486355b1ef8f Mon Sep 17 00:00:00 2001 From: Sam An Date: Tue, 4 Jun 2019 14:15:05 -0700 Subject: [PATCH] add ownertype --- ql/src/java/org/apache/hadoop/hive/ql/Driver.java | 5 ++++- .../security/authorization/plugin/HivePrivilegeObject.java | 6 +++++- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/ql/src/java/org/apache/hadoop/hive/ql/Driver.java b/ql/src/java/org/apache/hadoop/hive/ql/Driver.java index d6f28270cd..18438aa592 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/Driver.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/Driver.java @@ -1397,10 +1397,12 @@ private static void doAuthorizationV2(SessionState ss, HiveOperation op, List columns = null; String className = null; String ownerName = null; + PrincipalType ownerType = null; switch(privObject.getType()){ case DATABASE: dbname = privObject.getDatabase().getName(); ownerName = privObject.getDatabase().getOwnerName(); + ownerType = privObject.getDatabase().getOwnerType(); break; case TABLE: dbname = privObject.getTable().getDbName(); @@ -1408,6 +1410,7 @@ private static void doAuthorizationV2(SessionState ss, HiveOperation op, List o1, Collection o2) { private final HivePrivObjectActionType actionType; private final String className; private final String ownerName; + private final PrincipalType ownerType; // cellValueTransformers is corresponding to the columns. // Its size should be the same as columns. // For example, if a table has two columns, "key" and "value" @@ -177,10 +179,11 @@ public HivePrivilegeObject(HivePrivilegeObjectType type, String dbname, String o this.commandParams = commandParams; this.className = className; this.ownerName = null; + this.ownerType = null; } public HivePrivilegeObject(HivePrivilegeObjectType type, String dbname, String objectName, List partKeys, List columns, HivePrivObjectActionType actionType, - List commandParams, String className, String ownerName) { + List commandParams, String className, String ownerName, PrincipalType ownerType) { this.type = type; this.dbname = dbname; this.objectName = objectName; @@ -190,6 +193,7 @@ public HivePrivilegeObject(HivePrivilegeObjectType type, String dbname, String o this.commandParams = commandParams; this.className = className; this.ownerName = ownerName; + this.ownerType = ownerType; } public HivePrivilegeObjectType getType() { -- 2.20.1