From 9187cf1d86488b3ff242f0e9d998dea5fc3d2151 Mon Sep 17 00:00:00 2001 From: Sam An Date: Thu, 1 Aug 2019 14:05:05 -0700 Subject: [PATCH] HIVE-22063: Ranger Authorization in Hive based on object ownership - HMS code path (Sam An, reviewed by Naveen Gangam) --- .../plugin/metastore/HiveMetaStoreAuthorizableEvent.java | 8 ++++++-- .../plugin/metastore/events/CreateTableEvent.java | 4 +++- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/metastore/HiveMetaStoreAuthorizableEvent.java b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/metastore/HiveMetaStoreAuthorizableEvent.java index d3d475a4cf..2bae723c1d 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/metastore/HiveMetaStoreAuthorizableEvent.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/metastore/HiveMetaStoreAuthorizableEvent.java @@ -52,11 +52,15 @@ protected String getSdLocation(StorageDescriptor sd) { } protected HivePrivilegeObject getHivePrivilegeObject(Database database) { - return new HivePrivilegeObject(HivePrivilegeObject.HivePrivilegeObjectType.DATABASE, database.getName(), null); + return new HivePrivilegeObject(HivePrivilegeObject.HivePrivilegeObjectType.DATABASE, database.getName(), + null, null, null, HivePrivilegeObject.HivePrivObjectActionType.OTHER, null, null, + database.getOwnerName(), database.getOwnerType()); } protected HivePrivilegeObject getHivePrivilegeObject(Table table) { - return new HivePrivilegeObject(HivePrivilegeObject.HivePrivilegeObjectType.TABLE_OR_VIEW, table.getDbName(), table.getTableName()); + return new HivePrivilegeObject(HivePrivilegeObject.HivePrivilegeObjectType.TABLE_OR_VIEW, table.getDbName(), + table.getTableName(), null, null, HivePrivilegeObject.HivePrivObjectActionType.OTHER, null, null, + table.getOwner(), table.getOwnerType()); } protected HivePrivilegeObject getHivePrivilegeObjectDfsUri(String uri) { diff --git a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/metastore/events/CreateTableEvent.java b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/metastore/events/CreateTableEvent.java index cb5d617d2e..f3fa7586a5 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/metastore/events/CreateTableEvent.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/metastore/events/CreateTableEvent.java @@ -68,7 +68,9 @@ public HiveMetaStoreAuthzInfo getAuthzContext() { Table table = event.getTable(); String uri = getSdLocation(table.getSd()); - ret.add(new HivePrivilegeObject(HivePrivilegeObjectType.DATABASE, table.getDbName(), null)); + ret.add(new HivePrivilegeObject(HivePrivilegeObjectType.DATABASE, table.getDbName(), null, null, null, + HivePrivilegeObject.HivePrivObjectActionType.OTHER, null, null, + table.getOwner(), table.getOwnerType())); ret.add(getHivePrivilegeObject(table)); if (StringUtils.isNotEmpty(uri)) { -- 2.20.1