StorageBasedAuthorizationProvider (Hive 0.12.0 API)

java.lang.Object
- org.apache.hadoop.hive.ql.security.authorization.HiveAuthorizationProviderBase
- - org.apache.hadoop.hive.ql.security.authorization.StorageBasedAuthorizationProvider

All Implemented Interfaces:

HiveAuthorizationProvider, HiveMetastoreAuthorizationProvider
```
public class StorageBasedAuthorizationProvider
extends HiveAuthorizationProviderBase
implements HiveMetastoreAuthorizationProvider
```
StorageBasedAuthorizationProvider is an implementation of HiveMetastoreAuthorizationProvider that tries to look at the hdfs permissions of files and directories associated with objects like databases, tables and partitions to determine whether or not an operation is allowed. The rule of thumb for which location to check in hdfs is as follows: CREATE : on location specified, or on location determined from metadata READS : not checked (the preeventlistener does not have an event to fire) UPDATES : on location in metadata DELETES : on location in metadata If the location does not yet exist, as the case is with creates, it steps out to the parent directory recursively to determine its permissions till it finds a parent that does exist.

Nested Class Summary
- Nested classes/interfaces inherited from class org.apache.hadoop.hive.ql.security.authorization.HiveAuthorizationProviderBase
  HiveAuthorizationProviderBase.HiveProxy

Field Summary
- Fields inherited from class org.apache.hadoop.hive.ql.security.authorization.HiveAuthorizationProviderBase
  authenticator, hive_db, LOG

Constructor Summary

Constructors
Constructor and Description

StorageBasedAuthorizationProvider()

Constructors
Constructor and Description
`StorageBasedAuthorizationProvider()`

Method Summary

All Methods Static Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`void`	`authorize(Database db, Privilege[] readRequiredPriv, Privilege[] writeRequiredPriv)` Authorization privileges against a database object.
`void`	`authorize(Partition part, Privilege[] readRequiredPriv, Privilege[] writeRequiredPriv)` Authorization privileges against a hive partition object.
`void`	`authorize(Path path, Privilege[] readRequiredPriv, Privilege[] writeRequiredPriv)` Authorization privileges against a path.
`void`	`authorize(Privilege[] readRequiredPriv, Privilege[] writeRequiredPriv)` Authorization user level privileges.
`void`	`authorize(Table table, Partition part, java.util.List<java.lang.String> columns, Privilege[] readRequiredPriv, Privilege[] writeRequiredPriv)` Authorization privileges against a list of columns.
`void`	`authorize(Table table, Privilege[] readRequiredPriv, Privilege[] writeRequiredPriv)` Authorization privileges against a hive table object.
`protected void`	`checkPermissions(Configuration conf, Path path, java.util.EnumSet<FsAction> actions)` Checks the permissions for the given path and current user on Hadoop FS.
`protected static void`	`checkPermissions(FileSystem fs, Path path, java.util.EnumSet<FsAction> actions, java.lang.String user, java.util.List<java.lang.String> groups)` Checks the permissions for the given path and current user on Hadoop FS.
`protected Path`	`getDbLocation(Database db)`
`protected FsAction`	`getFsAction(Privilege priv)` Given a privilege, return what FsActions are required
`protected java.util.EnumSet<FsAction>`	`getFsActions(Privilege[] privs)` Given a Privilege[], find out what all FsActions are required
`void`	`init(Configuration conf)`
`void`	`setMetaStoreHandler(HiveMetaStore.HMSHandler handler)` Allows invoker of HiveMetaStoreAuthorizationProvider to send in a hive metastore handler that can be used to make calls to test whether or not authorizations can/will succeed.

Methods inherited from class org.apache.hadoop.hive.ql.security.authorization.HiveAuthorizationProviderBase
getAuthenticator, getConf, setAuthenticator, setConf

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.apache.hadoop.hive.ql.security.authorization.HiveAuthorizationProvider
getAuthenticator, setAuthenticator

- Constructor Detail
  - StorageBasedAuthorizationProvider
```
public StorageBasedAuthorizationProvider()
```
- Method Detail
  - init
```
public void init(Configuration conf)
          throws HiveException
```
    Specified by:
    
    init in interface HiveAuthorizationProvider
    
    Throws:
    
    HiveException
  - authorize
```
public void authorize(Privilege[] readRequiredPriv,
                      Privilege[] writeRequiredPriv)
               throws HiveException,
                      AuthorizationException
```
    Description copied from interface: HiveAuthorizationProvider
    
    Authorization user level privileges.
    
    Specified by:
    
    authorize in interface HiveAuthorizationProvider
    
    Parameters:
    
    readRequiredPriv - a list of privileges needed for inputs.
    
    writeRequiredPriv - a list of privileges needed for outputs.
    
    Throws:
    
    HiveException
    
    AuthorizationException
  - authorize
```
public void authorize(Database db,
                      Privilege[] readRequiredPriv,
                      Privilege[] writeRequiredPriv)
               throws HiveException,
                      AuthorizationException
```
    Description copied from interface: HiveAuthorizationProvider
    
    Authorization privileges against a database object.
    
    Specified by:
    
    authorize in interface HiveAuthorizationProvider
    
    Parameters:
    
    db - database
    
    readRequiredPriv - a list of privileges needed for inputs.
    
    writeRequiredPriv - a list of privileges needed for outputs.
    
    Throws:
    
    HiveException
    
    AuthorizationException
  - authorize
```
public void authorize(Table table,
                      Privilege[] readRequiredPriv,
                      Privilege[] writeRequiredPriv)
               throws HiveException,
                      AuthorizationException
```
    Description copied from interface: HiveAuthorizationProvider
    
    Authorization privileges against a hive table object.
    
    Specified by:
    
    authorize in interface HiveAuthorizationProvider
    
    Parameters:
    
    table - table object
    
    readRequiredPriv - a list of privileges needed for inputs.
    
    writeRequiredPriv - a list of privileges needed for outputs.
    
    Throws:
    
    HiveException
    
    AuthorizationException
  - authorize
```
public void authorize(Partition part,
                      Privilege[] readRequiredPriv,
                      Privilege[] writeRequiredPriv)
               throws HiveException,
                      AuthorizationException
```
    Description copied from interface: HiveAuthorizationProvider
    
    Authorization privileges against a hive partition object.
    
    Specified by:
    
    authorize in interface HiveAuthorizationProvider
    
    Parameters:
    
    part - partition object
    
    readRequiredPriv - a list of privileges needed for inputs.
    
    writeRequiredPriv - a list of privileges needed for outputs.
    
    Throws:
    
    HiveException
    
    AuthorizationException
  - authorize
```
public void authorize(Table table,
                      Partition part,
                      java.util.List<java.lang.String> columns,
                      Privilege[] readRequiredPriv,
                      Privilege[] writeRequiredPriv)
               throws HiveException,
                      AuthorizationException
```
    Description copied from interface: HiveAuthorizationProvider
    
    Authorization privileges against a list of columns. If the partition object is not null, look at the column grants for the given partition. Otherwise look at the table column grants.
    
    Specified by:
    
    authorize in interface HiveAuthorizationProvider
    
    Parameters:
    
    table - table object
    
    part - partition object
    
    columns - a list of columns
    
    readRequiredPriv - a list of privileges needed for inputs.
    
    writeRequiredPriv - a list of privileges needed for outputs.
    
    Throws:
    
    HiveException
    
    AuthorizationException
  - setMetaStoreHandler
```
public void setMetaStoreHandler(HiveMetaStore.HMSHandler handler)
```
    Description copied from interface: HiveMetastoreAuthorizationProvider
    
    Allows invoker of HiveMetaStoreAuthorizationProvider to send in a hive metastore handler that can be used to make calls to test whether or not authorizations can/will succeed. Intended to be called before any of the authorize methods are called.
    
    Specified by:
    
    setMetaStoreHandler in interface HiveMetastoreAuthorizationProvider
  - getFsAction
```
protected FsAction getFsAction(Privilege priv)
```
    Given a privilege, return what FsActions are required
  - getFsActions
```
protected java.util.EnumSet<FsAction> getFsActions(Privilege[] privs)
```
    Given a Privilege[], find out what all FsActions are required
  - authorize
```
public void authorize(Path path,
                      Privilege[] readRequiredPriv,
                      Privilege[] writeRequiredPriv)
               throws HiveException,
                      AuthorizationException
```
    Authorization privileges against a path.
    
    Specified by:
    
    authorize in interface HiveAuthorizationProvider
    
    Parameters:
    
    path - a filesystem path
    
    readRequiredPriv - a list of privileges needed for inputs.
    
    writeRequiredPriv - a list of privileges needed for outputs.
    
    Throws:
    
    HiveException
    
    AuthorizationException
  - checkPermissions
```
protected void checkPermissions(Configuration conf,
                                Path path,
                                java.util.EnumSet<FsAction> actions)
                         throws java.io.IOException,
                                javax.security.auth.login.LoginException
```
    Checks the permissions for the given path and current user on Hadoop FS. If the given path does not exists, it checks for its parent folder.
    
    Throws:
    
    java.io.IOException
    
    javax.security.auth.login.LoginException
  - checkPermissions
```
protected static void checkPermissions(FileSystem fs,
                                       Path path,
                                       java.util.EnumSet<FsAction> actions,
                                       java.lang.String user,
                                       java.util.List<java.lang.String> groups)
                                throws java.io.IOException,
                                       java.security.AccessControlException
```
    Checks the permissions for the given path and current user on Hadoop FS. If the given path does not exists, it returns.
    
    Throws:
    
    java.io.IOException
    
    java.security.AccessControlException
  - getDbLocation
```
protected Path getDbLocation(Database db)
                      throws HiveException
```
    Throws:
    
    HiveException

Class StorageBasedAuthorizationProvider

Nested Class Summary

Nested classes/interfaces inherited from class org.apache.hadoop.hive.ql.security.authorization.HiveAuthorizationProviderBase

Field Summary

Fields inherited from class org.apache.hadoop.hive.ql.security.authorization.HiveAuthorizationProviderBase

Constructor Summary

Method Summary

Methods inherited from class org.apache.hadoop.hive.ql.security.authorization.HiveAuthorizationProviderBase

Methods inherited from class java.lang.Object

Methods inherited from interface org.apache.hadoop.hive.ql.security.authorization.HiveAuthorizationProvider

Constructor Detail

StorageBasedAuthorizationProvider

Method Detail

init

authorize

authorize

authorize

authorize

authorize

setMetaStoreHandler

getFsAction

getFsActions

authorize

checkPermissions

checkPermissions

getDbLocation