hadoop-common-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Apache Wiki <wikidi...@apache.org>
Subject [Hadoop Wiki] Update of "Hive/AuthDev" by HeYongqiang
Date Wed, 12 Jan 2011 22:25:18 GMT
Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Hadoop Wiki" for change notification.

The "Hive/AuthDev" page has been changed by HeYongqiang.
http://wiki.apache.org/hadoop/Hive/AuthDev?action=diff&rev1=6&rev2=7

--------------------------------------------------

  
  First try user name:
  
- first try to deny this access by look up the deny tables by user name:
- 
- 1. If there is an entry in 'user' that deny this access, return DENY
- 
- 2. If there is an entry in 'db'  that deny this access, return DENY
- 
- 3. If there is an entry in 'table'  that deny this access, return DENY
- 
- 4. If there is an entry in 'column'  that deny this access, return DENY
- 
- Perform the above steps for each group/roles that the user belongs to.
- 
- if deny failed, go through all privilege levels with the user name:
- 
- 5. If there is an entry in 'user' that accept this access, return ACCEPT
+ 1. If there is an entry in 'user' that accept this access, return ACCEPT
  
- 6. If there is an entry in 'db'  that accept this access, return ACCEPT
+ 2. If there is an entry in 'db'  that accept this access, return ACCEPT
  
- 7. If there is an entry in 'table'  that accept this access, return ACCEPT
+ 3. If there is an entry in 'table'  that accept this access, return ACCEPT
  
- 8. If there is an entry in 'column'  that accept this access, return ACCEPT
+ 4. If there is an entry in 'column'  that accept this access, return ACCEPT
  
  Second try the user's group/role names one by one until we get an ACCEPT. 
  
@@ -387, +373 @@

  
  Authorization decision manager manages a set of authorization provider, and each provider
can decide to accept or deny. And it is the decision manager to do the final decision. Can
be vote based, or one -1 then deny, or one +1 then accept. Authorization provider decides
whether to accept or deny an access based on his own information.
  
+ = 8. Metastore upgrade script for mysql =
+ 
+ {{{
+ --
+ -- Table structure for table `ROLES`
+ --
+ 
+ DROP TABLE IF EXISTS `ROLES`;
+ CREATE TABLE `ROLES` (
+   `ROLE_ID` bigint(20) NOT NULL,
+   `CREATE_TIME` int(11) NOT NULL,
+   `OWNER_NAME` varchar(128) character set latin1 collate latin1_bin default NULL,
+   `ROLE_NAME` varchar(128) character set latin1 collate latin1_bin default NULL,
+   PRIMARY KEY  (`ROLE_ID`),
+   UNIQUE KEY `ROLEENTITYINDEX` (`ROLE_NAME`)
+ ) ENGINE=InnoDB DEFAULT CHARSET=latin1;
+ 
+ 
+ --
+ -- Table structure for table `ROLE_MAP`
+ --
+ 
+ DROP TABLE IF EXISTS `ROLE_MAP`;
+ CREATE TABLE `ROLE_MAP` (
+   `ROLE_GRANT_ID` bigint(20) NOT NULL,
+   `ADD_TIME` int(11) NOT NULL,
+   `GRANT_OPTION` smallint(6) NOT NULL,
+   `GRANTOR` varchar(128) character set latin1 collate latin1_bin default NULL,
+   `GRANTOR_TYPE` varchar(128) character set latin1 collate latin1_bin default NULL,
+   `PRINCIPAL_NAME` varchar(128) character set latin1 collate latin1_bin default NULL,
+   `PRINCIPAL_TYPE` varchar(128) character set latin1 collate latin1_bin default NULL,
+   `ROLE_ID` bigint(20) default NULL,
+   PRIMARY KEY  (`ROLE_GRANT_ID`),
+   UNIQUE KEY `USERROLEMAPINDEX` (`PRINCIPAL_NAME`,`ROLE_ID`,`GRANTOR`,`GRANTOR_TYPE`),
+   KEY `ROLE_MAP_N49` (`ROLE_ID`),
+   CONSTRAINT `ROLE_MAP_FK1` FOREIGN KEY (`ROLE_ID`) REFERENCES `ROLES` (`ROLE_ID`)
+ ) ENGINE=InnoDB DEFAULT CHARSET=latin1;
+ 
+ --
+ -- Table structure for table `GLOBAL_PRIVS`
+ --
+ 
+ DROP TABLE IF EXISTS `GLOBAL_PRIVS`;
+ CREATE TABLE `GLOBAL_PRIVS` (
+   `USER_GRANT_ID` bigint(20) NOT NULL,
+   `CREATE_TIME` int(11) NOT NULL,
+   `GRANT_OPTION` smallint(6) NOT NULL,
+   `GRANTOR` varchar(128) character set latin1 collate latin1_bin default NULL,
+   `GRANTOR_TYPE` varchar(128) character set latin1 collate latin1_bin default NULL,
+   `PRINCIPAL_NAME` varchar(128) character set latin1 collate latin1_bin default NULL,
+   `PRINCIPAL_TYPE` varchar(128) character set latin1 collate latin1_bin default NULL,
+   `USER_PRIV` varchar(128) character set latin1 collate latin1_bin default NULL,
+   PRIMARY KEY  (`USER_GRANT_ID`),
+   UNIQUE KEY `GLOBALPRIVILEGEINDEX` (`PRINCIPAL_NAME`,`PRINCIPAL_TYPE`,`USER_PRIV`,`GRANTOR`,`GRANTOR_TYPE`)
+ ) ENGINE=InnoDB DEFAULT CHARSET=latin1;
+ 
+ 
+ --
+ -- Table structure for table `DB_PRIVS`
+ --
+ 
+ DROP TABLE IF EXISTS `DB_PRIVS`;
+ CREATE TABLE `DB_PRIVS` (
+   `DB_GRANT_ID` bigint(20) NOT NULL,
+   `CREATE_TIME` int(11) NOT NULL,
+   `DB_ID` bigint(20) default NULL,
+   `GRANT_OPTION` smallint(6) NOT NULL,
+   `GRANTOR` varchar(128) character set latin1 collate latin1_bin default NULL,
+   `GRANTOR_TYPE` varchar(128) character set latin1 collate latin1_bin default NULL,
+   `PRINCIPAL_NAME` varchar(128) character set latin1 collate latin1_bin default NULL,
+   `PRINCIPAL_TYPE` varchar(128) character set latin1 collate latin1_bin default NULL,
+   `DB_PRIV` varchar(128) character set latin1 collate latin1_bin default NULL,
+   PRIMARY KEY  (`DB_GRANT_ID`),
+   UNIQUE KEY `DBPRIVILEGEINDEX` (`DB_ID`,`PRINCIPAL_NAME`,`PRINCIPAL_TYPE`,`DB_PRIV`,`GRANTOR`,`GRANTOR_TYPE`),
+   KEY `DB_PRIVS_N49` (`DB_ID`),
+   CONSTRAINT `DB_PRIVS_FK1` FOREIGN KEY (`DB_ID`) REFERENCES `DBS` (`DB_ID`)
+ ) ENGINE=InnoDB DEFAULT CHARSET=latin1;
+ 
+ --
+ -- Table structure for table `TBL_PRIVS`
+ --
+ 
+ DROP TABLE IF EXISTS `TBL_PRIVS`;
+ 
+ CREATE TABLE `TBL_PRIVS` (
+   `TBL_GRANT_ID` bigint(20) NOT NULL,
+   `CREATE_TIME` int(11) NOT NULL,
+   `GRANT_OPTION` smallint(6) NOT NULL,
+   `GRANTOR` varchar(128) character set latin1 collate latin1_bin default NULL,
+   `GRANTOR_TYPE` varchar(128) character set latin1 collate latin1_bin default NULL,
+   `PRINCIPAL_NAME` varchar(128) character set latin1 collate latin1_bin default NULL,
+   `PRINCIPAL_TYPE` varchar(128) character set latin1 collate latin1_bin default NULL,
+   `TBL_PRIV` varchar(128) character set latin1 collate latin1_bin default NULL,
+   `TBL_ID` bigint(20) default NULL,
+   PRIMARY KEY  (`TBL_GRANT_ID`),
+   KEY `TBL_PRIVS_N49` (`TBL_ID`),
+   KEY `TABLEPRIVILEGEINDEX` (`TBL_ID`,`PRINCIPAL_NAME`,`PRINCIPAL_TYPE`,`TBL_PRIV`,`GRANTOR`,`GRANTOR_TYPE`),
+   CONSTRAINT `TBL_PRIVS_FK1` FOREIGN KEY (`TBL_ID`) REFERENCES `TBLS` (`TBL_ID`)
+ ) ENGINE=InnoDB DEFAULT CHARSET=latin1;
+ 
+ --
+ -- Table structure for table `TBL_COL_PRIVS`
+ --
+ 
+ DROP TABLE IF EXISTS `TBL_COL_PRIVS`;
+ CREATE TABLE `TBL_COL_PRIVS` (
+   `TBL_COLUMN_GRANT_ID` bigint(20) NOT NULL,
+   `COLUMN_NAME` varchar(128) character set latin1 collate latin1_bin default NULL,
+   `CREATE_TIME` int(11) NOT NULL,
+   `GRANT_OPTION` smallint(6) NOT NULL,
+   `GRANTOR` varchar(128) character set latin1 collate latin1_bin default NULL,
+   `GRANTOR_TYPE` varchar(128) character set latin1 collate latin1_bin default NULL,
+   `PRINCIPAL_NAME` varchar(128) character set latin1 collate latin1_bin default NULL,
+   `PRINCIPAL_TYPE` varchar(128) character set latin1 collate latin1_bin default NULL,
+   `TBL_COL_PRIV` varchar(128) character set latin1 collate latin1_bin default NULL,
+   `TBL_ID` bigint(20) default NULL,
+   PRIMARY KEY  (`TBL_COLUMN_GRANT_ID`),
+   KEY `TABLECOLUMNPRIVILEGEINDEX` (`TBL_ID`,`COLUMN_NAME`,`PRINCIPAL_NAME`,`PRINCIPAL_TYPE`,`TBL_COL_PRIV`,`GRANTOR`,`GRANTOR_TYPE`),
+   KEY `TBL_COL_PRIVS_N49` (`TBL_ID`),
+   CONSTRAINT `TBL_COL_PRIVS_FK1` FOREIGN KEY (`TBL_ID`) REFERENCES `TBLS` (`TBL_ID`)
+ ) ENGINE=InnoDB DEFAULT CHARSET=latin1;
+ }}}
+ 
  ------------
  
  = HDFS Permission =

Mime
View raw message