hive-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Thejas Nair" <the...@hortonworks.com>
Subject Re: Review Request 16847: Add a hive authorization plugin api that does not assume privileges needed
Date Tue, 14 Jan 2014 03:51:36 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/16847/
-----------------------------------------------------------

(Updated Jan. 14, 2014, 3:51 a.m.)


Review request for hive, Ashutosh Chauhan and Brock Noland.


Bugs: HIVE-5928
    https://issues.apache.org/jira/browse/HIVE-5928


Repository: hive-git


Description
-------

The existing HiveAuthorizationProvider interface implementations can be used to support custom
authorization models.
But this interface limits the customization for these reasons -
1. It has assumptions about the privileges required for an action.
2. It does have not functions that you can implement for having custom ways of doing the actions
of access control statements.

This jira proposes a new interface HiveAuthorizer that does not make assumptions of the privileges
required for the actions. The authorize() functions will be equivalent of authorize(<operation
type>, <input objects>, <output objects>). It will also have functions that
will be called from the access control statements.

The current HiveAuthorizationProvider will continue to be supported for backward compatibility.



Diffs
-----

  ql/src/java/org/apache/hadoop/hive/ql/Driver.java 72c04d3 
  ql/src/java/org/apache/hadoop/hive/ql/ErrorMsg.java b36a4ca 
  ql/src/java/org/apache/hadoop/hive/ql/exec/DDLTask.java dc45ea2 
  ql/src/java/org/apache/hadoop/hive/ql/metadata/HiveUtils.java 143c0a6 
  ql/src/java/org/apache/hadoop/hive/ql/parse/SemanticAnalyzer.java 52d7c75 
  ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/DefaultHiveAuthorizerFactory.java
PRE-CREATION 
  ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAccessController.java
PRE-CREATION 
  ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizationValidator.java
PRE-CREATION 
  ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizer.java
PRE-CREATION 
  ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizerFactory.java
PRE-CREATION 
  ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizerImpl.java
PRE-CREATION 
  ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveMetastoreClientFactory.java
PRE-CREATION 
  ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveMetastoreClientFactoryImpl.java
PRE-CREATION 
  ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveOperationType.java
PRE-CREATION 
  ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HivePrincipal.java PRE-CREATION

  ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HivePrivilege.java PRE-CREATION

  ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HivePrivilegeObject.java
PRE-CREATION 
  ql/src/java/org/apache/hadoop/hive/ql/session/SessionState.java ef35f1a 
  ql/src/test/org/apache/hadoop/hive/ql/security/authorization/plugin/TestHiveOperationType.java
PRE-CREATION 

Diff: https://reviews.apache.org/r/16847/diff/


Testing
-------


Thanks,

Thejas Nair


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message