ranger-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mad...@apache.org
Subject [1/2] git commit: ARGUS-50: Hive authorizer should allow show/desc commands only if user has SELECT privilege
Date Sat, 13 Sep 2014 14:56:32 GMT
Repository: incubator-argus
Updated Branches:
  refs/heads/master 3df530d67 -> 6fb304002


ARGUS-50: Hive authorizer should allow show/desc commands only if user
has SELECT privilege

Project: http://git-wip-us.apache.org/repos/asf/incubator-argus/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-argus/commit/d197741d
Tree: http://git-wip-us.apache.org/repos/asf/incubator-argus/tree/d197741d
Diff: http://git-wip-us.apache.org/repos/asf/incubator-argus/diff/d197741d

Branch: refs/heads/master
Commit: d197741d325d279d79e6088b57df83c69dd47f70
Parents: 30ddcba
Author: mneethiraj <mneethiraj@hortonworks.com>
Authored: Fri Sep 12 23:21:19 2014 -0700
Committer: mneethiraj <mneethiraj@hortonworks.com>
Committed: Fri Sep 12 23:21:19 2014 -0700

----------------------------------------------------------------------
 .../hive/authorizer/XaSecureHiveAuthorizer.java     | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/d197741d/hive-agent/src/main/java/com/xasecure/authorization/hive/authorizer/XaSecureHiveAuthorizer.java
----------------------------------------------------------------------
diff --git a/hive-agent/src/main/java/com/xasecure/authorization/hive/authorizer/XaSecureHiveAuthorizer.java
b/hive-agent/src/main/java/com/xasecure/authorization/hive/authorizer/XaSecureHiveAuthorizer.java
index 34fafdd..fbc0326 100644
--- a/hive-agent/src/main/java/com/xasecure/authorization/hive/authorizer/XaSecureHiveAuthorizer.java
+++ b/hive-agent/src/main/java/com/xasecure/authorization/hive/authorizer/XaSecureHiveAuthorizer.java
@@ -456,10 +456,18 @@ public class XaSecureHiveAuthorizer extends XaSecureHiveAuthorizerBase
{
 				break;
 
 				case QUERY:
+				case SHOW_TABLESTATUS:
+				case SHOW_CREATETABLE:
+				case SHOWINDEXES:
+				case SHOWPARTITIONS:
+				case SHOW_TBLPROPERTIES:
+				case DESCTABLE:
+				case ANALYZE_TABLE:
 					accessType = HiveAccessType.SELECT;
 				break;
 
 				case SWITCHDATABASE:
+				case DESCDATABASE:
 					accessType = HiveAccessType.USE;
 				break;
 
@@ -473,13 +481,10 @@ public class XaSecureHiveAuthorizer extends XaSecureHiveAuthorizerBase
{
 				break;
 
 				case ADD:
-				case ANALYZE_TABLE:
 				case COMPILE:
 				case CREATEMACRO:
 				case CREATEROLE:
-				case DESCDATABASE:
 				case DESCFUNCTION:
-				case DESCTABLE:
 				case DFS:
 				case DROPMACRO:
 				case DROPROLE:
@@ -493,18 +498,13 @@ public class XaSecureHiveAuthorizer extends XaSecureHiveAuthorizerBase
{
 				case SHOWCONF:
 				case SHOWDATABASES:
 				case SHOWFUNCTIONS:
-				case SHOWINDEXES:
 				case SHOWLOCKS:
-				case SHOWPARTITIONS:
 				case SHOWTABLES:
 				case SHOW_COMPACTIONS:
-				case SHOW_CREATETABLE:
 				case SHOW_GRANT:
 				case SHOW_ROLES:
 				case SHOW_ROLE_GRANT:
 				case SHOW_ROLE_PRINCIPALS:
-				case SHOW_TABLESTATUS:
-				case SHOW_TBLPROPERTIES:
 				case SHOW_TRANSACTIONS:
 				break;
 			}


Mime
View raw message