You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hive.apache.org by na...@apache.org on 2011/01/12 07:58:10 UTC
svn commit: r1057999 [1/22] - in /hive/trunk: ./
common/src/java/org/apache/hadoop/hive/conf/ conf/ metastore/if/
metastore/src/gen/thrift/gen-cpp/
metastore/src/gen/thrift/gen-javabean/org/apache/hadoop/hive/metastore/api/
metastore/src/gen/thrift/gen...
Author: namit
Date: Wed Jan 12 06:58:04 2011
New Revision: 1057999
URL: http://svn.apache.org/viewvc?rev=1057999&view=rev
Log:
HIVE-78 Authorization model for Hive
(Yongqiang He via namit)
Added:
hive/trunk/metastore/src/gen/thrift/gen-javabean/org/apache/hadoop/hive/metastore/api/HiveObjectPrivilege.java
hive/trunk/metastore/src/gen/thrift/gen-javabean/org/apache/hadoop/hive/metastore/api/HiveObjectRef.java
hive/trunk/metastore/src/gen/thrift/gen-javabean/org/apache/hadoop/hive/metastore/api/HiveObjectType.java
hive/trunk/metastore/src/gen/thrift/gen-javabean/org/apache/hadoop/hive/metastore/api/PrincipalPrivilegeSet.java
hive/trunk/metastore/src/gen/thrift/gen-javabean/org/apache/hadoop/hive/metastore/api/PrincipalType.java
hive/trunk/metastore/src/gen/thrift/gen-javabean/org/apache/hadoop/hive/metastore/api/PrivilegeBag.java
hive/trunk/metastore/src/gen/thrift/gen-javabean/org/apache/hadoop/hive/metastore/api/PrivilegeGrantInfo.java
hive/trunk/metastore/src/gen/thrift/gen-javabean/org/apache/hadoop/hive/metastore/api/Role.java
hive/trunk/metastore/src/model/org/apache/hadoop/hive/metastore/model/MDBPrivilege.java
hive/trunk/metastore/src/model/org/apache/hadoop/hive/metastore/model/MGlobalPrivilege.java
hive/trunk/metastore/src/model/org/apache/hadoop/hive/metastore/model/MPartitionColumnPrivilege.java
hive/trunk/metastore/src/model/org/apache/hadoop/hive/metastore/model/MPartitionPrivilege.java
hive/trunk/metastore/src/model/org/apache/hadoop/hive/metastore/model/MRole.java
hive/trunk/metastore/src/model/org/apache/hadoop/hive/metastore/model/MRoleMap.java
hive/trunk/metastore/src/model/org/apache/hadoop/hive/metastore/model/MTableColumnPrivilege.java
hive/trunk/metastore/src/model/org/apache/hadoop/hive/metastore/model/MTablePrivilege.java
hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/metadata/AuthorizationException.java
hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/plan/GrantDesc.java
hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/plan/GrantRevokeRoleDDL.java
hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/plan/HiveOperation.java
hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/plan/PrincipalDesc.java
hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/plan/PrivilegeDesc.java
hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/plan/PrivilegeObjectDesc.java
hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/plan/RevokeDesc.java
hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/plan/RoleDDLDesc.java
hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/plan/ShowGrantDesc.java
hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/
hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/HadoopDefaultAuthenticator.java
hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/HiveAuthenticationProvider.java
hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/
hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/DefaultHiveAuthorizationProvider.java
hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/HiveAuthorizationProvider.java
hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/HiveAuthorizationProviderBase.java
hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/Privilege.java
hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/PrivilegeRegistry.java
hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/PrivilegeScope.java
hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/session/CreateTableAutomaticGrant.java
hive/trunk/ql/src/test/org/apache/hadoop/hive/ql/security/
hive/trunk/ql/src/test/org/apache/hadoop/hive/ql/security/DummyAuthenticator.java
hive/trunk/ql/src/test/queries/clientnegative/authorization_fail_1.q
hive/trunk/ql/src/test/queries/clientnegative/authorization_fail_2.q
hive/trunk/ql/src/test/queries/clientnegative/authorization_fail_3.q
hive/trunk/ql/src/test/queries/clientnegative/authorization_fail_4.q
hive/trunk/ql/src/test/queries/clientnegative/authorization_fail_5.q
hive/trunk/ql/src/test/queries/clientnegative/authorization_fail_6.q
hive/trunk/ql/src/test/queries/clientnegative/authorization_fail_7.q
hive/trunk/ql/src/test/queries/clientnegative/authorization_part.q
hive/trunk/ql/src/test/queries/clientpositive/authorization_1.q
hive/trunk/ql/src/test/queries/clientpositive/authorization_2.q
hive/trunk/ql/src/test/queries/clientpositive/authorization_3.q
hive/trunk/ql/src/test/queries/clientpositive/authorization_4.q
hive/trunk/ql/src/test/queries/clientpositive/keyword_1.q
hive/trunk/ql/src/test/results/clientnegative/authorization_fail_1.q.out
hive/trunk/ql/src/test/results/clientnegative/authorization_fail_2.q.out
hive/trunk/ql/src/test/results/clientnegative/authorization_fail_3.q.out
hive/trunk/ql/src/test/results/clientnegative/authorization_fail_4.q.out
hive/trunk/ql/src/test/results/clientnegative/authorization_fail_5.q.out
hive/trunk/ql/src/test/results/clientnegative/authorization_fail_6.q.out
hive/trunk/ql/src/test/results/clientnegative/authorization_fail_7.q.out
hive/trunk/ql/src/test/results/clientnegative/authorization_part.q.out
hive/trunk/ql/src/test/results/clientpositive/authorization_1.q.out
hive/trunk/ql/src/test/results/clientpositive/authorization_2.q.out
hive/trunk/ql/src/test/results/clientpositive/authorization_3.q.out
hive/trunk/ql/src/test/results/clientpositive/authorization_4.q.out
hive/trunk/ql/src/test/results/clientpositive/keyword_1.q.out
Modified:
hive/trunk/CHANGES.txt
hive/trunk/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java
hive/trunk/conf/hive-default.xml
hive/trunk/metastore/if/hive_metastore.thrift
hive/trunk/metastore/src/gen/thrift/gen-cpp/ThriftHiveMetastore.cpp
hive/trunk/metastore/src/gen/thrift/gen-cpp/ThriftHiveMetastore.h
hive/trunk/metastore/src/gen/thrift/gen-cpp/ThriftHiveMetastore_server.skeleton.cpp
hive/trunk/metastore/src/gen/thrift/gen-cpp/hive_metastore_types.cpp
hive/trunk/metastore/src/gen/thrift/gen-cpp/hive_metastore_types.h
hive/trunk/metastore/src/gen/thrift/gen-javabean/org/apache/hadoop/hive/metastore/api/Database.java
hive/trunk/metastore/src/gen/thrift/gen-javabean/org/apache/hadoop/hive/metastore/api/Index.java
hive/trunk/metastore/src/gen/thrift/gen-javabean/org/apache/hadoop/hive/metastore/api/Partition.java
hive/trunk/metastore/src/gen/thrift/gen-javabean/org/apache/hadoop/hive/metastore/api/Schema.java
hive/trunk/metastore/src/gen/thrift/gen-javabean/org/apache/hadoop/hive/metastore/api/SerDeInfo.java
hive/trunk/metastore/src/gen/thrift/gen-javabean/org/apache/hadoop/hive/metastore/api/StorageDescriptor.java
hive/trunk/metastore/src/gen/thrift/gen-javabean/org/apache/hadoop/hive/metastore/api/Table.java
hive/trunk/metastore/src/gen/thrift/gen-javabean/org/apache/hadoop/hive/metastore/api/ThriftHiveMetastore.java
hive/trunk/metastore/src/gen/thrift/gen-php/hive_metastore/ThriftHiveMetastore.php
hive/trunk/metastore/src/gen/thrift/gen-php/hive_metastore/hive_metastore_types.php
hive/trunk/metastore/src/gen/thrift/gen-py/hive_metastore/ThriftHiveMetastore-remote
hive/trunk/metastore/src/gen/thrift/gen-py/hive_metastore/ThriftHiveMetastore.py
hive/trunk/metastore/src/gen/thrift/gen-py/hive_metastore/ttypes.py
hive/trunk/metastore/src/gen/thrift/gen-rb/hive_metastore_types.rb
hive/trunk/metastore/src/gen/thrift/gen-rb/thrift_hive_metastore.rb
hive/trunk/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java
hive/trunk/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStoreClient.java
hive/trunk/metastore/src/java/org/apache/hadoop/hive/metastore/IMetaStoreClient.java
hive/trunk/metastore/src/java/org/apache/hadoop/hive/metastore/ObjectStore.java
hive/trunk/metastore/src/java/org/apache/hadoop/hive/metastore/RawStore.java
hive/trunk/metastore/src/model/package.jdo
hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/Driver.java
hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/exec/DDLTask.java
hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/exec/MoveTask.java
hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/metadata/Hive.java
hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/metadata/HiveUtils.java
hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/parse/BaseSemanticAnalyzer.java
hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/parse/DDLSemanticAnalyzer.java
hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/parse/Hive.g
hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/parse/SemanticAnalyzer.java
hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/parse/SemanticAnalyzerFactory.java
hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/plan/DDLWork.java
hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/session/SessionState.java
hive/trunk/ql/src/test/org/apache/hadoop/hive/ql/QTestUtil.java
hive/trunk/ql/src/test/org/apache/hadoop/hive/ql/metadata/TestSemanticAnalyzerHookLoading.java
hive/trunk/ql/src/test/queries/clientpositive/input19.q
hive/trunk/ql/src/test/queries/clientpositive/show_indexes_edge_cases.q
hive/trunk/ql/src/test/results/clientnegative/invalid_create_tbl2.q.out
hive/trunk/ql/src/test/results/clientnegative/lockneg5.q.out
hive/trunk/ql/src/test/results/clientpositive/alter4.q.out
hive/trunk/ql/src/test/results/clientpositive/bucket_groupby.q.out
hive/trunk/ql/src/test/results/clientpositive/create_default_prop.q.out
hive/trunk/ql/src/test/results/clientpositive/ctas.q.out
hive/trunk/ql/src/test/results/clientpositive/input19.q.out
hive/trunk/ql/src/test/results/clientpositive/merge3.q.out
hive/trunk/ql/src/test/results/clientpositive/query_result_fileformat.q.out
hive/trunk/ql/src/test/results/clientpositive/rcfile_default_format.q.out
hive/trunk/ql/src/test/results/clientpositive/semijoin.q.out
hive/trunk/ql/src/test/results/clientpositive/show_indexes_edge_cases.q.out
hive/trunk/ql/src/test/results/clientpositive/smb_mapjoin9.q.out
hive/trunk/ql/src/test/results/clientpositive/stats10.q.out
hive/trunk/ql/src/test/results/clientpositive/stats12.q.out
hive/trunk/ql/src/test/results/clientpositive/stats13.q.out
hive/trunk/ql/src/test/results/clientpositive/stats2.q.out
hive/trunk/ql/src/test/results/clientpositive/stats5.q.out
hive/trunk/ql/src/test/results/clientpositive/stats6.q.out
hive/trunk/ql/src/test/results/clientpositive/stats7.q.out
hive/trunk/ql/src/test/results/clientpositive/stats8.q.out
hive/trunk/ql/src/test/results/clientpositive/stats9.q.out
hive/trunk/ql/src/test/results/clientpositive/str_to_map.q.out
hive/trunk/ql/src/test/results/clientpositive/updateAccessTime.q.out
Modified: hive/trunk/CHANGES.txt
URL: http://svn.apache.org/viewvc/hive/trunk/CHANGES.txt?rev=1057999&r1=1057998&r2=1057999&view=diff
==============================================================================
--- hive/trunk/CHANGES.txt (original)
+++ hive/trunk/CHANGES.txt Wed Jan 12 06:58:04 2011
@@ -140,6 +140,9 @@ Trunk - Unreleased
HIVE-1858 Implement DROP {PARTITION, INDEX, TEMPORARY FUNCTION} IF EXISTS
(Marcel Kornacker via jvs)
+ HIVE-78 Authorization model for Hive
+ (Yongqiang He via namit)
+
IMPROVEMENTS
HIVE-1692. FetchOperator.getInputFormatFromCache hides causal exception (Philip Zeyliger via cws)
Modified: hive/trunk/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java
URL: http://svn.apache.org/viewvc/hive/trunk/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java?rev=1057999&r1=1057998&r2=1057999&view=diff
==============================================================================
--- hive/trunk/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java (original)
+++ hive/trunk/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java Wed Jan 12 06:58:04 2011
@@ -263,7 +263,7 @@ public class HiveConf extends Configurat
HIVESKEWJOINKEY("hive.skewjoin.key", 1000000),
HIVESKEWJOINMAPJOINNUMMAPTASK("hive.skewjoin.mapjoin.map.tasks", 10000),
HIVESKEWJOINMAPJOINMINSPLIT("hive.skewjoin.mapjoin.min.split", 33554432L), //32M
- MAPREDMINSPLITSIZE("mapred.min.split.size", 1),
+ MAPREDMINSPLITSIZE("mapred.min.split.size", 1L),
HIVEMERGEMAPONLY("hive.mergejob.maponly", true),
HIVESENDHEARTBEAT("hive.heartbeat.interval", 1000),
@@ -334,6 +334,13 @@ public class HiveConf extends Configurat
SEMANTIC_ANALYZER_HOOK("hive.semantic.analyzer.hook",null),
+ HIVE_AUTHORIZATION_ENABLED("hive.security.authorization.enabled", false),
+ HIVE_AUTHORIZATION_MANAGER("hive.security.authorization.manager", null),
+ HIVE_AUTHENTICATOR_MANAGER("hive.security.authenticator.manager", null),
+
+ HIVE_AUTHORIZATION_TABLE_USER_GRANTS("hive.security.authorization.createtable.user.grants", null),
+ HIVE_AUTHORIZATION_TABLE_GROUP_GRANTS("hive.security.authorization.createtable.group.grants", null),
+ HIVE_AUTHORIZATION_TABLE_ROLE_GRANTS("hive.security.authorization.createtable.role.grants", null),
// Print column names in output
HIVE_CLI_PRINT_HEADER("hive.cli.print.header", false),
Modified: hive/trunk/conf/hive-default.xml
URL: http://svn.apache.org/viewvc/hive/trunk/conf/hive-default.xml?rev=1057999&r1=1057998&r2=1057999&view=diff
==============================================================================
--- hive/trunk/conf/hive-default.xml (original)
+++ hive/trunk/conf/hive-default.xml Wed Jan 12 06:58:04 2011
@@ -853,6 +853,52 @@
<description>This enables substitution using syntax like ${var} ${system:var} and ${env:var}.</description>
</property>
+
+<property>
+ <name>hive.security.authorization.enabled</name>
+ <value>false</value>
+ <description>enable or disable the hive client authorization</description>
+</property>
+
+<property>
+ <name>hive.security.authorization.manager</name>
+ <value>org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider</value>
+ <description>the hive client authorization manager class name.
+ The user defined authorization class should implement interface org.apache.hadoop.hive.ql.security.authorization.HiveAuthorizationProvider.
+ </description>
+</property>
+
+<property>
+ <name>hive.security.authenticator.manager</name>
+ <value>org.apache.hadoop.hive.ql.security.HadoopDefaultAuthenticator</value>
+ <description>hive client authenticator manager class name.
+ The user defined authenticator should implement interface org.apache.hadoop.hive.ql.security.HiveAuthenticationProvider.</description>
+</property>
+
+<property>
+ <name>hive.security.authorization.createtable.user.grants</name>
+ <value></value>
+ <description>the privileges automatically granted to some users whenever a table gets created.
+ An example like "userX,userY:select;userZ:create" will grant select privilege to userX and userY,
+ and grant create privilege to userZ whenever a new table created.</description>
+</property>
+
+<property>
+ <name>hive.security.authorization.createtable.group.grants</name>
+ <value></value>
+ <description>the privileges automatically granted to some groups whenever a table gets created.
+ An example like "groupX,groupY:select;groupZ:create" will grant select privilege to groupX and groupY,
+ and grant create privilege to groupZ whenever a new table created.</description>
+</property>
+
+<property>
+ <name>hive.security.authorization.createtable.role.grants</name>
+ <value></value>
+ <description>the privileges automatically granted to some roles whenever a table gets created.
+ An example like "roleX,roleY:select;roleZ:create" will grant select privilege to roleX and roleY,
+ and grant create privilege to roleZ whenever a new table created.</description>
+</property>
+
<property>
<name>hive.error.on.empty.partition</name>
<value>false</value>
Modified: hive/trunk/metastore/if/hive_metastore.thrift
URL: http://svn.apache.org/viewvc/hive/trunk/metastore/if/hive_metastore.thrift?rev=1057999&r1=1057998&r2=1057999&view=diff
==============================================================================
--- hive/trunk/metastore/if/hive_metastore.thrift (original)
+++ hive/trunk/metastore/if/hive_metastore.thrift Wed Jan 12 06:58:04 2011
@@ -29,12 +29,66 @@ struct Type {
4: optional list<FieldSchema> fields // if the name is one of the user defined types
}
+enum HiveObjectType {
+ GLOBAL = 1,
+ DATABASE = 2,
+ TABLE = 3,
+ PARTITION = 4,
+ COLUMN = 5,
+}
+
+enum PrincipalType {
+ USER = 1,
+ ROLE = 2,
+ GROUP = 3,
+}
+
+struct HiveObjectRef{
+ 1: HiveObjectType objectType,
+ 2: string dbName,
+ 3: string objectName,
+ 4: list<string> partValues,
+ 5: string columnName,
+}
+
+struct PrivilegeGrantInfo {
+ 1: string privilege,
+ 2: i32 createTime,
+ 3: string grantor,
+ 4: PrincipalType grantorType,
+ 5: bool grantOption,
+}
+
+struct HiveObjectPrivilege {
+ 1: HiveObjectRef hiveObject,
+ 2: string principalName,
+ 3: PrincipalType principalType,
+ 4: PrivilegeGrantInfo grantInfo,
+}
+
+struct PrivilegeBag {
+ 1: list<HiveObjectPrivilege> privileges,
+}
+
+struct PrincipalPrivilegeSet {
+ 1: map<string, list<PrivilegeGrantInfo>> userPrivileges, // user name -> privilege grant info
+ 2: map<string, list<PrivilegeGrantInfo>> groupPrivileges, // group name -> privilege grant info
+ 3: map<string, list<PrivilegeGrantInfo>> rolePrivileges, //role name -> privilege grant info
+}
+
+struct Role {
+ 1: string roleName,
+ 2: i32 createTime,
+ 3: string ownerName,
+}
+
// namespace for tables
struct Database {
1: string name,
2: string description,
3: string locationUri,
- 4: map<string, string> parameters // properties associated with the database
+ 4: map<string, string> parameters, // properties associated with the database
+ 5: optional PrincipalPrivilegeSet privileges
}
// This object holds the information needed by SerDes
@@ -77,7 +131,8 @@ struct Table {
9: map<string, string> parameters, // to store comments or any other user level parameters
10: string viewOriginalText, // original view text, null for non-view
11: string viewExpandedText, // expanded view text, null for non-view
- 12: string tableType // table type enum, e.g. EXTERNAL_TABLE
+ 12: string tableType, // table type enum, e.g. EXTERNAL_TABLE
+ 13: optional PrincipalPrivilegeSet privileges,
}
struct Partition {
@@ -87,7 +142,8 @@ struct Partition {
4: i32 createTime,
5: i32 lastAccessTime,
6: StorageDescriptor sd,
- 7: map<string, string> parameters
+ 7: map<string, string> parameters,
+ 8: optional PrincipalPrivilegeSet privileges
}
struct Index {
@@ -110,7 +166,6 @@ struct Schema {
2: map<string, string> properties
}
-
exception MetaException {
1: string message
}
@@ -210,6 +265,10 @@ service ThriftHiveMetastore extends fb30
throws(1:NoSuchObjectException o1, 2:MetaException o2)
Partition get_partition(1:string db_name, 2:string tbl_name, 3:list<string> part_vals)
throws(1:MetaException o1, 2:NoSuchObjectException o2)
+
+ Partition get_partition_with_auth(1:string db_name, 2:string tbl_name, 3:list<string> part_vals,
+ 4: string user_name, 5: list<string> group_names) throws(1:MetaException o1, 2:NoSuchObjectException o2)
+
Partition get_partition_by_name(1:string db_name 2:string tbl_name, 3:string part_name)
throws(1:MetaException o1, 2:NoSuchObjectException o2)
@@ -217,6 +276,9 @@ service ThriftHiveMetastore extends fb30
// If max parts is given then it will return only that many.
list<Partition> get_partitions(1:string db_name, 2:string tbl_name, 3:i16 max_parts=-1)
throws(1:NoSuchObjectException o1, 2:MetaException o2)
+ list<Partition> get_partitions_with_auth(1:string db_name, 2:string tbl_name, 3:i16 max_parts=-1,
+ 4: string user_name, 5: list<string> group_names) throws(1:NoSuchObjectException o1, 2:MetaException o2)
+
list<string> get_partition_names(1:string db_name, 2:string tbl_name, 3:i16 max_parts=-1)
throws(1:MetaException o2)
@@ -229,6 +291,9 @@ service ThriftHiveMetastore extends fb30
list<Partition> get_partitions_ps(1:string db_name 2:string tbl_name
3:list<string> part_vals, 4:i16 max_parts=-1)
throws(1:MetaException o1)
+ list<Partition> get_partitions_ps_with_auth(1:string db_name, 2:string tbl_name, 3:list<string> part_vals, 4:i16 max_parts=-1,
+ 5: string user_name, 6: list<string> group_names) throws(1:NoSuchObjectException o1, 2:MetaException o2)
+
list<string> get_partition_names_ps(1:string db_name,
2:string tbl_name, 3:list<string> part_vals, 4:i16 max_parts=-1)
throws(1:MetaException o1)
@@ -273,6 +338,24 @@ service ThriftHiveMetastore extends fb30
throws(1:NoSuchObjectException o1, 2:MetaException o2)
list<string> get_index_names(1:string db_name, 2:string tbl_name, 3:i16 max_indexes=-1)
throws(1:MetaException o2)
+
+ //authorization privileges
+
+ bool create_role(1:Role role) throws(1:MetaException o1)
+ bool drop_role(1:string role_name) throws(1:MetaException o1)
+ bool grant_role(1:string role_name, 2:string principal_name, 3:PrincipalType principal_type,
+ 4:string grantor, 5:PrincipalType grantorType, 6:bool grant_option) throws(1:MetaException o1)
+ bool revoke_role(1:string role_name, 2:string principal_name, 3:PrincipalType principal_type)
+ throws(1:MetaException o1)
+ list<Role> list_roles(1:string principal_name, 2:PrincipalType principal_type) throws(1:MetaException o1)
+
+ PrincipalPrivilegeSet get_privilege_set(1:HiveObjectRef hiveObject, 2:string user_name,
+ 3: list<string> group_names) throws(1:MetaException o1)
+ list<HiveObjectPrivilege> list_privileges(1:string principal_name, 2:PrincipalType principal_type,
+ 3: HiveObjectRef hiveObject) throws(1:MetaException o1)
+
+ bool grant_privileges(1:PrivilegeBag privileges) throws(1:MetaException o1)
+ bool revoke_privileges(1:PrivilegeBag privileges) throws(1:MetaException o1)
}
// * Note about the DDL_TIME: When creating or altering a table or a partition,