You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by Apache Wiki <wi...@apache.org> on 2011/01/12 23:25:18 UTC
[Hadoop Wiki] Update of "Hive/AuthDev" by HeYongqiang
Dear Wiki user,
You have subscribed to a wiki page or wiki category on "Hadoop Wiki" for change notification.
The "Hive/AuthDev" page has been changed by HeYongqiang.
http://wiki.apache.org/hadoop/Hive/AuthDev?action=diff&rev1=6&rev2=7
--------------------------------------------------
First try user name:
- first try to deny this access by look up the deny tables by user name:
-
- 1. If there is an entry in 'user' that deny this access, return DENY
-
- 2. If there is an entry in 'db' that deny this access, return DENY
-
- 3. If there is an entry in 'table' that deny this access, return DENY
-
- 4. If there is an entry in 'column' that deny this access, return DENY
-
- Perform the above steps for each group/roles that the user belongs to.
-
- if deny failed, go through all privilege levels with the user name:
-
- 5. If there is an entry in 'user' that accept this access, return ACCEPT
+ 1. If there is an entry in 'user' that accept this access, return ACCEPT
- 6. If there is an entry in 'db' that accept this access, return ACCEPT
+ 2. If there is an entry in 'db' that accept this access, return ACCEPT
- 7. If there is an entry in 'table' that accept this access, return ACCEPT
+ 3. If there is an entry in 'table' that accept this access, return ACCEPT
- 8. If there is an entry in 'column' that accept this access, return ACCEPT
+ 4. If there is an entry in 'column' that accept this access, return ACCEPT
Second try the user's group/role names one by one until we get an ACCEPT.
@@ -387, +373 @@
Authorization decision manager manages a set of authorization provider, and each provider can decide to accept or deny. And it is the decision manager to do the final decision. Can be vote based, or one -1 then deny, or one +1 then accept. Authorization provider decides whether to accept or deny an access based on his own information.
+ = 8. Metastore upgrade script for mysql =
+
+ {{{
+ --
+ -- Table structure for table `ROLES`
+ --
+
+ DROP TABLE IF EXISTS `ROLES`;
+ CREATE TABLE `ROLES` (
+ `ROLE_ID` bigint(20) NOT NULL,
+ `CREATE_TIME` int(11) NOT NULL,
+ `OWNER_NAME` varchar(128) character set latin1 collate latin1_bin default NULL,
+ `ROLE_NAME` varchar(128) character set latin1 collate latin1_bin default NULL,
+ PRIMARY KEY (`ROLE_ID`),
+ UNIQUE KEY `ROLEENTITYINDEX` (`ROLE_NAME`)
+ ) ENGINE=InnoDB DEFAULT CHARSET=latin1;
+
+
+ --
+ -- Table structure for table `ROLE_MAP`
+ --
+
+ DROP TABLE IF EXISTS `ROLE_MAP`;
+ CREATE TABLE `ROLE_MAP` (
+ `ROLE_GRANT_ID` bigint(20) NOT NULL,
+ `ADD_TIME` int(11) NOT NULL,
+ `GRANT_OPTION` smallint(6) NOT NULL,
+ `GRANTOR` varchar(128) character set latin1 collate latin1_bin default NULL,
+ `GRANTOR_TYPE` varchar(128) character set latin1 collate latin1_bin default NULL,
+ `PRINCIPAL_NAME` varchar(128) character set latin1 collate latin1_bin default NULL,
+ `PRINCIPAL_TYPE` varchar(128) character set latin1 collate latin1_bin default NULL,
+ `ROLE_ID` bigint(20) default NULL,
+ PRIMARY KEY (`ROLE_GRANT_ID`),
+ UNIQUE KEY `USERROLEMAPINDEX` (`PRINCIPAL_NAME`,`ROLE_ID`,`GRANTOR`,`GRANTOR_TYPE`),
+ KEY `ROLE_MAP_N49` (`ROLE_ID`),
+ CONSTRAINT `ROLE_MAP_FK1` FOREIGN KEY (`ROLE_ID`) REFERENCES `ROLES` (`ROLE_ID`)
+ ) ENGINE=InnoDB DEFAULT CHARSET=latin1;
+
+ --
+ -- Table structure for table `GLOBAL_PRIVS`
+ --
+
+ DROP TABLE IF EXISTS `GLOBAL_PRIVS`;
+ CREATE TABLE `GLOBAL_PRIVS` (
+ `USER_GRANT_ID` bigint(20) NOT NULL,
+ `CREATE_TIME` int(11) NOT NULL,
+ `GRANT_OPTION` smallint(6) NOT NULL,
+ `GRANTOR` varchar(128) character set latin1 collate latin1_bin default NULL,
+ `GRANTOR_TYPE` varchar(128) character set latin1 collate latin1_bin default NULL,
+ `PRINCIPAL_NAME` varchar(128) character set latin1 collate latin1_bin default NULL,
+ `PRINCIPAL_TYPE` varchar(128) character set latin1 collate latin1_bin default NULL,
+ `USER_PRIV` varchar(128) character set latin1 collate latin1_bin default NULL,
+ PRIMARY KEY (`USER_GRANT_ID`),
+ UNIQUE KEY `GLOBALPRIVILEGEINDEX` (`PRINCIPAL_NAME`,`PRINCIPAL_TYPE`,`USER_PRIV`,`GRANTOR`,`GRANTOR_TYPE`)
+ ) ENGINE=InnoDB DEFAULT CHARSET=latin1;
+
+
+ --
+ -- Table structure for table `DB_PRIVS`
+ --
+
+ DROP TABLE IF EXISTS `DB_PRIVS`;
+ CREATE TABLE `DB_PRIVS` (
+ `DB_GRANT_ID` bigint(20) NOT NULL,
+ `CREATE_TIME` int(11) NOT NULL,
+ `DB_ID` bigint(20) default NULL,
+ `GRANT_OPTION` smallint(6) NOT NULL,
+ `GRANTOR` varchar(128) character set latin1 collate latin1_bin default NULL,
+ `GRANTOR_TYPE` varchar(128) character set latin1 collate latin1_bin default NULL,
+ `PRINCIPAL_NAME` varchar(128) character set latin1 collate latin1_bin default NULL,
+ `PRINCIPAL_TYPE` varchar(128) character set latin1 collate latin1_bin default NULL,
+ `DB_PRIV` varchar(128) character set latin1 collate latin1_bin default NULL,
+ PRIMARY KEY (`DB_GRANT_ID`),
+ UNIQUE KEY `DBPRIVILEGEINDEX` (`DB_ID`,`PRINCIPAL_NAME`,`PRINCIPAL_TYPE`,`DB_PRIV`,`GRANTOR`,`GRANTOR_TYPE`),
+ KEY `DB_PRIVS_N49` (`DB_ID`),
+ CONSTRAINT `DB_PRIVS_FK1` FOREIGN KEY (`DB_ID`) REFERENCES `DBS` (`DB_ID`)
+ ) ENGINE=InnoDB DEFAULT CHARSET=latin1;
+
+ --
+ -- Table structure for table `TBL_PRIVS`
+ --
+
+ DROP TABLE IF EXISTS `TBL_PRIVS`;
+
+ CREATE TABLE `TBL_PRIVS` (
+ `TBL_GRANT_ID` bigint(20) NOT NULL,
+ `CREATE_TIME` int(11) NOT NULL,
+ `GRANT_OPTION` smallint(6) NOT NULL,
+ `GRANTOR` varchar(128) character set latin1 collate latin1_bin default NULL,
+ `GRANTOR_TYPE` varchar(128) character set latin1 collate latin1_bin default NULL,
+ `PRINCIPAL_NAME` varchar(128) character set latin1 collate latin1_bin default NULL,
+ `PRINCIPAL_TYPE` varchar(128) character set latin1 collate latin1_bin default NULL,
+ `TBL_PRIV` varchar(128) character set latin1 collate latin1_bin default NULL,
+ `TBL_ID` bigint(20) default NULL,
+ PRIMARY KEY (`TBL_GRANT_ID`),
+ KEY `TBL_PRIVS_N49` (`TBL_ID`),
+ KEY `TABLEPRIVILEGEINDEX` (`TBL_ID`,`PRINCIPAL_NAME`,`PRINCIPAL_TYPE`,`TBL_PRIV`,`GRANTOR`,`GRANTOR_TYPE`),
+ CONSTRAINT `TBL_PRIVS_FK1` FOREIGN KEY (`TBL_ID`) REFERENCES `TBLS` (`TBL_ID`)
+ ) ENGINE=InnoDB DEFAULT CHARSET=latin1;
+
+ --
+ -- Table structure for table `TBL_COL_PRIVS`
+ --
+
+ DROP TABLE IF EXISTS `TBL_COL_PRIVS`;
+ CREATE TABLE `TBL_COL_PRIVS` (
+ `TBL_COLUMN_GRANT_ID` bigint(20) NOT NULL,
+ `COLUMN_NAME` varchar(128) character set latin1 collate latin1_bin default NULL,
+ `CREATE_TIME` int(11) NOT NULL,
+ `GRANT_OPTION` smallint(6) NOT NULL,
+ `GRANTOR` varchar(128) character set latin1 collate latin1_bin default NULL,
+ `GRANTOR_TYPE` varchar(128) character set latin1 collate latin1_bin default NULL,
+ `PRINCIPAL_NAME` varchar(128) character set latin1 collate latin1_bin default NULL,
+ `PRINCIPAL_TYPE` varchar(128) character set latin1 collate latin1_bin default NULL,
+ `TBL_COL_PRIV` varchar(128) character set latin1 collate latin1_bin default NULL,
+ `TBL_ID` bigint(20) default NULL,
+ PRIMARY KEY (`TBL_COLUMN_GRANT_ID`),
+ KEY `TABLECOLUMNPRIVILEGEINDEX` (`TBL_ID`,`COLUMN_NAME`,`PRINCIPAL_NAME`,`PRINCIPAL_TYPE`,`TBL_COL_PRIV`,`GRANTOR`,`GRANTOR_TYPE`),
+ KEY `TBL_COL_PRIVS_N49` (`TBL_ID`),
+ CONSTRAINT `TBL_COL_PRIVS_FK1` FOREIGN KEY (`TBL_ID`) REFERENCES `TBLS` (`TBL_ID`)
+ ) ENGINE=InnoDB DEFAULT CHARSET=latin1;
+ }}}
+
------------
= HDFS Permission =