You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@impala.apache.org by jo...@apache.org on 2018/08/18 20:38:25 UTC

[6/7] impala git commit: IMPALA-7345: Add the OWNER privilege

IMPALA-7345: Add the OWNER privilege

This patch adds the OWNER privilege to the set of privileges that can
exist for a role/user. The privilege is equivalent to ALL, but cannot
be granted or revoked. It is granted/revoked by Sentry, if configured,
during CREATE, DROP, or ALTER DATABASE/TABLE SET OWNER statements.

Testing:
- Updated authorization tests
- Ran core tests

Change-Id: If63c2faa6daea6deb6d771503fe50943ae070705
Reviewed-on: http://gerrit.cloudera.org:8080/11245
Reviewed-by: Impala Public Jenkins <im...@cloudera.com>
Tested-by: Impala Public Jenkins <im...@cloudera.com>


Project: http://git-wip-us.apache.org/repos/asf/impala/repo
Commit: http://git-wip-us.apache.org/repos/asf/impala/commit/1d4df941
Tree: http://git-wip-us.apache.org/repos/asf/impala/tree/1d4df941
Diff: http://git-wip-us.apache.org/repos/asf/impala/diff/1d4df941

Branch: refs/heads/master
Commit: 1d4df94125a5465a118046f3c46c81fde7740d8a
Parents: 30bb0b3
Author: Adam Holley <gi...@holleyism.com>
Authored: Wed Aug 15 23:22:24 2018 -0500
Committer: Impala Public Jenkins <im...@cloudera.com>
Committed: Sat Aug 18 06:29:20 2018 +0000

----------------------------------------------------------------------
 common/thrift/CatalogObjects.thrift             |   3 +-
 .../apache/impala/authorization/Privilege.java  |   3 +-
 .../impala/analysis/AuthorizationStmtTest.java  | 792 +++++++++++++------
 .../authorization/ImpalaActionFactoryTest.java  |   6 +-
 4 files changed, 566 insertions(+), 238 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/impala/blob/1d4df941/common/thrift/CatalogObjects.thrift
----------------------------------------------------------------------
diff --git a/common/thrift/CatalogObjects.thrift b/common/thrift/CatalogObjects.thrift
index 29f54e4..cbd0ba1 100644
--- a/common/thrift/CatalogObjects.thrift
+++ b/common/thrift/CatalogObjects.thrift
@@ -518,7 +518,8 @@ enum TPrivilegeLevel {
   REFRESH,
   CREATE,
   ALTER,
-  DROP
+  DROP,
+  OWNER
 }
 
 // Represents a privilege in an authorization policy. Privileges contain the level

http://git-wip-us.apache.org/repos/asf/impala/blob/1d4df941/fe/src/main/java/org/apache/impala/authorization/Privilege.java
----------------------------------------------------------------------
diff --git a/fe/src/main/java/org/apache/impala/authorization/Privilege.java b/fe/src/main/java/org/apache/impala/authorization/Privilege.java
index 0b1c2f8..877b6ad 100644
--- a/fe/src/main/java/org/apache/impala/authorization/Privilege.java
+++ b/fe/src/main/java/org/apache/impala/authorization/Privilege.java
@@ -64,7 +64,8 @@ public enum Privilege {
         ALTER.getCode() |
         CREATE.getCode() |
         DROP.getCode() |
-        REFRESH.getCode());
+        REFRESH.getCode()),
+    OWNER("owner", ALL.getCode());
 
     private final BitFieldAction bitFieldAction_;