You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@impala.apache.org by jo...@apache.org on 2018/08/18 20:38:25 UTC
[6/7] impala git commit: IMPALA-7345: Add the OWNER privilege
IMPALA-7345: Add the OWNER privilege
This patch adds the OWNER privilege to the set of privileges that can
exist for a role/user. The privilege is equivalent to ALL, but cannot
be granted or revoked. It is granted/revoked by Sentry, if configured,
during CREATE, DROP, or ALTER DATABASE/TABLE SET OWNER statements.
Testing:
- Updated authorization tests
- Ran core tests
Change-Id: If63c2faa6daea6deb6d771503fe50943ae070705
Reviewed-on: http://gerrit.cloudera.org:8080/11245
Reviewed-by: Impala Public Jenkins <im...@cloudera.com>
Tested-by: Impala Public Jenkins <im...@cloudera.com>
Project: http://git-wip-us.apache.org/repos/asf/impala/repo
Commit: http://git-wip-us.apache.org/repos/asf/impala/commit/1d4df941
Tree: http://git-wip-us.apache.org/repos/asf/impala/tree/1d4df941
Diff: http://git-wip-us.apache.org/repos/asf/impala/diff/1d4df941
Branch: refs/heads/master
Commit: 1d4df94125a5465a118046f3c46c81fde7740d8a
Parents: 30bb0b3
Author: Adam Holley <gi...@holleyism.com>
Authored: Wed Aug 15 23:22:24 2018 -0500
Committer: Impala Public Jenkins <im...@cloudera.com>
Committed: Sat Aug 18 06:29:20 2018 +0000
----------------------------------------------------------------------
common/thrift/CatalogObjects.thrift | 3 +-
.../apache/impala/authorization/Privilege.java | 3 +-
.../impala/analysis/AuthorizationStmtTest.java | 792 +++++++++++++------
.../authorization/ImpalaActionFactoryTest.java | 6 +-
4 files changed, 566 insertions(+), 238 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/impala/blob/1d4df941/common/thrift/CatalogObjects.thrift
----------------------------------------------------------------------
diff --git a/common/thrift/CatalogObjects.thrift b/common/thrift/CatalogObjects.thrift
index 29f54e4..cbd0ba1 100644
--- a/common/thrift/CatalogObjects.thrift
+++ b/common/thrift/CatalogObjects.thrift
@@ -518,7 +518,8 @@ enum TPrivilegeLevel {
REFRESH,
CREATE,
ALTER,
- DROP
+ DROP,
+ OWNER
}
// Represents a privilege in an authorization policy. Privileges contain the level
http://git-wip-us.apache.org/repos/asf/impala/blob/1d4df941/fe/src/main/java/org/apache/impala/authorization/Privilege.java
----------------------------------------------------------------------
diff --git a/fe/src/main/java/org/apache/impala/authorization/Privilege.java b/fe/src/main/java/org/apache/impala/authorization/Privilege.java
index 0b1c2f8..877b6ad 100644
--- a/fe/src/main/java/org/apache/impala/authorization/Privilege.java
+++ b/fe/src/main/java/org/apache/impala/authorization/Privilege.java
@@ -64,7 +64,8 @@ public enum Privilege {
ALTER.getCode() |
CREATE.getCode() |
DROP.getCode() |
- REFRESH.getCode());
+ REFRESH.getCode()),
+ OWNER("owner", ALL.getCode());
private final BitFieldAction bitFieldAction_;