Package org.apache.hadoop.hive.ql.security.authorization.plugin

Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements.

See: Description

Interface Summary

Interface	Description
HiveAccessController	Interface that is invoked by access control commands, including grant/revoke role/privileges, create/drop roles, and commands to read the state of authorization rules.
HiveAuthorizationValidator	Interface used to check if user has privileges to perform certain action.
HiveAuthorizer	Interface for hive authorization plugins.
HiveAuthorizerFactory	Implementation of this interface specified through hive configuration will be used to create HiveAuthorizer instance used for hive authorization.
HiveMetastoreClientFactory	Factory for getting current valid instance of IMetaStoreClient Metastore client cannot be cached in authorization interface as that can get invalidated between the calls with the logic in Hive class.

Class Summary

Class	Description
AuthorizationMetaStoreFilterHook	Metastore filter hook for filtering out the list of objects that the current authorization implementation does not allow user to see
DisallowTransformHook
HiveAuthorizerImpl	Convenience implementation of HiveAuthorizer.
HiveAuthzContext	Provides context information in authorization check call that can be used for auditing and/or authorization.
HiveAuthzContext.Builder
HiveAuthzSessionContext	Provides session context information.
HiveAuthzSessionContext.Builder
HiveMetastoreClientFactoryImpl	Private implementaiton that returns instance of IMetaStoreClient
HivePrincipal	Represents the user or role in grant/revoke statements
HivePrivilege	Represents the hive privilege being granted/revoked
HivePrivilegeInfo	Represents a privilege granted for an object to a principal
HivePrivilegeObject	Represents the object on which privilege is being granted/revoked, and objects being used in queries.
HivePrivilegeObjectUtils	Utility functions for working with HivePrivilegeObject
HiveRoleGrant	Represents a grant of a role to a principal
HiveV1Authorizer
SettableConfigUpdater	Helper class that can be used by authorization implementations to set a default list of 'safe' HiveConf parameters that can be edited by user.

Enum Summary

Enum	Description
HiveAuthorizer.VERSION
HiveAuthzSessionContext.CLIENT_TYPE
HiveOperationType	List of hive operations types.
HivePrincipal.HivePrincipalType
HivePrivilegeObject.HivePrivilegeObjectType	Note that GLOBAL, PARTITION, COLUMN fields are populated only for Hive's old default authorization mode.
HivePrivilegeObject.HivePrivObjectActionType	When HiveOperationType is QUERY, this action type is set so that it is possible to determine if the action type on this object is an INSERT or INSERT_OVERWRITE

Exception Summary

Exception	Description
HiveAccessControlException	Exception thrown by the Authorization plugin api (v2).
HiveAuthzPluginException	Exception thrown by the Authorization plugin api (v2).

Package org.apache.hadoop.hive.ql.security.authorization.plugin Description

Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.