Review Board 1.7.22


HCATALOG-245 StorageHandler authorization providers

Review Request #3846 - Created Feb. 11, 2012 and updated

enis
HCATALOG-245
Reviewers
hcatalog
hcatalog-git
As per the design in the parent issue, we will delegate the authorization checks to the storage handler (hdfs is considered as a storage handler as well). This jira will introduce HiveAuthorizationProviders for hbase + hdfs.

 
conf/proto-hive-site.xml
Revision 4251c2a New Change
[20] 106 lines
[+20]
107
  <name>hive.metastore.partition.inherit.table.properties</name>
107
  <name>hive.metastore.partition.inherit.table.properties</name>
108
  <value>hcat.isd,hcat.osd</value>
108
  <value>hcat.isd,hcat.osd</value>
109
  <description>HCatalog sets this property value to hcat.isd, hcat.osd so that there is no need to do alter table set file format after adding partitions to the table.</description>
109
  <description>HCatalog sets this property value to hcat.isd, hcat.osd so that there is no need to do alter table set file format after adding partitions to the table.</description>
110
</property>
110
</property>
111

    
   
111

   

    
   
112
<property>

    
   
113
  <name>hive.security.authorization.enabled</name>

    
   
114
  <value>true</value>

    
   
115
  <description>enable or disable the hive client authorization</description>

    
   
116
</property>

    
   
117

   

    
   
118
<property>

    
   
119
  <name>hive.security.authorization.manager</name>

    
   
120
  <value>org.apache.hcatalog.security.StorageDelegationAuthorizationProvider</value>

    
   
121
  <description>the hive client authorization manager class name.

    
   
122
  The user defined authorization class should implement interface org.apache.hadoop.hive.ql.security.authorization.HiveAuthorizationProvider.

    
   
123
  HCatalog uses a model, where authorization checks are delegated to the storage layer (hdfs, hbase, ...).

    
   
124
  </description>

    
   
125
</property>

    
   
126

   
112
</configuration>
127
</configuration>
src/java/org/apache/hcatalog/cli/SemanticAnalysis/AddPartitionHook.java
Revision efbb79a New Change
 
src/java/org/apache/hcatalog/cli/SemanticAnalysis/CreateDatabaseHook.java
Revision 109de31 New Change
 
src/java/org/apache/hcatalog/cli/SemanticAnalysis/CreateTableHook.java
Revision 098a06b New Change
 
src/java/org/apache/hcatalog/cli/SemanticAnalysis/HCatSemanticAnalyzer.java
Revision 8387d8e New Change
 
src/java/org/apache/hcatalog/cli/SemanticAnalysis/HCatSemanticAnalyzerBase.java
New File
 
src/java/org/apache/hcatalog/common/AuthUtils.java
Revision 7cba8dc New Change
 
src/java/org/apache/hcatalog/security/HdfsAuthorizationProvider.java
New File
 
src/java/org/apache/hcatalog/security/StorageDelegationAuthorizationProvider.java
New File
 
src/test/excluded-tests
Revision 8b13789 New Change
 
src/test/org/apache/hcatalog/HcatTestUtils.java
New File
 
src/test/org/apache/hcatalog/security/TestHdfsAuthorizationProvider.java
New File
 
  1. conf/proto-hive-site.xml: Loading...
  2. src/java/org/apache/hcatalog/cli/SemanticAnalysis/AddPartitionHook.java: Loading...
  3. src/java/org/apache/hcatalog/cli/SemanticAnalysis/CreateDatabaseHook.java: Loading...
  4. src/java/org/apache/hcatalog/cli/SemanticAnalysis/CreateTableHook.java: Loading...
  5. src/java/org/apache/hcatalog/cli/SemanticAnalysis/HCatSemanticAnalyzer.java: Loading...
  6. src/java/org/apache/hcatalog/cli/SemanticAnalysis/HCatSemanticAnalyzerBase.java: Loading...
  7. src/java/org/apache/hcatalog/common/AuthUtils.java: Loading...
  8. src/java/org/apache/hcatalog/security/HdfsAuthorizationProvider.java: Loading...
  9. src/java/org/apache/hcatalog/security/StorageDelegationAuthorizationProvider.java: Loading...
  10. src/test/excluded-tests: Loading...
  11. src/test/org/apache/hcatalog/HcatTestUtils.java: Loading...
  12. src/test/org/apache/hcatalog/security/TestHdfsAuthorizationProvider.java: Loading...