@Override
 public void checkCanRenameColumn(
     TransactionId transactionId, Identity identity, QualifiedObjectName tableName) {
   if (shouldDenyPrivilege(identity.getUser(), tableName.getObjectName(), RENAME_COLUMN)) {
     denyRenameColumn(tableName.toString());
   }
   super.checkCanRenameColumn(transactionId, identity, tableName);
 }
 @Override
 public void checkCanSetSystemSessionProperty(Identity identity, String propertyName) {
   if (shouldDenyPrivilege(identity.getUser(), propertyName, SET_SESSION)) {
     denySetSystemSessionProperty(propertyName);
   }
   if (denyPrivileges.isEmpty()) {
     super.checkCanSetSystemSessionProperty(identity, propertyName);
   }
 }
 @Override
 public void checkCanSetCatalogSessionProperty(
     TransactionId transactionId, Identity identity, String catalogName, String propertyName) {
   if (shouldDenyPrivilege(identity.getUser(), catalogName + "." + propertyName, SET_SESSION)) {
     denySetCatalogSessionProperty(catalogName, propertyName);
   }
   if (denyPrivileges.isEmpty()) {
     super.checkCanSetCatalogSessionProperty(transactionId, identity, catalogName, propertyName);
   }
 }
 @Override
 public void checkCanSelectFromView(
     TransactionId transactionId, Identity identity, QualifiedObjectName viewName) {
   if (shouldDenyPrivilege(identity.getUser(), viewName.getObjectName(), SELECT_VIEW)) {
     denySelectView(viewName.toString());
   }
   if (denyPrivileges.isEmpty()) {
     super.checkCanSelectFromView(transactionId, identity, viewName);
   }
 }
 @Override
 public void checkCanDeleteFromTable(
     TransactionId transactionId, Identity identity, QualifiedObjectName tableName) {
   if (shouldDenyPrivilege(identity.getUser(), tableName.getObjectName(), DELETE_TABLE)) {
     denyDeleteTable(tableName.toString());
   }
   if (denyPrivileges.isEmpty()) {
     super.checkCanDeleteFromTable(transactionId, identity, tableName);
   }
 }
 @Override
 public void checkCanInsertIntoTable(
     TransactionId transactionId, Identity identity, QualifiedObjectName tableName) {
   if (shouldDenyPrivilege(identity.getUser(), tableName.getObjectName(), INSERT_TABLE)) {
     denyInsertTable(tableName.toString());
   }
   if (denyPrivileges.isEmpty()) {
     super.checkCanInsertIntoTable(transactionId, identity, tableName);
   }
 }
 @Override
 public void checkCanDropSchema(
     TransactionId transactionId, Identity identity, CatalogSchemaName schemaName) {
   if (shouldDenyPrivilege(identity.getUser(), schemaName.getSchemaName(), DROP_SCHEMA)) {
     denyDropSchema(schemaName.toString());
   }
   if (denyPrivileges.isEmpty()) {
     super.checkCanDropSchema(transactionId, identity, schemaName);
   }
 }
 @Override
 public void checkCanCreateViewWithSelectFromTable(
     TransactionId transactionId, Identity identity, QualifiedObjectName tableName) {
   if (shouldDenyPrivilege(
       identity.getUser(), tableName.getObjectName(), CREATE_VIEW_WITH_SELECT_TABLE)) {
     denySelectTable(tableName.toString());
   }
   if (denyPrivileges.isEmpty()) {
     super.checkCanCreateViewWithSelectFromTable(transactionId, identity, tableName);
   }
 }
  private boolean checkTablePermission(
      Identity identity, SchemaTableName tableName, HivePrivilege... requiredPrivileges) {
    if (INFORMATION_SCHEMA_NAME.equals(tableName.getSchemaName())) {
      return true;
    }

    Set<HivePrivilege> privilegeSet =
        metastore.getTablePrivileges(
            identity.getUser(), tableName.getSchemaName(), tableName.getTableName());
    return privilegeSet.containsAll(ImmutableSet.copyOf(requiredPrivileges));
  }
 @Override
 public void checkCanRenameTable(
     TransactionId transactionId,
     Identity identity,
     QualifiedObjectName tableName,
     QualifiedObjectName newTableName) {
   if (shouldDenyPrivilege(identity.getUser(), tableName.getObjectName(), RENAME_TABLE)) {
     denyRenameTable(tableName.toString(), newTableName.toString());
   }
   if (denyPrivileges.isEmpty()) {
     super.checkCanRenameTable(transactionId, identity, tableName, newTableName);
   }
 }
Esempio n. 11
0
  @Override
  public void checkCanDropTable(
      ConnectorTransactionHandle transaction, Identity identity, SchemaTableName tableName) {
    if (!allowDropTable) {
      denyDropTable(tableName.toString());
    }

    Optional<Table> target =
        metastoreProvider
            .apply(((HiveTransactionHandle) transaction))
            .getTable(tableName.getSchemaName(), tableName.getTableName());

    if (!target.isPresent()) {
      denyDropTable(tableName.toString(), "Table not found");
    }

    if (!identity.getUser().equals(target.get().getOwner())) {
      denyDropTable(tableName.toString(), "Owner of the table is different from session user");
    }
  }
 private boolean checkDatabasePermission(
     Identity identity, String schemaName, HivePrivilege... requiredPrivileges) {
   Set<HivePrivilege> privilegeSet =
       metastore.getDatabasePrivileges(identity.getUser(), schemaName);
   return privilegeSet.containsAll(ImmutableSet.copyOf(requiredPrivileges));
 }
 @Override
 public void checkCanSetCatalogSessionProperty(Identity identity, String propertyName) {
   if (!metastore.getRoles(identity.getUser()).contains(ADMIN_ROLE_NAME)) {
     denySetCatalogSessionProperty(connectorId, propertyName);
   }
 }