/** Raise error if the given query contains transforms */ @Override public void run(HookContext hookContext) throws Exception { HiveAuthzBinding hiveAuthzBinding = HiveAuthzBinding.get(hookContext.getConf()); try { QueryPlan qPlan = hookContext.getQueryPlan(); if ((qPlan == null) || (qPlan.getQueryProperties() == null)) { return; } // validate server level permissions permission for transforms if (qPlan.getQueryProperties().usesScript()) { if (hiveAuthzBinding == null) { LOG.warn("No authorization binding found, skipping the authorization for transform"); return; } List<List<DBModelAuthorizable>> inputHierarchy = new ArrayList<List<DBModelAuthorizable>>(); List<List<DBModelAuthorizable>> outputHierarchy = new ArrayList<List<DBModelAuthorizable>>(); List<DBModelAuthorizable> serverHierarchy = new ArrayList<DBModelAuthorizable>(); serverHierarchy.add(hiveAuthzBinding.getAuthServer()); inputHierarchy.add(serverHierarchy); hiveAuthzBinding.authorize( HiveOperation.QUERY, HiveAuthzPrivilegesMap.getHiveExtendedAuthzPrivileges(HiveExtendedOperation.TRANSFORM), new Subject(hookContext.getUserName()), inputHierarchy, outputHierarchy); } } finally { if (hiveAuthzBinding != null) { hiveAuthzBinding.clear(hookContext.getConf()); } } }