Hive Privilege 是 Hive 权限系统的基础。
PrivilegeType 权限类型
权限类型的枚举,以及根据 token 和名称返回 PrivilegeType 的静态方法。
public enum PrivilegeType {
ALL(HiveParser.TOK_PRIV_ALL, "All"),
ALTER_DATA(HiveParser.TOK_PRIV_ALTER_DATA, "Update"),
ALTER_METADATA(HiveParser.TOK_PRIV_ALTER_METADATA, "Alter"),
CREATE(HiveParser.TOK_PRIV_CREATE, "Create"),
DROP(HiveParser.TOK_PRIV_DROP, "Drop"),
LOCK(HiveParser.TOK_PRIV_LOCK, "Lock"),
SELECT(HiveParser.TOK_PRIV_SELECT, "Select"),
SHOW_DATABASE(HiveParser.TOK_PRIV_SHOW_DATABASE, "Show_Database"),
INSERT(HiveParser.TOK_PRIV_INSERT, "Insert"),
DELETE(HiveParser.TOK_PRIV_DELETE, "Delete"),
UNKNOWN(null, null);
private final String name;
private final Integer token;
PrivilegeType(Integer token, String name){
this.name = name;
this.token = token;
}
@Override
public String toString(){
return name == null ? "unkown" : name;
}
public Integer getToken() {
return token;
}
private static Map<Integer, PrivilegeType> token2Type;
private static Map<String, PrivilegeType> name2Type;
// 根据 token 返回权限类型
public static PrivilegeType getPrivTypeByToken(int token) {
// omit implements.
}
// 根据名称返回权限类型
public static PrivilegeType getPrivTypeByName(String privilegeName) {
// omit implements.
}
}
PrivilegeScope 权限的作用范围
定义了 4 种范围:用户级别,数据库级别,表级别和字段级别。定义了两个枚举集合:ALLSCOPE 是所有范围,ALLSCOPE_EXCEPT_COLUMN 是除字段外的其他范围。
public enum PrivilegeScope {
// 用户级别
USER_LEVEL_SCOPE((short) 0x01),
// 数据库级别
DB_LEVEL_SCOPE((short) 0x02),
// 表级别
TABLE_LEVEL_SCOPE((short) 0x04),
// 字段级别
COLUMN_LEVEL_SCOPE((short) 0x08);
private short mode;
private PrivilegeScope(short mode) {
this.mode = mode;
}
public short getMode() {
return mode;
}
public void setMode(short mode) {
this.mode = mode;
}
public static EnumSet<PrivilegeScope> ALLSCOPE = EnumSet.of(
PrivilegeScope.USER_LEVEL_SCOPE, PrivilegeScope.DB_LEVEL_SCOPE,
PrivilegeScope.TABLE_LEVEL_SCOPE, PrivilegeScope.COLUMN_LEVEL_SCOPE);
public static EnumSet<PrivilegeScope> ALLSCOPE_EXCEPT_COLUMN = EnumSet.of(
PrivilegeScope.USER_LEVEL_SCOPE, PrivilegeScope.DB_LEVEL_SCOPE,
PrivilegeScope.TABLE_LEVEL_SCOPE);
}
Privilege 权限
每个权限有权限类型和权限支持的范围两个变量。Privilege 不是枚举,但是定义了若干个静态变量。
public class Privilege {
private PrivilegeType priv;
private EnumSet<PrivilegeScope> supportedScopeSet;
private Privilege(PrivilegeType priv, EnumSet<PrivilegeScope> scopeSet) {
super();
this.priv = priv;
this.supportedScopeSet = scopeSet;
}
public Privilege(PrivilegeType priv) {
super();
this.priv = priv;
}
public PrivilegeType getPriv() {
return priv;
}
public void setPriv(PrivilegeType priv) {
this.priv = priv;
}
public boolean supportColumnLevel() {
return supportedScopeSet != null
&& supportedScopeSet.contains(PrivilegeScope.COLUMN_LEVEL_SCOPE);
}
public boolean supportDBLevel() {
return supportedScopeSet != null
&& supportedScopeSet.contains(PrivilegeScope.DB_LEVEL_SCOPE);
}
public boolean supportTableLevel() {
return supportedScopeSet != null
&& supportedScopeSet.contains(PrivilegeScope.TABLE_LEVEL_SCOPE);
}
public List<String> getScopeList() {
if (supportedScopeSet == null) {
return null;
}
List<String> scopes = new ArrayList<String>();
for (PrivilegeScope scope : supportedScopeSet) {
scopes.add(scope.name());
}
return scopes;
}
@Override
public String toString() {
return this.getPriv().toString();
}
public Privilege() {
}
public static Privilege ALL = new Privilege(PrivilegeType.ALL,
PrivilegeScope.ALLSCOPE_EXCEPT_COLUMN);
public static Privilege ALTER_METADATA = new Privilege(PrivilegeType.ALTER_METADATA,
PrivilegeScope.ALLSCOPE_EXCEPT_COLUMN);
public static Privilege ALTER_DATA = new Privilege(PrivilegeType.ALTER_DATA,
PrivilegeScope.ALLSCOPE_EXCEPT_COLUMN);
public static Privilege CREATE = new Privilege(PrivilegeType.CREATE,
PrivilegeScope.ALLSCOPE_EXCEPT_COLUMN);
public static Privilege DROP = new Privilege(PrivilegeType.DROP,
PrivilegeScope.ALLSCOPE_EXCEPT_COLUMN);
public static Privilege LOCK = new Privilege(PrivilegeType.LOCK,
PrivilegeScope.ALLSCOPE_EXCEPT_COLUMN);
public static Privilege SELECT = new Privilege(PrivilegeType.SELECT,
PrivilegeScope.ALLSCOPE);
public static Privilege INSERT = new Privilege(PrivilegeType.INSERT,
PrivilegeScope.ALLSCOPE_EXCEPT_COLUMN);
public static Privilege DELETE = new Privilege(PrivilegeType.DELETE,
PrivilegeScope.ALLSCOPE_EXCEPT_COLUMN);
public static Privilege SHOW_DATABASE = new Privilege(PrivilegeType.SHOW_DATABASE,
EnumSet.of(PrivilegeScope.USER_LEVEL_SCOPE));
}
HiveOperation
HiveOperation 定义了所有的 Hive 操作。每个操作有操作名,需要的输入权限和输出权限,是否允许在事务中,需要开启事务。
如 COMMIT,ROLLBACK 允许在事务中,并且需要开启事务。
SHOWTABLES,SHOWCOLUMNS,SHOW_TABLESTATUS,SHOW_TBLPROPERTIES,SHOWVIEWS,SHOWLOCKS,SHOW_GRANT,SHOW_ROLES,SET_AUTOCOMMIT 允许在事务中,但是不需要开启事务。
enum HiveOperation {
private String operationName;
private Privilege[] inputRequiredPrivileges;
private Privilege[] outputRequiredPrivileges;
private final boolean allowedInTransaction;
private final boolean requiresOpenTransaction;
}