Hive Privilege 分析

2023-10-06 15:33:34

Hive Privilege 是 Hive 权限系统的基础。

PrivilegeType 权限类型

权限类型的枚举,以及根据 token 和名称返回 PrivilegeType 的静态方法。

public enum PrivilegeType {

  ALL(HiveParser.TOK_PRIV_ALL, "All"),
  ALTER_DATA(HiveParser.TOK_PRIV_ALTER_DATA, "Update"),
  ALTER_METADATA(HiveParser.TOK_PRIV_ALTER_METADATA, "Alter"),
  CREATE(HiveParser.TOK_PRIV_CREATE, "Create"),
  DROP(HiveParser.TOK_PRIV_DROP, "Drop"),
  LOCK(HiveParser.TOK_PRIV_LOCK, "Lock"),
  SELECT(HiveParser.TOK_PRIV_SELECT, "Select"),
  SHOW_DATABASE(HiveParser.TOK_PRIV_SHOW_DATABASE, "Show_Database"),
  INSERT(HiveParser.TOK_PRIV_INSERT, "Insert"),
  DELETE(HiveParser.TOK_PRIV_DELETE, "Delete"),
  UNKNOWN(null, null);

  private final String name;
  private final Integer token;

  PrivilegeType(Integer token, String name){
    this.name = name;
    this.token = token;
  }

  @Override
  public String toString(){
    return name == null ? "unkown" : name;
  }

  public Integer getToken() {
    return token;
  }

  private static Map<Integer, PrivilegeType> token2Type;
  private static Map<String, PrivilegeType> name2Type;

  // 根据 token 返回权限类型
  public static PrivilegeType getPrivTypeByToken(int token) {
    // omit implements.
  }

  // 根据名称返回权限类型
  public static PrivilegeType getPrivTypeByName(String privilegeName) {
    // omit implements.
  }
}

PrivilegeScope 权限的作用范围

定义了 4 种范围:用户级别,数据库级别,表级别和字段级别。定义了两个枚举集合:ALLSCOPE 是所有范围,ALLSCOPE_EXCEPT_COLUMN 是除字段外的其他范围。

public enum PrivilegeScope {
  // 用户级别
  USER_LEVEL_SCOPE((short) 0x01), 
  // 数据库级别
  DB_LEVEL_SCOPE((short) 0x02), 
  // 表级别
  TABLE_LEVEL_SCOPE((short) 0x04), 
  // 字段级别
  COLUMN_LEVEL_SCOPE((short) 0x08);

  private short mode;

  private PrivilegeScope(short mode) {
    this.mode = mode;
  }

  public short getMode() {
    return mode;
  }

  public void setMode(short mode) {
    this.mode = mode;
  }
  
  public static EnumSet<PrivilegeScope> ALLSCOPE = EnumSet.of(
      PrivilegeScope.USER_LEVEL_SCOPE, PrivilegeScope.DB_LEVEL_SCOPE,
      PrivilegeScope.TABLE_LEVEL_SCOPE, PrivilegeScope.COLUMN_LEVEL_SCOPE);

  public static EnumSet<PrivilegeScope> ALLSCOPE_EXCEPT_COLUMN = EnumSet.of(
      PrivilegeScope.USER_LEVEL_SCOPE, PrivilegeScope.DB_LEVEL_SCOPE,
      PrivilegeScope.TABLE_LEVEL_SCOPE);

}

Privilege 权限

每个权限有权限类型和权限支持的范围两个变量。Privilege 不是枚举,但是定义了若干个静态变量。

public class Privilege {

  private PrivilegeType priv;

  private EnumSet<PrivilegeScope> supportedScopeSet;

  private Privilege(PrivilegeType priv, EnumSet<PrivilegeScope> scopeSet) {
    super();
    this.priv = priv;
    this.supportedScopeSet = scopeSet;
  }

  public Privilege(PrivilegeType priv) {
    super();
    this.priv = priv;

  }

  public PrivilegeType getPriv() {
    return priv;
  }

  public void setPriv(PrivilegeType priv) {
    this.priv = priv;
  }

  public boolean supportColumnLevel() {
    return supportedScopeSet != null
        && supportedScopeSet.contains(PrivilegeScope.COLUMN_LEVEL_SCOPE);
  }

  public boolean supportDBLevel() {
    return supportedScopeSet != null
        && supportedScopeSet.contains(PrivilegeScope.DB_LEVEL_SCOPE);
  }

  public boolean supportTableLevel() {
    return supportedScopeSet != null
        && supportedScopeSet.contains(PrivilegeScope.TABLE_LEVEL_SCOPE);
  }

  public List<String> getScopeList() {
    if (supportedScopeSet == null) {
      return null;
    }
    List<String> scopes = new ArrayList<String>();
    for (PrivilegeScope scope : supportedScopeSet) {
      scopes.add(scope.name());
    }
    return scopes;
  }

  @Override
  public String toString() {
    return this.getPriv().toString();
  }

  public Privilege() {
  }

  public static Privilege ALL = new Privilege(PrivilegeType.ALL,
      PrivilegeScope.ALLSCOPE_EXCEPT_COLUMN);

  public static Privilege ALTER_METADATA = new Privilege(PrivilegeType.ALTER_METADATA,
      PrivilegeScope.ALLSCOPE_EXCEPT_COLUMN);

  public static Privilege ALTER_DATA = new Privilege(PrivilegeType.ALTER_DATA,
      PrivilegeScope.ALLSCOPE_EXCEPT_COLUMN);

  public static Privilege CREATE = new Privilege(PrivilegeType.CREATE,
      PrivilegeScope.ALLSCOPE_EXCEPT_COLUMN);

  public static Privilege DROP = new Privilege(PrivilegeType.DROP,
      PrivilegeScope.ALLSCOPE_EXCEPT_COLUMN);

  public static Privilege LOCK = new Privilege(PrivilegeType.LOCK,
      PrivilegeScope.ALLSCOPE_EXCEPT_COLUMN);

  public static Privilege SELECT = new Privilege(PrivilegeType.SELECT,
      PrivilegeScope.ALLSCOPE);

  public static Privilege INSERT = new Privilege(PrivilegeType.INSERT,
      PrivilegeScope.ALLSCOPE_EXCEPT_COLUMN);

  public static Privilege DELETE = new Privilege(PrivilegeType.DELETE,
      PrivilegeScope.ALLSCOPE_EXCEPT_COLUMN);

  public static Privilege SHOW_DATABASE = new Privilege(PrivilegeType.SHOW_DATABASE,
      EnumSet.of(PrivilegeScope.USER_LEVEL_SCOPE));

}

HiveOperation

HiveOperation 定义了所有的 Hive 操作。每个操作有操作名,需要的输入权限和输出权限,是否允许在事务中,需要开启事务。
如 COMMIT,ROLLBACK 允许在事务中,并且需要开启事务。
SHOWTABLES,SHOWCOLUMNS,SHOW_TABLESTATUS,SHOW_TBLPROPERTIES,SHOWVIEWS,SHOWLOCKS,SHOW_GRANT,SHOW_ROLES,SET_AUTOCOMMIT 允许在事务中,但是不需要开启事务。

  
enum HiveOperation {
  private String operationName;

  private Privilege[] inputRequiredPrivileges;

  private Privilege[] outputRequiredPrivileges;

  private final boolean allowedInTransaction;
  private final boolean requiresOpenTransaction;
}
上一篇:HIVE日常使用笔记


下一篇:linux文件系统之获取目录信息总结