Versions Compared

Old Version 5

changes.mady.by.user richard

Saved on

compared with

New Version 6

changes.mady.by.user richard

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
#org.apache.sqoop.authorization.handler=org.apache.sqoop.security.DefaultAuthorizationHandler
#org.apache.sqoop.authorization.controller=org.apache.sqoop.security.DefaultAccessController
#org.apache.sqoop.authorization.validator=org.apache.sqoop.security.DefaultAuthorizationValidator

Image Added

  • Three metadata.
    • Role
    • Principle
      • This class defines user or group.
      • Type: user, group, role.
      • Principle could be granted a role. i.e. if we want to grant a admin role to user hadoop, then grantRole (principle (name=hadoop, type=user), role (name=admin)).
    • Resource
      • This class defines four resources in Sqoop 2.
      • Type: connector, link, job, submission.
    • Privilege
      • Action: create, view, update, delete, use, enable, disable.
      • with_grant_option: boolean, defines whether the role could grant this privilege to other role.

  • Five classes will be added into Sqoop-core as org.apache.sqoop.security package.
    • AuthorizationManager
      • Similar with other Sqoop Manager, ie. ConnectorManager, RepositoryManager, etc., the AuthorizationManager handles two singleton instances, AuthorizationManager and AuthorizationHandler.
      • The initialize function is run when starting the Sqoop server
      • The initialize function will initial AuthorizationHandler, according to the handler name (DefaultAuthorizationhandler or SentryAuthorizationHandler) from configuration file (sqoop.properties).
    • AuthorizationHandlerFactory
      • It is a factory design mode.
      • It is to use ClassUtils.loadClass to refact the real AuthorizationHandler in getAuthorizationHandler function.
    • AuthorizationHandler
      • It is an abstract class.
      • There is a default implementation (DefaultAuthorizationHandler) in Sqoop-security component.
      • It handles two singleton instances, AccessController and AuthorizationValidator.
      • All function will be delegated to these two instances to handle. AccessController to handle grantRole, revokeRole, grantPrivilege and revokePrivilege. AuthorizationValidator to handle checkPrivilege.
    • AccessController
      • It is an abstract class.
      • There is a default implementation (DefaultAccessController) in Sqoop-security component.
      • This class is responsible to manage roles, privileges.
    • AuthorzationValidator
      • It is an abstract class.
      • There is a default implementation (DefaultAuthorizationValidator) in Sqoop-security component.
      • This class is responsible to check privileges.
  • Three classes will be added into Sqoop-security as org.apache.sqoop.security package.
    • DefaultAuthorizationHandler
      • This class extends abstract AuthorizationHandler.
      • It handles two singleton instances, DefaultAccessController and DefaultAuthorizationValidator.
    • DefaultAccessController
      • This class extends abstract AccessController.
    • Default AuthorzationValidator
      • This class extends abstract AuthorizationValidator.
      • As default/simple implementation, it always returns true and will not check the privilege actually.

...

Code Block
show role
grant role –name user
add role –id 1 –name user
remove role –id 1
show role_user_group
grant role_user_group –role_id 1 –user_name sqoop
grant role_user_group –role_id 1 –group_name sqoop
revoke role_user_group –role_id 1 –user_name sqoop
revoke role_user_group –role_id 1 –group_name sqoop
show privilege
grant privilege –resource_type link –resource_id 1 –role_id 1 –action_type read -with-grant-option yes
revoke privilege –resource_type link –resource_id 1 –role_id 1 –action_type read

...