THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
- The grant/revoke privilege should be run in command line in Sqoop client
- The commands are showed below
Code Block |
---|
show role
show role -pid 1
update role -rid 1 -name admin
remove role -rid 1
grant role –name user
add role –id 1 –name user
remove role –id 1
show role_user_group
grant principle –role_id 1 –user_name sqoop
grant principle –role_id 1 –group_name sqoop
revoke principle –role_id 1 –user_name sqoop
revoke principle –role_id 1 –group_name sqoop
show privilege
grant privilege –resource_type link –resource_id 1 –role_id 1 –action_type read -with-grant-option yes
revoke privilege –resource_type link –resource_id 1 –role_id 1 –action_type read |
- Restful call API is handled by org.apache.sqoop.handler.AuthorizationRequestHandler.java in sqoop-server
- GET /v1/role/{rid}
- GET /v1/role/principle/type/{type}/name/{name}
- Return details about one particular role with id:rid
- Return all roles the particular principle has with principle (type, name)
- Return all of them if rid equals to "all"
- PUT /v1/role
- DELETE /v1/role/{rid}
- GET /v1/principle/{pid}
- GET /v1/principle/role/{rid}
- Return details about one particular principle with id:pid
- Return all principles the particular role has with role (rid)
- Return all of them if pid equals to "all"
- GET /v1/role/{rid}
- GET /v1/role/principle/type/{type}/name/{name}
- Return details about one particular role with id:rid
- Return all roles the particular principle has with principle (type, name)
- Return all of them if rid equals to "all"
- PUT /v1/grant_role
- Grant a role to a user/group/role
- PUT data of JsonObject role(id) list and principle (type, name) list
- PUT /v1/revoke_role
- Revoke/Remove a existing role
- Create new grant
- PUT data of JsonObject role(id) list and principle (type, name) list
- GET /v1/resource/{rid}
- Return details about one particular role with id:rid
- Return all of them if rid equals to "all"
- PUT /v1/resource
- DELETE /v1/principleresource/{gidrid}
- GET /v1/privilege/{pid}
- Return details about one particular privilege with with id:pid
- Return all of them if pid equals to "all"
- PUT /v1/privilege
- DELETE /v1/privilege/{pid}
- PUT /v1/grant_privilege
- Grant a privilege to a role
- PUT data of JsonObject role(id) list and privilege (resource, action, with_grant_option) list
- PUT /v1/revoke_privilege
- Revoke/Remove a existing privilege grant
- PUT data of JsonObject role(id) list and privilege (resource, action, with_grant_option) list
Sentry implementation
- Sentry could be used as an alternative access controller
- Config in sqoop.properties
...