Versions Compared

Old Version 9

changes.mady.by.user richard

Saved on

compared with

New Version 10

changes.mady.by.user richard

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • The grant/revoke privilege should be run in command line in Sqoop client
  • The commands are showed below
Code Block
show role
show role -pid 1
update role -rid 1 -name admin
remove role -rid 1
grant role –name user
add role –id 1 –name user
remove role –id 1
show role_user_group
grant principle –role_id 1 –user_name sqoop
grant principle –role_id 1 –group_name sqoop
revoke principle –role_id 1 –user_name sqoop
revoke principle –role_id 1 –group_name sqoop
show privilege
grant privilege –resource_type link –resource_id 1 –role_id 1 –action_type read -with-grant-option yes
revoke privilege –resource_type link –resource_id 1 –role_id 1 –action_type read
  • Restful call API is handled by org.apache.sqoop.handler.AuthorizationRequestHandler.java in sqoop-server
    • GET /v1/role/{rid}
    • GET /v1/role/principle/type/{type}/name/{name}
      • Return details about one particular role with id:rid
      • Return all roles the particular principle has with principle (type, name)
      • Return all of them if rid equals to "all"
    • PUT /v1/role
      • Create new role without id:rid
      • Update existing role with id:rid
      • PUT data of JsonObject role (id, name)
    • DELETE /v1/role/{rid}

    • GET /v1/principle/{pid}
    • GET /v1/principle/role/{rid}
      • Return details about one particular principle with id:pid
      • Return all principles the particular role has with role (rid)
      • Return all of them if pid equals to "all"
    • GET /v1/role/{rid}
    • GET /v1/role/principle/type/{type}/name/{name}
      • Return details about one particular role with id:rid
      • Return all roles the particular principle has with principle (type, name)
      • Return all of them if rid equals to "all"

    • PUT /v1/grant_role
      • Grant a role to a user/group/role
      • PUT data of JsonObject role(id) list and principle (type, name) list
    • PUT /v1/revoke_role
      • Revoke/Remove a existing role
      • Create new grant
      • PUT data of JsonObject role(id) list and principle (type, name) list

    • GET /v1/resource/{rid}
      • Return details about one particular role with id:rid
      • Return all of them if rid equals to "all"
    • PUT /v1/resource
      • Create new resource without id:rid
      • Update existing resource with id:rid
      • PUT data of JsonObject resource (type, name)
    • DELETE /v1/principleresource/{gidrid}

    • GET /v1/privilege/{pid}
      • Return details about one particular privilege with with id:pid
      • Return all of them if pid equals to "all"
    • PUT /v1/privilege
      • Create new role without privilege without id:pid
      • Update existing privilege with role with id:pid
      • PUT data of JsonObject MRoleUserGroupprivilege(resource, action, with_grant_option)
    • DELETE /v1/privilege/{pid}

    • PUT /v1/grant_privilege
      • Grant a privilege to a role
      • PUT data of JsonObject role(id) list and privilege (resource, action, with_grant_option) list
    • PUT /v1/revoke_privilege
      • Revoke/Remove a existing privilege grant
      • PUT data of JsonObject role(id) list and privilege (resource, action, with_grant_option) list

Sentry implementation

  • Sentry could be used as an alternative access controller
  • Config in sqoop.properties

...