THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
- The grant/revoke privilege should be run in command line in Sqoop client
- The commands are showed below
Create/Drop Role
Code Block |
---|
showCREATE ROLE role_name show DROP roleROLE -role_name admin show role -principal |
Grant/Revoke Roles
Code Block |
---|
GRANT ROLE role_name sqoop[, -principalrole_type user show role -privilege_name my_privilege add role –role_name admin update role -old_name] ... TO principal_specification [, principal_specification] ... REVOKE ROLE role_name admin[, -new_role_name developer remove role -role_name admin show principal show principal -principal_name sqoop show principal -principal_type user show principal -principal_name sqoop -principal_type user show principal -role_name admin add principal –principal_name sqoop -principal_type user update principal -old_principal_name sqoop -old_principal_type user -new_principal_name hadoop -new_principal_type group remove principal -principal_name sqoop remove principal -principal_type user remove principal -principal_name sqoop -principal_type user grant role –role_name admin -principal_name sqoop -principal_type user revoke role –role_name admin -principal_name sqoop -principal_type user show resource show resource -resource_type link show resource -resource_name 1 -resource_type link add resource -resource_name 1 -resource_type link update resource -old_resource_name 1 -old_resource_type link -new_resource_name 2 -new_resource_type link remove resource -resource_type link remove resource -resource_name 1 -resource_type link show privilege show privilege -privilege_name my_privilege show privilege -resource_name 1 -resource_type link show privilege -role_name admin add privilege -privilege_name my_privilege -resource_name 1 -resource_type link -action create -with_grant_option true update privilege -old_privilege_name my_privilege -old_resource_name 1 -old_resource_type link -old_action create -old_with_grant_option true -new_privilege_name others_privilege -new_resource_name 1 -new_resource_type link -new_action create -new_with_grant_option true remove privilege -privilege_name my_privilege remove privilege -resource_name 1 -resource_type link grant privilege –role_name admin -privilege_name my_privilege revoke privilege –role_name admin -privilege_name my_privilege] ... FROM principal_specification [, principal_specification] ... principal_specification: USER user_name | GROUP group_name | ROLE role_name |
Viewing Granted Roles
Code Block |
---|
SHOW ROLE GRANT principal_specification
principal_specification:
USER user_name | GROUP group_name | ROLE role_name |
Grant/Revoke Privileges
Code Block |
---|
GRANT privilege_action_type [, privilege_action_type] ... ON resource_object_specification [, resource_object_specification] ... TO principal_specification [, principal_specification] ... [WITH GRANT OPTION]
REVOKE [GRANT OPTION FOR] privilege_action_type [, privilege_action_type] ... ON resource_object_specification [, resource_object_specification] ... FROM principal_specification [, principal_specification] ...
REVOKE ALL PRIVILEGES, GRANT OPTION FROM principal_specification [, principal_specification] ...
privilege_action_type:
ALL | ALTER | UPDATE | CREATE | DROP | INDEX | LOCK | SELECT | SHOW_DATABASE
resource:
SERVER server_name | CONNECTOR connector_name | LINK link_name | JOB job_name
principal_specification:
USER user | GROUP group | ROLE role |
Viewing Granted Privileges
Code Block |
---|
SHOW GRANT principal_specification
[ON object_specification [(column_list)]]
principal_specification:
USER user
| GROUP group
| ROLE role
object_specification:
TABLE tbl_name
| DATABASE db_name |
- Restful call API is handled by org.apache.sqoop.handler.AuthorizationEngine.java in sqoop-server
- GET /v1/role/{role_name}
- Return details about one particular role with role_name
- Return all of them if role_name is null
- GET /v1/role/principal/name/{name}/type/{type}
- Return all roles the particular principal has with principal (name, type)
- GET /v1/role/privilege/{privilege_name}
- Return all roles with the particular privilege (privilege_name)
- PUT /v1/role
- Create new role with role_name. Put data of JsonObject role (role_name)
- Update existing role with old_role_name and new_role_name. Put data of JsonObject old_role (role_name) and new_role (role_name)
- DELETE /v1/role/{role_name}
- GET /v1/principal/name/{name}/type/{type}
- Return details about one particular principal with name and type
- Return all of them if name is null or type is null or both are null
- GET /v1/principal/role/{role_name}
- Return all principals with the particular role (role_name)
- PUT /v1/principal
- Create new principal with name and type. Put data of JsonObject principal (name, type)
- Update existing principal with old_name, old_type, new_name, new_type. Put data of JsonObject old_principal (name, type) and new_principal (name, type)
- DELETE /v1/principal/name/{name}/type/{type}
- Delete all of them if name is null or type is null
- PUT /v1/grant_role
- Grant a role to a user/group/role
- PUT data of JsonObject role(role_name) and principal (name, type)
- PUT /v1/revoke_role
- Revoke a role to a user/group/role
- PUT data of JsonObject role(role_name) and principal (name, type)
- GET /v1/resource/name/{name}/type/{type}
- Return details about one particular resource with name and type
- Return all of them if name is null or type is null or both are null
- PUT /v1/resource
- Create new resource with name and type. Put data of JsonObject resource (name, type)
- Update existing resource with old_name, old_type, new_name, new_type. Put data of JsonObject old_resource (name, type) and new_resource (name, type)
- DELETE /v1/resource/name/{name}/type/{type}
- Delete all of them if name is null or type is null
- GET /v1/privilege/{privilege_name}
- Return details about one particular privilege with privilege_name
- Return all of them if name is null or type is null or both are null
- GET /v1/privilege/resource/name/{name}/type/{type}
- Return all privilege with the particular principal (name, type)
- GET /v1/privilege/role/{role_name}
- Return all privilege with the particular role (role_name)
- PUT /v1/privilege
- Create new privilege with resource, action and with_grant_option. Put data of JsonObject resource (name, type), action and with_grant_option
- Update existing privilege with old_privilege_name, old_resource, old_action, old_with_grant_option, new_privilege_name, new_resource, new_action and new_with_grant_option. Put data of JsonObject old_privilege (name, resource (name, type), action, with_grant_option) and new_privilege (name, resource (name, type), action, with_grant_option)
- DELETE /v1/privilege/{privilege_name}
- DELETE /v1/resource/name/{name}/type/{type}
- PUT /v1/grant_privilege
- Grant a privilege to a role
- PUT data of JsonObject role(role_name) and privilege (name)
- PUT /v1/revoke_privilege
- Revoke a privilege to a role
- PUT data of JsonObject role(role_name) and privilege (name)
- GET /v1/role/{role_name}
...