THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
| Code Block |
|---|
GRANT ROLE role_name [, role_name] ... TO principal_specification [, principal_specification] ...
REVOKE ROLE role_name [, role_name] ... FROM principal_specification [, principal_specification] ...
principal_specification:
USER user_name | GROUP group_name | ROLE role_name |
...
| Code Block |
|---|
GRANT privilege_action_type [, privilege_action_type] ... ON resource [, resource] ... TO principal_specification [, principal_specification] ... [WITH GRANT OPTION]
REVOKE [GRANT OPTION FOR] privilege_action_type [, privilege_action_type] ... ON resource [, resource] ... FROM principal_specification [, principal_specification] ...
REVOKE ALL PRIVILEGES FROM principal_specification [, principal_specification] ...
privilege_action_type:
ALL | CREATE | READ | WRITE
resource:
SERVER server_name | CONNECTOR connector_name | LINK link_name | JOB job_name
principal_specification:
USER user_name | GROUP group_name | ROLE role_name |
...
- Restful call API is handled by org.apache.sqoop.handler.AuthorizationEngine.java in sqoop-server
- PUT /authorization/role
- Create new role with role_name
- DELETE /authorization/role/{role_name}
- GET /authorization/role/{role_name}
- Show all principals in role with {role_name}
- PUT /authorization/grant_role
- Grant a role to a user/group/role
- PUT data of JsonObject role(role_name) and principal (name, type)
- PUT /authorization/revoke_role
- Revoke a role to a user/group/role
- PUT data of JsonObject role(role_name) and principal (name, type)
- PUT /v1/resource/name/{name}/type/{type}
- Return details about one particular resource with name and type
- Return all of them if name is null or type is null or both are null
- Grant a privilege to a principal
- PUT data of JsonObject principal
- Create new resource with name and type. Put data of JsonObject resource (name, type)Update existing resource with old_ and privilege (resource (name, old_ type), new_nameaction, new_type. Put data of JsonObject old_resource (name, type) and new_resource (name, type)
- DELETE /v1/resource/name/{name}/type/{type}
- Delete all of them if name is null or type is null
- GET /v1/privilege/{privilege_name}
- Return details about one particular privilege with privilege_name
- Return all of them if name is null or type is null or both are null
- GET /v1/privilege/resource/name/{name}/type/{type}
- Return all privilege with the particular principal (name, type)
- GET /v1/privilege/role/{role_name}
- Return all privilege with the particular role (role_name)
- with_grant_option)
- PUT /authorization/revoke_privilege
- Revoke a privilege to a principal
- PUT data of JsonObject principal
- Create new privilege with resource, action and with_grant_option. Put data of JsonObject resource (name, type) , action and with_grant_optionUpdate existing privilege with old_privilege_name, old_resource, old_action, old_with_grant_option, new_privilege_name, new_resource, new_action and new_with_grant_option. Put data of JsonObject old_privilege (name, and privilege (resource (name, type), action, with_grant_option) and new_privilege (name, resource
- If privilege is null, then revoke all privileges for principal(name, type), action, with_grant_option)
- DELETE /v1/privilege/{privilege_name}
- GET /authorization/principal/{type}DELETE /v1/resource/name/{name}/?resource_type/={type}
- PUT /v1/grant_privilege
- Grant a privilege to a role
- PUT data of JsonObject role(role_name) and privilege (name)
- &resource_name={name}
- Show all privileges in principal with {name, type} and resource with {resource_name, resource_type}
- If resource is null, then show all privileges in principal with {name, type}
- Revoke a privilege to a role
- PUT data of JsonObject role(role_name) and privilege (name)
- PUT /authorization/role
Sentry implementation
- Sentry could be used as an alternative access controller
- Config in sqoop.properties
...