Page History

...

Code Block
CREATE ROLE role_name DROP ROLE role_name SHOW ROLE

Grant/Revoke Roles

Code Block

GRANT ROLE role_name [, role_name] ... TO principal_specification [, principal_specification] ...

REVOKE ROLE role_name [, role_name] ... FROM principal_specification [, principal_specification] ...
principal_specification:
    USER user_name | GROUP group_name | ROLE role_name

...

Code Block
SHOW ROLE GRANT principal_specification SHOW PRINCIPAL ON ROLE role_name principal_specification: USER user_name \| GROUP group_name \| ROLE role_name

...

Restful call API is handled by org.apache.sqoop.handler.AuthorizationEngine.java in sqoop-server
- PUT /authorization/role
  - Create new role with role_name
- DELETE /authorization/role/{role_name}
- GET /authorization/role
  - Show all roles
- GET /authorization/role/{role_name}
  - Show all principals in role with {role_name}
- PUT /authorization/grant_role
  - Grant a role to a user/group/role
  - PUT data of JsonObject role(role_name) and principal (name, type)
- PUT /authorization/revoke_role
  - Revoke a role to a user/group/role
  - PUT data of JsonObject role(role_name) and principal (name, type)
- PUT /authorization/grant_privilege
  - Grant a privilege to a principal
  - PUT data of JsonObject principal(name, type) and privilege (resource (name, type), action, with_grant_option)
- PUT /authorization/revoke_privilege
  - Revoke a privilege to a principal
  - PUT data of JsonObject principal(name, type) and privilege (resource (name, type), action, with_grant_option)
  - If privilege is null, then revoke all privileges for principal(name, type)
- GET /authorization/principal/{type}/{name}?resource_type={type}&resource_name={name}
  - Show all privileges in principal with {name, type} and resource with {resource_name, resource_type}
  - If resource is null, then show all privileges in principal with {name, type}

...

Child pages

Versions Compared

Old Version 26

New Version 27

Key