Index
Table of Contents |
---|
Info | ||
---|---|---|
| ||
This is the design document for the original Hive authorization mode. See Authorization for an overview of authorization modes, which include storage based authorization and SQL standards based authorization. |
1. Privilege
1.1 Access Privilege
...
We store privileges in one column, and use comma to separate different privileges.
hive> desc user;
Field
- - - -
User
isRole
isGroup
isSuper
db_priv – set (Select_priv, Insert_priv, Create_priv, Drop_priv, Reload_priv,
...
Lock_tables_priv, Create_view_priv, Show_view_priv)
hive> desc db;
Field
- - - -
Db
User
isRole
isGroup
Table_priv – set (Select_priv, Insert_priv, Create_priv, Drop_priv, Grant_priv,
...
hive> desc tables_priv;
Field
- - - -
Db
User
isRole
isGroup
Table_name
...
mysql> desc columns_priv;
Field
- - - -
Db
User
isRole
isGroup
Table_name
...
4.3 grant/revoke statement
Code Block |
---|
GRANT
priv_type [(column_list)]
[, priv_type [(column_list)]] ...
ON [object_type] priv_level
TO user [, user] ...
WITH ADMIN OPTION
object_type:
TABLE
priv_level:
*
| *.*
| db_name.*
| db_name.tbl_name
| tbl_name
REVOKE
priv_type [(column_list)]
[, priv_type [(column_list)]] ...
ON [object_type] priv_level
FROM user [, user] ...
REVOKE ALL PRIVILEGES, GRANT OPTION
FROM user [, user] ...
DENY
priv_type [(column_list)]
[, priv_type [(column_list)]] ...
ON [object_type] priv_level
FROM user [, user] ...
|
...
When a user logins to the system, he has a user name, one or few groups that he belongs to.
So it is
[
Code Block |
---|
username,
list of group names,
list of privileges and roles that has been directly granted,
list of privileges and roles that been directly granted to groups that users belongs to
|
...
- Steps to authorize one access: *
Code Block |
---|
First try user name:
# If there is an entry in 'user' that accept this access, return ACCEPT
2. If there is an entry in 'db' that accept this access, return ACCEPT
3. If there is an entry in 'table' that accept this access, return ACCEPT
4. If there is an entry in 'column' that accept this access, return ACCEPT
Second try the user's group/role names one by one until we get an ACCEPT.
For each role/group, we do the same routine as we did for user name.
|
...
8. Metastore upgrade script for mysql
Code Block |
---|
--
-- Table structure for table {{ROLES}}
--
DROP TABLE IF EXISTS {{ROLES}};
CREATE TABLE {{ROLES}} (
{{ROLE_ID}} bigint(20) NOT NULL,
{{CREATE_TIME}} int(11) NOT NULL,
{{OWNER_NAME}} varchar(128) character set latin1 collate latin1_bin default NULL,
{{ROLE_NAME}} varchar(128) character set latin1 collate latin1_bin default NULL,
PRIMARY KEY ({{ROLE_ID}}),
UNIQUE KEY {{ROLEENTITYINDEX}} ({{ROLE_NAME}})
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
--
-- Table structure for table {{ROLE_MAP}}
--
DROP TABLE IF EXISTS {{ROLE_MAP}};
CREATE TABLE {{ROLE_MAP}} (
{{ROLE_GRANT_ID}} bigint(20) NOT NULL,
{{ADD_TIME}} int(11) NOT NULL,
{{GRANT_OPTION}} smallint(6) NOT NULL,
{{GRANTOR}} varchar(128) character set latin1 collate latin1_bin default NULL,
{{GRANTOR_TYPE}} varchar(128) character set latin1 collate latin1_bin default NULL,
{{PRINCIPAL_NAME}} varchar(128) character set latin1 collate latin1_bin default NULL,
{{PRINCIPAL_TYPE}} varchar(128) character set latin1 collate latin1_bin default NULL,
{{ROLE_ID}} bigint(20) default NULL,
PRIMARY KEY ({{ROLE_GRANT_ID}}),
UNIQUE KEY {{USERROLEMAPINDEX}} ({{PRINCIPAL_NAME}},{{ROLE_ID}},{{GRANTOR}},{{GRANTOR_TYPE}}),
KEY {{ROLE_MAP_N49}} ({{ROLE_ID}}),
CONSTRAINT {{ROLE_MAP_FK1}} FOREIGN KEY ({{ROLE_ID}}) REFERENCES {{ROLES}} ({{ROLE_ID}})
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
--
-- Table structure for table {{GLOBAL_PRIVS}}
--
DROP TABLE IF EXISTS {{GLOBAL_PRIVS}};
CREATE TABLE {{GLOBAL_PRIVS}} (
{{USER_GRANT_ID}} bigint(20) NOT NULL,
{{CREATE_TIME}} int(11) NOT NULL,
{{GRANT_OPTION}} smallint(6) NOT NULL,
{{GRANTOR}} varchar(128) character set latin1 collate latin1_bin default NULL,
{{GRANTOR_TYPE}} varchar(128) character set latin1 collate latin1_bin default NULL,
{{PRINCIPAL_NAME}} varchar(128) character set latin1 collate latin1_bin default NULL,
{{PRINCIPAL_TYPE}} varchar(128) character set latin1 collate latin1_bin default NULL,
{{USER_PRIV}} varchar(128) character set latin1 collate latin1_bin default NULL,
PRIMARY KEY ({{USER_GRANT_ID}}),
UNIQUE KEY {{GLOBALPRIVILEGEINDEX}} ({{PRINCIPAL_NAME}},{{PRINCIPAL_TYPE}},{{USER_PRIV}},{{GRANTOR}},{{GRANTOR_TYPE}})
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
--
-- Table structure for table {{DB_PRIVS}}
--
DROP TABLE IF EXISTS {{DB_PRIVS}};
CREATE TABLE {{DB_PRIVS}} (
{{DB_GRANT_ID}} bigint(20) NOT NULL,
{{CREATE_TIME}} int(11) NOT NULL,
{{DB_ID}} bigint(20) default NULL,
{{GRANT_OPTION}} smallint(6) NOT NULL,
{{GRANTOR}} varchar(128) character set latin1 collate latin1_bin default NULL,
{{GRANTOR_TYPE}} varchar(128) character set latin1 collate latin1_bin default NULL,
{{PRINCIPAL_NAME}} varchar(128) character set latin1 collate latin1_bin default NULL,
{{PRINCIPAL_TYPE}} varchar(128) character set latin1 collate latin1_bin default NULL,
{{DB_PRIV}} varchar(128) character set latin1 collate latin1_bin default NULL,
PRIMARY KEY ({{DB_GRANT_ID}}),
UNIQUE KEY {{DBPRIVILEGEINDEX}} ({{DB_ID}},{{PRINCIPAL_NAME}},{{PRINCIPAL_TYPE}},{{DB_PRIV}},{{GRANTOR}},{{GRANTOR_TYPE}}),
KEY {{DB_PRIVS_N49}} ({{DB_ID}}),
CONSTRAINT {{DB_PRIVS_FK1}} FOREIGN KEY ({{DB_ID}}) REFERENCES {{DBS}} ({{DB_ID}})
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
--
-- Table structure for table {{TBL_PRIVS}}
--
DROP TABLE IF EXISTS {{TBL_PRIVS}};
CREATE TABLE {{TBL_PRIVS}} (
{{TBL_GRANT_ID}} bigint(20) NOT NULL,
{{CREATE_TIME}} int(11) NOT NULL,
{{GRANT_OPTION}} smallint(6) NOT NULL,
{{GRANTOR}} varchar(128) character set latin1 collate latin1_bin default NULL,
{{GRANTOR_TYPE}} varchar(128) character set latin1 collate latin1_bin default NULL,
{{PRINCIPAL_NAME}} varchar(128) character set latin1 collate latin1_bin default NULL,
{{PRINCIPAL_TYPE}} varchar(128) character set latin1 collate latin1_bin default NULL,
{{TBL_PRIV}} varchar(128) character set latin1 collate latin1_bin default NULL,
{{TBL_ID}} bigint(20) default NULL,
PRIMARY KEY ({{TBL_GRANT_ID}}),
KEY {{TBL_PRIVS_N49}} ({{TBL_ID}}),
KEY {{TABLEPRIVILEGEINDEX}} ({{TBL_ID}},{{PRINCIPAL_NAME}},{{PRINCIPAL_TYPE}},{{TBL_PRIV}},{{GRANTOR}},{{GRANTOR_TYPE}}),
CONSTRAINT {{TBL_PRIVS_FK1}} FOREIGN KEY ({{TBL_ID}}) REFERENCES {{TBLS}} ({{TBL_ID}})
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
--
-- Table structure for table {{PART_PRIVS}}
--
DROP TABLE IF EXISTS {{PART_PRIVS}};
CREATE TABLE {{PART_PRIVS}} (
{{PART_GRANT_ID}} bigint(20) NOT NULL,
{{CREATE_TIME}} int(11) NOT NULL,
{{GRANT_OPTION}} smallint(6) NOT NULL,
{{GRANTOR}} varchar(128) character set latin1 collate latin1_bin default NULL,
{{GRANTOR_TYPE}} varchar(128) character set latin1 collate latin1_bin default NULL,
{{PART_ID}} bigint(20) default NULL,
{{PRINCIPAL_NAME}} varchar(128) character set latin1 collate latin1_bin default NULL,
{{PRINCIPAL_TYPE}} varchar(128) character set latin1 collate latin1_bin default NULL,
{{PART_PRIV}} varchar(128) character set latin1 collate latin1_bin default NULL,
PRIMARY KEY ({{PART_GRANT_ID}}),
KEY {{PARTPRIVILEGEINDEX}} ({{PART_ID}},{{PRINCIPAL_NAME}},{{PRINCIPAL_TYPE}},{{PART_PRIV}},{{GRANTOR}},{{GRANTOR_TYPE}}),
KEY {{PART_PRIVS_N49}} ({{PART_ID}}),
CONSTRAINT {{PART_PRIVS_FK1}} FOREIGN KEY ({{PART_ID}}) REFERENCES {{PARTITIONS}} ({{PART_ID}})
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
--
-- Table structure for table {{TBL_COL_PRIVS}}
--
DROP TABLE IF EXISTS {{TBL_COL_PRIVS}};
CREATE TABLE {{TBL_COL_PRIVS}} (
{{TBL_COLUMN_GRANT_ID}} bigint(20) NOT NULL,
{{COLUMN_NAME}} varchar(128) character set latin1 collate latin1_bin default NULL,
{{CREATE_TIME}} int(11) NOT NULL,
{{GRANT_OPTION}} smallint(6) NOT NULL,
{{GRANTOR}} varchar(128) character set latin1 collate latin1_bin default NULL,
{{GRANTOR_TYPE}} varchar(128) character set latin1 collate latin1_bin default NULL,
{{PRINCIPAL_NAME}} varchar(128) character set latin1 collate latin1_bin default NULL,
{{PRINCIPAL_TYPE}} varchar(128) character set latin1 collate latin1_bin default NULL,
{{TBL_COL_PRIV}} varchar(128) character set latin1 collate latin1_bin default NULL,
{{TBL_ID}} bigint(20) default NULL,
PRIMARY KEY ({{TBL_COLUMN_GRANT_ID}}),
KEY {{TABLECOLUMNPRIVILEGEINDEX}} ({{TBL_ID}},{{COLUMN_NAME}},{{PRINCIPAL_NAME}},{{PRINCIPAL_TYPE}},{{TBL_COL_PRIV}},{{GRANTOR}},{{GRANTOR_TYPE}}),
KEY {{TBL_COL_PRIVS_N49}} ({{TBL_ID}}),
CONSTRAINT {{TBL_COL_PRIVS_FK1}} FOREIGN KEY ({{TBL_ID}}) REFERENCES {{TBLS}} ({{TBL_ID}})
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
DROP TABLE IF EXISTS {{PART_COL_PRIVS}};
CREATE TABLE {{PART_COL_PRIVS}} (
{{PART_COLUMN_GRANT_ID}} bigint(20) NOT NULL,
{{COLUMN_NAME}} varchar(128) character set latin1 collate latin1_bin default NULL,
{{CREATE_TIME}} int(11) NOT NULL,
{{GRANT_OPTION}} smallint(6) NOT NULL,
{{GRANTOR}} varchar(128) character set latin1 collate latin1_bin default NULL,
{{GRANTOR_TYPE}} varchar(128) character set latin1 collate latin1_bin default NULL,
{{PART_ID}} bigint(20) default NULL,
{{PRINCIPAL_NAME}} varchar(128) character set latin1 collate latin1_bin default NULL,
{{PRINCIPAL_TYPE}} varchar(128) character set latin1 collate latin1_bin default NULL,
{{PART_COL_PRIV}} varchar(128) character set latin1 collate latin1_bin default NULL,
PRIMARY KEY ({{PART_COLUMN_GRANT_ID}}),
KEY {{PART_COL_PRIVS_N49}} ({{PART_ID}}),
KEY {{PARTITIONCOLUMNPRIVILEGEINDEX}} ({{PART_ID}},{{COLUMN_NAME}},{{PRINCIPAL_NAME}},{{PRINCIPAL_TYPE}},{{PART_COL_PRIV}},{{GRANTOR}},{{GRANTOR_TYPE}}),
CONSTRAINT {{PART_COL_PRIVS_FK1}} FOREIGN KEY ({{PART_ID}}) REFERENCES {{PARTITIONS}} ({{PART_ID}})
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
|
...
The above has a STRONG assumption on the file layer security. Users can easily by-pass the security if the hdfs file permission is open to him. We hope we can easily plug in external authorizations (like HDFS permission/Howl permission) to alter the authorization result or even the rule.
a