IMPALA-7345: Add the OWNER privilege This patch adds the OWNER privilege to the set of privileges that can exist for a role/user. The privilege is equivalent to ALL, but cannot be granted or revoked. It is granted/revoked by Sentry, if configured, during CREATE, DROP, or ALTER DATABASE/TABLE SET OWNER statements.
Testing: - Updated authorization tests - Ran core tests Change-Id: If63c2faa6daea6deb6d771503fe50943ae070705 Reviewed-on: http://gerrit.cloudera.org:8080/11245 Reviewed-by: Impala Public Jenkins <[email protected]> Tested-by: Impala Public Jenkins <[email protected]> Project: http://git-wip-us.apache.org/repos/asf/impala/repo Commit: http://git-wip-us.apache.org/repos/asf/impala/commit/1d4df941 Tree: http://git-wip-us.apache.org/repos/asf/impala/tree/1d4df941 Diff: http://git-wip-us.apache.org/repos/asf/impala/diff/1d4df941 Branch: refs/heads/master Commit: 1d4df94125a5465a118046f3c46c81fde7740d8a Parents: 30bb0b3 Author: Adam Holley <[email protected]> Authored: Wed Aug 15 23:22:24 2018 -0500 Committer: Impala Public Jenkins <[email protected]> Committed: Sat Aug 18 06:29:20 2018 +0000 ---------------------------------------------------------------------- common/thrift/CatalogObjects.thrift | 3 +- .../apache/impala/authorization/Privilege.java | 3 +- .../impala/analysis/AuthorizationStmtTest.java | 792 +++++++++++++------ .../authorization/ImpalaActionFactoryTest.java | 6 +- 4 files changed, 566 insertions(+), 238 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/impala/blob/1d4df941/common/thrift/CatalogObjects.thrift ---------------------------------------------------------------------- diff --git a/common/thrift/CatalogObjects.thrift b/common/thrift/CatalogObjects.thrift index 29f54e4..cbd0ba1 100644 --- a/common/thrift/CatalogObjects.thrift +++ b/common/thrift/CatalogObjects.thrift @@ -518,7 +518,8 @@ enum TPrivilegeLevel { REFRESH, CREATE, ALTER, - DROP + DROP, + OWNER } // Represents a privilege in an authorization policy. Privileges contain the level http://git-wip-us.apache.org/repos/asf/impala/blob/1d4df941/fe/src/main/java/org/apache/impala/authorization/Privilege.java ---------------------------------------------------------------------- diff --git a/fe/src/main/java/org/apache/impala/authorization/Privilege.java b/fe/src/main/java/org/apache/impala/authorization/Privilege.java index 0b1c2f8..877b6ad 100644 --- a/fe/src/main/java/org/apache/impala/authorization/Privilege.java +++ b/fe/src/main/java/org/apache/impala/authorization/Privilege.java @@ -64,7 +64,8 @@ public enum Privilege { ALTER.getCode() | CREATE.getCode() | DROP.getCode() | - REFRESH.getCode()); + REFRESH.getCode()), + OWNER("owner", ALL.getCode()); private final BitFieldAction bitFieldAction_;
