in extensions/spark/kyuubi-spark-authz/src/main/scala/org/apache/kyuubi/plugin/spark/authz/ranger/AccessType.scala [31:84]
def apply(obj: PrivilegeObject, opType: OperationType, isInput: Boolean): AccessType = {
if (obj.privilegeObjectType == DFS_URI || obj.privilegeObjectType == LOCAL_URI) {
// This is equivalent to ObjectType.URI
return if (isInput) READ else WRITE
}
obj.actionType match {
case PrivilegeObjectActionType.OTHER => opType match {
case ADD => TEMPUDFADMIN
case CREATEDATABASE if obj.privilegeObjectType == DATABASE => CREATE
case CREATEFUNCTION if obj.privilegeObjectType == FUNCTION => CREATE
case CREATETABLE | CREATEVIEW | CREATETABLE_AS_SELECT
if obj.privilegeObjectType == TABLE_OR_VIEW =>
if (isInput) SELECT else CREATE
case ALTERDATABASE |
ALTERDATABASE_LOCATION |
ALTERTABLE_ADDCOLS |
ALTERTABLE_ADDPARTS |
ALTERTABLE_COMPACT |
ALTERTABLE_DROPPARTS |
ALTERTABLE_LOCATION |
ALTERTABLE_RENAME |
ALTERTABLE_PROPERTIES |
ALTERTABLE_RENAMECOL |
ALTERTABLE_RENAMEPART |
ALTERTABLE_REPLACECOLS |
ALTERTABLE_SERDEPROPERTIES |
ALTERVIEW_RENAME |
MSCK |
ALTERINDEX_REBUILD => ALTER
case ALTERVIEW_AS => if (isInput) SELECT else ALTER
case DROPDATABASE | DROPTABLE | DROPFUNCTION | DROPVIEW | DROPINDEX => DROP
case LOAD => if (isInput) SELECT else UPDATE
case QUERY |
SHOW_CREATETABLE |
SHOW_TBLPROPERTIES |
SHOWPARTITIONS |
SHOWINDEXES |
ANALYZE_TABLE => SELECT
case SHOWCOLUMNS | DESCTABLE => SELECT
case SHOWDATABASES |
SWITCHDATABASE |
DESCDATABASE |
SHOWTABLES |
SHOWFUNCTIONS |
DESCFUNCTION => USE
case TRUNCATETABLE => UPDATE
case CREATEINDEX => INDEX
case _ => NONE
}
case PrivilegeObjectActionType.DELETE => DROP
case _ => UPDATE
}
}