Added: hive/trunk/ql/src/test/queries/clientnegative/authorization_insert_noselectpriv.q URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/queries/clientnegative/authorization_insert_noselectpriv.q?rev=1568352&view=auto ============================================================================== --- hive/trunk/ql/src/test/queries/clientnegative/authorization_insert_noselectpriv.q (added) +++ hive/trunk/ql/src/test/queries/clientnegative/authorization_insert_noselectpriv.q Fri Feb 14 16:57:53 2014 @@ -0,0 +1,11 @@ +set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory; +set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; +set hive.security.authorization.enabled=true; + +-- check insert without select priv +create table t1(i int); + +set user.name=user1; +create table t2(i int); +insert into table t2 select * from t1; +
Added: hive/trunk/ql/src/test/queries/clientnegative/authorization_not_owner_alter_tab_rename.q URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/queries/clientnegative/authorization_not_owner_alter_tab_rename.q?rev=1568352&view=auto ============================================================================== --- hive/trunk/ql/src/test/queries/clientnegative/authorization_not_owner_alter_tab_rename.q (added) +++ hive/trunk/ql/src/test/queries/clientnegative/authorization_not_owner_alter_tab_rename.q Fri Feb 14 16:57:53 2014 @@ -0,0 +1,10 @@ +set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory; +set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; +set hive.security.authorization.enabled=true; +set user.name=user1; + +-- check if alter table fails as different user +create table t1(i int); + +set user.name=user2; +alter table t1 rename to tnew1; Added: hive/trunk/ql/src/test/queries/clientnegative/authorization_not_owner_alter_tab_serdeprop.q URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/queries/clientnegative/authorization_not_owner_alter_tab_serdeprop.q?rev=1568352&view=auto ============================================================================== --- hive/trunk/ql/src/test/queries/clientnegative/authorization_not_owner_alter_tab_serdeprop.q (added) +++ hive/trunk/ql/src/test/queries/clientnegative/authorization_not_owner_alter_tab_serdeprop.q Fri Feb 14 16:57:53 2014 @@ -0,0 +1,10 @@ +set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory; +set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; +set hive.security.authorization.enabled=true; +set user.name=user1; + +-- check if alter table fails as different user +create table t1(i int); + +set user.name=user2; +ALTER TABLE t1 SET SERDEPROPERTIES ('field.delim' = ','); Added: hive/trunk/ql/src/test/queries/clientnegative/authorization_not_owner_drop_tab.q URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/queries/clientnegative/authorization_not_owner_drop_tab.q?rev=1568352&view=auto ============================================================================== --- hive/trunk/ql/src/test/queries/clientnegative/authorization_not_owner_drop_tab.q (added) +++ hive/trunk/ql/src/test/queries/clientnegative/authorization_not_owner_drop_tab.q Fri Feb 14 16:57:53 2014 @@ -0,0 +1,11 @@ +set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory; +set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; +set hive.security.authorization.enabled=true; +set user.name=user1; + +-- check if create table fails as different user +create table t1(i int); + +set user.name=user2; +drop table t1; + Added: hive/trunk/ql/src/test/queries/clientnegative/authorization_not_owner_drop_view.q URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/queries/clientnegative/authorization_not_owner_drop_view.q?rev=1568352&view=auto ============================================================================== --- hive/trunk/ql/src/test/queries/clientnegative/authorization_not_owner_drop_view.q (added) +++ hive/trunk/ql/src/test/queries/clientnegative/authorization_not_owner_drop_view.q Fri Feb 14 16:57:53 2014 @@ -0,0 +1,11 @@ +set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory; +set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; +set hive.security.authorization.enabled=true; +set user.name=user1; + +-- check if create table fails as different user +create table t1(i int); +create view vt1 as select * from t1; + +set user.name=user2; +drop view vt1; Added: hive/trunk/ql/src/test/queries/clientnegative/authorization_priv_current_role_neg.q URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/queries/clientnegative/authorization_priv_current_role_neg.q?rev=1568352&view=auto ============================================================================== --- hive/trunk/ql/src/test/queries/clientnegative/authorization_priv_current_role_neg.q (added) +++ hive/trunk/ql/src/test/queries/clientnegative/authorization_priv_current_role_neg.q Fri Feb 14 16:57:53 2014 @@ -0,0 +1,29 @@ +set hive.users.in.admin.role=hive_admin_user; +set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory; +set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; +set user.name=hive_admin_user; +set role ADMIN; + +-- the test verifies that authorization is happening with privileges of the current roles + +-- grant privileges with grant option for table to role2 +create role role2; +grant role role2 to user user2; +create table tpriv_current_role(i int); +grant all on table tpriv_current_role to role role2 with grant option; + +set user.name=user2; +-- switch to user2 + +-- by default all roles should be in current roles, and grant to new user should work +show current roles; +grant all on table tpriv_current_role to user user3; + +set role role2; +-- switch to role2, grant should work +grant all on table tpriv_current_role to user user4; +show grant user user4 on table tpriv_current_role; + +set role PUBLIC; +-- set role to public, should fail as role2 is not one of the current roles +grant all on table tpriv_current_role to user user5; Added: hive/trunk/ql/src/test/queries/clientnegative/authorization_select.q URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/queries/clientnegative/authorization_select.q?rev=1568352&view=auto ============================================================================== --- hive/trunk/ql/src/test/queries/clientnegative/authorization_select.q (added) +++ hive/trunk/ql/src/test/queries/clientnegative/authorization_select.q Fri Feb 14 16:57:53 2014 @@ -0,0 +1,9 @@ +set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory; +set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; +set hive.security.authorization.enabled=true; + +-- check query without select privilege fails +create table t1(i int); + +set user.name=user1; +select * from t1; Added: hive/trunk/ql/src/test/queries/clientnegative/authorization_select_view.q URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/queries/clientnegative/authorization_select_view.q?rev=1568352&view=auto ============================================================================== --- hive/trunk/ql/src/test/queries/clientnegative/authorization_select_view.q (added) +++ hive/trunk/ql/src/test/queries/clientnegative/authorization_select_view.q Fri Feb 14 16:57:53 2014 @@ -0,0 +1,11 @@ +set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory; +set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; +set hive.security.authorization.enabled=true; + +-- check create view without select privileges +create table t1(i int); +create view v1 as select * from t1; +set user.name=user1; +select * from v1; + + Added: hive/trunk/ql/src/test/queries/clientnegative/authorization_set_role_neg1.q URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/queries/clientnegative/authorization_set_role_neg1.q?rev=1568352&view=auto ============================================================================== --- hive/trunk/ql/src/test/queries/clientnegative/authorization_set_role_neg1.q (added) +++ hive/trunk/ql/src/test/queries/clientnegative/authorization_set_role_neg1.q Fri Feb 14 16:57:53 2014 @@ -0,0 +1,6 @@ +set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory; + +-- an error should be thrown if 'set role ' is done for role that does not exist + +set role nosuchroleexists; + Added: hive/trunk/ql/src/test/queries/clientnegative/authorization_set_role_neg2.q URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/queries/clientnegative/authorization_set_role_neg2.q?rev=1568352&view=auto ============================================================================== --- hive/trunk/ql/src/test/queries/clientnegative/authorization_set_role_neg2.q (added) +++ hive/trunk/ql/src/test/queries/clientnegative/authorization_set_role_neg2.q Fri Feb 14 16:57:53 2014 @@ -0,0 +1,16 @@ +set hive.users.in.admin.role=hive_admin_user; +set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory; +set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; +set user.name=hive_admin_user; +set role ADMIN; + +-- an error should be thrown if 'set role ' is done for role that does not exist + +create role rset_role_neg; +grant role rset_role_neg to user user2; + +set user.name=user2; +set role rset_role_neg; +set role public; +set role nosuchroleexists;; + Added: hive/trunk/ql/src/test/queries/clientnegative/authorization_truncate.q URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/queries/clientnegative/authorization_truncate.q?rev=1568352&view=auto ============================================================================== --- hive/trunk/ql/src/test/queries/clientnegative/authorization_truncate.q (added) +++ hive/trunk/ql/src/test/queries/clientnegative/authorization_truncate.q Fri Feb 14 16:57:53 2014 @@ -0,0 +1,9 @@ +set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory; +set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; +set hive.security.authorization.enabled=true; + +-- check add partition without insert privilege +create table t1(i int, j int); +set user.name=user1; +truncate table t1; + Added: hive/trunk/ql/src/test/queries/clientpositive/authorization_admin_almighty1.q URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/queries/clientpositive/authorization_admin_almighty1.q?rev=1568352&view=auto ============================================================================== --- hive/trunk/ql/src/test/queries/clientpositive/authorization_admin_almighty1.q (added) +++ hive/trunk/ql/src/test/queries/clientpositive/authorization_admin_almighty1.q Fri Feb 14 16:57:53 2014 @@ -0,0 +1,17 @@ +set hive.users.in.admin.role=hive_admin_user; +set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory; +set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; +set user.name=hive_test_user; + +-- actions from admin should work as if admin has all privileges + +create table t1(i int); +set user.name=hive_admin_user; + +show current roles; +set role ADMIN; +show current roles; +select * from t1; +grant all on table t1 to user user1; +show grant user user1 on table t1; +drop table t1; Added: hive/trunk/ql/src/test/queries/clientpositive/authorization_owner_actions.q URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/queries/clientpositive/authorization_owner_actions.q?rev=1568352&view=auto ============================================================================== --- hive/trunk/ql/src/test/queries/clientpositive/authorization_owner_actions.q (added) +++ hive/trunk/ql/src/test/queries/clientpositive/authorization_owner_actions.q Fri Feb 14 16:57:53 2014 @@ -0,0 +1,16 @@ +set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory; +set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; +set hive.security.authorization.enabled=true; +set user.name=user1; + +-- actions that require user to be table owner +create table t1(i int); + +ALTER TABLE t1 SET SERDEPROPERTIES ('field.delim' = ','); +drop table t1; + +create table t1(i int); +create view vt1 as select * from t1; + +drop view vt1; +alter table t1 rename to tnew1; Modified: hive/trunk/ql/src/test/queries/clientpositive/authorization_revoke_table_priv.q URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/queries/clientpositive/authorization_revoke_table_priv.q?rev=1568352&r1=1568351&r2=1568352&view=diff ============================================================================== --- hive/trunk/ql/src/test/queries/clientpositive/authorization_revoke_table_priv.q (original) +++ hive/trunk/ql/src/test/queries/clientpositive/authorization_revoke_table_priv.q Fri Feb 14 16:57:53 2014 @@ -4,7 +4,7 @@ set hive.security.authenticator.manager= set user.name=user1; -- current user has been set (comment line before the set cmd is resulting in parse error!!) -CREATE TABLE table_priv_rev(i int); +CREATE TABLE table_priv_rev(i int); -- grant insert privilege to user2 GRANT INSERT ON table_priv_rev TO USER user2; @@ -48,3 +48,10 @@ SHOW GRANT USER user2 ON TABLE table_pri REVOKE SELECT ON TABLE table_priv_rev FROM USER user2; SHOW GRANT USER user2 ON TABLE table_priv_rev; + +-- grant all followed by revoke all +GRANT ALL ON table_priv_rev TO USER user2; +SHOW GRANT USER user2 ON TABLE table_priv_rev; + +REVOKE ALL ON TABLE table_priv_rev FROM USER user2; +SHOW GRANT USER user2 ON TABLE table_priv_rev; Added: hive/trunk/ql/src/test/queries/clientpositive/authorization_view_sqlstd.q URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/queries/clientpositive/authorization_view_sqlstd.q?rev=1568352&view=auto ============================================================================== --- hive/trunk/ql/src/test/queries/clientpositive/authorization_view_sqlstd.q (added) +++ hive/trunk/ql/src/test/queries/clientpositive/authorization_view_sqlstd.q Fri Feb 14 16:57:53 2014 @@ -0,0 +1,35 @@ +set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory; +set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; +set hive.security.authorization.enabled=true; +set user.name=user1; + +create table t1(i int, j int, k int); + +-- protecting certain columns +create view vt1 as select i,k from t1; + +-- protecting certain rows +create view vt2 as select * from t1 where i > 1; + +--view grant to user + +grant select on view vt1 to user user2; +grant insert on view vt1 to user user3; + +show grant user user2 on table vt1; +show grant user user3 on table vt1; + +set user.name=user2; +select * from vt1; + +set user.name=user1; + +grant all on view vt2 to user user2; +show grant user user2 on table vt2; + +revoke all on view vt2 from user user2; +show grant user user2 on table vt2; + +revoke select on view vt1 from user user2; +show grant user user2 on table vt1; +show grant user user3 on table vt1; Added: hive/trunk/ql/src/test/results/clientnegative/authorization_addpartition.q.out URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/results/clientnegative/authorization_addpartition.q.out?rev=1568352&view=auto ============================================================================== --- hive/trunk/ql/src/test/results/clientnegative/authorization_addpartition.q.out (added) +++ hive/trunk/ql/src/test/results/clientnegative/authorization_addpartition.q.out Fri Feb 14 16:57:53 2014 @@ -0,0 +1,8 @@ +PREHOOK: query: -- check add partition without insert privilege +create table tpart(i int, j int) partitioned by (k string) +PREHOOK: type: CREATETABLE +POSTHOOK: query: -- check add partition without insert privilege +create table tpart(i int, j int) partitioned by (k string) +POSTHOOK: type: CREATETABLE +POSTHOOK: Output: default@tpart +FAILED: HiveAccessControlException Permission denied. Principal [name=user1, type=USER] does not have following privileges on Object [type=TABLE_OR_VIEW, name=default.tpart] : [INSERT] Modified: hive/trunk/ql/src/test/results/clientnegative/authorization_create_role_no_admin.q.out URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/results/clientnegative/authorization_create_role_no_admin.q.out?rev=1568352&r1=1568351&r2=1568352&view=diff ============================================================================== --- hive/trunk/ql/src/test/results/clientnegative/authorization_create_role_no_admin.q.out (original) +++ hive/trunk/ql/src/test/results/clientnegative/authorization_create_role_no_admin.q.out Fri Feb 14 16:57:53 2014 @@ -1,4 +1,4 @@ PREHOOK: query: -- this test will fail because hive_test_user is not in admin role. create role r1 PREHOOK: type: CREATEROLE -FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. Current user : hive_test_user is not allowed to add roles. Only users belonging to admin role can add new roles. +FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. Current user : hive_test_user is not allowed to add roles. User has to belong to ADMIN role and have it as current role, for this action. Added: hive/trunk/ql/src/test/results/clientnegative/authorization_createview.q.out URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/results/clientnegative/authorization_createview.q.out?rev=1568352&view=auto ============================================================================== --- hive/trunk/ql/src/test/results/clientnegative/authorization_createview.q.out (added) +++ hive/trunk/ql/src/test/results/clientnegative/authorization_createview.q.out Fri Feb 14 16:57:53 2014 @@ -0,0 +1,8 @@ +PREHOOK: query: -- check create view without select privileges +create table t1(i int) +PREHOOK: type: CREATETABLE +POSTHOOK: query: -- check create view without select privileges +create table t1(i int) +POSTHOOK: type: CREATETABLE +POSTHOOK: Output: default@t1 +FAILED: HiveAccessControlException Permission denied. Principal [name=user1, type=USER] does not have following privileges on Object [type=TABLE_OR_VIEW, name=default.t1] : [SELECT with grant] Added: hive/trunk/ql/src/test/results/clientnegative/authorization_ctas.q.out URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/results/clientnegative/authorization_ctas.q.out?rev=1568352&view=auto ============================================================================== --- hive/trunk/ql/src/test/results/clientnegative/authorization_ctas.q.out (added) +++ hive/trunk/ql/src/test/results/clientnegative/authorization_ctas.q.out Fri Feb 14 16:57:53 2014 @@ -0,0 +1,8 @@ +PREHOOK: query: -- check query without select privilege fails +create table t1(i int) +PREHOOK: type: CREATETABLE +POSTHOOK: query: -- check query without select privilege fails +create table t1(i int) +POSTHOOK: type: CREATETABLE +POSTHOOK: Output: default@t1 +FAILED: HiveAccessControlException Permission denied. Principal [name=user1, type=USER] does not have following privileges on Object [type=TABLE_OR_VIEW, name=default.t1] : [SELECT] Modified: hive/trunk/ql/src/test/results/clientnegative/authorization_drop_role_no_admin.q.out URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/results/clientnegative/authorization_drop_role_no_admin.q.out?rev=1568352&r1=1568351&r2=1568352&view=diff ============================================================================== --- hive/trunk/ql/src/test/results/clientnegative/authorization_drop_role_no_admin.q.out (original) +++ hive/trunk/ql/src/test/results/clientnegative/authorization_drop_role_no_admin.q.out Fri Feb 14 16:57:53 2014 @@ -24,4 +24,4 @@ PUBLIC PREHOOK: query: drop role r1 PREHOOK: type: DROPROLE -FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. Current user : hive_admin_user is not allowed to drop role. Only users belonging to admin role can drop roles. +FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. Current user : hive_admin_user is not allowed to drop role. User has to belong to ADMIN role and have it as current role, for this action. Added: hive/trunk/ql/src/test/results/clientnegative/authorization_droppartition.q.out URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/results/clientnegative/authorization_droppartition.q.out?rev=1568352&view=auto ============================================================================== --- hive/trunk/ql/src/test/results/clientnegative/authorization_droppartition.q.out (added) +++ hive/trunk/ql/src/test/results/clientnegative/authorization_droppartition.q.out Fri Feb 14 16:57:53 2014 @@ -0,0 +1,15 @@ +PREHOOK: query: -- check drop partition without delete privilege +create table tpart(i int, j int) partitioned by (k string) +PREHOOK: type: CREATETABLE +POSTHOOK: query: -- check drop partition without delete privilege +create table tpart(i int, j int) partitioned by (k string) +POSTHOOK: type: CREATETABLE +POSTHOOK: Output: default@tpart +#### A masked pattern was here #### +PREHOOK: type: ALTERTABLE_ADDPARTS +PREHOOK: Input: default@tpart +#### A masked pattern was here #### +POSTHOOK: type: ALTERTABLE_ADDPARTS +POSTHOOK: Input: default@tpart +POSTHOOK: Output: default@tpart@k=abc +FAILED: HiveAccessControlException Permission denied. Principal [name=user1, type=USER] does not have following privileges on Object [type=TABLE_OR_VIEW, name=default.tpart] : [DELETE] Modified: hive/trunk/ql/src/test/results/clientnegative/authorization_grant_table_allpriv.q.out URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/results/clientnegative/authorization_grant_table_allpriv.q.out?rev=1568352&r1=1568351&r2=1568352&view=diff ============================================================================== --- hive/trunk/ql/src/test/results/clientnegative/authorization_grant_table_allpriv.q.out (original) +++ hive/trunk/ql/src/test/results/clientnegative/authorization_grant_table_allpriv.q.out Fri Feb 14 16:57:53 2014 @@ -19,4 +19,4 @@ PREHOOK: query: -- try grant all to user GRANT ALL ON table_priv_allf TO USER user3 PREHOOK: type: GRANT_PRIVILEGE PREHOOK: Output: default@table_priv_allf -FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. Permission denied. Principal [name=user2, type=USER] does not have following privileges on Hive Object [type=TABLE, dbname=default, table/viewname=table_priv_allf] : [SELECT with grant, UPDATE with grant, DELETE with grant] +FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. Permission denied. Principal [name=user2, type=USER] does not have following privileges on Object [type=TABLE_OR_VIEW, name=default.table_priv_allf] : [SELECT with grant, UPDATE with grant, DELETE with grant] Modified: hive/trunk/ql/src/test/results/clientnegative/authorization_grant_table_fail1.q.out URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/results/clientnegative/authorization_grant_table_fail1.q.out?rev=1568352&r1=1568351&r2=1568352&view=diff ============================================================================== --- hive/trunk/ql/src/test/results/clientnegative/authorization_grant_table_fail1.q.out (original) +++ hive/trunk/ql/src/test/results/clientnegative/authorization_grant_table_fail1.q.out Fri Feb 14 16:57:53 2014 @@ -11,4 +11,4 @@ PREHOOK: query: -- try grant insert to u GRANT INSERT ON table_priv_gfail1 TO USER user3 PREHOOK: type: GRANT_PRIVILEGE PREHOOK: Output: default@table_priv_gfail1 -FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. Permission denied. Principal [name=user2, type=USER] does not have following privileges on Hive Object [type=TABLE, dbname=default, table/viewname=table_priv_gfail1] : [INSERT with grant] +FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. Permission denied. Principal [name=user2, type=USER] does not have following privileges on Object [type=TABLE_OR_VIEW, name=default.table_priv_gfail1] : [INSERT with grant] Modified: hive/trunk/ql/src/test/results/clientnegative/authorization_grant_table_fail_nogrant.q.out URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/results/clientnegative/authorization_grant_table_fail_nogrant.q.out?rev=1568352&r1=1568351&r2=1568352&view=diff ============================================================================== --- hive/trunk/ql/src/test/results/clientnegative/authorization_grant_table_fail_nogrant.q.out (original) +++ hive/trunk/ql/src/test/results/clientnegative/authorization_grant_table_fail_nogrant.q.out Fri Feb 14 16:57:53 2014 @@ -19,4 +19,4 @@ PREHOOK: query: -- try grant insert to u GRANT INSERT ON table_priv_gfail1 TO USER user3 PREHOOK: type: GRANT_PRIVILEGE PREHOOK: Output: default@table_priv_gfail1 -FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. Permission denied. Principal [name=user2, type=USER] does not have following privileges on Hive Object [type=TABLE, dbname=default, table/viewname=table_priv_gfail1] : [INSERT with grant] +FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. Permission denied. Principal [name=user2, type=USER] does not have following privileges on Object [type=TABLE_OR_VIEW, name=default.table_priv_gfail1] : [INSERT with grant] Added: hive/trunk/ql/src/test/results/clientnegative/authorization_insert_noinspriv.q.out URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/results/clientnegative/authorization_insert_noinspriv.q.out?rev=1568352&view=auto ============================================================================== --- hive/trunk/ql/src/test/results/clientnegative/authorization_insert_noinspriv.q.out (added) +++ hive/trunk/ql/src/test/results/clientnegative/authorization_insert_noinspriv.q.out Fri Feb 14 16:57:53 2014 @@ -0,0 +1,13 @@ +PREHOOK: query: -- check insert without select priv +create table t1(i int) +PREHOOK: type: CREATETABLE +POSTHOOK: query: -- check insert without select priv +create table t1(i int) +POSTHOOK: type: CREATETABLE +POSTHOOK: Output: default@t1 +PREHOOK: query: create table user2tab(i int) +PREHOOK: type: CREATETABLE +POSTHOOK: query: create table user2tab(i int) +POSTHOOK: type: CREATETABLE +POSTHOOK: Output: default@user2tab +FAILED: HiveAccessControlException Permission denied. Principal [name=user1, type=USER] does not have following privileges on Object [type=TABLE_OR_VIEW, name=default.t1] : [INSERT, DELETE] Added: hive/trunk/ql/src/test/results/clientnegative/authorization_insert_noselectpriv.q.out URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/results/clientnegative/authorization_insert_noselectpriv.q.out?rev=1568352&view=auto ============================================================================== --- hive/trunk/ql/src/test/results/clientnegative/authorization_insert_noselectpriv.q.out (added) +++ hive/trunk/ql/src/test/results/clientnegative/authorization_insert_noselectpriv.q.out Fri Feb 14 16:57:53 2014 @@ -0,0 +1,13 @@ +PREHOOK: query: -- check insert without select priv +create table t1(i int) +PREHOOK: type: CREATETABLE +POSTHOOK: query: -- check insert without select priv +create table t1(i int) +POSTHOOK: type: CREATETABLE +POSTHOOK: Output: default@t1 +PREHOOK: query: create table t2(i int) +PREHOOK: type: CREATETABLE +POSTHOOK: query: create table t2(i int) +POSTHOOK: type: CREATETABLE +POSTHOOK: Output: default@t2 +FAILED: HiveAccessControlException Permission denied. Principal [name=user1, type=USER] does not have following privileges on Object [type=TABLE_OR_VIEW, name=default.t1] : [SELECT] Added: hive/trunk/ql/src/test/results/clientnegative/authorization_not_owner_alter_tab_rename.q.out URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/results/clientnegative/authorization_not_owner_alter_tab_rename.q.out?rev=1568352&view=auto ============================================================================== --- hive/trunk/ql/src/test/results/clientnegative/authorization_not_owner_alter_tab_rename.q.out (added) +++ hive/trunk/ql/src/test/results/clientnegative/authorization_not_owner_alter_tab_rename.q.out Fri Feb 14 16:57:53 2014 @@ -0,0 +1,8 @@ +PREHOOK: query: -- check if alter table fails as different user +create table t1(i int) +PREHOOK: type: CREATETABLE +POSTHOOK: query: -- check if alter table fails as different user +create table t1(i int) +POSTHOOK: type: CREATETABLE +POSTHOOK: Output: default@t1 +FAILED: HiveAccessControlException Permission denied. Principal [name=user2, type=USER] does not have following privileges on Object [type=TABLE_OR_VIEW, name=default.t1] : [OBJECT OWNERSHIP] Added: hive/trunk/ql/src/test/results/clientnegative/authorization_not_owner_alter_tab_serdeprop.q.out URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/results/clientnegative/authorization_not_owner_alter_tab_serdeprop.q.out?rev=1568352&view=auto ============================================================================== --- hive/trunk/ql/src/test/results/clientnegative/authorization_not_owner_alter_tab_serdeprop.q.out (added) +++ hive/trunk/ql/src/test/results/clientnegative/authorization_not_owner_alter_tab_serdeprop.q.out Fri Feb 14 16:57:53 2014 @@ -0,0 +1,8 @@ +PREHOOK: query: -- check if alter table fails as different user +create table t1(i int) +PREHOOK: type: CREATETABLE +POSTHOOK: query: -- check if alter table fails as different user +create table t1(i int) +POSTHOOK: type: CREATETABLE +POSTHOOK: Output: default@t1 +FAILED: HiveAccessControlException Permission denied. Principal [name=user2, type=USER] does not have following privileges on Object [type=TABLE_OR_VIEW, name=default.t1] : [OBJECT OWNERSHIP] Added: hive/trunk/ql/src/test/results/clientnegative/authorization_not_owner_drop_tab.q.out URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/results/clientnegative/authorization_not_owner_drop_tab.q.out?rev=1568352&view=auto ============================================================================== --- hive/trunk/ql/src/test/results/clientnegative/authorization_not_owner_drop_tab.q.out (added) +++ hive/trunk/ql/src/test/results/clientnegative/authorization_not_owner_drop_tab.q.out Fri Feb 14 16:57:53 2014 @@ -0,0 +1,8 @@ +PREHOOK: query: -- check if create table fails as different user +create table t1(i int) +PREHOOK: type: CREATETABLE +POSTHOOK: query: -- check if create table fails as different user +create table t1(i int) +POSTHOOK: type: CREATETABLE +POSTHOOK: Output: default@t1 +FAILED: HiveAccessControlException Permission denied. Principal [name=user2, type=USER] does not have following privileges on Object [type=TABLE_OR_VIEW, name=default.t1] : [OBJECT OWNERSHIP] Added: hive/trunk/ql/src/test/results/clientnegative/authorization_not_owner_drop_view.q.out URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/results/clientnegative/authorization_not_owner_drop_view.q.out?rev=1568352&view=auto ============================================================================== --- hive/trunk/ql/src/test/results/clientnegative/authorization_not_owner_drop_view.q.out (added) +++ hive/trunk/ql/src/test/results/clientnegative/authorization_not_owner_drop_view.q.out Fri Feb 14 16:57:53 2014 @@ -0,0 +1,15 @@ +PREHOOK: query: -- check if create table fails as different user +create table t1(i int) +PREHOOK: type: CREATETABLE +POSTHOOK: query: -- check if create table fails as different user +create table t1(i int) +POSTHOOK: type: CREATETABLE +POSTHOOK: Output: default@t1 +PREHOOK: query: create view vt1 as select * from t1 +PREHOOK: type: CREATEVIEW +PREHOOK: Input: default@t1 +POSTHOOK: query: create view vt1 as select * from t1 +POSTHOOK: type: CREATEVIEW +POSTHOOK: Input: default@t1 +POSTHOOK: Output: default@vt1 +FAILED: HiveAccessControlException Permission denied. Principal [name=user2, type=USER] does not have following privileges on Object [type=TABLE_OR_VIEW, name=default.vt1] : [OBJECT OWNERSHIP] Added: hive/trunk/ql/src/test/results/clientnegative/authorization_priv_current_role_neg.q.out URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/results/clientnegative/authorization_priv_current_role_neg.q.out?rev=1568352&view=auto ============================================================================== --- hive/trunk/ql/src/test/results/clientnegative/authorization_priv_current_role_neg.q.out (added) +++ hive/trunk/ql/src/test/results/clientnegative/authorization_priv_current_role_neg.q.out Fri Feb 14 16:57:53 2014 @@ -0,0 +1,77 @@ +PREHOOK: query: set role ADMIN +PREHOOK: type: SHOW_ROLES +POSTHOOK: query: set role ADMIN +POSTHOOK: type: SHOW_ROLES +PREHOOK: query: -- the test verifies that authorization is happening with privileges of the current roles + +-- grant privileges with grant option for table to role2 +create role role2 +PREHOOK: type: CREATEROLE +POSTHOOK: query: -- the test verifies that authorization is happening with privileges of the current roles + +-- grant privileges with grant option for table to role2 +create role role2 +POSTHOOK: type: CREATEROLE +PREHOOK: query: grant role role2 to user user2 +PREHOOK: type: GRANT_ROLE +POSTHOOK: query: grant role role2 to user user2 +POSTHOOK: type: GRANT_ROLE +PREHOOK: query: create table tpriv_current_role(i int) +PREHOOK: type: CREATETABLE +POSTHOOK: query: create table tpriv_current_role(i int) +POSTHOOK: type: CREATETABLE +POSTHOOK: Output: default@tpriv_current_role +PREHOOK: query: grant all on table tpriv_current_role to role role2 with grant option +PREHOOK: type: GRANT_PRIVILEGE +PREHOOK: Output: default@tpriv_current_role +POSTHOOK: query: grant all on table tpriv_current_role to role role2 with grant option +POSTHOOK: type: GRANT_PRIVILEGE +POSTHOOK: Output: default@tpriv_current_role +PREHOOK: query: -- switch to user2 + +-- by default all roles should be in current roles, and grant to new user should work +show current roles +PREHOOK: type: SHOW_ROLES +POSTHOOK: query: -- switch to user2 + +-- by default all roles should be in current roles, and grant to new user should work +show current roles +POSTHOOK: type: SHOW_ROLES +role2 +PUBLIC + +PREHOOK: query: grant all on table tpriv_current_role to user user3 +PREHOOK: type: GRANT_PRIVILEGE +PREHOOK: Output: default@tpriv_current_role +POSTHOOK: query: grant all on table tpriv_current_role to user user3 +POSTHOOK: type: GRANT_PRIVILEGE +POSTHOOK: Output: default@tpriv_current_role +PREHOOK: query: set role role2 +PREHOOK: type: SHOW_ROLES +POSTHOOK: query: set role role2 +POSTHOOK: type: SHOW_ROLES +PREHOOK: query: -- switch to role2, grant should work +grant all on table tpriv_current_role to user user4 +PREHOOK: type: GRANT_PRIVILEGE +PREHOOK: Output: default@tpriv_current_role +POSTHOOK: query: -- switch to role2, grant should work +grant all on table tpriv_current_role to user user4 +POSTHOOK: type: GRANT_PRIVILEGE +POSTHOOK: Output: default@tpriv_current_role +PREHOOK: query: show grant user user4 on table tpriv_current_role +PREHOOK: type: SHOW_GRANT +POSTHOOK: query: show grant user user4 on table tpriv_current_role +POSTHOOK: type: SHOW_GRANT +default tpriv_current_role user4 USER DELETE false -1 user2 +default tpriv_current_role user4 USER INSERT false -1 user2 +default tpriv_current_role user4 USER SELECT false -1 user2 +default tpriv_current_role user4 USER UPDATE false -1 user2 +PREHOOK: query: set role PUBLIC +PREHOOK: type: SHOW_ROLES +POSTHOOK: query: set role PUBLIC +POSTHOOK: type: SHOW_ROLES +PREHOOK: query: -- set role to public, should fail as role2 is not one of the current roles +grant all on table tpriv_current_role to user user5 +PREHOOK: type: GRANT_PRIVILEGE +PREHOOK: Output: default@tpriv_current_role +FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. Permission denied. Principal [name=user2, type=USER] does not have following privileges on Object [type=TABLE_OR_VIEW, name=default.tpriv_current_role] : [SELECT with grant, INSERT with grant, UPDATE with grant, DELETE with grant] Modified: hive/trunk/ql/src/test/results/clientnegative/authorization_revoke_table_fail1.q.out URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/results/clientnegative/authorization_revoke_table_fail1.q.out?rev=1568352&r1=1568351&r2=1568352&view=diff ============================================================================== --- hive/trunk/ql/src/test/results/clientnegative/authorization_revoke_table_fail1.q.out (original) +++ hive/trunk/ql/src/test/results/clientnegative/authorization_revoke_table_fail1.q.out Fri Feb 14 16:57:53 2014 @@ -19,5 +19,5 @@ PREHOOK: query: -- try dropping the priv REVOKE INSERT ON TABLE table_priv_rfail1 FROM USER user2 PREHOOK: type: REVOKE_PRIVILEGE PREHOOK: Output: default@table_priv_rfail1 -FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. Cannot find privilege Privilege [name=INSERT, columns=null] for Principal [name=user2, type=USER] on Hive Object [type=TABLE, dbname=default, table/viewname=table_priv_rfail1] granted by user3 +FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. Cannot find privilege Privilege [name=INSERT, columns=null] for Principal [name=user2, type=USER] on Object [type=TABLE_OR_VIEW, name=default.table_priv_rfail1] granted by user3 Modified: hive/trunk/ql/src/test/results/clientnegative/authorization_revoke_table_fail2.q.out URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/results/clientnegative/authorization_revoke_table_fail2.q.out?rev=1568352&r1=1568351&r2=1568352&view=diff ============================================================================== --- hive/trunk/ql/src/test/results/clientnegative/authorization_revoke_table_fail2.q.out (original) +++ hive/trunk/ql/src/test/results/clientnegative/authorization_revoke_table_fail2.q.out Fri Feb 14 16:57:53 2014 @@ -33,5 +33,5 @@ PREHOOK: query: -- try dropping the priv REVOKE INSERT ON TABLE table_priv_rfai2 FROM USER user2 PREHOOK: type: REVOKE_PRIVILEGE PREHOOK: Output: default@table_priv_rfai2 -FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. Cannot find privilege Privilege [name=INSERT, columns=null] for Principal [name=user2, type=USER] on Hive Object [type=TABLE, dbname=default, table/viewname=table_priv_rfai2] granted by user3 +FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. Cannot find privilege Privilege [name=INSERT, columns=null] for Principal [name=user2, type=USER] on Object [type=TABLE_OR_VIEW, name=default.table_priv_rfai2] granted by user3 Added: hive/trunk/ql/src/test/results/clientnegative/authorization_select.q.out URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/results/clientnegative/authorization_select.q.out?rev=1568352&view=auto ============================================================================== --- hive/trunk/ql/src/test/results/clientnegative/authorization_select.q.out (added) +++ hive/trunk/ql/src/test/results/clientnegative/authorization_select.q.out Fri Feb 14 16:57:53 2014 @@ -0,0 +1,8 @@ +PREHOOK: query: -- check query without select privilege fails +create table t1(i int) +PREHOOK: type: CREATETABLE +POSTHOOK: query: -- check query without select privilege fails +create table t1(i int) +POSTHOOK: type: CREATETABLE +POSTHOOK: Output: default@t1 +FAILED: HiveAccessControlException Permission denied. Principal [name=user1, type=USER] does not have following privileges on Object [type=TABLE_OR_VIEW, name=default.t1] : [SELECT] Added: hive/trunk/ql/src/test/results/clientnegative/authorization_select_view.q.out URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/results/clientnegative/authorization_select_view.q.out?rev=1568352&view=auto ============================================================================== --- hive/trunk/ql/src/test/results/clientnegative/authorization_select_view.q.out (added) +++ hive/trunk/ql/src/test/results/clientnegative/authorization_select_view.q.out Fri Feb 14 16:57:53 2014 @@ -0,0 +1,15 @@ +PREHOOK: query: -- check create view without select privileges +create table t1(i int) +PREHOOK: type: CREATETABLE +POSTHOOK: query: -- check create view without select privileges +create table t1(i int) +POSTHOOK: type: CREATETABLE +POSTHOOK: Output: default@t1 +PREHOOK: query: create view v1 as select * from t1 +PREHOOK: type: CREATEVIEW +PREHOOK: Input: default@t1 +POSTHOOK: query: create view v1 as select * from t1 +POSTHOOK: type: CREATEVIEW +POSTHOOK: Input: default@t1 +POSTHOOK: Output: default@v1 +FAILED: HiveAccessControlException Permission denied. Principal [name=user1, type=USER] does not have following privileges on Object [type=TABLE_OR_VIEW, name=default.v1] : [SELECT] Added: hive/trunk/ql/src/test/results/clientnegative/authorization_set_role_neg1.q.out URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/results/clientnegative/authorization_set_role_neg1.q.out?rev=1568352&view=auto ============================================================================== --- hive/trunk/ql/src/test/results/clientnegative/authorization_set_role_neg1.q.out (added) +++ hive/trunk/ql/src/test/results/clientnegative/authorization_set_role_neg1.q.out Fri Feb 14 16:57:53 2014 @@ -0,0 +1,5 @@ +PREHOOK: query: -- an error should be thrown if 'set role ' is done for role that does not exist + +set role nosuchroleexists +PREHOOK: type: SHOW_ROLES +FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. hive_test_user doesn't belong to role nosuchroleexists Added: hive/trunk/ql/src/test/results/clientnegative/authorization_set_role_neg2.q.out URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/results/clientnegative/authorization_set_role_neg2.q.out?rev=1568352&view=auto ============================================================================== --- hive/trunk/ql/src/test/results/clientnegative/authorization_set_role_neg2.q.out (added) +++ hive/trunk/ql/src/test/results/clientnegative/authorization_set_role_neg2.q.out Fri Feb 14 16:57:53 2014 @@ -0,0 +1,19 @@ +PREHOOK: query: set role ADMIN +PREHOOK: type: SHOW_ROLES +POSTHOOK: query: set role ADMIN +POSTHOOK: type: SHOW_ROLES +PREHOOK: query: -- an error should be thrown if 'set role ' is done for role that does not exist + +create role rset_role_neg +PREHOOK: type: CREATEROLE +POSTHOOK: query: -- an error should be thrown if 'set role ' is done for role that does not exist + +create role rset_role_neg +POSTHOOK: type: CREATEROLE +PREHOOK: query: grant role rset_role_neg to user user2 +PREHOOK: type: GRANT_ROLE +POSTHOOK: query: grant role rset_role_neg to user user2 +POSTHOOK: type: GRANT_ROLE +PREHOOK: query: set role rset_role_neg +PREHOOK: type: SHOW_ROLES +FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. hive_admin_user doesn't belong to role rset_role_neg Modified: hive/trunk/ql/src/test/results/clientnegative/authorization_show_roles_no_admin.q.out URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/results/clientnegative/authorization_show_roles_no_admin.q.out?rev=1568352&r1=1568351&r2=1568352&view=diff ============================================================================== --- hive/trunk/ql/src/test/results/clientnegative/authorization_show_roles_no_admin.q.out (original) +++ hive/trunk/ql/src/test/results/clientnegative/authorization_show_roles_no_admin.q.out Fri Feb 14 16:57:53 2014 @@ -1,4 +1,4 @@ PREHOOK: query: -- This test will fail because hive_test_user is not in admin role show roles PREHOOK: type: SHOW_ROLES -FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. Current user : hive_test_user is not allowed to list roles. Only users belonging to admin role can list roles. +FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. Current user : hive_test_user is not allowed to list roles. User has to belong to ADMIN role and have it as current role, for this action. Added: hive/trunk/ql/src/test/results/clientnegative/authorization_truncate.q.out URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/results/clientnegative/authorization_truncate.q.out?rev=1568352&view=auto ============================================================================== --- hive/trunk/ql/src/test/results/clientnegative/authorization_truncate.q.out (added) +++ hive/trunk/ql/src/test/results/clientnegative/authorization_truncate.q.out Fri Feb 14 16:57:53 2014 @@ -0,0 +1,8 @@ +PREHOOK: query: -- check add partition without insert privilege +create table t1(i int, j int) +PREHOOK: type: CREATETABLE +POSTHOOK: query: -- check add partition without insert privilege +create table t1(i int, j int) +POSTHOOK: type: CREATETABLE +POSTHOOK: Output: default@t1 +FAILED: HiveAccessControlException Permission denied. Principal [name=user1, type=USER] does not have following privileges on Object [type=TABLE_OR_VIEW, name=default.t1] : [OBJECT OWNERSHIP] Added: hive/trunk/ql/src/test/results/clientpositive/authorization_admin_almighty1.q.out URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/results/clientpositive/authorization_admin_almighty1.q.out?rev=1568352&view=auto ============================================================================== --- hive/trunk/ql/src/test/results/clientpositive/authorization_admin_almighty1.q.out (added) +++ hive/trunk/ql/src/test/results/clientpositive/authorization_admin_almighty1.q.out Fri Feb 14 16:57:53 2014 @@ -0,0 +1,55 @@ +PREHOOK: query: -- actions from admin should work as if admin has all privileges + +create table t1(i int) +PREHOOK: type: CREATETABLE +POSTHOOK: query: -- actions from admin should work as if admin has all privileges + +create table t1(i int) +POSTHOOK: type: CREATETABLE +POSTHOOK: Output: default@t1 +PREHOOK: query: show current roles +PREHOOK: type: SHOW_ROLES +POSTHOOK: query: show current roles +POSTHOOK: type: SHOW_ROLES +PUBLIC + +PREHOOK: query: set role ADMIN +PREHOOK: type: SHOW_ROLES +POSTHOOK: query: set role ADMIN +POSTHOOK: type: SHOW_ROLES +PREHOOK: query: show current roles +PREHOOK: type: SHOW_ROLES +POSTHOOK: query: show current roles +POSTHOOK: type: SHOW_ROLES +ADMIN + +PREHOOK: query: select * from t1 +PREHOOK: type: QUERY +PREHOOK: Input: default@t1 +#### A masked pattern was here #### +POSTHOOK: query: select * from t1 +POSTHOOK: type: QUERY +POSTHOOK: Input: default@t1 +#### A masked pattern was here #### +PREHOOK: query: grant all on table t1 to user user1 +PREHOOK: type: GRANT_PRIVILEGE +PREHOOK: Output: default@t1 +POSTHOOK: query: grant all on table t1 to user user1 +POSTHOOK: type: GRANT_PRIVILEGE +POSTHOOK: Output: default@t1 +PREHOOK: query: show grant user user1 on table t1 +PREHOOK: type: SHOW_GRANT +POSTHOOK: query: show grant user user1 on table t1 +POSTHOOK: type: SHOW_GRANT +default t1 user1 USER DELETE false -1 hive_admin_user +default t1 user1 USER INSERT false -1 hive_admin_user +default t1 user1 USER SELECT false -1 hive_admin_user +default t1 user1 USER UPDATE false -1 hive_admin_user +PREHOOK: query: drop table t1 +PREHOOK: type: DROPTABLE +PREHOOK: Input: default@t1 +PREHOOK: Output: default@t1 +POSTHOOK: query: drop table t1 +POSTHOOK: type: DROPTABLE +POSTHOOK: Input: default@t1 +POSTHOOK: Output: default@t1 Added: hive/trunk/ql/src/test/results/clientpositive/authorization_owner_actions.q.out URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/results/clientpositive/authorization_owner_actions.q.out?rev=1568352&view=auto ============================================================================== --- hive/trunk/ql/src/test/results/clientpositive/authorization_owner_actions.q.out (added) +++ hive/trunk/ql/src/test/results/clientpositive/authorization_owner_actions.q.out Fri Feb 14 16:57:53 2014 @@ -0,0 +1,52 @@ +#### A masked pattern was here #### +create table t1(i int) +PREHOOK: type: CREATETABLE +#### A masked pattern was here #### +create table t1(i int) +POSTHOOK: type: CREATETABLE +POSTHOOK: Output: default@t1 +PREHOOK: query: ALTER TABLE t1 SET SERDEPROPERTIES ('field.delim' = ',') +PREHOOK: type: ALTERTABLE_SERDEPROPERTIES +PREHOOK: Input: default@t1 +PREHOOK: Output: default@t1 +POSTHOOK: query: ALTER TABLE t1 SET SERDEPROPERTIES ('field.delim' = ',') +POSTHOOK: type: ALTERTABLE_SERDEPROPERTIES +POSTHOOK: Input: default@t1 +POSTHOOK: Output: default@t1 +PREHOOK: query: drop table t1 +PREHOOK: type: DROPTABLE +PREHOOK: Input: default@t1 +PREHOOK: Output: default@t1 +POSTHOOK: query: drop table t1 +POSTHOOK: type: DROPTABLE +POSTHOOK: Input: default@t1 +POSTHOOK: Output: default@t1 +PREHOOK: query: create table t1(i int) +PREHOOK: type: CREATETABLE +POSTHOOK: query: create table t1(i int) +POSTHOOK: type: CREATETABLE +POSTHOOK: Output: default@t1 +PREHOOK: query: create view vt1 as select * from t1 +PREHOOK: type: CREATEVIEW +PREHOOK: Input: default@t1 +POSTHOOK: query: create view vt1 as select * from t1 +POSTHOOK: type: CREATEVIEW +POSTHOOK: Input: default@t1 +POSTHOOK: Output: default@vt1 +PREHOOK: query: drop view vt1 +PREHOOK: type: DROPVIEW +PREHOOK: Input: default@vt1 +PREHOOK: Output: default@vt1 +POSTHOOK: query: drop view vt1 +POSTHOOK: type: DROPVIEW +POSTHOOK: Input: default@vt1 +POSTHOOK: Output: default@vt1 +PREHOOK: query: alter table t1 rename to tnew1 +PREHOOK: type: ALTERTABLE_RENAME +PREHOOK: Input: default@t1 +PREHOOK: Output: default@t1 +POSTHOOK: query: alter table t1 rename to tnew1 +POSTHOOK: type: ALTERTABLE_RENAME +POSTHOOK: Input: default@t1 +POSTHOOK: Output: default@t1 +POSTHOOK: Output: default@tnew1 Modified: hive/trunk/ql/src/test/results/clientpositive/authorization_revoke_table_priv.q.out URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/results/clientpositive/authorization_revoke_table_priv.q.out?rev=1568352&r1=1568351&r2=1568352&view=diff ============================================================================== --- hive/trunk/ql/src/test/results/clientpositive/authorization_revoke_table_priv.q.out (original) +++ hive/trunk/ql/src/test/results/clientpositive/authorization_revoke_table_priv.q.out Fri Feb 14 16:57:53 2014 @@ -1,10 +1,10 @@ PREHOOK: query: -- current user has been set (comment line before the set cmd is resulting in parse error!!) -CREATE TABLE table_priv_rev(i int) +CREATE TABLE table_priv_rev(i int) PREHOOK: type: CREATETABLE POSTHOOK: query: -- current user has been set (comment line before the set cmd is resulting in parse error!!) -CREATE TABLE table_priv_rev(i int) +CREATE TABLE table_priv_rev(i int) POSTHOOK: type: CREATETABLE POSTHOOK: Output: default@table_priv_rev PREHOOK: query: -- grant insert privilege to user2 @@ -148,3 +148,29 @@ PREHOOK: query: SHOW GRANT USER user2 ON PREHOOK: type: SHOW_GRANT POSTHOOK: query: SHOW GRANT USER user2 ON TABLE table_priv_rev POSTHOOK: type: SHOW_GRANT +PREHOOK: query: -- grant all followed by revoke all +GRANT ALL ON table_priv_rev TO USER user2 +PREHOOK: type: GRANT_PRIVILEGE +PREHOOK: Output: default@table_priv_rev +POSTHOOK: query: -- grant all followed by revoke all +GRANT ALL ON table_priv_rev TO USER user2 +POSTHOOK: type: GRANT_PRIVILEGE +POSTHOOK: Output: default@table_priv_rev +PREHOOK: query: SHOW GRANT USER user2 ON TABLE table_priv_rev +PREHOOK: type: SHOW_GRANT +POSTHOOK: query: SHOW GRANT USER user2 ON TABLE table_priv_rev +POSTHOOK: type: SHOW_GRANT +default table_priv_rev user2 USER DELETE false -1 user1 +default table_priv_rev user2 USER INSERT false -1 user1 +default table_priv_rev user2 USER SELECT false -1 user1 +default table_priv_rev user2 USER UPDATE false -1 user1 +PREHOOK: query: REVOKE ALL ON TABLE table_priv_rev FROM USER user2 +PREHOOK: type: REVOKE_PRIVILEGE +PREHOOK: Output: default@table_priv_rev +POSTHOOK: query: REVOKE ALL ON TABLE table_priv_rev FROM USER user2 +POSTHOOK: type: REVOKE_PRIVILEGE +POSTHOOK: Output: default@table_priv_rev +PREHOOK: query: SHOW GRANT USER user2 ON TABLE table_priv_rev +PREHOOK: type: SHOW_GRANT +POSTHOOK: query: SHOW GRANT USER user2 ON TABLE table_priv_rev +POSTHOOK: type: SHOW_GRANT Added: hive/trunk/ql/src/test/results/clientpositive/authorization_view_sqlstd.q.out URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/results/clientpositive/authorization_view_sqlstd.q.out?rev=1568352&view=auto ============================================================================== --- hive/trunk/ql/src/test/results/clientpositive/authorization_view_sqlstd.q.out (added) +++ hive/trunk/ql/src/test/results/clientpositive/authorization_view_sqlstd.q.out Fri Feb 14 16:57:53 2014 @@ -0,0 +1,98 @@ +PREHOOK: query: create table t1(i int, j int, k int) +PREHOOK: type: CREATETABLE +POSTHOOK: query: create table t1(i int, j int, k int) +POSTHOOK: type: CREATETABLE +POSTHOOK: Output: default@t1 +PREHOOK: query: -- protecting certain columns +create view vt1 as select i,k from t1 +PREHOOK: type: CREATEVIEW +PREHOOK: Input: default@t1 +POSTHOOK: query: -- protecting certain columns +create view vt1 as select i,k from t1 +POSTHOOK: type: CREATEVIEW +POSTHOOK: Input: default@t1 +POSTHOOK: Output: default@vt1 +PREHOOK: query: -- protecting certain rows +create view vt2 as select * from t1 where i > 1 +PREHOOK: type: CREATEVIEW +PREHOOK: Input: default@t1 +POSTHOOK: query: -- protecting certain rows +create view vt2 as select * from t1 where i > 1 +POSTHOOK: type: CREATEVIEW +POSTHOOK: Input: default@t1 +POSTHOOK: Output: default@vt2 +PREHOOK: query: --view grant to user + +grant select on view vt1 to user user2 +PREHOOK: type: GRANT_PRIVILEGE +PREHOOK: Output: default@vt1 +POSTHOOK: query: --view grant to user + +grant select on view vt1 to user user2 +POSTHOOK: type: GRANT_PRIVILEGE +POSTHOOK: Output: default@vt1 +PREHOOK: query: grant insert on view vt1 to user user3 +PREHOOK: type: GRANT_PRIVILEGE +PREHOOK: Output: default@vt1 +POSTHOOK: query: grant insert on view vt1 to user user3 +POSTHOOK: type: GRANT_PRIVILEGE +POSTHOOK: Output: default@vt1 +PREHOOK: query: show grant user user2 on table vt1 +PREHOOK: type: SHOW_GRANT +POSTHOOK: query: show grant user user2 on table vt1 +POSTHOOK: type: SHOW_GRANT +default vt1 user2 USER SELECT false -1 user1 +PREHOOK: query: show grant user user3 on table vt1 +PREHOOK: type: SHOW_GRANT +POSTHOOK: query: show grant user user3 on table vt1 +POSTHOOK: type: SHOW_GRANT +default vt1 user3 USER INSERT false -1 user1 +PREHOOK: query: select * from vt1 +PREHOOK: type: QUERY +PREHOOK: Input: default@t1 +PREHOOK: Input: default@vt1 +#### A masked pattern was here #### +POSTHOOK: query: select * from vt1 +POSTHOOK: type: QUERY +POSTHOOK: Input: default@t1 +POSTHOOK: Input: default@vt1 +#### A masked pattern was here #### +PREHOOK: query: grant all on view vt2 to user user2 +PREHOOK: type: GRANT_PRIVILEGE +PREHOOK: Output: default@vt2 +POSTHOOK: query: grant all on view vt2 to user user2 +POSTHOOK: type: GRANT_PRIVILEGE +POSTHOOK: Output: default@vt2 +PREHOOK: query: show grant user user2 on table vt2 +PREHOOK: type: SHOW_GRANT +POSTHOOK: query: show grant user user2 on table vt2 +POSTHOOK: type: SHOW_GRANT +default vt2 user2 USER DELETE false -1 user1 +default vt2 user2 USER INSERT false -1 user1 +default vt2 user2 USER SELECT false -1 user1 +default vt2 user2 USER UPDATE false -1 user1 +PREHOOK: query: revoke all on view vt2 from user user2 +PREHOOK: type: REVOKE_PRIVILEGE +PREHOOK: Output: default@vt2 +POSTHOOK: query: revoke all on view vt2 from user user2 +POSTHOOK: type: REVOKE_PRIVILEGE +POSTHOOK: Output: default@vt2 +PREHOOK: query: show grant user user2 on table vt2 +PREHOOK: type: SHOW_GRANT +POSTHOOK: query: show grant user user2 on table vt2 +POSTHOOK: type: SHOW_GRANT +PREHOOK: query: revoke select on view vt1 from user user2 +PREHOOK: type: REVOKE_PRIVILEGE +PREHOOK: Output: default@vt1 +POSTHOOK: query: revoke select on view vt1 from user user2 +POSTHOOK: type: REVOKE_PRIVILEGE +POSTHOOK: Output: default@vt1 +PREHOOK: query: show grant user user2 on table vt1 +PREHOOK: type: SHOW_GRANT +POSTHOOK: query: show grant user user2 on table vt1 +POSTHOOK: type: SHOW_GRANT +PREHOOK: query: show grant user user3 on table vt1 +PREHOOK: type: SHOW_GRANT +POSTHOOK: query: show grant user user3 on table vt1 +POSTHOOK: type: SHOW_GRANT +default vt1 user3 USER INSERT false -1 user1
