Author: thejas
Date: Fri Mar 14 04:53:07 2014
New Revision: 1577428
URL: http://svn.apache.org/r1577428
Log:
HIVE-6567 : "show grant ... on all" fails with NPE (Thejas Nair, reviewed by
Ashutosh Chauhan)
Modified:
hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/exec/DDLTask.java
hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/exec/Utilities.java
hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/AuthorizationUtils.java
hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HivePrivilegeInfo.java
hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLAuthorizationUtils.java
hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessController.java
hive/trunk/ql/src/test/queries/clientpositive/authorization_revoke_table_priv.q
hive/trunk/ql/src/test/queries/clientpositive/authorization_view_sqlstd.q
hive/trunk/ql/src/test/results/clientpositive/authorization_revoke_table_priv.q.out
hive/trunk/ql/src/test/results/clientpositive/authorization_view_sqlstd.q.out
Modified: hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/exec/DDLTask.java
URL:
http://svn.apache.org/viewvc/hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/exec/DDLTask.java?rev=1577428&r1=1577427&r2=1577428&view=diff
==============================================================================
--- hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/exec/DDLTask.java
(original)
+++ hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/exec/DDLTask.java Fri Mar
14 04:53:07 2014
@@ -657,7 +657,7 @@ public class DDLTask extends Task<DDLWor
PrivilegeGrantInfo grantInfo =
AuthorizationUtils.getThriftPrivilegeGrantInfo(priv,
privInfo.getGrantorPrincipal(),
- privInfo.isGrantOption());
+ privInfo.isGrantOption(), privInfo.getGrantTime());
//only grantInfo is used
HiveObjectPrivilege thriftObjectPriv = new HiveObjectPrivilege(new
HiveObjectRef(
@@ -674,18 +674,6 @@ public class DDLTask extends Task<DDLWor
return 0;
}
- private static void sortPrivileges(List<HiveObjectPrivilege> privileges) {
- Collections.sort(privileges, new Comparator<HiveObjectPrivilege>() {
-
- @Override
- public int compare(HiveObjectPrivilege one, HiveObjectPrivilege other) {
- return
one.getGrantInfo().getPrivilege().compareTo(other.getGrantInfo().getPrivilege());
- }
-
- });
-
- }
-
private int grantOrRevokePrivileges(List<PrincipalDesc> principals,
List<PrivilegeDesc> privileges, PrivilegeObjectDesc privSubjectDesc,
String grantor, PrincipalType grantorType, boolean grantOption, boolean
isGrant)
@@ -854,6 +842,7 @@ public class DDLTask extends Task<DDLWor
private HivePrivilegeObject getHivePrivilegeObject(PrivilegeObjectDesc
privSubjectDesc)
throws HiveException {
+
String [] dbTable = Utilities.getDbTableName(privSubjectDesc.getObject());
return new HivePrivilegeObject(getPrivObjectType(privSubjectDesc),
dbTable[0], dbTable[1]);
}
@@ -877,6 +866,9 @@ public class DDLTask extends Task<DDLWor
}
private HivePrivilegeObjectType getPrivObjectType(PrivilegeObjectDesc
privSubjectDesc) {
+ if (privSubjectDesc.getObject() == null) {
+ return null;
+ }
return privSubjectDesc.getTable() ? HivePrivilegeObjectType.TABLE_OR_VIEW
: HivePrivilegeObjectType.DATABASE;
}
Modified: hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/exec/Utilities.java
URL:
http://svn.apache.org/viewvc/hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/exec/Utilities.java?rev=1577428&r1=1577427&r2=1577428&view=diff
==============================================================================
--- hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/exec/Utilities.java
(original)
+++ hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/exec/Utilities.java Fri
Mar 14 04:53:07 2014
@@ -70,9 +70,6 @@ import java.util.Properties;
import java.util.Random;
import java.util.Set;
import java.util.UUID;
-import java.util.zip.Deflater;
-import java.util.zip.DeflaterOutputStream;
-import java.util.zip.InflaterInputStream;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.Future;
@@ -81,6 +78,9 @@ import java.util.concurrent.ThreadPoolEx
import java.util.concurrent.TimeUnit;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
+import java.util.zip.Deflater;
+import java.util.zip.DeflaterOutputStream;
+import java.util.zip.InflaterInputStream;
import org.antlr.runtime.CommonToken;
import org.apache.commons.codec.binary.Base64;
@@ -2029,6 +2029,9 @@ public final class Utilities {
* @throws HiveException
*/
public static String[] getDbTableName(String dbtable) throws HiveException{
+ if(dbtable == null){
+ return new String[2];
+ }
String[] names = dbtable.split("\\.");
switch (names.length) {
case 2:
Modified:
hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/AuthorizationUtils.java
URL:
http://svn.apache.org/viewvc/hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/AuthorizationUtils.java?rev=1577428&r1=1577427&r2=1577428&view=diff
==============================================================================
---
hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/AuthorizationUtils.java
(original)
+++
hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/AuthorizationUtils.java
Fri Mar 14 04:53:07 2014
@@ -108,12 +108,13 @@ public class AuthorizationUtils {
* @param privilege
* @param grantorPrincipal
* @param grantOption
+ * @param grantTime
* @return
* @throws HiveException
*/
public static PrivilegeGrantInfo getThriftPrivilegeGrantInfo(HivePrivilege
privilege,
- HivePrincipal grantorPrincipal, boolean grantOption) throws
HiveException {
- return new PrivilegeGrantInfo(privilege.getName(), 0 /* time gets added by
server */,
+ HivePrincipal grantorPrincipal, boolean grantOption, int grantTime)
throws HiveException {
+ return new PrivilegeGrantInfo(privilege.getName(), grantTime,
grantorPrincipal.getName(),
getThriftPrincipalType(grantorPrincipal.getType()), grantOption);
}
@@ -125,6 +126,9 @@ public class AuthorizationUtils {
* @throws HiveException
*/
public static HiveObjectType getThriftHiveObjType(HivePrivilegeObjectType
type) throws HiveException {
+ if (type == null) {
+ return null;
+ }
switch(type){
case DATABASE:
return HiveObjectType.DATABASE;
Modified:
hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HivePrivilegeInfo.java
URL:
http://svn.apache.org/viewvc/hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HivePrivilegeInfo.java?rev=1577428&r1=1577427&r2=1577428&view=diff
==============================================================================
---
hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HivePrivilegeInfo.java
(original)
+++
hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HivePrivilegeInfo.java
Fri Mar 14 04:53:07 2014
@@ -31,14 +31,17 @@ public class HivePrivilegeInfo{
private final HivePrivilegeObject object;
private final HivePrincipal grantorPrincipal;
private final boolean grantOption;
+ private final int grantTime;
public HivePrivilegeInfo(HivePrincipal principal, HivePrivilege privilege,
- HivePrivilegeObject object, HivePrincipal grantorPrincipal, boolean
grantOption){
+ HivePrivilegeObject object, HivePrincipal grantorPrincipal, boolean
grantOption,
+ int grantTime){
this.principal = principal;
this.privilege = privilege;
this.object = object;
this.grantorPrincipal = grantorPrincipal;
this.grantOption = grantOption;
+ this.grantTime = grantTime;
}
public HivePrincipal getPrincipal() {
@@ -61,5 +64,9 @@ public class HivePrivilegeInfo{
return grantOption;
}
+ public int getGrantTime() {
+ return grantTime;
+ }
+
}
\ No newline at end of file
Modified:
hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLAuthorizationUtils.java
URL:
http://svn.apache.org/viewvc/hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLAuthorizationUtils.java?rev=1577428&r1=1577427&r2=1577428&view=diff
==============================================================================
---
hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLAuthorizationUtils.java
(original)
+++
hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLAuthorizationUtils.java
Fri Mar 14 04:53:07 2014
@@ -35,7 +35,6 @@ import org.apache.hadoop.fs.Path;
import org.apache.hadoop.fs.permission.FsAction;
import org.apache.hadoop.hive.common.FileUtils;
import org.apache.hadoop.hive.conf.HiveConf;
-import org.apache.hadoop.hive.metastore.HiveMetaStore;
import org.apache.hadoop.hive.metastore.IMetaStoreClient;
import org.apache.hadoop.hive.metastore.MetaStoreUtils;
import org.apache.hadoop.hive.metastore.api.Database;
@@ -43,7 +42,6 @@ import org.apache.hadoop.hive.metastore.
import org.apache.hadoop.hive.metastore.api.HiveObjectRef;
import org.apache.hadoop.hive.metastore.api.HiveObjectType;
import org.apache.hadoop.hive.metastore.api.MetaException;
-import org.apache.hadoop.hive.metastore.api.NoSuchObjectException;
import org.apache.hadoop.hive.metastore.api.PrincipalPrivilegeSet;
import org.apache.hadoop.hive.metastore.api.PrivilegeBag;
import org.apache.hadoop.hive.metastore.api.PrivilegeGrantInfo;
@@ -91,7 +89,7 @@ public class SQLAuthorizationUtils {
+ " is not supported in sql standard authorization mode");
}
PrivilegeGrantInfo grantInfo = getThriftPrivilegeGrantInfo(privilege,
grantorPrincipal,
- grantOption);
+ grantOption, 0 /*real grant time added by metastore*/);
for (HivePrincipal principal : hivePrincipals) {
HiveObjectPrivilege objPriv = new HiveObjectPrivilege(privObj,
principal.getName(),
AuthorizationUtils.getThriftPrincipalType(principal.getType()),
grantInfo);
@@ -102,10 +100,11 @@ public class SQLAuthorizationUtils {
}
static PrivilegeGrantInfo getThriftPrivilegeGrantInfo(HivePrivilege
privilege,
- HivePrincipal grantorPrincipal, boolean grantOption) throws
HiveAuthzPluginException {
+ HivePrincipal grantorPrincipal, boolean grantOption, int grantTime)
+ throws HiveAuthzPluginException {
try {
return AuthorizationUtils.getThriftPrivilegeGrantInfo(privilege,
grantorPrincipal,
- grantOption);
+ grantOption, grantTime);
} catch (HiveException e) {
throw new HiveAuthzPluginException(e);
}
Modified:
hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessController.java
URL:
http://svn.apache.org/viewvc/hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessController.java?rev=1577428&r1=1577427&r2=1577428&view=diff
==============================================================================
---
hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessController.java
(original)
+++
hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessController.java
Fri Mar 14 04:53:07 2014
@@ -39,7 +39,6 @@ import org.apache.hadoop.hive.metastore.
import org.apache.hadoop.hive.metastore.api.PrivilegeGrantInfo;
import org.apache.hadoop.hive.metastore.api.Role;
import org.apache.hadoop.hive.metastore.api.RolePrincipalGrant;
-import org.apache.hadoop.hive.ql.metadata.HiveException;
import org.apache.hadoop.hive.ql.security.HiveAuthenticationProvider;
import org.apache.hadoop.hive.ql.security.authorization.AuthorizationUtils;
import
org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAccessControlException;
@@ -156,7 +155,7 @@ public class SQLStdHiveAccessController
metastoreClient, authenticator.getUserName(), getCurrentRoles(),
isUserAdmin());
// grant
- PrivilegeBag privBag = getThriftPrivilegesBag(hivePrincipals,
hivePrivileges, hivePrivObject,
+ PrivilegeBag privBag =
SQLAuthorizationUtils.getThriftPrivilegesBag(hivePrincipals, hivePrivileges,
hivePrivObject,
grantorPrincipal, grantOption);
try {
metastoreClient.grant_privileges(privBag);
@@ -188,49 +187,6 @@ public class SQLStdHiveAccessController
return new ArrayList<HivePrivilege>(hivePrivSet);
}
- /**
- * Create thrift privileges bag
- *
- * @param hivePrincipals
- * @param hivePrivileges
- * @param hivePrivObject
- * @param grantorPrincipal
- * @param grantOption
- * @return
- * @throws HiveAuthzPluginException
- */
- private PrivilegeBag getThriftPrivilegesBag(List<HivePrincipal>
hivePrincipals,
- List<HivePrivilege> hivePrivileges, HivePrivilegeObject hivePrivObject,
- HivePrincipal grantorPrincipal, boolean grantOption) throws
HiveAuthzPluginException {
-
- HiveObjectRef privObj =
SQLAuthorizationUtils.getThriftHiveObjectRef(hivePrivObject);
- PrivilegeBag privBag = new PrivilegeBag();
- for (HivePrivilege privilege : hivePrivileges) {
- if (privilege.getColumns() != null && privilege.getColumns().size() > 0)
{
- throw new HiveAuthzPluginException("Privileges on columns not
supported currently"
- + " in sql standard authorization mode");
- }
-
- PrivilegeGrantInfo grantInfo = getThriftPrivilegeGrantInfo(privilege,
grantorPrincipal,
- grantOption);
- for (HivePrincipal principal : hivePrincipals) {
- HiveObjectPrivilege objPriv = new HiveObjectPrivilege(privObj,
principal.getName(),
- AuthorizationUtils.getThriftPrincipalType(principal.getType()),
grantInfo);
- privBag.addToPrivileges(objPriv);
- }
- }
- return privBag;
- }
-
- private PrivilegeGrantInfo getThriftPrivilegeGrantInfo(HivePrivilege
privilege,
- HivePrincipal grantorPrincipal, boolean grantOption) throws
HiveAuthzPluginException {
- try {
- return AuthorizationUtils.getThriftPrivilegeGrantInfo(privilege,
grantorPrincipal,
- grantOption);
- } catch (HiveException e) {
- throw new HiveAuthzPluginException(e);
- }
- }
@Override
public void revokePrivileges(List<HivePrincipal> hivePrincipals,
@@ -430,7 +386,7 @@ public class SQLStdHiveAccessController
AuthorizationUtils.getHivePrincipalType(msGrantInfo.getGrantorType()));
HivePrivilegeInfo resPrivInfo = new HivePrivilegeInfo(resPrincipal,
resPrivilege,
- resPrivObj, grantorPrincipal, msGrantInfo.isGrantOption());
+ resPrivObj, grantorPrincipal, msGrantInfo.isGrantOption(),
msGrantInfo.getCreateTime());
resPrivInfos.add(resPrivInfo);
}
return resPrivInfos;
Modified:
hive/trunk/ql/src/test/queries/clientpositive/authorization_revoke_table_priv.q
URL:
http://svn.apache.org/viewvc/hive/trunk/ql/src/test/queries/clientpositive/authorization_revoke_table_priv.q?rev=1577428&r1=1577427&r2=1577428&view=diff
==============================================================================
---
hive/trunk/ql/src/test/queries/clientpositive/authorization_revoke_table_priv.q
(original)
+++
hive/trunk/ql/src/test/queries/clientpositive/authorization_revoke_table_priv.q
Fri Mar 14 04:53:07 2014
@@ -9,6 +9,7 @@ CREATE TABLE table_priv_rev(i int);
-- grant insert privilege to user2
GRANT INSERT ON table_priv_rev TO USER user2;
SHOW GRANT USER user2 ON TABLE table_priv_rev;
+SHOW GRANT USER user2 ON ALL;
-- revoke insert privilege from user2
REVOKE INSERT ON TABLE table_priv_rev FROM USER user2;
@@ -18,6 +19,7 @@ SHOW GRANT USER user2 ON TABLE table_pri
-- grant insert privilege to user2
GRANT INSERT ON table_priv_rev TO USER user2;
SHOW GRANT USER user2 ON TABLE table_priv_rev;
+SHOW GRANT USER user2 ON ALL;
-- grant select privilege to user2, with grant option
GRANT SELECT ON table_priv_rev TO USER user2 WITH GRANT OPTION;
@@ -31,10 +33,12 @@ SHOW GRANT USER user2 ON TABLE table_pri
GRANT DELETE ON table_priv_rev TO USER user2;
SHOW GRANT USER user2 ON TABLE table_priv_rev;
+
-- start revoking --
-- revoke update privilege from user2
REVOKE UPDATE ON TABLE table_priv_rev FROM USER user2;
SHOW GRANT USER user2 ON TABLE table_priv_rev;
+SHOW GRANT USER user2 ON ALL;
-- revoke DELETE privilege from user2
REVOKE DELETE ON TABLE table_priv_rev FROM USER user2;
@@ -47,7 +51,7 @@ SHOW GRANT USER user2 ON TABLE table_pri
-- revoke select privilege from user2
REVOKE SELECT ON TABLE table_priv_rev FROM USER user2;
SHOW GRANT USER user2 ON TABLE table_priv_rev;
-
+SHOW GRANT USER user2 ON ALL;
-- grant all followed by revoke all
GRANT ALL ON table_priv_rev TO USER user2;
Modified:
hive/trunk/ql/src/test/queries/clientpositive/authorization_view_sqlstd.q
URL:
http://svn.apache.org/viewvc/hive/trunk/ql/src/test/queries/clientpositive/authorization_view_sqlstd.q?rev=1577428&r1=1577427&r2=1577428&view=diff
==============================================================================
--- hive/trunk/ql/src/test/queries/clientpositive/authorization_view_sqlstd.q
(original)
+++ hive/trunk/ql/src/test/queries/clientpositive/authorization_view_sqlstd.q
Fri Mar 14 04:53:07 2014
@@ -12,6 +12,8 @@ create view vt1 as select i,k from t1;
-- protecting certain rows
create view vt2 as select * from t1 where i > 1;
+show grant user user1 on all;
+
--view grant to user
-- try with and without table keyword
@@ -21,6 +23,7 @@ grant insert on table vt1 to user user3;
show grant user user2 on table vt1;
show grant user user3 on table vt1;
+
set user.name=user2;
select * from vt1;
@@ -28,6 +31,7 @@ set user.name=user1;
grant all on table vt2 to user user2;
show grant user user2 on table vt2;
+show grant user user2 on all;
revoke all on vt2 from user user2;
show grant user user2 on table vt2;
@@ -35,6 +39,8 @@ show grant user user2 on table vt2;
revoke select on table vt1 from user user2;
show grant user user2 on table vt1;
+show grant user user2 on all;
+
-- grant privileges on roles for view, after next statement
show grant user user3 on table vt1;
Modified:
hive/trunk/ql/src/test/results/clientpositive/authorization_revoke_table_priv.q.out
URL:
http://svn.apache.org/viewvc/hive/trunk/ql/src/test/results/clientpositive/authorization_revoke_table_priv.q.out?rev=1577428&r1=1577427&r2=1577428&view=diff
==============================================================================
---
hive/trunk/ql/src/test/results/clientpositive/authorization_revoke_table_priv.q.out
(original)
+++
hive/trunk/ql/src/test/results/clientpositive/authorization_revoke_table_priv.q.out
Fri Mar 14 04:53:07 2014
@@ -22,6 +22,11 @@ PREHOOK: type: SHOW_GRANT
POSTHOOK: query: SHOW GRANT USER user2 ON TABLE table_priv_rev
POSTHOOK: type: SHOW_GRANT
default table_priv_rev user2 USER INSERT false
-1 user1
+PREHOOK: query: SHOW GRANT USER user2 ON ALL
+PREHOOK: type: SHOW_GRANT
+POSTHOOK: query: SHOW GRANT USER user2 ON ALL
+POSTHOOK: type: SHOW_GRANT
+default table_priv_rev user2 USER INSERT false
-1 user1
PREHOOK: query: -- revoke insert privilege from user2
REVOKE INSERT ON TABLE table_priv_rev FROM USER user2
PREHOOK: type: REVOKE_PRIVILEGE
@@ -49,6 +54,11 @@ PREHOOK: type: SHOW_GRANT
POSTHOOK: query: SHOW GRANT USER user2 ON TABLE table_priv_rev
POSTHOOK: type: SHOW_GRANT
default table_priv_rev user2 USER INSERT false
-1 user1
+PREHOOK: query: SHOW GRANT USER user2 ON ALL
+PREHOOK: type: SHOW_GRANT
+POSTHOOK: query: SHOW GRANT USER user2 ON ALL
+POSTHOOK: type: SHOW_GRANT
+default table_priv_rev user2 USER INSERT false
-1 user1
PREHOOK: query: -- grant select privilege to user2, with grant option
GRANT SELECT ON table_priv_rev TO USER user2 WITH GRANT OPTION
PREHOOK: type: GRANT_PRIVILEGE
@@ -111,6 +121,13 @@ POSTHOOK: type: SHOW_GRANT
default table_priv_rev user2 USER DELETE false
-1 user1
default table_priv_rev user2 USER INSERT false
-1 user1
default table_priv_rev user2 USER SELECT true
-1 user1
+PREHOOK: query: SHOW GRANT USER user2 ON ALL
+PREHOOK: type: SHOW_GRANT
+POSTHOOK: query: SHOW GRANT USER user2 ON ALL
+POSTHOOK: type: SHOW_GRANT
+default table_priv_rev user2 USER DELETE false
-1 user1
+default table_priv_rev user2 USER INSERT false
-1 user1
+default table_priv_rev user2 USER SELECT true
-1 user1
PREHOOK: query: -- revoke DELETE privilege from user2
REVOKE DELETE ON TABLE table_priv_rev FROM USER user2
PREHOOK: type: REVOKE_PRIVILEGE
@@ -150,6 +167,10 @@ PREHOOK: query: SHOW GRANT USER user2 ON
PREHOOK: type: SHOW_GRANT
POSTHOOK: query: SHOW GRANT USER user2 ON TABLE table_priv_rev
POSTHOOK: type: SHOW_GRANT
+PREHOOK: query: SHOW GRANT USER user2 ON ALL
+PREHOOK: type: SHOW_GRANT
+POSTHOOK: query: SHOW GRANT USER user2 ON ALL
+POSTHOOK: type: SHOW_GRANT
PREHOOK: query: -- grant all followed by revoke all
GRANT ALL ON table_priv_rev TO USER user2
PREHOOK: type: GRANT_PRIVILEGE
Modified:
hive/trunk/ql/src/test/results/clientpositive/authorization_view_sqlstd.q.out
URL:
http://svn.apache.org/viewvc/hive/trunk/ql/src/test/results/clientpositive/authorization_view_sqlstd.q.out?rev=1577428&r1=1577427&r2=1577428&view=diff
==============================================================================
---
hive/trunk/ql/src/test/results/clientpositive/authorization_view_sqlstd.q.out
(original)
+++
hive/trunk/ql/src/test/results/clientpositive/authorization_view_sqlstd.q.out
Fri Mar 14 04:53:07 2014
@@ -23,6 +23,22 @@ create view vt2 as select * from t1 wher
POSTHOOK: type: CREATEVIEW
POSTHOOK: Input: default@t1
POSTHOOK: Output: default@vt2
+PREHOOK: query: show grant user user1 on all
+PREHOOK: type: SHOW_GRANT
+POSTHOOK: query: show grant user user1 on all
+POSTHOOK: type: SHOW_GRANT
+default t1 user1 USER DELETE true -1
user1
+default t1 user1 USER INSERT true -1
user1
+default t1 user1 USER SELECT true -1
user1
+default t1 user1 USER UPDATE true -1
user1
+default vt1 user1 USER DELETE true -1
user1
+default vt1 user1 USER INSERT true -1
user1
+default vt1 user1 USER SELECT true -1
user1
+default vt1 user1 USER UPDATE true -1
user1
+default vt2 user1 USER DELETE true -1
user1
+default vt2 user1 USER INSERT true -1
user1
+default vt2 user1 USER SELECT true -1
user1
+default vt2 user1 USER UPDATE true -1
user1
PREHOOK: query: --view grant to user
-- try with and without table keyword
@@ -75,6 +91,15 @@ default vt2 user2 USER DELETE
false -1
default vt2 user2 USER INSERT false -1
user1
default vt2 user2 USER SELECT false -1
user1
default vt2 user2 USER UPDATE false -1
user1
+PREHOOK: query: show grant user user2 on all
+PREHOOK: type: SHOW_GRANT
+POSTHOOK: query: show grant user user2 on all
+POSTHOOK: type: SHOW_GRANT
+default vt1 user2 USER SELECT false -1
user1
+default vt2 user2 USER DELETE false -1
user1
+default vt2 user2 USER INSERT false -1
user1
+default vt2 user2 USER SELECT false -1
user1
+default vt2 user2 USER UPDATE false -1
user1
PREHOOK: query: revoke all on vt2 from user user2
PREHOOK: type: REVOKE_PRIVILEGE
PREHOOK: Output: default@vt2
@@ -95,6 +120,10 @@ PREHOOK: query: show grant user user2 on
PREHOOK: type: SHOW_GRANT
POSTHOOK: query: show grant user user2 on table vt1
POSTHOOK: type: SHOW_GRANT
+PREHOOK: query: show grant user user2 on all
+PREHOOK: type: SHOW_GRANT
+POSTHOOK: query: show grant user user2 on all
+POSTHOOK: type: SHOW_GRANT
PREHOOK: query: -- grant privileges on roles for view, after next statement
show grant user user3 on table vt1
PREHOOK: type: SHOW_GRANT
