Modified: hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLAuthorizationUtils.java URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLAuthorizationUtils.java?rev=1582911&r1=1582910&r2=1582911&view=diff ============================================================================== --- hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLAuthorizationUtils.java (original) +++ hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLAuthorizationUtils.java Fri Mar 28 23:33:07 2014 @@ -54,7 +54,6 @@ import org.apache.hadoop.hive.ql.securit import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilege; import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject; import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject.HivePrivilegeObjectType; -import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveRole; import org.apache.thrift.TException; public class SQLAuthorizationUtils { @@ -176,7 +175,7 @@ public class SQLAuthorizationUtils { * @throws HiveAuthzPluginException */ static RequiredPrivileges getPrivilegesFromMetaStore(IMetaStoreClient metastoreClient, - String userName, HivePrivilegeObject hivePrivObject, List<HiveRole> curRoles, boolean isAdmin) + String userName, HivePrivilegeObject hivePrivObject, List<String> curRoles, boolean isAdmin) throws HiveAuthzPluginException { // get privileges for this user and its role on this object @@ -215,7 +214,7 @@ public class SQLAuthorizationUtils { * @return */ private static void filterPrivsByCurrentRoles(PrincipalPrivilegeSet thriftPrivs, - List<HiveRole> curRoles) { + List<String> curRoles) { // check if there are privileges to be filtered if(thriftPrivs == null || thriftPrivs.getRolePrivileges() == null || thriftPrivs.getRolePrivilegesSize() == 0 @@ -226,11 +225,10 @@ public class SQLAuthorizationUtils { // add the privs for roles in curRoles to new role-to-priv map Map<String, List<PrivilegeGrantInfo>> filteredRolePrivs = new HashMap<String, List<PrivilegeGrantInfo>>(); - for(HiveRole role : curRoles){ - String roleName = role.getRoleName(); - List<PrivilegeGrantInfo> privs = thriftPrivs.getRolePrivileges().get(roleName); + for(String role : curRoles){ + List<PrivilegeGrantInfo> privs = thriftPrivs.getRolePrivileges().get(role); if(privs != null){ - filteredRolePrivs.put(roleName, privs); + filteredRolePrivs.put(role, privs); } } thriftPrivs.setRolePrivileges(filteredRolePrivs);
Modified: hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessController.java URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessController.java?rev=1582911&r1=1582910&r2=1582911&view=diff ============================================================================== --- hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessController.java (original) +++ hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessController.java Fri Mar 28 23:33:07 2014 @@ -30,6 +30,8 @@ import org.apache.hadoop.hive.metastore. import org.apache.hadoop.hive.metastore.IMetaStoreClient; import org.apache.hadoop.hive.metastore.api.GetPrincipalsInRoleRequest; import org.apache.hadoop.hive.metastore.api.GetPrincipalsInRoleResponse; +import org.apache.hadoop.hive.metastore.api.GetRoleGrantsForPrincipalRequest; +import org.apache.hadoop.hive.metastore.api.GetRoleGrantsForPrincipalResponse; import org.apache.hadoop.hive.metastore.api.HiveObjectPrivilege; import org.apache.hadoop.hive.metastore.api.HiveObjectRef; import org.apache.hadoop.hive.metastore.api.HiveObjectType; @@ -50,7 +52,6 @@ import org.apache.hadoop.hive.ql.securit import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeInfo; import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject; import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject.HivePrivilegeObjectType; -import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveRole; import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveRoleGrant; import org.apache.thrift.TException; @@ -69,8 +70,8 @@ public class SQLStdHiveAccessController private final HiveMetastoreClientFactory metastoreClientFactory; private final HiveAuthenticationProvider authenticator; private String currentUserName; - private List<HiveRole> currentRoles; - private HiveRole adminRole; + private List<HiveRoleGrant> currentRoles; + private HiveRoleGrant adminRole; private final String ADMIN_ONLY_MSG = "User has to belong to ADMIN role and " + "have it as current role, for this action."; private final String HAS_ADMIN_PRIV_MSG = "grantor need to have ADMIN privileges on role being" @@ -100,15 +101,13 @@ public class SQLStdHiveAccessController this.currentRoles = getRolesFromMS(); } - private List<HiveRole> getRolesFromMS() throws HiveAuthzPluginException { - List<Role> roles; + private List<HiveRoleGrant> getRolesFromMS() throws HiveAuthzPluginException { try { - roles = metastoreClientFactory.getHiveMetastoreClient().list_roles(currentUserName, - PrincipalType.USER); - Map<String, HiveRole> name2Rolesmap = new HashMap<String, HiveRole>(); + List<RolePrincipalGrant> roles = getRoleGrants(currentUserName, PrincipalType.USER); + Map<String, HiveRoleGrant> name2Rolesmap = new HashMap<String, HiveRoleGrant>(); getAllRoleAncestors(name2Rolesmap, roles); - List<HiveRole> currentRoles = new ArrayList<HiveRole>(roles.size()); - for (HiveRole role : name2Rolesmap.values()) { + List<HiveRoleGrant> currentRoles = new ArrayList<HiveRoleGrant>(roles.size()); + for (HiveRoleGrant role : name2Rolesmap.values()) { if (!HiveMetaStore.ADMIN.equalsIgnoreCase(role.getRoleName())) { currentRoles.add(role); } else { @@ -122,25 +121,33 @@ public class SQLStdHiveAccessController } } + private List<RolePrincipalGrant> getRoleGrants(String principalName, PrincipalType principalType) + throws MetaException, TException, HiveAuthzPluginException { + GetRoleGrantsForPrincipalRequest req = new GetRoleGrantsForPrincipalRequest(principalName, principalType); + IMetaStoreClient metastoreClient = metastoreClientFactory.getHiveMetastoreClient(); + GetRoleGrantsForPrincipalResponse resp = metastoreClient.get_role_grants_for_principal(req); + return resp.getPrincipalGrants(); + } + /** * Add role names of parentRoles and its parents to processedRolesMap * * @param processedRolesMap - * @param parentRoles + * @param roleGrants * @throws TException * @throws HiveAuthzPluginException * @throws MetaException */ - private void getAllRoleAncestors(Map<String, HiveRole> processedRolesMap, List<Role> parentRoles) + private void getAllRoleAncestors(Map<String, HiveRoleGrant> processedRolesMap, List<RolePrincipalGrant> roleGrants) throws MetaException, HiveAuthzPluginException, TException { - for (Role parentRole : parentRoles) { - String parentRoleName = parentRole.getRoleName(); + for (RolePrincipalGrant parentRoleGrant : roleGrants) { + String parentRoleName = parentRoleGrant.getRoleName(); if (processedRolesMap.get(parentRoleName) == null) { // unprocessed role: get its parents, add it to processed, and call this // function recursively - List<Role> nextParentRoles = metastoreClientFactory.getHiveMetastoreClient().list_roles( - parentRoleName, PrincipalType.ROLE); - processedRolesMap.put(parentRoleName, new HiveRole(parentRole)); + + List<RolePrincipalGrant> nextParentRoles = getRoleGrants(parentRoleName, PrincipalType.ROLE); + processedRolesMap.put(parentRoleName, new HiveRoleGrant(parentRoleGrant)); getAllRoleAncestors(processedRolesMap, nextParentRoles); } } @@ -157,7 +164,7 @@ public class SQLStdHiveAccessController IMetaStoreClient metastoreClient = metastoreClientFactory.getHiveMetastoreClient(); // authorize the grant GrantPrivAuthUtils.authorize(hivePrincipals, hivePrivileges, hivePrivObject, grantOption, - metastoreClient, authenticator.getUserName(), getCurrentRoles(), isUserAdmin()); + metastoreClient, authenticator.getUserName(), getCurrentRoleNames(), isUserAdmin()); // grant PrivilegeBag privBag = SQLAuthorizationUtils.getThriftPrivilegesBag(hivePrincipals, hivePrivileges, hivePrivObject, @@ -169,6 +176,15 @@ public class SQLStdHiveAccessController } } + @Override + public List<String> getCurrentRoleNames() throws HiveAuthzPluginException { + List<String> roleNames = new ArrayList<String>(); + for(HiveRoleGrant role : getCurrentRoles()){ + roleNames.add(role.getRoleName()); + } + return roleNames; + } + private List<HivePrivilege> expandAndValidatePrivileges(List<HivePrivilege> hivePrivileges) throws HiveAuthzPluginException { // expand ALL privileges, if any @@ -256,22 +272,6 @@ public class SQLStdHiveAccessController } @Override - public List<HiveRole> getRoles(HivePrincipal hivePrincipal) throws HiveAuthzPluginException { - try { - List<Role> roles = metastoreClientFactory.getHiveMetastoreClient().list_roles( - hivePrincipal.getName(), AuthorizationUtils.getThriftPrincipalType(hivePrincipal.getType())); - List<HiveRole> hiveRoles = new ArrayList<HiveRole>(roles.size()); - for (Role role : roles){ - hiveRoles.add(new HiveRole(role)); - } - return hiveRoles; - } catch (Exception e) { - throw new HiveAuthzPluginException("Error listing roles for user " - + hivePrincipal.getName() + ": " + e.getMessage(), e); - } - } - - @Override public void grantRole(List<HivePrincipal> hivePrincipals, List<String> roleNames, boolean grantOption, HivePrincipal grantorPrinc) throws HiveAuthzPluginException, HiveAccessControlException { @@ -342,7 +342,7 @@ public class SQLStdHiveAccessController @Override - public List<HiveRoleGrant> getPrincipalsInRoleInfo(String roleName) throws HiveAuthzPluginException, HiveAccessControlException { + public List<HiveRoleGrant> getPrincipalGrantInfoForRole(String roleName) throws HiveAuthzPluginException, HiveAccessControlException { // only user belonging to admin role can list role if (!isUserAdmin()) { throw new HiveAccessControlException("Current user : " + currentUserName+ " is not" @@ -437,7 +437,7 @@ public class SQLStdHiveAccessController currentRoles.addAll(getRolesFromMS()); return; } - for (HiveRole role : getRolesFromMS()) { + for (HiveRoleGrant role : getRolesFromMS()) { // set to one of the roles user belongs to. if (role.getRoleName().equalsIgnoreCase(roleName)) { currentRoles.clear(); @@ -456,8 +456,7 @@ public class SQLStdHiveAccessController +roleName); } - @Override - public List<HiveRole> getCurrentRoles() throws HiveAuthzPluginException { + public List<HiveRoleGrant> getCurrentRoles() throws HiveAuthzPluginException { initUserRoles(); return currentRoles; } @@ -467,13 +466,13 @@ public class SQLStdHiveAccessController * @throws HiveAuthzPluginException */ boolean isUserAdmin() throws HiveAuthzPluginException { - List<HiveRole> roles; + List<HiveRoleGrant> roles; try { roles = getCurrentRoles(); } catch (Exception e) { throw new HiveAuthzPluginException(e); } - for (HiveRole role : roles) { + for (HiveRoleGrant role : roles) { if (role.getRoleName().equalsIgnoreCase(HiveMetaStore.ADMIN)) { return true; } @@ -482,7 +481,7 @@ public class SQLStdHiveAccessController } private boolean doesUserHasAdminOption(List<String> roleNames) throws HiveAuthzPluginException { - List<HiveRole> currentRoles; + List<HiveRoleGrant> currentRoles; try { currentRoles = getCurrentRoles(); } catch (Exception e) { @@ -490,7 +489,7 @@ public class SQLStdHiveAccessController } for (String roleName : roleNames) { boolean roleFound = false; - for (HiveRole currentRole : currentRoles) { + for (HiveRoleGrant currentRole : currentRoles) { if (roleName.equalsIgnoreCase(currentRole.getRoleName())) { roleFound = true; if (!currentRole.isGrantOption()) { @@ -507,4 +506,21 @@ public class SQLStdHiveAccessController return true; } + @Override + public List<HiveRoleGrant> getRoleGrantInfoForPrincipal(HivePrincipal principal) + throws HiveAuthzPluginException, HiveAccessControlException { + try { + List<RolePrincipalGrant> roleGrants = getRoleGrants(principal.getName(), + AuthorizationUtils.getThriftPrincipalType(principal.getType())); + List<HiveRoleGrant> hiveRoleGrants = new ArrayList<HiveRoleGrant>(roleGrants.size()); + for (RolePrincipalGrant roleGrant : roleGrants) { + hiveRoleGrants.add(new HiveRoleGrant(roleGrant)); + } + return hiveRoleGrants; + } catch (Exception e) { + throw new HiveAuthzPluginException("Error getting role grant information for user " + + principal.getName() + ": " + e.getMessage(), e); + } + } + } Modified: hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAuthorizationValidator.java URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAuthorizationValidator.java?rev=1582911&r1=1582910&r2=1582911&view=diff ============================================================================== --- hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAuthorizationValidator.java (original) +++ hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAuthorizationValidator.java Fri Mar 28 23:33:07 2014 @@ -100,7 +100,7 @@ public class SQLStdHiveAuthorizationVali } else { // get the privileges that this user has on the object availPrivs = SQLAuthorizationUtils.getPrivilegesFromMetaStore(metastoreClient, userName, - hObj, privController.getCurrentRoles(), privController.isUserAdmin()); + hObj, privController.getCurrentRoleNames(), privController.isUserAdmin()); } Collection<SQLPrivTypeGrant> missingPriv = requiredInpPrivs.findMissingPrivs(availPrivs); SQLAuthorizationUtils.assertNoMissingPrivilege(missingPriv, new HivePrincipal(userName, Modified: hive/trunk/ql/src/test/queries/clientpositive/authorization_role_grant2.q URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/queries/clientpositive/authorization_role_grant2.q?rev=1582911&r1=1582910&r2=1582911&view=diff ============================================================================== --- hive/trunk/ql/src/test/queries/clientpositive/authorization_role_grant2.q (original) +++ hive/trunk/ql/src/test/queries/clientpositive/authorization_role_grant2.q Fri Mar 28 23:33:07 2014 @@ -2,6 +2,7 @@ set hive.users.in.admin.role=hive_admin_ set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory; set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; +set hive.cli.print.header=true; set user.name=hive_admin_user; set role ADMIN; Modified: hive/trunk/ql/src/test/results/clientnegative/authorization_fail_7.q.out URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/results/clientnegative/authorization_fail_7.q.out?rev=1582911&r1=1582910&r2=1582911&view=diff ============================================================================== --- hive/trunk/ql/src/test/results/clientnegative/authorization_fail_7.q.out (original) +++ hive/trunk/ql/src/test/results/clientnegative/authorization_fail_7.q.out Fri Mar 28 23:33:07 2014 @@ -27,8 +27,8 @@ PREHOOK: query: show role grant user hiv PREHOOK: type: SHOW_ROLE_GRANT POSTHOOK: query: show role grant user hive_test_user POSTHOOK: type: SHOW_ROLE_GRANT -PUBLIC -1 false -1 -hive_test_role_fail -1 hive_test_user USER false -1 hive_test_user +PUBLIC false -1 +hive_test_role_fail false -1 hive_test_user PREHOOK: query: show grant role hive_test_role_fail on table authorization_fail PREHOOK: type: SHOW_GRANT POSTHOOK: query: show grant role hive_test_role_fail on table authorization_fail Modified: hive/trunk/ql/src/test/results/clientnegative/authorization_role_grant.q.out URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/results/clientnegative/authorization_role_grant.q.out?rev=1582911&r1=1582910&r2=1582911&view=diff ============================================================================== --- hive/trunk/ql/src/test/results/clientnegative/authorization_role_grant.q.out (original) +++ hive/trunk/ql/src/test/results/clientnegative/authorization_role_grant.q.out Fri Mar 28 23:33:07 2014 @@ -32,9 +32,9 @@ PREHOOK: query: show role grant user use PREHOOK: type: SHOW_ROLE_GRANT POSTHOOK: query: show role grant user user2 POSTHOOK: type: SHOW_ROLE_GRANT -PUBLIC -1 false -1 -role_noadmin -1 user2 USER false -1 hive_admin_user -src_role_wadmin -1 user2 USER true -1 hive_admin_user +PUBLIC false -1 +role_noadmin false -1 hive_admin_user +src_role_wadmin true -1 hive_admin_user PREHOOK: query: set role role_noadmin PREHOOK: type: SHOW_ROLES POSTHOOK: query: set role role_noadmin Modified: hive/trunk/ql/src/test/results/clientpositive/authorization_1.q.out URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/results/clientpositive/authorization_1.q.out?rev=1582911&r1=1582910&r2=1582911&view=diff ============================================================================== --- hive/trunk/ql/src/test/results/clientpositive/authorization_1.q.out (original) +++ hive/trunk/ql/src/test/results/clientpositive/authorization_1.q.out Fri Mar 28 23:33:07 2014 @@ -267,8 +267,8 @@ PREHOOK: query: show role grant user hiv PREHOOK: type: SHOW_ROLE_GRANT POSTHOOK: query: show role grant user hive_test_user POSTHOOK: type: SHOW_ROLE_GRANT -src_role -1 hive_test_user USER false -1 hive_test_user -PUBLIC -1 false -1 +PUBLIC false -1 +src_role false -1 hive_test_user PREHOOK: query: --column grant to role grant select(key) on table src_autho_test to role src_role Modified: hive/trunk/ql/src/test/results/clientpositive/authorization_1_sql_std.q.out URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/results/clientpositive/authorization_1_sql_std.q.out?rev=1582911&r1=1582910&r2=1582911&view=diff ============================================================================== --- hive/trunk/ql/src/test/results/clientpositive/authorization_1_sql_std.q.out (original) +++ hive/trunk/ql/src/test/results/clientpositive/authorization_1_sql_std.q.out Fri Mar 28 23:33:07 2014 @@ -48,8 +48,8 @@ PREHOOK: query: show role grant user use PREHOOK: type: SHOW_ROLE_GRANT POSTHOOK: query: show role grant user user_sauth POSTHOOK: type: SHOW_ROLE_GRANT -PUBLIC -1 false -1 -src_role -1 user_sauth USER false -1 hive_admin_user +PUBLIC false -1 +src_role false -1 hive_admin_user PREHOOK: query: --table grant to role grant select on table src_autho_test to role src_role Modified: hive/trunk/ql/src/test/results/clientpositive/authorization_5.q.out URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/results/clientpositive/authorization_5.q.out?rev=1582911&r1=1582910&r2=1582911&view=diff ============================================================================== --- hive/trunk/ql/src/test/results/clientpositive/authorization_5.q.out (original) +++ hive/trunk/ql/src/test/results/clientpositive/authorization_5.q.out Fri Mar 28 23:33:07 2014 @@ -38,8 +38,8 @@ PREHOOK: query: SHOW ROLE GRANT USER hiv PREHOOK: type: SHOW_ROLE_GRANT POSTHOOK: query: SHOW ROLE GRANT USER hive_test_user POSTHOOK: type: SHOW_ROLE_GRANT -db_test_role -1 hive_test_user USER false -1 hive_test_user -PUBLIC -1 false -1 +PUBLIC false -1 +db_test_role false -1 hive_test_user PREHOOK: query: GRANT drop ON DATABASE test_db TO ROLE db_test_role PREHOOK: type: GRANT_PRIVILEGE POSTHOOK: query: GRANT drop ON DATABASE test_db TO ROLE db_test_role Modified: hive/trunk/ql/src/test/results/clientpositive/authorization_role_grant1.q.out URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/results/clientpositive/authorization_role_grant1.q.out?rev=1582911&r1=1582910&r2=1582911&view=diff ============================================================================== --- hive/trunk/ql/src/test/results/clientpositive/authorization_role_grant1.q.out (original) +++ hive/trunk/ql/src/test/results/clientpositive/authorization_role_grant1.q.out Fri Mar 28 23:33:07 2014 @@ -18,8 +18,8 @@ PREHOOK: query: show role grant user use PREHOOK: type: SHOW_ROLE_GRANT POSTHOOK: query: show role grant user user2 POSTHOOK: type: SHOW_ROLE_GRANT -PUBLIC -1 false -1 -src_role2 -1 user2 USER false -1 hive_admin_user +PUBLIC false -1 +src_role2 false -1 hive_admin_user PREHOOK: query: show roles PREHOOK: type: SHOW_ROLES POSTHOOK: query: show roles @@ -38,7 +38,7 @@ PREHOOK: query: show role grant user use PREHOOK: type: SHOW_ROLE_GRANT POSTHOOK: query: show role grant user user2 POSTHOOK: type: SHOW_ROLE_GRANT -PUBLIC -1 false -1 +PUBLIC false -1 PREHOOK: query: show roles PREHOOK: type: SHOW_ROLES POSTHOOK: query: show roles @@ -67,8 +67,8 @@ PREHOOK: query: show role grant user use PREHOOK: type: SHOW_ROLE_GRANT POSTHOOK: query: show role grant user user2 POSTHOOK: type: SHOW_ROLE_GRANT -PUBLIC -1 false -1 -src_role_wadmin -1 user2 USER true -1 hive_admin_user +PUBLIC false -1 +src_role_wadmin true -1 hive_admin_user PREHOOK: query: -- revoke role without role keyword revoke src_role_wadmin from user user2 PREHOOK: type: REVOKE_ROLE @@ -79,7 +79,7 @@ PREHOOK: query: show role grant user use PREHOOK: type: SHOW_ROLE_GRANT POSTHOOK: query: show role grant user user2 POSTHOOK: type: SHOW_ROLE_GRANT -PUBLIC -1 false -1 +PUBLIC false -1 PREHOOK: query: -- drop roles show roles PREHOOK: type: SHOW_ROLES Modified: hive/trunk/ql/src/test/results/clientpositive/authorization_role_grant2.q.out URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/results/clientpositive/authorization_role_grant2.q.out?rev=1582911&r1=1582910&r2=1582911&view=diff ============================================================================== --- hive/trunk/ql/src/test/results/clientpositive/authorization_role_grant2.q.out (original) +++ hive/trunk/ql/src/test/results/clientpositive/authorization_role_grant2.q.out Fri Mar 28 23:33:07 2014 @@ -22,12 +22,14 @@ PREHOOK: query: show role grant user use PREHOOK: type: SHOW_ROLE_GRANT POSTHOOK: query: show role grant user user2 POSTHOOK: type: SHOW_ROLE_GRANT -PUBLIC -1 false -1 -src_role_wadmin -1 user2 USER true -1 hive_admin_user +role grant_option grant_time grantor +PUBLIC false -1 +src_role_wadmin true -1 hive_admin_user PREHOOK: query: show principals src_role_wadmin PREHOOK: type: SHOW_ROLE_PRINCIPALS POSTHOOK: query: show principals src_role_wadmin POSTHOOK: type: SHOW_ROLE_PRINCIPALS +principal_name principal_type grant_option grantor grantor_type grant_time user2 USER true hive_admin_user USER -1 PREHOOK: query: set role src_role_wadmin PREHOOK: type: SHOW_ROLES @@ -41,8 +43,9 @@ PREHOOK: query: show role grant user use PREHOOK: type: SHOW_ROLE_GRANT POSTHOOK: query: show role grant user user3 POSTHOOK: type: SHOW_ROLE_GRANT -PUBLIC -1 false -1 -src_role_wadmin -1 user3 USER false -1 user2 +role grant_option grant_time grantor +PUBLIC false -1 +src_role_wadmin false -1 user2 PREHOOK: query: set role ADMIN PREHOOK: type: SHOW_ROLES POSTHOOK: query: set role ADMIN @@ -51,6 +54,7 @@ PREHOOK: query: show principals src_role PREHOOK: type: SHOW_ROLE_PRINCIPALS POSTHOOK: query: show principals src_role_wadmin POSTHOOK: type: SHOW_ROLE_PRINCIPALS +principal_name principal_type grant_option grantor grantor_type grant_time user2 USER true hive_admin_user USER -1 user3 USER false user2 USER -1 PREHOOK: query: set role src_role_wadmin @@ -65,7 +69,8 @@ PREHOOK: query: show role grant user use PREHOOK: type: SHOW_ROLE_GRANT POSTHOOK: query: show role grant user user3 POSTHOOK: type: SHOW_ROLE_GRANT -PUBLIC -1 false -1 +role grant_option grant_time grantor +PUBLIC false -1 PREHOOK: query: set role ADMIN PREHOOK: type: SHOW_ROLES POSTHOOK: query: set role ADMIN @@ -74,4 +79,5 @@ PREHOOK: query: show principals src_role PREHOOK: type: SHOW_ROLE_PRINCIPALS POSTHOOK: query: show principals src_role_wadmin POSTHOOK: type: SHOW_ROLE_PRINCIPALS +principal_name principal_type grant_option grantor grantor_type grant_time user2 USER true hive_admin_user USER -1 Modified: hive/trunk/ql/src/test/results/clientpositive/authorization_view_sqlstd.q.out URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/results/clientpositive/authorization_view_sqlstd.q.out?rev=1582911&r1=1582910&r2=1582911&view=diff ============================================================================== --- hive/trunk/ql/src/test/results/clientpositive/authorization_view_sqlstd.q.out (original) +++ hive/trunk/ql/src/test/results/clientpositive/authorization_view_sqlstd.q.out Fri Mar 28 23:33:07 2014 @@ -173,8 +173,8 @@ PREHOOK: query: show role grant user use PREHOOK: type: SHOW_ROLE_GRANT POSTHOOK: query: show role grant user user4 POSTHOOK: type: SHOW_ROLE_GRANT -PUBLIC -1 false -1 -role_v -1 user4 USER false -1 hive_admin_user +PUBLIC false -1 +role_v false -1 hive_admin_user PREHOOK: query: show roles PREHOOK: type: SHOW_ROLES POSTHOOK: query: show roles
