authorization_grant_table_dup.q.out

thejas Wed, 02 Apr 2014 11:20:18 -0700

Author: thejas
Date: Wed Apr  2 18:19:01 2014
New Revision: 1584118

URL: http://svn.apache.org/r1584118
Log:
HIVE-6804 : sql std auth - granting existing table privilege to owner should 
result in error (Thejas Nair, reviewed by Ashutosh Chauhan)


Added:
    
hive/trunk/ql/src/test/queries/clientnegative/authorization_grant_table_dup.q
    
hive/trunk/ql/src/test/results/clientnegative/authorization_grant_table_dup.q.out
Modified:
    hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/session/SessionState.java

Modified: 
hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/session/SessionState.java
URL: 
http://svn.apache.org/viewvc/hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/session/SessionState.java?rev=1584118&r1=1584117&r2=1584118&view=diff
==============================================================================
--- hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/session/SessionState.java 
(original)
+++ hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/session/SessionState.java 
Wed Apr  2 18:19:01 2014
@@ -387,7 +387,7 @@ public class SessionState {
         authorizerV2 = authorizerFactory.createHiveAuthorizer(new 
HiveMetastoreClientFactoryImpl(),
             getConf(), authenticator);
         // grant all privileges for table to its owner
-        getConf().setVar(ConfVars.HIVE_AUTHORIZATION_TABLE_OWNER_GRANTS, 
"insert,select,update,delete");
+        getConf().setVar(ConfVars.HIVE_AUTHORIZATION_TABLE_OWNER_GRANTS, 
"INSERT,SELECT,UPDATE,DELETE");
         String hooks = getConf().getVar(ConfVars.PREEXECHOOKS).trim();
         if (hooks.isEmpty()) {
           hooks = DisallowTransformHook.class.getName();

Added: 
hive/trunk/ql/src/test/queries/clientnegative/authorization_grant_table_dup.q
URL: 
http://svn.apache.org/viewvc/hive/trunk/ql/src/test/queries/clientnegative/authorization_grant_table_dup.q?rev=1584118&view=auto
==============================================================================
--- 
hive/trunk/ql/src/test/queries/clientnegative/authorization_grant_table_dup.q 
(added)
+++ 
hive/trunk/ql/src/test/queries/clientnegative/authorization_grant_table_dup.q 
Wed Apr  2 18:19:01 2014
@@ -0,0 +1,16 @@
+set 
hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory;
+set 
hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator;
+
+set user.name=user1;
+-- current user has been set (comment line before the set cmd is resulting in 
parse error!!)
+
+CREATE TABLE  tauth_gdup(i int);
+
+-- It should be possible to revert owners privileges
+revoke SELECT ON tauth_gdup from user user1;
+
+show grant user user1 on table tauth_gdup;
+
+-- Owner already has all privileges granted, another grant would become 
duplicate
+-- and result in error
+GRANT INSERT ON tauth_gdup TO USER user1;

Added: 
hive/trunk/ql/src/test/results/clientnegative/authorization_grant_table_dup.q.out
URL: 
http://svn.apache.org/viewvc/hive/trunk/ql/src/test/results/clientnegative/authorization_grant_table_dup.q.out?rev=1584118&view=auto
==============================================================================
--- 
hive/trunk/ql/src/test/results/clientnegative/authorization_grant_table_dup.q.out
 (added)
+++ 
hive/trunk/ql/src/test/results/clientnegative/authorization_grant_table_dup.q.out
 Wed Apr  2 18:19:01 2014
@@ -0,0 +1,32 @@
+PREHOOK: query: -- current user has been set (comment line before the set cmd 
is resulting in parse error!!)
+
+CREATE TABLE  tauth_gdup(i int)
+PREHOOK: type: CREATETABLE
+PREHOOK: Output: database:default
+POSTHOOK: query: -- current user has been set (comment line before the set cmd 
is resulting in parse error!!)
+
+CREATE TABLE  tauth_gdup(i int)
+POSTHOOK: type: CREATETABLE
+POSTHOOK: Output: database:default
+POSTHOOK: Output: default@tauth_gdup
+#### A masked pattern was here ####
+revoke SELECT ON tauth_gdup from user user1
+PREHOOK: type: REVOKE_PRIVILEGE
+PREHOOK: Output: default@tauth_gdup
+#### A masked pattern was here ####
+revoke SELECT ON tauth_gdup from user user1
+POSTHOOK: type: REVOKE_PRIVILEGE
+POSTHOOK: Output: default@tauth_gdup
+PREHOOK: query: show grant user user1 on table tauth_gdup
+PREHOOK: type: SHOW_GRANT
+POSTHOOK: query: show grant user user1 on table tauth_gdup
+POSTHOOK: type: SHOW_GRANT
+default        tauth_gdup                      user1   USER    DELETE  true    
-1      user1
+default        tauth_gdup                      user1   USER    INSERT  true    
-1      user1
+default        tauth_gdup                      user1   USER    UPDATE  true    
-1      user1
+#### A masked pattern was here ####
+-- and result in error
+GRANT INSERT ON tauth_gdup TO USER user1
+PREHOOK: type: GRANT_PRIVILEGE
+PREHOOK: Output: default@tauth_gdup
+FAILED: Execution Error, return code 1 from 
org.apache.hadoop.hive.ql.exec.DDLTask. Error granting privileges: 
InvalidObjectException(message:INSERT is already granted on table 
[default,tauth_gdup] by user1)

svn commit: r1584118 - in /hive/trunk/ql/src: java/org/apache/hadoop/hive/ql/session/SessionState.java test/queries/clientnegative/authorization_grant_table_dup.q test/results/clientnegative/authorization_grant_table_dup.q.out

Reply via email to