Repository: hive Updated Branches: refs/heads/master 948684a7e -> 26be99d52
HIVE-18514 : add service output for ranger to WM DDL operations (Sergey Shelukhin, reviewed by Thejas M Nair) Project: http://git-wip-us.apache.org/repos/asf/hive/repo Commit: http://git-wip-us.apache.org/repos/asf/hive/commit/26be99d5 Tree: http://git-wip-us.apache.org/repos/asf/hive/tree/26be99d5 Diff: http://git-wip-us.apache.org/repos/asf/hive/diff/26be99d5 Branch: refs/heads/master Commit: 26be99d529569606c5fde52e0d3b0542172464a5 Parents: 948684a Author: sergey <[email protected]> Authored: Thu Jan 25 18:45:50 2018 -0800 Committer: sergey <[email protected]> Committed: Thu Jan 25 18:45:50 2018 -0800 ---------------------------------------------------------------------- .../hive/ql/parse/DDLSemanticAnalyzer.java | 25 +- .../queries/clientpositive/authorization_wm.q | 78 ++++ .../clientpositive/authorization_wm.q.out | 441 +++++++++++++++++++ 3 files changed, 541 insertions(+), 3 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/hive/blob/26be99d5/ql/src/java/org/apache/hadoop/hive/ql/parse/DDLSemanticAnalyzer.java ---------------------------------------------------------------------- diff --git a/ql/src/java/org/apache/hadoop/hive/ql/parse/DDLSemanticAnalyzer.java b/ql/src/java/org/apache/hadoop/hive/ql/parse/DDLSemanticAnalyzer.java index f8126f1..d159e4b 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/parse/DDLSemanticAnalyzer.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/parse/DDLSemanticAnalyzer.java @@ -926,6 +926,7 @@ public class DDLSemanticAnalyzer extends BaseSemanticAnalyzer { } CreateResourcePlanDesc desc = new CreateResourcePlanDesc( resourcePlanName, queryParallelism, likeName); + addServiceOutput(); rootTasks.add(TaskFactory.get(new DDLWork(getInputs(), getOutputs(), desc), conf)); } @@ -938,6 +939,7 @@ public class DDLSemanticAnalyzer extends BaseSemanticAnalyzer { throw new SemanticException("Invalid syntax for SHOW RESOURCE PLAN statement"); } ShowResourcePlanDesc showResourcePlanDesc = new ShowResourcePlanDesc(rpName, ctx.getResFile()); + addServiceOutput(); rootTasks.add(TaskFactory.get( new DDLWork(getInputs(), getOutputs(), showResourcePlanDesc), conf)); setFetchTask(createFetchTask(showResourcePlanDesc.getSchema(rpName))); @@ -957,6 +959,7 @@ public class DDLSemanticAnalyzer extends BaseSemanticAnalyzer { anyRp.setStatus(WMResourcePlanStatus.ENABLED); AlterResourcePlanDesc desc = new AlterResourcePlanDesc( anyRp, null, false, false, true, false); + addServiceOutput(); rootTasks.add(TaskFactory.get(new DDLWork(getInputs(), getOutputs(), desc), conf)); return; default: // Continue to handle changes to a specific plan. @@ -1053,6 +1056,7 @@ public class DDLSemanticAnalyzer extends BaseSemanticAnalyzer { ctx.setResFile(ctx.getLocalTmpPath()); desc.setResFile(ctx.getResFile().toString()); } + addServiceOutput(); rootTasks.add(TaskFactory.get(new DDLWork(getInputs(), getOutputs(), desc), conf)); if (validate) { setFetchTask(createFetchTask(AlterResourcePlanDesc.getSchema())); @@ -1065,6 +1069,7 @@ public class DDLSemanticAnalyzer extends BaseSemanticAnalyzer { } String rpName = unescapeIdentifier(ast.getChild(0).getText()); DropResourcePlanDesc desc = new DropResourcePlanDesc(rpName); + addServiceOutput(); rootTasks.add(TaskFactory.get( new DDLWork(getInputs(), getOutputs(), desc), conf)); } @@ -1083,6 +1088,7 @@ public class DDLSemanticAnalyzer extends BaseSemanticAnalyzer { trigger.setActionExpression(actionExpression); CreateWMTriggerDesc desc = new CreateWMTriggerDesc(trigger); + addServiceOutput(); rootTasks.add(TaskFactory.get(new DDLWork(getInputs(), getOutputs(), desc), conf)); } @@ -1138,6 +1144,7 @@ public class DDLSemanticAnalyzer extends BaseSemanticAnalyzer { trigger.setActionExpression(actionExpression); AlterWMTriggerDesc desc = new AlterWMTriggerDesc(trigger); + addServiceOutput(); rootTasks.add(TaskFactory.get(new DDLWork(getInputs(), getOutputs(), desc), conf)); } @@ -1149,6 +1156,7 @@ public class DDLSemanticAnalyzer extends BaseSemanticAnalyzer { String triggerName = unescapeIdentifier(ast.getChild(1).getText()); DropWMTriggerDesc desc = new DropWMTriggerDesc(rpName, triggerName); + addServiceOutput(); rootTasks.add(TaskFactory.get( new DDLWork(getInputs(), getOutputs(), desc), conf)); } @@ -1189,6 +1197,7 @@ public class DDLSemanticAnalyzer extends BaseSemanticAnalyzer { throw new SemanticException("alloc_fraction should be specified for a pool"); } CreateOrAlterWMPoolDesc desc = new CreateOrAlterWMPoolDesc(pool, poolPath, false); + addServiceOutput(); rootTasks.add(TaskFactory.get( new DDLWork(getInputs(), getOutputs(), desc), conf)); } @@ -1209,16 +1218,16 @@ public class DDLSemanticAnalyzer extends BaseSemanticAnalyzer { } WMNullablePool poolChanges = null; + boolean hasTrigger = false; for (int i = 2; i < ast.getChildCount(); ++i) { Tree child = ast.getChild(i); - LOG.error("TODO# got2 " + child.toStringTree()); - if (child.getChildCount() != 1) { throw new SemanticException("Invalid syntax in alter pool expected parameter."); } Tree param = child.getChild(0); if (child.getType() == HiveParser.TOK_ADD_TRIGGER || child.getType() == HiveParser.TOK_DROP_TRIGGER) { + hasTrigger = true; boolean drop = child.getType() == HiveParser.TOK_DROP_TRIGGER; String triggerName = unescapeIdentifier(param.getText()); rootTasks.add(TaskFactory.get(new DDLWork(getInputs(), getOutputs(), @@ -1252,6 +1261,9 @@ public class DDLSemanticAnalyzer extends BaseSemanticAnalyzer { } } + if (poolChanges != null || hasTrigger) { + addServiceOutput(); + } if (poolChanges != null) { rootTasks.add(TaskFactory.get(new DDLWork(getInputs(), getOutputs(), new CreateOrAlterWMPoolDesc(poolChanges, poolPath, true)), conf)); @@ -1266,6 +1278,7 @@ public class DDLSemanticAnalyzer extends BaseSemanticAnalyzer { String poolPath = poolPath(ast.getChild(1)); DropWMPoolDesc desc = new DropWMPoolDesc(rpName, poolPath); + addServiceOutput(); rootTasks.add(TaskFactory.get( new DDLWork(getInputs(), getOutputs(), desc), conf)); } @@ -1287,6 +1300,7 @@ public class DDLSemanticAnalyzer extends BaseSemanticAnalyzer { } CreateOrAlterWMMappingDesc desc = new CreateOrAlterWMMappingDesc(mapping, update); + addServiceOutput(); rootTasks.add(TaskFactory.get(new DDLWork(getInputs(), getOutputs(), desc), conf)); } @@ -1299,6 +1313,7 @@ public class DDLSemanticAnalyzer extends BaseSemanticAnalyzer { String entityName = PlanUtils.stripQuotes(ast.getChild(2).getText()); DropWMMappingDesc desc = new DropWMMappingDesc(new WMMapping(rpName, entityType, entityName)); + addServiceOutput(); rootTasks.add(TaskFactory.get(new DDLWork(getInputs(), getOutputs(), desc), conf)); } @@ -3139,12 +3154,16 @@ public class DDLSemanticAnalyzer extends BaseSemanticAnalyzer { for (int i = 0; i < numChildren; i++) { queryIds.add(stripQuotes(ast.getChild(i).getText())); } + addServiceOutput(); KillQueryDesc desc = new KillQueryDesc(queryIds); + rootTasks.add(TaskFactory.get(new DDLWork(getInputs(), getOutputs(), desc), conf)); + } + + private void addServiceOutput() throws SemanticException { String hs2Hostname = getHS2Host(); if (hs2Hostname != null) { outputs.add(new WriteEntity(hs2Hostname, Type.SERVICE_NAME)); } - rootTasks.add(TaskFactory.get(new DDLWork(getInputs(), getOutputs(), desc), conf)); } private String getHS2Host() throws SemanticException { http://git-wip-us.apache.org/repos/asf/hive/blob/26be99d5/ql/src/test/queries/clientpositive/authorization_wm.q ---------------------------------------------------------------------- diff --git a/ql/src/test/queries/clientpositive/authorization_wm.q b/ql/src/test/queries/clientpositive/authorization_wm.q new file mode 100644 index 0000000..0a2b504 --- /dev/null +++ b/ql/src/test/queries/clientpositive/authorization_wm.q @@ -0,0 +1,78 @@ +set hive.cli.errors.ignore=true; +set hive.security.authorization.enabled=true; +set hive.test.authz.sstd.hs2.mode=true; +set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest; +set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; + + +set user.name=ruser1; +explain authorization create resource plan rp; +create resource plan rp; + +set user.name=hive_admin_user; +set role ADMIN; +explain authorization create resource plan rp; +create resource plan rp; + +set user.name=ruser1; +explain authorization show resource plans; +explain authorization show resource plan rp; +explain authorization alter resource plan rp set query_parallelism = 5; +explain authorization drop resource plan rp; +explain authorization create pool rp.pool0 WITH ALLOC_FRACTION=1.0, QUERY_PARALLELISM=5, SCHEDULING_POLICY='default'; +explain authorization create trigger rp.trigger0 WHEN BYTES_READ > 10GB DO KILL; +explain authorization create user mapping 'joe' IN rp UNMANAGED; +show resource plans; +show resource plan rp; +alter resource plan rp set query_parallelism = 5; +drop resource plan rp; +create pool rp.pool0 WITH ALLOC_FRACTION=1.0, QUERY_PARALLELISM=5, SCHEDULING_POLICY='default'; +create trigger rp.trigger0 WHEN BYTES_READ > 10GB DO KILL; +create user mapping 'joe' IN rp UNMANAGED; + +set user.name=hive_admin_user; +set role ADMIN; +explain authorization show resource plans; +explain authorization show resource plan rp; +explain authorization alter resource plan rp set query_parallelism = 5; +explain authorization drop resource plan rp; +explain authorization create pool rp.pool0 WITH ALLOC_FRACTION=1.0, QUERY_PARALLELISM=5, SCHEDULING_POLICY='default'; +explain authorization create trigger rp.trigger0 WHEN BYTES_READ > 10GB DO KILL; +explain authorization create user mapping 'joe' IN rp UNMANAGED; +show resource plans; +show resource plan rp; +alter resource plan rp set query_parallelism = 5; +drop resource plan rp; +create resource plan rp; +create pool rp.pool0 WITH ALLOC_FRACTION=1.0, QUERY_PARALLELISM=5, SCHEDULING_POLICY='default'; +create trigger rp.trigger0 WHEN BYTES_READ > 10GB DO KILL; +create user mapping 'joe' IN rp UNMANAGED; + +set user.name=ruser1; +explain authorization alter pool rp.pool0 SET QUERY_PARALLELISM=4; +explain authorization alter trigger rp.trigger0 WHEN BYTES_READ > 15GB DO KILL; +explain authorization alter user mapping 'joe' IN rp TO pool0; +explain authorization drop user mapping 'joe' IN rp; +explain authorization drop pool rp.pool0; +explain authorization drop trigger rp.trigger0; +alter pool rp.pool0 SET QUERY_PARALLELISM=4; +alter trigger rp.trigger0 WHEN BYTES_READ > 15GB DO KILL; +alter user mapping 'joe' IN rp TO pool0; +drop user mapping 'joe' IN rp; +drop pool rp.pool0; +drop trigger rp.trigger0; + +set user.name=hive_admin_user; +set role ADMIN; +explain authorization alter pool rp.pool0 SET QUERY_PARALLELISM=4; +explain authorization alter trigger rp.trigger0 WHEN BYTES_READ > 15GB DO KILL; +explain authorization alter user mapping 'joe' IN rp TO pool0; +explain authorization drop user mapping 'joe' IN rp; +explain authorization drop pool rp.pool0; +explain authorization drop trigger rp.trigger0; +alter pool rp.pool0 SET QUERY_PARALLELISM=4; +alter trigger rp.trigger0 WHEN BYTES_READ > 15GB DO KILL; +alter user mapping 'joe' IN rp TO pool0; +drop user mapping 'joe' IN rp; +drop pool rp.pool0; +drop trigger rp.trigger0; \ No newline at end of file http://git-wip-us.apache.org/repos/asf/hive/blob/26be99d5/ql/src/test/results/clientpositive/authorization_wm.q.out ---------------------------------------------------------------------- diff --git a/ql/src/test/results/clientpositive/authorization_wm.q.out b/ql/src/test/results/clientpositive/authorization_wm.q.out new file mode 100644 index 0000000..8a2a6d6 --- /dev/null +++ b/ql/src/test/results/clientpositive/authorization_wm.q.out @@ -0,0 +1,441 @@ +PREHOOK: query: explain authorization create resource plan rp +PREHOOK: type: CREATE RESOURCEPLAN +POSTHOOK: query: explain authorization create resource plan rp +POSTHOOK: type: CREATE RESOURCEPLAN +INPUTS: +OUTPUTS: + dummyHostnameForTest +CURRENT_USER: + ruser1 +OPERATION: + CREATE_RESOURCEPLAN +AUTHORIZATION_FAILURES: + Permission denied: Principal [name=ruser1, type=USER] does not have following privileges for operation CREATE_RESOURCEPLAN [ADMIN PRIVILEGE on INPUT, ADMIN PRIVILEGE on OUTPUT] +FAILED: HiveAccessControlException Permission denied: Principal [name=ruser1, type=USER] does not have following privileges for operation CREATE_RESOURCEPLAN [ADMIN PRIVILEGE on INPUT, ADMIN PRIVILEGE on OUTPUT] +PREHOOK: query: set role ADMIN +PREHOOK: type: SHOW_ROLES +POSTHOOK: query: set role ADMIN +POSTHOOK: type: SHOW_ROLES +PREHOOK: query: explain authorization create resource plan rp +PREHOOK: type: CREATE RESOURCEPLAN +POSTHOOK: query: explain authorization create resource plan rp +POSTHOOK: type: CREATE RESOURCEPLAN +INPUTS: +OUTPUTS: + dummyHostnameForTest +CURRENT_USER: + hive_admin_user +OPERATION: + CREATE_RESOURCEPLAN +PREHOOK: query: create resource plan rp +PREHOOK: type: CREATE RESOURCEPLAN +PREHOOK: Output: dummyHostnameForTest +POSTHOOK: query: create resource plan rp +POSTHOOK: type: CREATE RESOURCEPLAN +PREHOOK: query: explain authorization show resource plans +PREHOOK: type: SHOW RESOURCEPLAN +POSTHOOK: query: explain authorization show resource plans +POSTHOOK: type: SHOW RESOURCEPLAN +INPUTS: +OUTPUTS: + dummyHostnameForTest +CURRENT_USER: + ruser1 +OPERATION: + SHOW_RESOURCEPLAN +AUTHORIZATION_FAILURES: + Permission denied: Principal [name=ruser1, type=USER] does not have following privileges for operation SHOW_RESOURCEPLAN [ADMIN PRIVILEGE on INPUT, ADMIN PRIVILEGE on OUTPUT] +PREHOOK: query: explain authorization show resource plan rp +PREHOOK: type: SHOW RESOURCEPLAN +POSTHOOK: query: explain authorization show resource plan rp +POSTHOOK: type: SHOW RESOURCEPLAN +INPUTS: +OUTPUTS: + dummyHostnameForTest +CURRENT_USER: + ruser1 +OPERATION: + SHOW_RESOURCEPLAN +AUTHORIZATION_FAILURES: + Permission denied: Principal [name=ruser1, type=USER] does not have following privileges for operation SHOW_RESOURCEPLAN [ADMIN PRIVILEGE on INPUT, ADMIN PRIVILEGE on OUTPUT] +PREHOOK: query: explain authorization alter resource plan rp set query_parallelism = 5 +PREHOOK: type: ALTER RESOURCEPLAN +POSTHOOK: query: explain authorization alter resource plan rp set query_parallelism = 5 +POSTHOOK: type: ALTER RESOURCEPLAN +INPUTS: +OUTPUTS: + dummyHostnameForTest +CURRENT_USER: + ruser1 +OPERATION: + ALTER_RESOURCEPLAN +AUTHORIZATION_FAILURES: + Permission denied: Principal [name=ruser1, type=USER] does not have following privileges for operation ALTER_RESOURCEPLAN [ADMIN PRIVILEGE on INPUT, ADMIN PRIVILEGE on OUTPUT] +PREHOOK: query: explain authorization drop resource plan rp +PREHOOK: type: DROP RESOURCEPLAN +POSTHOOK: query: explain authorization drop resource plan rp +POSTHOOK: type: DROP RESOURCEPLAN +INPUTS: +OUTPUTS: + dummyHostnameForTest +CURRENT_USER: + ruser1 +OPERATION: + DROP_RESOURCEPLAN +AUTHORIZATION_FAILURES: + Permission denied: Principal [name=ruser1, type=USER] does not have following privileges for operation DROP_RESOURCEPLAN [ADMIN PRIVILEGE on INPUT, ADMIN PRIVILEGE on OUTPUT] +PREHOOK: query: explain authorization create pool rp.pool0 WITH ALLOC_FRACTION=1.0, QUERY_PARALLELISM=5, SCHEDULING_POLICY='default' +PREHOOK: type: CREATE POOL +POSTHOOK: query: explain authorization create pool rp.pool0 WITH ALLOC_FRACTION=1.0, QUERY_PARALLELISM=5, SCHEDULING_POLICY='default' +POSTHOOK: type: CREATE POOL +INPUTS: +OUTPUTS: + dummyHostnameForTest +CURRENT_USER: + ruser1 +OPERATION: + CREATE_POOL +AUTHORIZATION_FAILURES: + Permission denied: Principal [name=ruser1, type=USER] does not have following privileges for operation CREATE_POOL [ADMIN PRIVILEGE on INPUT, ADMIN PRIVILEGE on OUTPUT] +PREHOOK: query: explain authorization create trigger rp.trigger0 WHEN BYTES_READ > 10GB DO KILL +PREHOOK: type: CREATE TRIGGER +POSTHOOK: query: explain authorization create trigger rp.trigger0 WHEN BYTES_READ > 10GB DO KILL +POSTHOOK: type: CREATE TRIGGER +INPUTS: +OUTPUTS: + dummyHostnameForTest +CURRENT_USER: + ruser1 +OPERATION: + CREATE_TRIGGER +AUTHORIZATION_FAILURES: + Permission denied: Principal [name=ruser1, type=USER] does not have following privileges for operation CREATE_TRIGGER [ADMIN PRIVILEGE on INPUT, ADMIN PRIVILEGE on OUTPUT] +PREHOOK: query: explain authorization create user mapping 'joe' IN rp UNMANAGED +PREHOOK: type: CREATE MAPPING +POSTHOOK: query: explain authorization create user mapping 'joe' IN rp UNMANAGED +POSTHOOK: type: CREATE MAPPING +INPUTS: +OUTPUTS: + dummyHostnameForTest +CURRENT_USER: + ruser1 +OPERATION: + CREATE_MAPPING +AUTHORIZATION_FAILURES: + Permission denied: Principal [name=ruser1, type=USER] does not have following privileges for operation CREATE_MAPPING [ADMIN PRIVILEGE on INPUT, ADMIN PRIVILEGE on OUTPUT] +FAILED: HiveAccessControlException Permission denied: Principal [name=ruser1, type=USER] does not have following privileges for operation SHOW_RESOURCEPLAN [ADMIN PRIVILEGE on INPUT, ADMIN PRIVILEGE on OUTPUT] +FAILED: HiveAccessControlException Permission denied: Principal [name=ruser1, type=USER] does not have following privileges for operation SHOW_RESOURCEPLAN [ADMIN PRIVILEGE on INPUT, ADMIN PRIVILEGE on OUTPUT] +FAILED: HiveAccessControlException Permission denied: Principal [name=ruser1, type=USER] does not have following privileges for operation ALTER_RESOURCEPLAN [ADMIN PRIVILEGE on INPUT, ADMIN PRIVILEGE on OUTPUT] +FAILED: HiveAccessControlException Permission denied: Principal [name=ruser1, type=USER] does not have following privileges for operation DROP_RESOURCEPLAN [ADMIN PRIVILEGE on INPUT, ADMIN PRIVILEGE on OUTPUT] +FAILED: HiveAccessControlException Permission denied: Principal [name=ruser1, type=USER] does not have following privileges for operation CREATE_POOL [ADMIN PRIVILEGE on INPUT, ADMIN PRIVILEGE on OUTPUT] +FAILED: HiveAccessControlException Permission denied: Principal [name=ruser1, type=USER] does not have following privileges for operation CREATE_TRIGGER [ADMIN PRIVILEGE on INPUT, ADMIN PRIVILEGE on OUTPUT] +FAILED: HiveAccessControlException Permission denied: Principal [name=ruser1, type=USER] does not have following privileges for operation CREATE_MAPPING [ADMIN PRIVILEGE on INPUT, ADMIN PRIVILEGE on OUTPUT] +PREHOOK: query: set role ADMIN +PREHOOK: type: SHOW_ROLES +POSTHOOK: query: set role ADMIN +POSTHOOK: type: SHOW_ROLES +PREHOOK: query: explain authorization show resource plans +PREHOOK: type: SHOW RESOURCEPLAN +POSTHOOK: query: explain authorization show resource plans +POSTHOOK: type: SHOW RESOURCEPLAN +INPUTS: +OUTPUTS: + dummyHostnameForTest +CURRENT_USER: + hive_admin_user +OPERATION: + SHOW_RESOURCEPLAN +PREHOOK: query: explain authorization show resource plan rp +PREHOOK: type: SHOW RESOURCEPLAN +POSTHOOK: query: explain authorization show resource plan rp +POSTHOOK: type: SHOW RESOURCEPLAN +INPUTS: +OUTPUTS: + dummyHostnameForTest +CURRENT_USER: + hive_admin_user +OPERATION: + SHOW_RESOURCEPLAN +PREHOOK: query: explain authorization alter resource plan rp set query_parallelism = 5 +PREHOOK: type: ALTER RESOURCEPLAN +POSTHOOK: query: explain authorization alter resource plan rp set query_parallelism = 5 +POSTHOOK: type: ALTER RESOURCEPLAN +INPUTS: +OUTPUTS: + dummyHostnameForTest +CURRENT_USER: + hive_admin_user +OPERATION: + ALTER_RESOURCEPLAN +PREHOOK: query: explain authorization drop resource plan rp +PREHOOK: type: DROP RESOURCEPLAN +POSTHOOK: query: explain authorization drop resource plan rp +POSTHOOK: type: DROP RESOURCEPLAN +INPUTS: +OUTPUTS: + dummyHostnameForTest +CURRENT_USER: + hive_admin_user +OPERATION: + DROP_RESOURCEPLAN +PREHOOK: query: explain authorization create pool rp.pool0 WITH ALLOC_FRACTION=1.0, QUERY_PARALLELISM=5, SCHEDULING_POLICY='default' +PREHOOK: type: CREATE POOL +POSTHOOK: query: explain authorization create pool rp.pool0 WITH ALLOC_FRACTION=1.0, QUERY_PARALLELISM=5, SCHEDULING_POLICY='default' +POSTHOOK: type: CREATE POOL +INPUTS: +OUTPUTS: + dummyHostnameForTest +CURRENT_USER: + hive_admin_user +OPERATION: + CREATE_POOL +PREHOOK: query: explain authorization create trigger rp.trigger0 WHEN BYTES_READ > 10GB DO KILL +PREHOOK: type: CREATE TRIGGER +POSTHOOK: query: explain authorization create trigger rp.trigger0 WHEN BYTES_READ > 10GB DO KILL +POSTHOOK: type: CREATE TRIGGER +INPUTS: +OUTPUTS: + dummyHostnameForTest +CURRENT_USER: + hive_admin_user +OPERATION: + CREATE_TRIGGER +PREHOOK: query: explain authorization create user mapping 'joe' IN rp UNMANAGED +PREHOOK: type: CREATE MAPPING +POSTHOOK: query: explain authorization create user mapping 'joe' IN rp UNMANAGED +POSTHOOK: type: CREATE MAPPING +INPUTS: +OUTPUTS: + dummyHostnameForTest +CURRENT_USER: + hive_admin_user +OPERATION: + CREATE_MAPPING +PREHOOK: query: show resource plans +PREHOOK: type: SHOW RESOURCEPLAN +PREHOOK: Output: dummyHostnameForTest +POSTHOOK: query: show resource plans +POSTHOOK: type: SHOW RESOURCEPLAN +rp DISABLED +PREHOOK: query: show resource plan rp +PREHOOK: type: SHOW RESOURCEPLAN +PREHOOK: Output: dummyHostnameForTest +POSTHOOK: query: show resource plan rp +POSTHOOK: type: SHOW RESOURCEPLAN +rp[status=DISABLED,parallelism=null,defaultPool=default] + + default[allocFraction=1.0,schedulingPolicy=null,parallelism=4] + | mapped for default +PREHOOK: query: alter resource plan rp set query_parallelism = 5 +PREHOOK: type: ALTER RESOURCEPLAN +PREHOOK: Output: dummyHostnameForTest +POSTHOOK: query: alter resource plan rp set query_parallelism = 5 +POSTHOOK: type: ALTER RESOURCEPLAN +PREHOOK: query: drop resource plan rp +PREHOOK: type: DROP RESOURCEPLAN +PREHOOK: Output: dummyHostnameForTest +POSTHOOK: query: drop resource plan rp +POSTHOOK: type: DROP RESOURCEPLAN +PREHOOK: query: create resource plan rp +PREHOOK: type: CREATE RESOURCEPLAN +PREHOOK: Output: dummyHostnameForTest +POSTHOOK: query: create resource plan rp +POSTHOOK: type: CREATE RESOURCEPLAN +PREHOOK: query: create pool rp.pool0 WITH ALLOC_FRACTION=1.0, QUERY_PARALLELISM=5, SCHEDULING_POLICY='default' +PREHOOK: type: CREATE POOL +PREHOOK: Output: dummyHostnameForTest +POSTHOOK: query: create pool rp.pool0 WITH ALLOC_FRACTION=1.0, QUERY_PARALLELISM=5, SCHEDULING_POLICY='default' +POSTHOOK: type: CREATE POOL +PREHOOK: query: create trigger rp.trigger0 WHEN BYTES_READ > 10GB DO KILL +PREHOOK: type: CREATE TRIGGER +PREHOOK: Output: dummyHostnameForTest +POSTHOOK: query: create trigger rp.trigger0 WHEN BYTES_READ > 10GB DO KILL +POSTHOOK: type: CREATE TRIGGER +PREHOOK: query: create user mapping 'joe' IN rp UNMANAGED +PREHOOK: type: CREATE MAPPING +PREHOOK: Output: dummyHostnameForTest +POSTHOOK: query: create user mapping 'joe' IN rp UNMANAGED +POSTHOOK: type: CREATE MAPPING +PREHOOK: query: explain authorization alter pool rp.pool0 SET QUERY_PARALLELISM=4 +PREHOOK: type: ALTER POOL +POSTHOOK: query: explain authorization alter pool rp.pool0 SET QUERY_PARALLELISM=4 +POSTHOOK: type: ALTER POOL +INPUTS: +OUTPUTS: + dummyHostnameForTest +CURRENT_USER: + ruser1 +OPERATION: + ALTER_POOL +AUTHORIZATION_FAILURES: + Permission denied: Principal [name=ruser1, type=USER] does not have following privileges for operation ALTER_POOL [ADMIN PRIVILEGE on INPUT, ADMIN PRIVILEGE on OUTPUT] +PREHOOK: query: explain authorization alter trigger rp.trigger0 WHEN BYTES_READ > 15GB DO KILL +PREHOOK: type: ALTER TRIGGER +POSTHOOK: query: explain authorization alter trigger rp.trigger0 WHEN BYTES_READ > 15GB DO KILL +POSTHOOK: type: ALTER TRIGGER +INPUTS: +OUTPUTS: + dummyHostnameForTest +CURRENT_USER: + ruser1 +OPERATION: + ALTER_TRIGGER +AUTHORIZATION_FAILURES: + Permission denied: Principal [name=ruser1, type=USER] does not have following privileges for operation ALTER_TRIGGER [ADMIN PRIVILEGE on INPUT, ADMIN PRIVILEGE on OUTPUT] +PREHOOK: query: explain authorization alter user mapping 'joe' IN rp TO pool0 +PREHOOK: type: ALTER MAPPING +POSTHOOK: query: explain authorization alter user mapping 'joe' IN rp TO pool0 +POSTHOOK: type: ALTER MAPPING +INPUTS: +OUTPUTS: + dummyHostnameForTest +CURRENT_USER: + ruser1 +OPERATION: + ALTER_MAPPING +AUTHORIZATION_FAILURES: + Permission denied: Principal [name=ruser1, type=USER] does not have following privileges for operation ALTER_MAPPING [ADMIN PRIVILEGE on INPUT, ADMIN PRIVILEGE on OUTPUT] +PREHOOK: query: explain authorization drop user mapping 'joe' IN rp +PREHOOK: type: DROP MAPPING +POSTHOOK: query: explain authorization drop user mapping 'joe' IN rp +POSTHOOK: type: DROP MAPPING +INPUTS: +OUTPUTS: + dummyHostnameForTest +CURRENT_USER: + ruser1 +OPERATION: + DROP_MAPPING +AUTHORIZATION_FAILURES: + Permission denied: Principal [name=ruser1, type=USER] does not have following privileges for operation DROP_MAPPING [ADMIN PRIVILEGE on INPUT, ADMIN PRIVILEGE on OUTPUT] +PREHOOK: query: explain authorization drop pool rp.pool0 +PREHOOK: type: DROP POOL +POSTHOOK: query: explain authorization drop pool rp.pool0 +POSTHOOK: type: DROP POOL +INPUTS: +OUTPUTS: + dummyHostnameForTest +CURRENT_USER: + ruser1 +OPERATION: + DROP_POOL +AUTHORIZATION_FAILURES: + Permission denied: Principal [name=ruser1, type=USER] does not have following privileges for operation DROP_POOL [ADMIN PRIVILEGE on INPUT, ADMIN PRIVILEGE on OUTPUT] +PREHOOK: query: explain authorization drop trigger rp.trigger0 +PREHOOK: type: DROP TRIGGER +POSTHOOK: query: explain authorization drop trigger rp.trigger0 +POSTHOOK: type: DROP TRIGGER +INPUTS: +OUTPUTS: + dummyHostnameForTest +CURRENT_USER: + ruser1 +OPERATION: + DROP_TRIGGER +AUTHORIZATION_FAILURES: + Permission denied: Principal [name=ruser1, type=USER] does not have following privileges for operation DROP_TRIGGER [ADMIN PRIVILEGE on INPUT, ADMIN PRIVILEGE on OUTPUT] +FAILED: HiveAccessControlException Permission denied: Principal [name=ruser1, type=USER] does not have following privileges for operation ALTER_POOL [ADMIN PRIVILEGE on INPUT, ADMIN PRIVILEGE on OUTPUT] +FAILED: HiveAccessControlException Permission denied: Principal [name=ruser1, type=USER] does not have following privileges for operation ALTER_TRIGGER [ADMIN PRIVILEGE on INPUT, ADMIN PRIVILEGE on OUTPUT] +FAILED: HiveAccessControlException Permission denied: Principal [name=ruser1, type=USER] does not have following privileges for operation ALTER_MAPPING [ADMIN PRIVILEGE on INPUT, ADMIN PRIVILEGE on OUTPUT] +FAILED: HiveAccessControlException Permission denied: Principal [name=ruser1, type=USER] does not have following privileges for operation DROP_MAPPING [ADMIN PRIVILEGE on INPUT, ADMIN PRIVILEGE on OUTPUT] +FAILED: HiveAccessControlException Permission denied: Principal [name=ruser1, type=USER] does not have following privileges for operation DROP_POOL [ADMIN PRIVILEGE on INPUT, ADMIN PRIVILEGE on OUTPUT] +FAILED: HiveAccessControlException Permission denied: Principal [name=ruser1, type=USER] does not have following privileges for operation DROP_TRIGGER [ADMIN PRIVILEGE on INPUT, ADMIN PRIVILEGE on OUTPUT] +PREHOOK: query: set role ADMIN +PREHOOK: type: SHOW_ROLES +POSTHOOK: query: set role ADMIN +POSTHOOK: type: SHOW_ROLES +PREHOOK: query: explain authorization alter pool rp.pool0 SET QUERY_PARALLELISM=4 +PREHOOK: type: ALTER POOL +POSTHOOK: query: explain authorization alter pool rp.pool0 SET QUERY_PARALLELISM=4 +POSTHOOK: type: ALTER POOL +INPUTS: +OUTPUTS: + dummyHostnameForTest +CURRENT_USER: + hive_admin_user +OPERATION: + ALTER_POOL +PREHOOK: query: explain authorization alter trigger rp.trigger0 WHEN BYTES_READ > 15GB DO KILL +PREHOOK: type: ALTER TRIGGER +POSTHOOK: query: explain authorization alter trigger rp.trigger0 WHEN BYTES_READ > 15GB DO KILL +POSTHOOK: type: ALTER TRIGGER +INPUTS: +OUTPUTS: + dummyHostnameForTest +CURRENT_USER: + hive_admin_user +OPERATION: + ALTER_TRIGGER +PREHOOK: query: explain authorization alter user mapping 'joe' IN rp TO pool0 +PREHOOK: type: ALTER MAPPING +POSTHOOK: query: explain authorization alter user mapping 'joe' IN rp TO pool0 +POSTHOOK: type: ALTER MAPPING +INPUTS: +OUTPUTS: + dummyHostnameForTest +CURRENT_USER: + hive_admin_user +OPERATION: + ALTER_MAPPING +PREHOOK: query: explain authorization drop user mapping 'joe' IN rp +PREHOOK: type: DROP MAPPING +POSTHOOK: query: explain authorization drop user mapping 'joe' IN rp +POSTHOOK: type: DROP MAPPING +INPUTS: +OUTPUTS: + dummyHostnameForTest +CURRENT_USER: + hive_admin_user +OPERATION: + DROP_MAPPING +PREHOOK: query: explain authorization drop pool rp.pool0 +PREHOOK: type: DROP POOL +POSTHOOK: query: explain authorization drop pool rp.pool0 +POSTHOOK: type: DROP POOL +INPUTS: +OUTPUTS: + dummyHostnameForTest +CURRENT_USER: + hive_admin_user +OPERATION: + DROP_POOL +PREHOOK: query: explain authorization drop trigger rp.trigger0 +PREHOOK: type: DROP TRIGGER +POSTHOOK: query: explain authorization drop trigger rp.trigger0 +POSTHOOK: type: DROP TRIGGER +INPUTS: +OUTPUTS: + dummyHostnameForTest +CURRENT_USER: + hive_admin_user +OPERATION: + DROP_TRIGGER +PREHOOK: query: alter pool rp.pool0 SET QUERY_PARALLELISM=4 +PREHOOK: type: ALTER POOL +PREHOOK: Output: dummyHostnameForTest +POSTHOOK: query: alter pool rp.pool0 SET QUERY_PARALLELISM=4 +POSTHOOK: type: ALTER POOL +PREHOOK: query: alter trigger rp.trigger0 WHEN BYTES_READ > 15GB DO KILL +PREHOOK: type: ALTER TRIGGER +PREHOOK: Output: dummyHostnameForTest +POSTHOOK: query: alter trigger rp.trigger0 WHEN BYTES_READ > 15GB DO KILL +POSTHOOK: type: ALTER TRIGGER +PREHOOK: query: alter user mapping 'joe' IN rp TO pool0 +PREHOOK: type: ALTER MAPPING +PREHOOK: Output: dummyHostnameForTest +POSTHOOK: query: alter user mapping 'joe' IN rp TO pool0 +POSTHOOK: type: ALTER MAPPING +PREHOOK: query: drop user mapping 'joe' IN rp +PREHOOK: type: DROP MAPPING +PREHOOK: Output: dummyHostnameForTest +POSTHOOK: query: drop user mapping 'joe' IN rp +POSTHOOK: type: DROP MAPPING +PREHOOK: query: drop pool rp.pool0 +PREHOOK: type: DROP POOL +PREHOOK: Output: dummyHostnameForTest +POSTHOOK: query: drop pool rp.pool0 +POSTHOOK: type: DROP POOL +PREHOOK: query: drop trigger rp.trigger0 +PREHOOK: type: DROP TRIGGER +PREHOOK: Output: dummyHostnameForTest +POSTHOOK: query: drop trigger rp.trigger0 +POSTHOOK: type: DROP TRIGGER
