----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/25616/#review53316 -----------------------------------------------------------
itests/hive-unit/src/test/java/org/apache/hadoop/hive/ql/security/authorization/plugin/TestHiveAuthorizerCheckInvocation.java <https://reviews.apache.org/r/25616/#comment92956> Wouldn't select permissions for using column j in where clause be needed ? In most databases, you get to know the number of rows getting updated. Using that information, with the query in the test, you could find number of columns where "j = 3". I haven't verified what SQL spec says about this (privileges needed for including columns in where clause in update statement.) Postgres says it is needed : http://www.postgresql.org/docs/9.2/static/sql-update.html "You must have the UPDATE privilege on the table, or at least on the column(s) that are listed to be updated. You must also have the SELECT privilege on any column whose values are read in the expressions or condition." - Thejas Nair On Sept. 14, 2014, 4:30 a.m., Alan Gates wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/25616/ > ----------------------------------------------------------- > > (Updated Sept. 14, 2014, 4:30 a.m.) > > > Review request for hive and Thejas Nair. > > > Bugs: HIVE-7790 > https://issues.apache.org/jira/browse/HIVE-7790 > > > Repository: hive-git > > > Description > ------- > > Adds update and delete as action and adds checks for authorization during > update and delete. Also adds passing of updated columns in case authorizer > wishes to check them. > > > Diffs > ----- > > > itests/hive-unit/src/test/java/org/apache/hadoop/hive/ql/security/authorization/plugin/TestHiveAuthorizerCheckInvocation.java > 53d88b0 > ql/src/java/org/apache/hadoop/hive/ql/Driver.java 298f429 > ql/src/java/org/apache/hadoop/hive/ql/parse/BaseSemanticAnalyzer.java > b2f66e0 > > ql/src/java/org/apache/hadoop/hive/ql/parse/UpdateDeleteSemanticAnalyzer.java > 3aaa09c > > ql/src/java/org/apache/hadoop/hive/ql/security/authorization/AuthorizationUtils.java > 93df9f4 > > ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HivePrivilegeObject.java > 093b4fd > > ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/Operation2Privilege.java > 3236341 > ql/src/test/queries/clientnegative/authorization_delete_nodeletepriv.q > PRE-CREATION > ql/src/test/queries/clientnegative/authorization_update_noupdatepriv.q > PRE-CREATION > ql/src/test/queries/clientpositive/authorization_delete.q PRE-CREATION > ql/src/test/queries/clientpositive/authorization_delete_own_table.q > PRE-CREATION > ql/src/test/queries/clientpositive/authorization_update.q PRE-CREATION > ql/src/test/queries/clientpositive/authorization_update_own_table.q > PRE-CREATION > ql/src/test/results/clientnegative/authorization_delete_nodeletepriv.q.out > PRE-CREATION > ql/src/test/results/clientnegative/authorization_update_noupdatepriv.q.out > PRE-CREATION > ql/src/test/results/clientpositive/authorization_delete.q.out PRE-CREATION > ql/src/test/results/clientpositive/authorization_delete_own_table.q.out > PRE-CREATION > ql/src/test/results/clientpositive/authorization_update.q.out PRE-CREATION > ql/src/test/results/clientpositive/authorization_update_own_table.q.out > PRE-CREATION > > Diff: https://reviews.apache.org/r/25616/diff/ > > > Testing > ------- > > Added tests, both positive and negative, for update and delete, including > ability to update and delete tables created by user. Also added tests for > passing correct update columns. > > > Thanks, > > Alan Gates > >
