zabetak commented on code in PR #4304: URL: https://github.com/apache/hive/pull/4304#discussion_r1267901106
########## ql/src/test/queries/clientpositive/authorization_drop_table.q: ########## @@ -0,0 +1,25 @@ +set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider; +set hive.security.authorization.enabled=false; + +Create database auth_drop_table; + +use auth_drop_table; + +create table drop_table_auth_1 (key int, value string) partitioned by (ds string); + +grant All on table drop_table_auth_1 to user hive_test_user; + +GRANT DROP ON DATABASE auth_drop_table TO USER hive_test_user; + +show grant user hive_test_user on table drop_table_auth_1; + +CREATE TEMPORARY TABLE drop_temp_table LIKE drop_table_auth_1; Review Comment: Better avoid using `LIKE` so that we know exactly what's the state and status of the table. ########## ql/src/test/queries/clientpositive/authorization_drop_table.q: ########## @@ -0,0 +1,25 @@ +set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider; +set hive.security.authorization.enabled=false; + +Create database auth_drop_table; + +use auth_drop_table; + +create table drop_table_auth_1 (key int, value string) partitioned by (ds string); + +grant All on table drop_table_auth_1 to user hive_test_user; + +GRANT DROP ON DATABASE auth_drop_table TO USER hive_test_user; + +show grant user hive_test_user on table drop_table_auth_1; + +CREATE TEMPORARY TABLE drop_temp_table LIKE drop_table_auth_1; + +set hive.security.authorization.enabled=true; + +-- Drop table works fine as user has privs for both DB and table +drop table if exists drop_table_auth_1; + +-- Dropping temporary table does not require authorization Review Comment: According to the comment here the following should work. ``` REVOKE DROP ON DATABASE auth_drop_table TO USER hive_test_user; DROP TABLE IF EXISTS drop_temp_table; ``` Is this the case? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
