rtrivedi12 commented on code in PR #4304: URL: https://github.com/apache/hive/pull/4304#discussion_r1268096834
########## ql/src/test/queries/clientpositive/authorization_drop_table.q: ########## @@ -0,0 +1,25 @@ +set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider; +set hive.security.authorization.enabled=false; + +Create database auth_drop_table; + +use auth_drop_table; + +create table drop_table_auth_1 (key int, value string) partitioned by (ds string); + +grant All on table drop_table_auth_1 to user hive_test_user; + +GRANT DROP ON DATABASE auth_drop_table TO USER hive_test_user; + +show grant user hive_test_user on table drop_table_auth_1; + +CREATE TEMPORARY TABLE drop_temp_table LIKE drop_table_auth_1; + +set hive.security.authorization.enabled=true; + +-- Drop table works fine as user has privs for both DB and table +drop table if exists drop_table_auth_1; + +-- Dropping temporary table does not require authorization Review Comment: I think the comment is misleading. I meant dropping temp does not require table privileges but we still need database privileges. `REVOKE DROP ON DATABASE auth_drop_table TO USER hive_test_user; DROP TABLE IF EXISTS drop_temp_table;` This would fail. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
