okumin commented on PR #5471: URL: https://github.com/apache/hive/pull/5471#issuecomment-2507672201
@shuaiqig I guess we can test it using the integration test like this. Could you add some test cases? I guess we want 4 test cases as it is a security related feature. - Positive test with CBO. If the user has access to the source table, they can read the source table and materialized CTEs - Positive test without CBO - Negative test with CBO. If the user doesn't have access to the source table, they fail to run the query - Negative test without CBO ``` --! qt:dataset:src set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider; create table src_auth_test_cte_materialization as select * from src; set hive.security.authorization.enabled=true; grant select on table src_auth_test_cte_materialization to user hive_test_user; set hive.fetch.task.conversion=none; set hive.optimize.cte.materialize.threshold=1; explain with x as (select count(*) from src_auth_test_cte_materialization) select * from x; with x as (select count(*) from src_auth_test_cte_materialization) select * from x; ``` You can see some guidance here. Feedback is always welcome https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=27362107#HowToContribute-QueryUnitTest -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org For additional commands, e-mail: gitbox-h...@hive.apache.org
