+1 -- Lefty
On Tue, Oct 14, 2014 at 4:37 PM, Brett Randall <javabr...@gmail.com> wrote: > +1 > > On 15 October 2014 07:23, Suhas Gogate <vgog...@pivotal.io> wrote: > > Agree w/ Brett.. so may be instead of "object_type", we can use > > "object_specification" (similar to principal specification)? > > > > GRANT > > priv_type [(column_list)] > > [, priv_type [(column_list)]] ... > > [ON object_specification] > > TO principal_specification [, principal_specification] ... > > [WITH GRANT OPTION] > > > > REVOKE [GRANT OPTION FOR] > > priv_type [(column_list)] > > [, priv_type [(column_list)]] ... > > [ON object_specification] > > FROM principal_specification [, principal_specification] ... > > > > REVOKE ALL PRIVILEGES, GRANT OPTION > > FROM user [, user] ... > > > > priv_type: > > ALL | ALTER | UPDATE | CREATE | DROP > > | INDEX | LOCK | SELECT | SHOW_DATABASE > > > > object_specification: > > TABLE tbl_name | > > DATABASE db_name > > > > principal_specification: > > USER user > > | GROUP group > > | ROLE role > > > > > > On Tue, Oct 14, 2014 at 11:06 AM, Lefty Leverenz < > leftylever...@gmail.com> > > wrote: > >> > >> I'll correct it as soon as we reach consensus. (Perhaps Thejas will > chime > >> in.) > >> > >> If you want to do it yourself, you can get wiki edit privilege quite > >> easily. > >> > >> -- Lefty > >> > >> On Tue, Oct 14, 2014 at 7:57 AM, Brett Randall <javabr...@gmail.com> > >> wrote: > >>> > >>> I agree that the use of priv_level is confusing when it is actually > >>> referring to object_name (of type TABLE or DATABASE). I don't mind > >>> the rolling-up of tbl_name or db_name into object_type, although it > >>> then makes object_type: somewhat misleading. "[ON object_type > >>> object_name]" reads well for me. > >>> > >>> Anything to correct the incorrect syntax on the wiki page (it is not > >>> open for edits). > >>> > >>> Thanks > >>> Brett > >>> > >>> On 13 October 2014 18:18, Suhas Gogate <vgog...@pivotal.io> wrote: > >>> > Hmm.. looking at the syntax priv_level does not seem to be a keyword > >>> > but > >>> > rather actual name of a table or database.. so why it appears like a > >>> > keyword > >>> > Also priv_level is confusing and rather clear syntax would should > look > >>> > like > >>> > below... > >>> > > >>> > Again answer to original question from Brett, yes GRANT syntax should > >>> > be > >>> > similar to REVOKE but rather priv_level should be removed from REVOKE > >>> > as > >>> > well.. :) > >>> > > >>> > GRANT > >>> > priv_type [(column_list)] > >>> > [, priv_type [(column_list)]] ... > >>> > [ON object_type] > >>> > TO principal_specification [, principal_specification] ... > >>> > [WITH GRANT OPTION] > >>> > > >>> > REVOKE [GRANT OPTION FOR] > >>> > priv_type [(column_list)] > >>> > [, priv_type [(column_list)]] ... > >>> > [ON object_type] > >>> > FROM principal_specification [, principal_specification] ... > >>> > > >>> > REVOKE ALL PRIVILEGES, GRANT OPTION > >>> > FROM user [, user] ... > >>> > > >>> > priv_type: > >>> > ALL | ALTER | UPDATE | CREATE | DROP > >>> > | INDEX | LOCK | SELECT | SHOW_DATABASE > >>> > > >>> > object_type: > >>> > TABLE tbl_name > >>> > | DATABASE db_name > >>> > > >>> > principal_specification: > >>> > USER user > >>> > | GROUP group > >>> > | ROLE role > >>> > > >>> > > >>> > On Sat, Oct 11, 2014 at 7:55 PM, Lefty Leverenz > >>> > <leftylever...@gmail.com> > >>> > wrote: > >>> >> > >>> >> Good catch, Brett. Can we have confirmation from an expert? > >>> >> > >>> >> Also, is object_type optional? > >>> >> > >>> >> It isn't clear to me why priv_level isn't called object_name. > >>> >> > >>> >> -- Lefty > >>> >> > >>> >> On Thu, Oct 9, 2014 at 8:23 AM, Brett Randall <javabr...@gmail.com> > >>> >> wrote: > >>> >>> > >>> >>> Hi, > >>> >>> > >>> >>> On > >>> >>> > >>> >>> > https://cwiki.apache.org/confluence/display/Hive/Hive+Default+Authorization+-+Legacy+Mode#HiveDefaultAuthorization-LegacyMode-Grant/RevokePrivileges > >>> >>> , GRANT shows as: > >>> >>> > >>> >>> GRANT > >>> >>> priv_type [(column_list)] > >>> >>> [, priv_type [(column_list)]] ... > >>> >>> [ON object_type] > >>> >>> TO principal_specification [, principal_specification] ... > >>> >>> [WITH GRANT OPTION] > >>> >>> > >>> >>> Should that not be [ON object_type priv_level], same as REVOKE, > >>> >>> where: > >>> >>> > >>> >>> object_type: > >>> >>> TABLE > >>> >>> | DATABASE > >>> >>> > >>> >>> priv_level: > >>> >>> db_name > >>> >>> | tbl_name > >>> >>> > >>> >>> Thanks > >>> >>> Brett > >>> >> > >>> >> > >>> > > >> > >> > > >
