Lefty/Brett, I did change the wiki.. check if it looks okay. --Suhas On Tue, Oct 14, 2014 at 7:34 PM, Lefty Leverenz <leftylever...@gmail.com> wrote:
> One question remains: in object_specification, are the keywords TABLE and > DATABASE optional? > > At least for TABLE I've seen queries in the test suite that omitted it, > but that was probably for SQL standards based authorization. So I guess we > should assume TABLE and DATABASE are required unless someone says otherwise. > > -- Lefty > > On Tue, Oct 14, 2014 at 4:48 PM, Lefty Leverenz <leftylever...@gmail.com> > wrote: > >> +1 >> >> -- Lefty >> >> On Tue, Oct 14, 2014 at 4:37 PM, Brett Randall <javabr...@gmail.com> >> wrote: >> >>> +1 >>> >>> On 15 October 2014 07:23, Suhas Gogate <vgog...@pivotal.io> wrote: >>> > Agree w/ Brett.. so may be instead of "object_type", we can use >>> > "object_specification" (similar to principal specification)? >>> > >>> > GRANT >>> > priv_type [(column_list)] >>> > [, priv_type [(column_list)]] ... >>> > [ON object_specification] >>> > TO principal_specification [, principal_specification] ... >>> > [WITH GRANT OPTION] >>> > >>> > REVOKE [GRANT OPTION FOR] >>> > priv_type [(column_list)] >>> > [, priv_type [(column_list)]] ... >>> > [ON object_specification] >>> > FROM principal_specification [, principal_specification] ... >>> > >>> > REVOKE ALL PRIVILEGES, GRANT OPTION >>> > FROM user [, user] ... >>> > >>> > priv_type: >>> > ALL | ALTER | UPDATE | CREATE | DROP >>> > | INDEX | LOCK | SELECT | SHOW_DATABASE >>> > >>> > object_specification: >>> > TABLE tbl_name | >>> > DATABASE db_name >>> > >>> > principal_specification: >>> > USER user >>> > | GROUP group >>> > | ROLE role >>> > >>> > >>> > On Tue, Oct 14, 2014 at 11:06 AM, Lefty Leverenz < >>> leftylever...@gmail.com> >>> > wrote: >>> >> >>> >> I'll correct it as soon as we reach consensus. (Perhaps Thejas will >>> chime >>> >> in.) >>> >> >>> >> If you want to do it yourself, you can get wiki edit privilege quite >>> >> easily. >>> >> >>> >> -- Lefty >>> >> >>> >> On Tue, Oct 14, 2014 at 7:57 AM, Brett Randall <javabr...@gmail.com> >>> >> wrote: >>> >>> >>> >>> I agree that the use of priv_level is confusing when it is actually >>> >>> referring to object_name (of type TABLE or DATABASE). I don't mind >>> >>> the rolling-up of tbl_name or db_name into object_type, although it >>> >>> then makes object_type: somewhat misleading. "[ON object_type >>> >>> object_name]" reads well for me. >>> >>> >>> >>> Anything to correct the incorrect syntax on the wiki page (it is not >>> >>> open for edits). >>> >>> >>> >>> Thanks >>> >>> Brett >>> >>> >>> >>> On 13 October 2014 18:18, Suhas Gogate <vgog...@pivotal.io> wrote: >>> >>> > Hmm.. looking at the syntax priv_level does not seem to be a >>> keyword >>> >>> > but >>> >>> > rather actual name of a table or database.. so why it appears like >>> a >>> >>> > keyword >>> >>> > Also priv_level is confusing and rather clear syntax would should >>> look >>> >>> > like >>> >>> > below... >>> >>> > >>> >>> > Again answer to original question from Brett, yes GRANT syntax >>> should >>> >>> > be >>> >>> > similar to REVOKE but rather priv_level should be removed from >>> REVOKE >>> >>> > as >>> >>> > well.. :) >>> >>> > >>> >>> > GRANT >>> >>> > priv_type [(column_list)] >>> >>> > [, priv_type [(column_list)]] ... >>> >>> > [ON object_type] >>> >>> > TO principal_specification [, principal_specification] ... >>> >>> > [WITH GRANT OPTION] >>> >>> > >>> >>> > REVOKE [GRANT OPTION FOR] >>> >>> > priv_type [(column_list)] >>> >>> > [, priv_type [(column_list)]] ... >>> >>> > [ON object_type] >>> >>> > FROM principal_specification [, principal_specification] ... >>> >>> > >>> >>> > REVOKE ALL PRIVILEGES, GRANT OPTION >>> >>> > FROM user [, user] ... >>> >>> > >>> >>> > priv_type: >>> >>> > ALL | ALTER | UPDATE | CREATE | DROP >>> >>> > | INDEX | LOCK | SELECT | SHOW_DATABASE >>> >>> > >>> >>> > object_type: >>> >>> > TABLE tbl_name >>> >>> > | DATABASE db_name >>> >>> > >>> >>> > principal_specification: >>> >>> > USER user >>> >>> > | GROUP group >>> >>> > | ROLE role >>> >>> > >>> >>> > >>> >>> > On Sat, Oct 11, 2014 at 7:55 PM, Lefty Leverenz >>> >>> > <leftylever...@gmail.com> >>> >>> > wrote: >>> >>> >> >>> >>> >> Good catch, Brett. Can we have confirmation from an expert? >>> >>> >> >>> >>> >> Also, is object_type optional? >>> >>> >> >>> >>> >> It isn't clear to me why priv_level isn't called object_name. >>> >>> >> >>> >>> >> -- Lefty >>> >>> >> >>> >>> >> On Thu, Oct 9, 2014 at 8:23 AM, Brett Randall < >>> javabr...@gmail.com> >>> >>> >> wrote: >>> >>> >>> >>> >>> >>> Hi, >>> >>> >>> >>> >>> >>> On >>> >>> >>> >>> >>> >>> >>> https://cwiki.apache.org/confluence/display/Hive/Hive+Default+Authorization+-+Legacy+Mode#HiveDefaultAuthorization-LegacyMode-Grant/RevokePrivileges >>> >>> >>> , GRANT shows as: >>> >>> >>> >>> >>> >>> GRANT >>> >>> >>> priv_type [(column_list)] >>> >>> >>> [, priv_type [(column_list)]] ... >>> >>> >>> [ON object_type] >>> >>> >>> TO principal_specification [, principal_specification] ... >>> >>> >>> [WITH GRANT OPTION] >>> >>> >>> >>> >>> >>> Should that not be [ON object_type priv_level], same as REVOKE, >>> >>> >>> where: >>> >>> >>> >>> >>> >>> object_type: >>> >>> >>> TABLE >>> >>> >>> | DATABASE >>> >>> >>> >>> >>> >>> priv_level: >>> >>> >>> db_name >>> >>> >>> | tbl_name >>> >>> >>> >>> >>> >>> Thanks >>> >>> >>> Brett >>> >>> >> >>> >>> >> >>> >>> > >>> >> >>> >> >>> > >>> >> >> >
