Done! Thx. That where Brett's question originated :) On Tue, Oct 14, 2014 at 8:45 PM, Lefty Leverenz <leftylever...@gmail.com> wrote:
> Looks good, except that you forgot to change the GRANT syntax > <https://cwiki.apache.org/confluence/display/Hive/Hive+Default+Authorization+-+Legacy+Mode#HiveDefaultAuthorization-LegacyMode-Grant/RevokePrivileges> > -- it still says object_type. > > -- Lefty > > On Tue, Oct 14, 2014 at 11:41 PM, Suhas Gogate <vgog...@pivotal.io> wrote: > >> Lefty/Brett, I did change the wiki.. check if it looks okay. --Suhas >> >> On Tue, Oct 14, 2014 at 7:34 PM, Lefty Leverenz <leftylever...@gmail.com> >> wrote: >> >>> One question remains: in object_specification, are the keywords TABLE >>> and DATABASE optional? >>> >>> At least for TABLE I've seen queries in the test suite that omitted it, >>> but that was probably for SQL standards based authorization. So I guess we >>> should assume TABLE and DATABASE are required unless someone says otherwise. >>> >>> -- Lefty >>> >>> On Tue, Oct 14, 2014 at 4:48 PM, Lefty Leverenz <leftylever...@gmail.com >>> > wrote: >>> >>>> +1 >>>> >>>> -- Lefty >>>> >>>> On Tue, Oct 14, 2014 at 4:37 PM, Brett Randall <javabr...@gmail.com> >>>> wrote: >>>> >>>>> +1 >>>>> >>>>> On 15 October 2014 07:23, Suhas Gogate <vgog...@pivotal.io> wrote: >>>>> > Agree w/ Brett.. so may be instead of "object_type", we can use >>>>> > "object_specification" (similar to principal specification)? >>>>> > >>>>> > GRANT >>>>> > priv_type [(column_list)] >>>>> > [, priv_type [(column_list)]] ... >>>>> > [ON object_specification] >>>>> > TO principal_specification [, principal_specification] ... >>>>> > [WITH GRANT OPTION] >>>>> > >>>>> > REVOKE [GRANT OPTION FOR] >>>>> > priv_type [(column_list)] >>>>> > [, priv_type [(column_list)]] ... >>>>> > [ON object_specification] >>>>> > FROM principal_specification [, principal_specification] ... >>>>> > >>>>> > REVOKE ALL PRIVILEGES, GRANT OPTION >>>>> > FROM user [, user] ... >>>>> > >>>>> > priv_type: >>>>> > ALL | ALTER | UPDATE | CREATE | DROP >>>>> > | INDEX | LOCK | SELECT | SHOW_DATABASE >>>>> > >>>>> > object_specification: >>>>> > TABLE tbl_name | >>>>> > DATABASE db_name >>>>> > >>>>> > principal_specification: >>>>> > USER user >>>>> > | GROUP group >>>>> > | ROLE role >>>>> > >>>>> > >>>>> > On Tue, Oct 14, 2014 at 11:06 AM, Lefty Leverenz < >>>>> leftylever...@gmail.com> >>>>> > wrote: >>>>> >> >>>>> >> I'll correct it as soon as we reach consensus. (Perhaps Thejas >>>>> will chime >>>>> >> in.) >>>>> >> >>>>> >> If you want to do it yourself, you can get wiki edit privilege quite >>>>> >> easily. >>>>> >> >>>>> >> -- Lefty >>>>> >> >>>>> >> On Tue, Oct 14, 2014 at 7:57 AM, Brett Randall <javabr...@gmail.com >>>>> > >>>>> >> wrote: >>>>> >>> >>>>> >>> I agree that the use of priv_level is confusing when it is actually >>>>> >>> referring to object_name (of type TABLE or DATABASE). I don't mind >>>>> >>> the rolling-up of tbl_name or db_name into object_type, although it >>>>> >>> then makes object_type: somewhat misleading. "[ON object_type >>>>> >>> object_name]" reads well for me. >>>>> >>> >>>>> >>> Anything to correct the incorrect syntax on the wiki page (it is >>>>> not >>>>> >>> open for edits). >>>>> >>> >>>>> >>> Thanks >>>>> >>> Brett >>>>> >>> >>>>> >>> On 13 October 2014 18:18, Suhas Gogate <vgog...@pivotal.io> wrote: >>>>> >>> > Hmm.. looking at the syntax priv_level does not seem to be a >>>>> keyword >>>>> >>> > but >>>>> >>> > rather actual name of a table or database.. so why it appears >>>>> like a >>>>> >>> > keyword >>>>> >>> > Also priv_level is confusing and rather clear syntax would >>>>> should look >>>>> >>> > like >>>>> >>> > below... >>>>> >>> > >>>>> >>> > Again answer to original question from Brett, yes GRANT syntax >>>>> should >>>>> >>> > be >>>>> >>> > similar to REVOKE but rather priv_level should be removed from >>>>> REVOKE >>>>> >>> > as >>>>> >>> > well.. :) >>>>> >>> > >>>>> >>> > GRANT >>>>> >>> > priv_type [(column_list)] >>>>> >>> > [, priv_type [(column_list)]] ... >>>>> >>> > [ON object_type] >>>>> >>> > TO principal_specification [, principal_specification] ... >>>>> >>> > [WITH GRANT OPTION] >>>>> >>> > >>>>> >>> > REVOKE [GRANT OPTION FOR] >>>>> >>> > priv_type [(column_list)] >>>>> >>> > [, priv_type [(column_list)]] ... >>>>> >>> > [ON object_type] >>>>> >>> > FROM principal_specification [, principal_specification] ... >>>>> >>> > >>>>> >>> > REVOKE ALL PRIVILEGES, GRANT OPTION >>>>> >>> > FROM user [, user] ... >>>>> >>> > >>>>> >>> > priv_type: >>>>> >>> > ALL | ALTER | UPDATE | CREATE | DROP >>>>> >>> > | INDEX | LOCK | SELECT | SHOW_DATABASE >>>>> >>> > >>>>> >>> > object_type: >>>>> >>> > TABLE tbl_name >>>>> >>> > | DATABASE db_name >>>>> >>> > >>>>> >>> > principal_specification: >>>>> >>> > USER user >>>>> >>> > | GROUP group >>>>> >>> > | ROLE role >>>>> >>> > >>>>> >>> > >>>>> >>> > On Sat, Oct 11, 2014 at 7:55 PM, Lefty Leverenz >>>>> >>> > <leftylever...@gmail.com> >>>>> >>> > wrote: >>>>> >>> >> >>>>> >>> >> Good catch, Brett. Can we have confirmation from an expert? >>>>> >>> >> >>>>> >>> >> Also, is object_type optional? >>>>> >>> >> >>>>> >>> >> It isn't clear to me why priv_level isn't called object_name. >>>>> >>> >> >>>>> >>> >> -- Lefty >>>>> >>> >> >>>>> >>> >> On Thu, Oct 9, 2014 at 8:23 AM, Brett Randall < >>>>> javabr...@gmail.com> >>>>> >>> >> wrote: >>>>> >>> >>> >>>>> >>> >>> Hi, >>>>> >>> >>> >>>>> >>> >>> On >>>>> >>> >>> >>>>> >>> >>> >>>>> https://cwiki.apache.org/confluence/display/Hive/Hive+Default+Authorization+-+Legacy+Mode#HiveDefaultAuthorization-LegacyMode-Grant/RevokePrivileges >>>>> >>> >>> , GRANT shows as: >>>>> >>> >>> >>>>> >>> >>> GRANT >>>>> >>> >>> priv_type [(column_list)] >>>>> >>> >>> [, priv_type [(column_list)]] ... >>>>> >>> >>> [ON object_type] >>>>> >>> >>> TO principal_specification [, principal_specification] ... >>>>> >>> >>> [WITH GRANT OPTION] >>>>> >>> >>> >>>>> >>> >>> Should that not be [ON object_type priv_level], same as REVOKE, >>>>> >>> >>> where: >>>>> >>> >>> >>>>> >>> >>> object_type: >>>>> >>> >>> TABLE >>>>> >>> >>> | DATABASE >>>>> >>> >>> >>>>> >>> >>> priv_level: >>>>> >>> >>> db_name >>>>> >>> >>> | tbl_name >>>>> >>> >>> >>>>> >>> >>> Thanks >>>>> >>> >>> Brett >>>>> >>> >> >>>>> >>> >> >>>>> >>> > >>>>> >> >>>>> >> >>>>> > >>>>> >>>> >>>> >>> >> >
