You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hive.apache.org by ha...@apache.org on 2014/01/22 19:30:56 UTC
svn commit: r1560464 - in /hive/trunk/ql/src:
java/org/apache/hadoop/hive/ql/parse/HiveParser.g
test/queries/clientpositive/authorization_view.q
test/results/clientpositive/authorization_view.q.out
Author: hashutosh
Date: Wed Jan 22 18:30:56 2014
New Revision: 1560464
URL: http://svn.apache.org/r1560464
Log:
HIVE-6181 : support grant/revoke on views - parser changes (Ashutosh Chauhan via Thejas Nair)
Added:
hive/trunk/ql/src/test/queries/clientpositive/authorization_view.q
hive/trunk/ql/src/test/results/clientpositive/authorization_view.q.out
Modified:
hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/parse/HiveParser.g
Modified: hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/parse/HiveParser.g
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/parse/HiveParser.g?rev=1560464&r1=1560463&r2=1560464&view=diff
==============================================================================
--- hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/parse/HiveParser.g (original)
+++ hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/parse/HiveParser.g Wed Jan 22 18:30:56 2014
@@ -1377,6 +1377,7 @@ privObjectType
@init {msgs.push("privilege object type type");}
@after {msgs.pop();}
: KW_DATABASE -> ^(TOK_DB_TYPE)
+ | KW_VIEW -> ^(TOK_TABLE_TYPE)
| KW_TABLE? -> ^(TOK_TABLE_TYPE)
;
Added: hive/trunk/ql/src/test/queries/clientpositive/authorization_view.q
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/queries/clientpositive/authorization_view.q?rev=1560464&view=auto
==============================================================================
--- hive/trunk/ql/src/test/queries/clientpositive/authorization_view.q (added)
+++ hive/trunk/ql/src/test/queries/clientpositive/authorization_view.q Wed Jan 22 18:30:56 2014
@@ -0,0 +1,77 @@
+-- SORT_BEFORE_DIFF
+
+create view src_autho_test as select * from src;
+
+set hive.security.authorization.enabled=true;
+
+--view grant to user
+
+grant select on view src_autho_test to user hive_test_user;
+
+show grant user hive_test_user on view src_autho_test;
+show grant user hive_test_user on view src_autho_test(key);
+
+revoke select on view src_autho_test from user hive_test_user;
+show grant user hive_test_user on view src_autho_test;
+show grant user hive_test_user on view src_autho_test(key);
+
+--column grant to user
+
+grant select(key) on view src_autho_test to user hive_test_user;
+
+show grant user hive_test_user on view src_autho_test;
+show grant user hive_test_user on view src_autho_test(key);
+
+revoke select(key) on view src_autho_test from user hive_test_user;
+show grant user hive_test_user on view src_autho_test;
+show grant user hive_test_user on view src_autho_test(key);
+
+--view grant to group
+
+grant select on view src_autho_test to group hive_test_group1;
+
+show grant group hive_test_group1 on view src_autho_test;
+show grant group hive_test_group1 on view src_autho_test(key);
+
+revoke select on view src_autho_test from group hive_test_group1;
+show grant group hive_test_group1 on view src_autho_test;
+show grant group hive_test_group1 on view src_autho_test(key);
+
+--column grant to group
+
+grant select(key) on view src_autho_test to group hive_test_group1;
+
+show grant group hive_test_group1 on view src_autho_test;
+show grant group hive_test_group1 on view src_autho_test(key);
+
+revoke select(key) on view src_autho_test from group hive_test_group1;
+show grant group hive_test_group1 on view src_autho_test;
+show grant group hive_test_group1 on view src_autho_test(key);
+
+--role
+create role src_role;
+grant role src_role to user hive_test_user;
+show role grant user hive_test_user;
+
+--column grant to role
+
+grant select(key) on view src_autho_test to role src_role;
+
+show grant role src_role on view src_autho_test;
+show grant role src_role on view src_autho_test(key);
+
+revoke select(key) on view src_autho_test from role src_role;
+
+--view grant to role
+
+grant select on view src_autho_test to role src_role;
+
+show grant role src_role on view src_autho_test;
+show grant role src_role on view src_autho_test(key);
+revoke select on view src_autho_test from role src_role;
+
+-- drop role
+drop role src_role;
+
+set hive.security.authorization.enabled=false;
+drop view src_autho_test;
Added: hive/trunk/ql/src/test/results/clientpositive/authorization_view.q.out
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/results/clientpositive/authorization_view.q.out?rev=1560464&view=auto
==============================================================================
--- hive/trunk/ql/src/test/results/clientpositive/authorization_view.q.out (added)
+++ hive/trunk/ql/src/test/results/clientpositive/authorization_view.q.out Wed Jan 22 18:30:56 2014
@@ -0,0 +1,259 @@
+PREHOOK: query: -- SORT_BEFORE_DIFF
+
+create view src_autho_test as select * from src
+PREHOOK: type: CREATEVIEW
+POSTHOOK: query: -- SORT_BEFORE_DIFF
+
+create view src_autho_test as select * from src
+POSTHOOK: type: CREATEVIEW
+POSTHOOK: Output: default@src_autho_test
+PREHOOK: query: --view grant to user
+
+grant select on view src_autho_test to user hive_test_user
+PREHOOK: type: GRANT_PRIVILEGE
+PREHOOK: Output: default@src_autho_test
+POSTHOOK: query: --view grant to user
+
+grant select on view src_autho_test to user hive_test_user
+POSTHOOK: type: GRANT_PRIVILEGE
+POSTHOOK: Output: default@src_autho_test
+PREHOOK: query: show grant user hive_test_user on view src_autho_test
+PREHOOK: type: SHOW_GRANT
+POSTHOOK: query: show grant user hive_test_user on view src_autho_test
+POSTHOOK: type: SHOW_GRANT
+database default
+table src_autho_test
+principalName hive_test_user
+principalType USER
+privilege Select
+#### A masked pattern was here ####
+grantor hive_test_user
+PREHOOK: query: show grant user hive_test_user on view src_autho_test(key)
+PREHOOK: type: SHOW_GRANT
+POSTHOOK: query: show grant user hive_test_user on view src_autho_test(key)
+POSTHOOK: type: SHOW_GRANT
+PREHOOK: query: revoke select on view src_autho_test from user hive_test_user
+PREHOOK: type: REVOKE_PRIVILEGE
+PREHOOK: Output: default@src_autho_test
+POSTHOOK: query: revoke select on view src_autho_test from user hive_test_user
+POSTHOOK: type: REVOKE_PRIVILEGE
+POSTHOOK: Output: default@src_autho_test
+PREHOOK: query: show grant user hive_test_user on view src_autho_test
+PREHOOK: type: SHOW_GRANT
+POSTHOOK: query: show grant user hive_test_user on view src_autho_test
+POSTHOOK: type: SHOW_GRANT
+PREHOOK: query: show grant user hive_test_user on view src_autho_test(key)
+PREHOOK: type: SHOW_GRANT
+POSTHOOK: query: show grant user hive_test_user on view src_autho_test(key)
+POSTHOOK: type: SHOW_GRANT
+PREHOOK: query: --column grant to user
+
+grant select(key) on view src_autho_test to user hive_test_user
+PREHOOK: type: GRANT_PRIVILEGE
+PREHOOK: Output: default@src_autho_test
+POSTHOOK: query: --column grant to user
+
+grant select(key) on view src_autho_test to user hive_test_user
+POSTHOOK: type: GRANT_PRIVILEGE
+POSTHOOK: Output: default@src_autho_test
+PREHOOK: query: show grant user hive_test_user on view src_autho_test
+PREHOOK: type: SHOW_GRANT
+POSTHOOK: query: show grant user hive_test_user on view src_autho_test
+POSTHOOK: type: SHOW_GRANT
+PREHOOK: query: show grant user hive_test_user on view src_autho_test(key)
+PREHOOK: type: SHOW_GRANT
+POSTHOOK: query: show grant user hive_test_user on view src_autho_test(key)
+POSTHOOK: type: SHOW_GRANT
+database default
+table src_autho_test
+columnName key
+principalName hive_test_user
+principalType USER
+privilege Select
+#### A masked pattern was here ####
+grantor hive_test_user
+PREHOOK: query: revoke select(key) on view src_autho_test from user hive_test_user
+PREHOOK: type: REVOKE_PRIVILEGE
+PREHOOK: Output: default@src_autho_test
+POSTHOOK: query: revoke select(key) on view src_autho_test from user hive_test_user
+POSTHOOK: type: REVOKE_PRIVILEGE
+POSTHOOK: Output: default@src_autho_test
+PREHOOK: query: show grant user hive_test_user on view src_autho_test
+PREHOOK: type: SHOW_GRANT
+POSTHOOK: query: show grant user hive_test_user on view src_autho_test
+POSTHOOK: type: SHOW_GRANT
+PREHOOK: query: show grant user hive_test_user on view src_autho_test(key)
+PREHOOK: type: SHOW_GRANT
+POSTHOOK: query: show grant user hive_test_user on view src_autho_test(key)
+POSTHOOK: type: SHOW_GRANT
+PREHOOK: query: --view grant to group
+
+grant select on view src_autho_test to group hive_test_group1
+PREHOOK: type: GRANT_PRIVILEGE
+PREHOOK: Output: default@src_autho_test
+POSTHOOK: query: --view grant to group
+
+grant select on view src_autho_test to group hive_test_group1
+POSTHOOK: type: GRANT_PRIVILEGE
+POSTHOOK: Output: default@src_autho_test
+PREHOOK: query: show grant group hive_test_group1 on view src_autho_test
+PREHOOK: type: SHOW_GRANT
+POSTHOOK: query: show grant group hive_test_group1 on view src_autho_test
+POSTHOOK: type: SHOW_GRANT
+database default
+table src_autho_test
+principalName hive_test_group1
+principalType GROUP
+privilege Select
+#### A masked pattern was here ####
+grantor hive_test_user
+PREHOOK: query: show grant group hive_test_group1 on view src_autho_test(key)
+PREHOOK: type: SHOW_GRANT
+POSTHOOK: query: show grant group hive_test_group1 on view src_autho_test(key)
+POSTHOOK: type: SHOW_GRANT
+PREHOOK: query: revoke select on view src_autho_test from group hive_test_group1
+PREHOOK: type: REVOKE_PRIVILEGE
+PREHOOK: Output: default@src_autho_test
+POSTHOOK: query: revoke select on view src_autho_test from group hive_test_group1
+POSTHOOK: type: REVOKE_PRIVILEGE
+POSTHOOK: Output: default@src_autho_test
+PREHOOK: query: show grant group hive_test_group1 on view src_autho_test
+PREHOOK: type: SHOW_GRANT
+POSTHOOK: query: show grant group hive_test_group1 on view src_autho_test
+POSTHOOK: type: SHOW_GRANT
+PREHOOK: query: show grant group hive_test_group1 on view src_autho_test(key)
+PREHOOK: type: SHOW_GRANT
+POSTHOOK: query: show grant group hive_test_group1 on view src_autho_test(key)
+POSTHOOK: type: SHOW_GRANT
+PREHOOK: query: --column grant to group
+
+grant select(key) on view src_autho_test to group hive_test_group1
+PREHOOK: type: GRANT_PRIVILEGE
+PREHOOK: Output: default@src_autho_test
+POSTHOOK: query: --column grant to group
+
+grant select(key) on view src_autho_test to group hive_test_group1
+POSTHOOK: type: GRANT_PRIVILEGE
+POSTHOOK: Output: default@src_autho_test
+PREHOOK: query: show grant group hive_test_group1 on view src_autho_test
+PREHOOK: type: SHOW_GRANT
+POSTHOOK: query: show grant group hive_test_group1 on view src_autho_test
+POSTHOOK: type: SHOW_GRANT
+PREHOOK: query: show grant group hive_test_group1 on view src_autho_test(key)
+PREHOOK: type: SHOW_GRANT
+POSTHOOK: query: show grant group hive_test_group1 on view src_autho_test(key)
+POSTHOOK: type: SHOW_GRANT
+database default
+table src_autho_test
+columnName key
+principalName hive_test_group1
+principalType GROUP
+privilege Select
+#### A masked pattern was here ####
+grantor hive_test_user
+PREHOOK: query: revoke select(key) on view src_autho_test from group hive_test_group1
+PREHOOK: type: REVOKE_PRIVILEGE
+PREHOOK: Output: default@src_autho_test
+POSTHOOK: query: revoke select(key) on view src_autho_test from group hive_test_group1
+POSTHOOK: type: REVOKE_PRIVILEGE
+POSTHOOK: Output: default@src_autho_test
+PREHOOK: query: show grant group hive_test_group1 on view src_autho_test
+PREHOOK: type: SHOW_GRANT
+POSTHOOK: query: show grant group hive_test_group1 on view src_autho_test
+POSTHOOK: type: SHOW_GRANT
+PREHOOK: query: show grant group hive_test_group1 on view src_autho_test(key)
+PREHOOK: type: SHOW_GRANT
+POSTHOOK: query: show grant group hive_test_group1 on view src_autho_test(key)
+POSTHOOK: type: SHOW_GRANT
+PREHOOK: query: --role
+create role src_role
+PREHOOK: type: CREATEROLE
+POSTHOOK: query: --role
+create role src_role
+POSTHOOK: type: CREATEROLE
+PREHOOK: query: grant role src_role to user hive_test_user
+PREHOOK: type: GRANT_ROLE
+POSTHOOK: query: grant role src_role to user hive_test_user
+POSTHOOK: type: GRANT_ROLE
+PREHOOK: query: show role grant user hive_test_user
+PREHOOK: type: SHOW_ROLE_GRANT
+POSTHOOK: query: show role grant user hive_test_user
+POSTHOOK: type: SHOW_ROLE_GRANT
+src_role
+PREHOOK: query: --column grant to role
+
+grant select(key) on view src_autho_test to role src_role
+PREHOOK: type: GRANT_PRIVILEGE
+PREHOOK: Output: default@src_autho_test
+POSTHOOK: query: --column grant to role
+
+grant select(key) on view src_autho_test to role src_role
+POSTHOOK: type: GRANT_PRIVILEGE
+POSTHOOK: Output: default@src_autho_test
+PREHOOK: query: show grant role src_role on view src_autho_test
+PREHOOK: type: SHOW_GRANT
+POSTHOOK: query: show grant role src_role on view src_autho_test
+POSTHOOK: type: SHOW_GRANT
+PREHOOK: query: show grant role src_role on view src_autho_test(key)
+PREHOOK: type: SHOW_GRANT
+POSTHOOK: query: show grant role src_role on view src_autho_test(key)
+POSTHOOK: type: SHOW_GRANT
+database default
+table src_autho_test
+columnName key
+principalName src_role
+principalType ROLE
+privilege Select
+#### A masked pattern was here ####
+grantor hive_test_user
+PREHOOK: query: revoke select(key) on view src_autho_test from role src_role
+PREHOOK: type: REVOKE_PRIVILEGE
+PREHOOK: Output: default@src_autho_test
+POSTHOOK: query: revoke select(key) on view src_autho_test from role src_role
+POSTHOOK: type: REVOKE_PRIVILEGE
+POSTHOOK: Output: default@src_autho_test
+PREHOOK: query: --view grant to role
+
+grant select on view src_autho_test to role src_role
+PREHOOK: type: GRANT_PRIVILEGE
+PREHOOK: Output: default@src_autho_test
+POSTHOOK: query: --view grant to role
+
+grant select on view src_autho_test to role src_role
+POSTHOOK: type: GRANT_PRIVILEGE
+POSTHOOK: Output: default@src_autho_test
+PREHOOK: query: show grant role src_role on view src_autho_test
+PREHOOK: type: SHOW_GRANT
+POSTHOOK: query: show grant role src_role on view src_autho_test
+POSTHOOK: type: SHOW_GRANT
+database default
+table src_autho_test
+principalName src_role
+principalType ROLE
+privilege Select
+#### A masked pattern was here ####
+grantor hive_test_user
+PREHOOK: query: show grant role src_role on view src_autho_test(key)
+PREHOOK: type: SHOW_GRANT
+POSTHOOK: query: show grant role src_role on view src_autho_test(key)
+POSTHOOK: type: SHOW_GRANT
+PREHOOK: query: revoke select on view src_autho_test from role src_role
+PREHOOK: type: REVOKE_PRIVILEGE
+PREHOOK: Output: default@src_autho_test
+POSTHOOK: query: revoke select on view src_autho_test from role src_role
+POSTHOOK: type: REVOKE_PRIVILEGE
+POSTHOOK: Output: default@src_autho_test
+PREHOOK: query: -- drop role
+drop role src_role
+PREHOOK: type: DROPROLE
+POSTHOOK: query: -- drop role
+drop role src_role
+POSTHOOK: type: DROPROLE
+PREHOOK: query: drop view src_autho_test
+PREHOOK: type: DROPVIEW
+PREHOOK: Input: default@src_autho_test
+PREHOOK: Output: default@src_autho_test
+POSTHOOK: query: drop view src_autho_test
+POSTHOOK: type: DROPVIEW
+POSTHOOK: Input: default@src_autho_test
+POSTHOOK: Output: default@src_autho_test