You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hive.apache.org by "Thejas M Nair (JIRA)" <ji...@apache.org> on 2013/12/03 05:15:36 UTC
[jira] [Comment Edited] (HIVE-5923) sql std auth - parser changes
[ https://issues.apache.org/jira/browse/HIVE-5923?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13837309#comment-13837309 ]
Thejas M Nair edited comment on HIVE-5923 at 12/3/13 4:15 AM:
--------------------------------------------------------------
new statements in proposal
- SET ROLE
- SHOW CURRENT ROLES
- SHOW ALL ROLES
- DESCRIBE ROLE
Changes in existing statement support -
- Grant privilege and revoke privilege statements need to be changed to remove the requirement (but not the option) for the noise word TABLE. In the SQL specification table is the assumed default for grant and revoke statements. Today Hive’s syntax is GRANT action ON TABLE table TO grantee. It should be GRANT action ON [TABLE] table TO grantee.
- Grant privilege and revoke privilege statements need to be changed to remove the requirement to specify whether the grantee is a user or role. That is, today Hive’s syntax is GRANT action ON [TABLE] table TO grantee where grantee is USER|ROLE identifier. The keywords USER or ROLE do not belong here. It should not be legal to have a role that shares a name with a user. For backward compatibility we will allow these extra keywords but warn that the usage is deprecated.
- Grant role and revoke role statements need to be changed to remove the keyword ROLE. Current Hive syntax is GRANT ROLE rolename TO grantee. It should be GRANT rolename TO grantee. The same applies for revoke role.
- Support for WITH ADMIN OPTION needs to be added to grant role and revoke role statements.
- Support for GRANTED BY needs to be added to all grant and revoke statements.
- Privileges INSERT and DELETE need to be added to the language.
- New statements SHOW ROLE and SHOW ROLE roleid need to be added to the language.
was (Author: thejas):
new statements in proposal
- SET ROLE
- SHOW CURRENT ROLES
- SHOW ALL ROLES
- DESCRIBE ROLE
- Grant privilege and revoke privilege statements need to be changed to remove the requirement (but not the option) for the noise word TABLE. In the SQL specification table is the assumed default for grant and revoke statements. Today Hive’s syntax is GRANT action ON TABLE table TO grantee. It should be GRANT action ON [TABLE] table TO grantee.
- Grant privilege and revoke privilege statements need to be changed to remove the requirement to specify whether the grantee is a user or role. That is, today Hive’s syntax is GRANT action ON [TABLE] table TO grantee where grantee is USER|ROLE identifier. The keywords USER or ROLE do not belong here. It should not be legal to have a role that shares a name with a user. For backward compatibility we will allow these extra keywords but warn that the usage is deprecated.
- Grant role and revoke role statements need to be changed to remove the keyword ROLE. Current Hive syntax is GRANT ROLE rolename TO grantee. It should be GRANT rolename TO grantee. The same applies for revoke role.
- Support for WITH ADMIN OPTION needs to be added to grant role and revoke role statements.
- Support for GRANTED BY needs to be added to all grant and revoke statements.
- Privileges INSERT and DELETE need to be added to the language.
- New statements SHOW ROLE and SHOW ROLE roleid need to be added to the language.
> sql std auth - parser changes
> -----------------------------
>
> Key: HIVE-5923
> URL: https://issues.apache.org/jira/browse/HIVE-5923
> Project: Hive
> Issue Type: Sub-task
> Components: Authorization
> Reporter: Thejas M Nair
>
> There are new access control statements proposed in the functional spec in HIVE-5837 . It also proposes some small changes to the existing query syntax (mostly extensions and some optional keywords).
> The syntax supported should depend on the current authorization mode.
--
This message was sent by Atlassian JIRA
(v6.1#6144)