You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hive.apache.org by ha...@apache.org on 2014/02/14 17:57:55 UTC
svn commit: r1568352 [2/2] - in /hive/trunk/ql/src:
java/org/apache/hadoop/hive/ql/ java/org/apache/hadoop/hive/ql/exec/
java/org/apache/hadoop/hive/ql/hooks/
java/org/apache/hadoop/hive/ql/metadata/
java/org/apache/hadoop/hive/ql/optimizer/ java/org/a...
Added: hive/trunk/ql/src/test/queries/clientnegative/authorization_insert_noselectpriv.q
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/queries/clientnegative/authorization_insert_noselectpriv.q?rev=1568352&view=auto
==============================================================================
--- hive/trunk/ql/src/test/queries/clientnegative/authorization_insert_noselectpriv.q (added)
+++ hive/trunk/ql/src/test/queries/clientnegative/authorization_insert_noselectpriv.q Fri Feb 14 16:57:53 2014
@@ -0,0 +1,11 @@
+set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory;
+set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator;
+set hive.security.authorization.enabled=true;
+
+-- check insert without select priv
+create table t1(i int);
+
+set user.name=user1;
+create table t2(i int);
+insert into table t2 select * from t1;
+
Added: hive/trunk/ql/src/test/queries/clientnegative/authorization_not_owner_alter_tab_rename.q
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/queries/clientnegative/authorization_not_owner_alter_tab_rename.q?rev=1568352&view=auto
==============================================================================
--- hive/trunk/ql/src/test/queries/clientnegative/authorization_not_owner_alter_tab_rename.q (added)
+++ hive/trunk/ql/src/test/queries/clientnegative/authorization_not_owner_alter_tab_rename.q Fri Feb 14 16:57:53 2014
@@ -0,0 +1,10 @@
+set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory;
+set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator;
+set hive.security.authorization.enabled=true;
+set user.name=user1;
+
+-- check if alter table fails as different user
+create table t1(i int);
+
+set user.name=user2;
+alter table t1 rename to tnew1;
Added: hive/trunk/ql/src/test/queries/clientnegative/authorization_not_owner_alter_tab_serdeprop.q
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/queries/clientnegative/authorization_not_owner_alter_tab_serdeprop.q?rev=1568352&view=auto
==============================================================================
--- hive/trunk/ql/src/test/queries/clientnegative/authorization_not_owner_alter_tab_serdeprop.q (added)
+++ hive/trunk/ql/src/test/queries/clientnegative/authorization_not_owner_alter_tab_serdeprop.q Fri Feb 14 16:57:53 2014
@@ -0,0 +1,10 @@
+set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory;
+set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator;
+set hive.security.authorization.enabled=true;
+set user.name=user1;
+
+-- check if alter table fails as different user
+create table t1(i int);
+
+set user.name=user2;
+ALTER TABLE t1 SET SERDEPROPERTIES ('field.delim' = ',');
Added: hive/trunk/ql/src/test/queries/clientnegative/authorization_not_owner_drop_tab.q
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/queries/clientnegative/authorization_not_owner_drop_tab.q?rev=1568352&view=auto
==============================================================================
--- hive/trunk/ql/src/test/queries/clientnegative/authorization_not_owner_drop_tab.q (added)
+++ hive/trunk/ql/src/test/queries/clientnegative/authorization_not_owner_drop_tab.q Fri Feb 14 16:57:53 2014
@@ -0,0 +1,11 @@
+set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory;
+set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator;
+set hive.security.authorization.enabled=true;
+set user.name=user1;
+
+-- check if create table fails as different user
+create table t1(i int);
+
+set user.name=user2;
+drop table t1;
+
Added: hive/trunk/ql/src/test/queries/clientnegative/authorization_not_owner_drop_view.q
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/queries/clientnegative/authorization_not_owner_drop_view.q?rev=1568352&view=auto
==============================================================================
--- hive/trunk/ql/src/test/queries/clientnegative/authorization_not_owner_drop_view.q (added)
+++ hive/trunk/ql/src/test/queries/clientnegative/authorization_not_owner_drop_view.q Fri Feb 14 16:57:53 2014
@@ -0,0 +1,11 @@
+set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory;
+set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator;
+set hive.security.authorization.enabled=true;
+set user.name=user1;
+
+-- check if create table fails as different user
+create table t1(i int);
+create view vt1 as select * from t1;
+
+set user.name=user2;
+drop view vt1;
Added: hive/trunk/ql/src/test/queries/clientnegative/authorization_priv_current_role_neg.q
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/queries/clientnegative/authorization_priv_current_role_neg.q?rev=1568352&view=auto
==============================================================================
--- hive/trunk/ql/src/test/queries/clientnegative/authorization_priv_current_role_neg.q (added)
+++ hive/trunk/ql/src/test/queries/clientnegative/authorization_priv_current_role_neg.q Fri Feb 14 16:57:53 2014
@@ -0,0 +1,29 @@
+set hive.users.in.admin.role=hive_admin_user;
+set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory;
+set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator;
+set user.name=hive_admin_user;
+set role ADMIN;
+
+-- the test verifies that authorization is happening with privileges of the current roles
+
+-- grant privileges with grant option for table to role2
+create role role2;
+grant role role2 to user user2;
+create table tpriv_current_role(i int);
+grant all on table tpriv_current_role to role role2 with grant option;
+
+set user.name=user2;
+-- switch to user2
+
+-- by default all roles should be in current roles, and grant to new user should work
+show current roles;
+grant all on table tpriv_current_role to user user3;
+
+set role role2;
+-- switch to role2, grant should work
+grant all on table tpriv_current_role to user user4;
+show grant user user4 on table tpriv_current_role;
+
+set role PUBLIC;
+-- set role to public, should fail as role2 is not one of the current roles
+grant all on table tpriv_current_role to user user5;
Added: hive/trunk/ql/src/test/queries/clientnegative/authorization_select.q
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/queries/clientnegative/authorization_select.q?rev=1568352&view=auto
==============================================================================
--- hive/trunk/ql/src/test/queries/clientnegative/authorization_select.q (added)
+++ hive/trunk/ql/src/test/queries/clientnegative/authorization_select.q Fri Feb 14 16:57:53 2014
@@ -0,0 +1,9 @@
+set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory;
+set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator;
+set hive.security.authorization.enabled=true;
+
+-- check query without select privilege fails
+create table t1(i int);
+
+set user.name=user1;
+select * from t1;
Added: hive/trunk/ql/src/test/queries/clientnegative/authorization_select_view.q
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/queries/clientnegative/authorization_select_view.q?rev=1568352&view=auto
==============================================================================
--- hive/trunk/ql/src/test/queries/clientnegative/authorization_select_view.q (added)
+++ hive/trunk/ql/src/test/queries/clientnegative/authorization_select_view.q Fri Feb 14 16:57:53 2014
@@ -0,0 +1,11 @@
+set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory;
+set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator;
+set hive.security.authorization.enabled=true;
+
+-- check create view without select privileges
+create table t1(i int);
+create view v1 as select * from t1;
+set user.name=user1;
+select * from v1;
+
+
Added: hive/trunk/ql/src/test/queries/clientnegative/authorization_set_role_neg1.q
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/queries/clientnegative/authorization_set_role_neg1.q?rev=1568352&view=auto
==============================================================================
--- hive/trunk/ql/src/test/queries/clientnegative/authorization_set_role_neg1.q (added)
+++ hive/trunk/ql/src/test/queries/clientnegative/authorization_set_role_neg1.q Fri Feb 14 16:57:53 2014
@@ -0,0 +1,6 @@
+set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory;
+
+-- an error should be thrown if 'set role ' is done for role that does not exist
+
+set role nosuchroleexists;
+
Added: hive/trunk/ql/src/test/queries/clientnegative/authorization_set_role_neg2.q
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/queries/clientnegative/authorization_set_role_neg2.q?rev=1568352&view=auto
==============================================================================
--- hive/trunk/ql/src/test/queries/clientnegative/authorization_set_role_neg2.q (added)
+++ hive/trunk/ql/src/test/queries/clientnegative/authorization_set_role_neg2.q Fri Feb 14 16:57:53 2014
@@ -0,0 +1,16 @@
+set hive.users.in.admin.role=hive_admin_user;
+set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory;
+set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator;
+set user.name=hive_admin_user;
+set role ADMIN;
+
+-- an error should be thrown if 'set role ' is done for role that does not exist
+
+create role rset_role_neg;
+grant role rset_role_neg to user user2;
+
+set user.name=user2;
+set role rset_role_neg;
+set role public;
+set role nosuchroleexists;;
+
Added: hive/trunk/ql/src/test/queries/clientnegative/authorization_truncate.q
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/queries/clientnegative/authorization_truncate.q?rev=1568352&view=auto
==============================================================================
--- hive/trunk/ql/src/test/queries/clientnegative/authorization_truncate.q (added)
+++ hive/trunk/ql/src/test/queries/clientnegative/authorization_truncate.q Fri Feb 14 16:57:53 2014
@@ -0,0 +1,9 @@
+set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory;
+set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator;
+set hive.security.authorization.enabled=true;
+
+-- check add partition without insert privilege
+create table t1(i int, j int);
+set user.name=user1;
+truncate table t1;
+
Added: hive/trunk/ql/src/test/queries/clientpositive/authorization_admin_almighty1.q
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/queries/clientpositive/authorization_admin_almighty1.q?rev=1568352&view=auto
==============================================================================
--- hive/trunk/ql/src/test/queries/clientpositive/authorization_admin_almighty1.q (added)
+++ hive/trunk/ql/src/test/queries/clientpositive/authorization_admin_almighty1.q Fri Feb 14 16:57:53 2014
@@ -0,0 +1,17 @@
+set hive.users.in.admin.role=hive_admin_user;
+set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory;
+set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator;
+set user.name=hive_test_user;
+
+-- actions from admin should work as if admin has all privileges
+
+create table t1(i int);
+set user.name=hive_admin_user;
+
+show current roles;
+set role ADMIN;
+show current roles;
+select * from t1;
+grant all on table t1 to user user1;
+show grant user user1 on table t1;
+drop table t1;
Added: hive/trunk/ql/src/test/queries/clientpositive/authorization_owner_actions.q
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/queries/clientpositive/authorization_owner_actions.q?rev=1568352&view=auto
==============================================================================
--- hive/trunk/ql/src/test/queries/clientpositive/authorization_owner_actions.q (added)
+++ hive/trunk/ql/src/test/queries/clientpositive/authorization_owner_actions.q Fri Feb 14 16:57:53 2014
@@ -0,0 +1,16 @@
+set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory;
+set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator;
+set hive.security.authorization.enabled=true;
+set user.name=user1;
+
+-- actions that require user to be table owner
+create table t1(i int);
+
+ALTER TABLE t1 SET SERDEPROPERTIES ('field.delim' = ',');
+drop table t1;
+
+create table t1(i int);
+create view vt1 as select * from t1;
+
+drop view vt1;
+alter table t1 rename to tnew1;
Modified: hive/trunk/ql/src/test/queries/clientpositive/authorization_revoke_table_priv.q
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/queries/clientpositive/authorization_revoke_table_priv.q?rev=1568352&r1=1568351&r2=1568352&view=diff
==============================================================================
--- hive/trunk/ql/src/test/queries/clientpositive/authorization_revoke_table_priv.q (original)
+++ hive/trunk/ql/src/test/queries/clientpositive/authorization_revoke_table_priv.q Fri Feb 14 16:57:53 2014
@@ -4,7 +4,7 @@ set hive.security.authenticator.manager=
set user.name=user1;
-- current user has been set (comment line before the set cmd is resulting in parse error!!)
-CREATE TABLE table_priv_rev(i int);
+CREATE TABLE table_priv_rev(i int);
-- grant insert privilege to user2
GRANT INSERT ON table_priv_rev TO USER user2;
@@ -48,3 +48,10 @@ SHOW GRANT USER user2 ON TABLE table_pri
REVOKE SELECT ON TABLE table_priv_rev FROM USER user2;
SHOW GRANT USER user2 ON TABLE table_priv_rev;
+
+-- grant all followed by revoke all
+GRANT ALL ON table_priv_rev TO USER user2;
+SHOW GRANT USER user2 ON TABLE table_priv_rev;
+
+REVOKE ALL ON TABLE table_priv_rev FROM USER user2;
+SHOW GRANT USER user2 ON TABLE table_priv_rev;
Added: hive/trunk/ql/src/test/queries/clientpositive/authorization_view_sqlstd.q
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/queries/clientpositive/authorization_view_sqlstd.q?rev=1568352&view=auto
==============================================================================
--- hive/trunk/ql/src/test/queries/clientpositive/authorization_view_sqlstd.q (added)
+++ hive/trunk/ql/src/test/queries/clientpositive/authorization_view_sqlstd.q Fri Feb 14 16:57:53 2014
@@ -0,0 +1,35 @@
+set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory;
+set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator;
+set hive.security.authorization.enabled=true;
+set user.name=user1;
+
+create table t1(i int, j int, k int);
+
+-- protecting certain columns
+create view vt1 as select i,k from t1;
+
+-- protecting certain rows
+create view vt2 as select * from t1 where i > 1;
+
+--view grant to user
+
+grant select on view vt1 to user user2;
+grant insert on view vt1 to user user3;
+
+show grant user user2 on table vt1;
+show grant user user3 on table vt1;
+
+set user.name=user2;
+select * from vt1;
+
+set user.name=user1;
+
+grant all on view vt2 to user user2;
+show grant user user2 on table vt2;
+
+revoke all on view vt2 from user user2;
+show grant user user2 on table vt2;
+
+revoke select on view vt1 from user user2;
+show grant user user2 on table vt1;
+show grant user user3 on table vt1;
Added: hive/trunk/ql/src/test/results/clientnegative/authorization_addpartition.q.out
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/results/clientnegative/authorization_addpartition.q.out?rev=1568352&view=auto
==============================================================================
--- hive/trunk/ql/src/test/results/clientnegative/authorization_addpartition.q.out (added)
+++ hive/trunk/ql/src/test/results/clientnegative/authorization_addpartition.q.out Fri Feb 14 16:57:53 2014
@@ -0,0 +1,8 @@
+PREHOOK: query: -- check add partition without insert privilege
+create table tpart(i int, j int) partitioned by (k string)
+PREHOOK: type: CREATETABLE
+POSTHOOK: query: -- check add partition without insert privilege
+create table tpart(i int, j int) partitioned by (k string)
+POSTHOOK: type: CREATETABLE
+POSTHOOK: Output: default@tpart
+FAILED: HiveAccessControlException Permission denied. Principal [name=user1, type=USER] does not have following privileges on Object [type=TABLE_OR_VIEW, name=default.tpart] : [INSERT]
Modified: hive/trunk/ql/src/test/results/clientnegative/authorization_create_role_no_admin.q.out
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/results/clientnegative/authorization_create_role_no_admin.q.out?rev=1568352&r1=1568351&r2=1568352&view=diff
==============================================================================
--- hive/trunk/ql/src/test/results/clientnegative/authorization_create_role_no_admin.q.out (original)
+++ hive/trunk/ql/src/test/results/clientnegative/authorization_create_role_no_admin.q.out Fri Feb 14 16:57:53 2014
@@ -1,4 +1,4 @@
PREHOOK: query: -- this test will fail because hive_test_user is not in admin role.
create role r1
PREHOOK: type: CREATEROLE
-FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. Current user : hive_test_user is not allowed to add roles. Only users belonging to admin role can add new roles.
+FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. Current user : hive_test_user is not allowed to add roles. User has to belong to ADMIN role and have it as current role, for this action.
Added: hive/trunk/ql/src/test/results/clientnegative/authorization_createview.q.out
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/results/clientnegative/authorization_createview.q.out?rev=1568352&view=auto
==============================================================================
--- hive/trunk/ql/src/test/results/clientnegative/authorization_createview.q.out (added)
+++ hive/trunk/ql/src/test/results/clientnegative/authorization_createview.q.out Fri Feb 14 16:57:53 2014
@@ -0,0 +1,8 @@
+PREHOOK: query: -- check create view without select privileges
+create table t1(i int)
+PREHOOK: type: CREATETABLE
+POSTHOOK: query: -- check create view without select privileges
+create table t1(i int)
+POSTHOOK: type: CREATETABLE
+POSTHOOK: Output: default@t1
+FAILED: HiveAccessControlException Permission denied. Principal [name=user1, type=USER] does not have following privileges on Object [type=TABLE_OR_VIEW, name=default.t1] : [SELECT with grant]
Added: hive/trunk/ql/src/test/results/clientnegative/authorization_ctas.q.out
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/results/clientnegative/authorization_ctas.q.out?rev=1568352&view=auto
==============================================================================
--- hive/trunk/ql/src/test/results/clientnegative/authorization_ctas.q.out (added)
+++ hive/trunk/ql/src/test/results/clientnegative/authorization_ctas.q.out Fri Feb 14 16:57:53 2014
@@ -0,0 +1,8 @@
+PREHOOK: query: -- check query without select privilege fails
+create table t1(i int)
+PREHOOK: type: CREATETABLE
+POSTHOOK: query: -- check query without select privilege fails
+create table t1(i int)
+POSTHOOK: type: CREATETABLE
+POSTHOOK: Output: default@t1
+FAILED: HiveAccessControlException Permission denied. Principal [name=user1, type=USER] does not have following privileges on Object [type=TABLE_OR_VIEW, name=default.t1] : [SELECT]
Modified: hive/trunk/ql/src/test/results/clientnegative/authorization_drop_role_no_admin.q.out
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/results/clientnegative/authorization_drop_role_no_admin.q.out?rev=1568352&r1=1568351&r2=1568352&view=diff
==============================================================================
--- hive/trunk/ql/src/test/results/clientnegative/authorization_drop_role_no_admin.q.out (original)
+++ hive/trunk/ql/src/test/results/clientnegative/authorization_drop_role_no_admin.q.out Fri Feb 14 16:57:53 2014
@@ -24,4 +24,4 @@ PUBLIC
PREHOOK: query: drop role r1
PREHOOK: type: DROPROLE
-FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. Current user : hive_admin_user is not allowed to drop role. Only users belonging to admin role can drop roles.
+FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. Current user : hive_admin_user is not allowed to drop role. User has to belong to ADMIN role and have it as current role, for this action.
Added: hive/trunk/ql/src/test/results/clientnegative/authorization_droppartition.q.out
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/results/clientnegative/authorization_droppartition.q.out?rev=1568352&view=auto
==============================================================================
--- hive/trunk/ql/src/test/results/clientnegative/authorization_droppartition.q.out (added)
+++ hive/trunk/ql/src/test/results/clientnegative/authorization_droppartition.q.out Fri Feb 14 16:57:53 2014
@@ -0,0 +1,15 @@
+PREHOOK: query: -- check drop partition without delete privilege
+create table tpart(i int, j int) partitioned by (k string)
+PREHOOK: type: CREATETABLE
+POSTHOOK: query: -- check drop partition without delete privilege
+create table tpart(i int, j int) partitioned by (k string)
+POSTHOOK: type: CREATETABLE
+POSTHOOK: Output: default@tpart
+#### A masked pattern was here ####
+PREHOOK: type: ALTERTABLE_ADDPARTS
+PREHOOK: Input: default@tpart
+#### A masked pattern was here ####
+POSTHOOK: type: ALTERTABLE_ADDPARTS
+POSTHOOK: Input: default@tpart
+POSTHOOK: Output: default@tpart@k=abc
+FAILED: HiveAccessControlException Permission denied. Principal [name=user1, type=USER] does not have following privileges on Object [type=TABLE_OR_VIEW, name=default.tpart] : [DELETE]
Modified: hive/trunk/ql/src/test/results/clientnegative/authorization_grant_table_allpriv.q.out
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/results/clientnegative/authorization_grant_table_allpriv.q.out?rev=1568352&r1=1568351&r2=1568352&view=diff
==============================================================================
--- hive/trunk/ql/src/test/results/clientnegative/authorization_grant_table_allpriv.q.out (original)
+++ hive/trunk/ql/src/test/results/clientnegative/authorization_grant_table_allpriv.q.out Fri Feb 14 16:57:53 2014
@@ -19,4 +19,4 @@ PREHOOK: query: -- try grant all to user
GRANT ALL ON table_priv_allf TO USER user3
PREHOOK: type: GRANT_PRIVILEGE
PREHOOK: Output: default@table_priv_allf
-FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. Permission denied. Principal [name=user2, type=USER] does not have following privileges on Hive Object [type=TABLE, dbname=default, table/viewname=table_priv_allf] : [SELECT with grant, UPDATE with grant, DELETE with grant]
+FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. Permission denied. Principal [name=user2, type=USER] does not have following privileges on Object [type=TABLE_OR_VIEW, name=default.table_priv_allf] : [SELECT with grant, UPDATE with grant, DELETE with grant]
Modified: hive/trunk/ql/src/test/results/clientnegative/authorization_grant_table_fail1.q.out
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/results/clientnegative/authorization_grant_table_fail1.q.out?rev=1568352&r1=1568351&r2=1568352&view=diff
==============================================================================
--- hive/trunk/ql/src/test/results/clientnegative/authorization_grant_table_fail1.q.out (original)
+++ hive/trunk/ql/src/test/results/clientnegative/authorization_grant_table_fail1.q.out Fri Feb 14 16:57:53 2014
@@ -11,4 +11,4 @@ PREHOOK: query: -- try grant insert to u
GRANT INSERT ON table_priv_gfail1 TO USER user3
PREHOOK: type: GRANT_PRIVILEGE
PREHOOK: Output: default@table_priv_gfail1
-FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. Permission denied. Principal [name=user2, type=USER] does not have following privileges on Hive Object [type=TABLE, dbname=default, table/viewname=table_priv_gfail1] : [INSERT with grant]
+FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. Permission denied. Principal [name=user2, type=USER] does not have following privileges on Object [type=TABLE_OR_VIEW, name=default.table_priv_gfail1] : [INSERT with grant]
Modified: hive/trunk/ql/src/test/results/clientnegative/authorization_grant_table_fail_nogrant.q.out
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/results/clientnegative/authorization_grant_table_fail_nogrant.q.out?rev=1568352&r1=1568351&r2=1568352&view=diff
==============================================================================
--- hive/trunk/ql/src/test/results/clientnegative/authorization_grant_table_fail_nogrant.q.out (original)
+++ hive/trunk/ql/src/test/results/clientnegative/authorization_grant_table_fail_nogrant.q.out Fri Feb 14 16:57:53 2014
@@ -19,4 +19,4 @@ PREHOOK: query: -- try grant insert to u
GRANT INSERT ON table_priv_gfail1 TO USER user3
PREHOOK: type: GRANT_PRIVILEGE
PREHOOK: Output: default@table_priv_gfail1
-FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. Permission denied. Principal [name=user2, type=USER] does not have following privileges on Hive Object [type=TABLE, dbname=default, table/viewname=table_priv_gfail1] : [INSERT with grant]
+FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. Permission denied. Principal [name=user2, type=USER] does not have following privileges on Object [type=TABLE_OR_VIEW, name=default.table_priv_gfail1] : [INSERT with grant]
Added: hive/trunk/ql/src/test/results/clientnegative/authorization_insert_noinspriv.q.out
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/results/clientnegative/authorization_insert_noinspriv.q.out?rev=1568352&view=auto
==============================================================================
--- hive/trunk/ql/src/test/results/clientnegative/authorization_insert_noinspriv.q.out (added)
+++ hive/trunk/ql/src/test/results/clientnegative/authorization_insert_noinspriv.q.out Fri Feb 14 16:57:53 2014
@@ -0,0 +1,13 @@
+PREHOOK: query: -- check insert without select priv
+create table t1(i int)
+PREHOOK: type: CREATETABLE
+POSTHOOK: query: -- check insert without select priv
+create table t1(i int)
+POSTHOOK: type: CREATETABLE
+POSTHOOK: Output: default@t1
+PREHOOK: query: create table user2tab(i int)
+PREHOOK: type: CREATETABLE
+POSTHOOK: query: create table user2tab(i int)
+POSTHOOK: type: CREATETABLE
+POSTHOOK: Output: default@user2tab
+FAILED: HiveAccessControlException Permission denied. Principal [name=user1, type=USER] does not have following privileges on Object [type=TABLE_OR_VIEW, name=default.t1] : [INSERT, DELETE]
Added: hive/trunk/ql/src/test/results/clientnegative/authorization_insert_noselectpriv.q.out
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/results/clientnegative/authorization_insert_noselectpriv.q.out?rev=1568352&view=auto
==============================================================================
--- hive/trunk/ql/src/test/results/clientnegative/authorization_insert_noselectpriv.q.out (added)
+++ hive/trunk/ql/src/test/results/clientnegative/authorization_insert_noselectpriv.q.out Fri Feb 14 16:57:53 2014
@@ -0,0 +1,13 @@
+PREHOOK: query: -- check insert without select priv
+create table t1(i int)
+PREHOOK: type: CREATETABLE
+POSTHOOK: query: -- check insert without select priv
+create table t1(i int)
+POSTHOOK: type: CREATETABLE
+POSTHOOK: Output: default@t1
+PREHOOK: query: create table t2(i int)
+PREHOOK: type: CREATETABLE
+POSTHOOK: query: create table t2(i int)
+POSTHOOK: type: CREATETABLE
+POSTHOOK: Output: default@t2
+FAILED: HiveAccessControlException Permission denied. Principal [name=user1, type=USER] does not have following privileges on Object [type=TABLE_OR_VIEW, name=default.t1] : [SELECT]
Added: hive/trunk/ql/src/test/results/clientnegative/authorization_not_owner_alter_tab_rename.q.out
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/results/clientnegative/authorization_not_owner_alter_tab_rename.q.out?rev=1568352&view=auto
==============================================================================
--- hive/trunk/ql/src/test/results/clientnegative/authorization_not_owner_alter_tab_rename.q.out (added)
+++ hive/trunk/ql/src/test/results/clientnegative/authorization_not_owner_alter_tab_rename.q.out Fri Feb 14 16:57:53 2014
@@ -0,0 +1,8 @@
+PREHOOK: query: -- check if alter table fails as different user
+create table t1(i int)
+PREHOOK: type: CREATETABLE
+POSTHOOK: query: -- check if alter table fails as different user
+create table t1(i int)
+POSTHOOK: type: CREATETABLE
+POSTHOOK: Output: default@t1
+FAILED: HiveAccessControlException Permission denied. Principal [name=user2, type=USER] does not have following privileges on Object [type=TABLE_OR_VIEW, name=default.t1] : [OBJECT OWNERSHIP]
Added: hive/trunk/ql/src/test/results/clientnegative/authorization_not_owner_alter_tab_serdeprop.q.out
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/results/clientnegative/authorization_not_owner_alter_tab_serdeprop.q.out?rev=1568352&view=auto
==============================================================================
--- hive/trunk/ql/src/test/results/clientnegative/authorization_not_owner_alter_tab_serdeprop.q.out (added)
+++ hive/trunk/ql/src/test/results/clientnegative/authorization_not_owner_alter_tab_serdeprop.q.out Fri Feb 14 16:57:53 2014
@@ -0,0 +1,8 @@
+PREHOOK: query: -- check if alter table fails as different user
+create table t1(i int)
+PREHOOK: type: CREATETABLE
+POSTHOOK: query: -- check if alter table fails as different user
+create table t1(i int)
+POSTHOOK: type: CREATETABLE
+POSTHOOK: Output: default@t1
+FAILED: HiveAccessControlException Permission denied. Principal [name=user2, type=USER] does not have following privileges on Object [type=TABLE_OR_VIEW, name=default.t1] : [OBJECT OWNERSHIP]
Added: hive/trunk/ql/src/test/results/clientnegative/authorization_not_owner_drop_tab.q.out
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/results/clientnegative/authorization_not_owner_drop_tab.q.out?rev=1568352&view=auto
==============================================================================
--- hive/trunk/ql/src/test/results/clientnegative/authorization_not_owner_drop_tab.q.out (added)
+++ hive/trunk/ql/src/test/results/clientnegative/authorization_not_owner_drop_tab.q.out Fri Feb 14 16:57:53 2014
@@ -0,0 +1,8 @@
+PREHOOK: query: -- check if create table fails as different user
+create table t1(i int)
+PREHOOK: type: CREATETABLE
+POSTHOOK: query: -- check if create table fails as different user
+create table t1(i int)
+POSTHOOK: type: CREATETABLE
+POSTHOOK: Output: default@t1
+FAILED: HiveAccessControlException Permission denied. Principal [name=user2, type=USER] does not have following privileges on Object [type=TABLE_OR_VIEW, name=default.t1] : [OBJECT OWNERSHIP]
Added: hive/trunk/ql/src/test/results/clientnegative/authorization_not_owner_drop_view.q.out
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/results/clientnegative/authorization_not_owner_drop_view.q.out?rev=1568352&view=auto
==============================================================================
--- hive/trunk/ql/src/test/results/clientnegative/authorization_not_owner_drop_view.q.out (added)
+++ hive/trunk/ql/src/test/results/clientnegative/authorization_not_owner_drop_view.q.out Fri Feb 14 16:57:53 2014
@@ -0,0 +1,15 @@
+PREHOOK: query: -- check if create table fails as different user
+create table t1(i int)
+PREHOOK: type: CREATETABLE
+POSTHOOK: query: -- check if create table fails as different user
+create table t1(i int)
+POSTHOOK: type: CREATETABLE
+POSTHOOK: Output: default@t1
+PREHOOK: query: create view vt1 as select * from t1
+PREHOOK: type: CREATEVIEW
+PREHOOK: Input: default@t1
+POSTHOOK: query: create view vt1 as select * from t1
+POSTHOOK: type: CREATEVIEW
+POSTHOOK: Input: default@t1
+POSTHOOK: Output: default@vt1
+FAILED: HiveAccessControlException Permission denied. Principal [name=user2, type=USER] does not have following privileges on Object [type=TABLE_OR_VIEW, name=default.vt1] : [OBJECT OWNERSHIP]
Added: hive/trunk/ql/src/test/results/clientnegative/authorization_priv_current_role_neg.q.out
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/results/clientnegative/authorization_priv_current_role_neg.q.out?rev=1568352&view=auto
==============================================================================
--- hive/trunk/ql/src/test/results/clientnegative/authorization_priv_current_role_neg.q.out (added)
+++ hive/trunk/ql/src/test/results/clientnegative/authorization_priv_current_role_neg.q.out Fri Feb 14 16:57:53 2014
@@ -0,0 +1,77 @@
+PREHOOK: query: set role ADMIN
+PREHOOK: type: SHOW_ROLES
+POSTHOOK: query: set role ADMIN
+POSTHOOK: type: SHOW_ROLES
+PREHOOK: query: -- the test verifies that authorization is happening with privileges of the current roles
+
+-- grant privileges with grant option for table to role2
+create role role2
+PREHOOK: type: CREATEROLE
+POSTHOOK: query: -- the test verifies that authorization is happening with privileges of the current roles
+
+-- grant privileges with grant option for table to role2
+create role role2
+POSTHOOK: type: CREATEROLE
+PREHOOK: query: grant role role2 to user user2
+PREHOOK: type: GRANT_ROLE
+POSTHOOK: query: grant role role2 to user user2
+POSTHOOK: type: GRANT_ROLE
+PREHOOK: query: create table tpriv_current_role(i int)
+PREHOOK: type: CREATETABLE
+POSTHOOK: query: create table tpriv_current_role(i int)
+POSTHOOK: type: CREATETABLE
+POSTHOOK: Output: default@tpriv_current_role
+PREHOOK: query: grant all on table tpriv_current_role to role role2 with grant option
+PREHOOK: type: GRANT_PRIVILEGE
+PREHOOK: Output: default@tpriv_current_role
+POSTHOOK: query: grant all on table tpriv_current_role to role role2 with grant option
+POSTHOOK: type: GRANT_PRIVILEGE
+POSTHOOK: Output: default@tpriv_current_role
+PREHOOK: query: -- switch to user2
+
+-- by default all roles should be in current roles, and grant to new user should work
+show current roles
+PREHOOK: type: SHOW_ROLES
+POSTHOOK: query: -- switch to user2
+
+-- by default all roles should be in current roles, and grant to new user should work
+show current roles
+POSTHOOK: type: SHOW_ROLES
+role2
+PUBLIC
+
+PREHOOK: query: grant all on table tpriv_current_role to user user3
+PREHOOK: type: GRANT_PRIVILEGE
+PREHOOK: Output: default@tpriv_current_role
+POSTHOOK: query: grant all on table tpriv_current_role to user user3
+POSTHOOK: type: GRANT_PRIVILEGE
+POSTHOOK: Output: default@tpriv_current_role
+PREHOOK: query: set role role2
+PREHOOK: type: SHOW_ROLES
+POSTHOOK: query: set role role2
+POSTHOOK: type: SHOW_ROLES
+PREHOOK: query: -- switch to role2, grant should work
+grant all on table tpriv_current_role to user user4
+PREHOOK: type: GRANT_PRIVILEGE
+PREHOOK: Output: default@tpriv_current_role
+POSTHOOK: query: -- switch to role2, grant should work
+grant all on table tpriv_current_role to user user4
+POSTHOOK: type: GRANT_PRIVILEGE
+POSTHOOK: Output: default@tpriv_current_role
+PREHOOK: query: show grant user user4 on table tpriv_current_role
+PREHOOK: type: SHOW_GRANT
+POSTHOOK: query: show grant user user4 on table tpriv_current_role
+POSTHOOK: type: SHOW_GRANT
+default tpriv_current_role user4 USER DELETE false -1 user2
+default tpriv_current_role user4 USER INSERT false -1 user2
+default tpriv_current_role user4 USER SELECT false -1 user2
+default tpriv_current_role user4 USER UPDATE false -1 user2
+PREHOOK: query: set role PUBLIC
+PREHOOK: type: SHOW_ROLES
+POSTHOOK: query: set role PUBLIC
+POSTHOOK: type: SHOW_ROLES
+PREHOOK: query: -- set role to public, should fail as role2 is not one of the current roles
+grant all on table tpriv_current_role to user user5
+PREHOOK: type: GRANT_PRIVILEGE
+PREHOOK: Output: default@tpriv_current_role
+FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. Permission denied. Principal [name=user2, type=USER] does not have following privileges on Object [type=TABLE_OR_VIEW, name=default.tpriv_current_role] : [SELECT with grant, INSERT with grant, UPDATE with grant, DELETE with grant]
Modified: hive/trunk/ql/src/test/results/clientnegative/authorization_revoke_table_fail1.q.out
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/results/clientnegative/authorization_revoke_table_fail1.q.out?rev=1568352&r1=1568351&r2=1568352&view=diff
==============================================================================
--- hive/trunk/ql/src/test/results/clientnegative/authorization_revoke_table_fail1.q.out (original)
+++ hive/trunk/ql/src/test/results/clientnegative/authorization_revoke_table_fail1.q.out Fri Feb 14 16:57:53 2014
@@ -19,5 +19,5 @@ PREHOOK: query: -- try dropping the priv
REVOKE INSERT ON TABLE table_priv_rfail1 FROM USER user2
PREHOOK: type: REVOKE_PRIVILEGE
PREHOOK: Output: default@table_priv_rfail1
-FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. Cannot find privilege Privilege [name=INSERT, columns=null] for Principal [name=user2, type=USER] on Hive Object [type=TABLE, dbname=default, table/viewname=table_priv_rfail1] granted by user3
+FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. Cannot find privilege Privilege [name=INSERT, columns=null] for Principal [name=user2, type=USER] on Object [type=TABLE_OR_VIEW, name=default.table_priv_rfail1] granted by user3
Modified: hive/trunk/ql/src/test/results/clientnegative/authorization_revoke_table_fail2.q.out
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/results/clientnegative/authorization_revoke_table_fail2.q.out?rev=1568352&r1=1568351&r2=1568352&view=diff
==============================================================================
--- hive/trunk/ql/src/test/results/clientnegative/authorization_revoke_table_fail2.q.out (original)
+++ hive/trunk/ql/src/test/results/clientnegative/authorization_revoke_table_fail2.q.out Fri Feb 14 16:57:53 2014
@@ -33,5 +33,5 @@ PREHOOK: query: -- try dropping the priv
REVOKE INSERT ON TABLE table_priv_rfai2 FROM USER user2
PREHOOK: type: REVOKE_PRIVILEGE
PREHOOK: Output: default@table_priv_rfai2
-FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. Cannot find privilege Privilege [name=INSERT, columns=null] for Principal [name=user2, type=USER] on Hive Object [type=TABLE, dbname=default, table/viewname=table_priv_rfai2] granted by user3
+FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. Cannot find privilege Privilege [name=INSERT, columns=null] for Principal [name=user2, type=USER] on Object [type=TABLE_OR_VIEW, name=default.table_priv_rfai2] granted by user3
Added: hive/trunk/ql/src/test/results/clientnegative/authorization_select.q.out
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/results/clientnegative/authorization_select.q.out?rev=1568352&view=auto
==============================================================================
--- hive/trunk/ql/src/test/results/clientnegative/authorization_select.q.out (added)
+++ hive/trunk/ql/src/test/results/clientnegative/authorization_select.q.out Fri Feb 14 16:57:53 2014
@@ -0,0 +1,8 @@
+PREHOOK: query: -- check query without select privilege fails
+create table t1(i int)
+PREHOOK: type: CREATETABLE
+POSTHOOK: query: -- check query without select privilege fails
+create table t1(i int)
+POSTHOOK: type: CREATETABLE
+POSTHOOK: Output: default@t1
+FAILED: HiveAccessControlException Permission denied. Principal [name=user1, type=USER] does not have following privileges on Object [type=TABLE_OR_VIEW, name=default.t1] : [SELECT]
Added: hive/trunk/ql/src/test/results/clientnegative/authorization_select_view.q.out
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/results/clientnegative/authorization_select_view.q.out?rev=1568352&view=auto
==============================================================================
--- hive/trunk/ql/src/test/results/clientnegative/authorization_select_view.q.out (added)
+++ hive/trunk/ql/src/test/results/clientnegative/authorization_select_view.q.out Fri Feb 14 16:57:53 2014
@@ -0,0 +1,15 @@
+PREHOOK: query: -- check create view without select privileges
+create table t1(i int)
+PREHOOK: type: CREATETABLE
+POSTHOOK: query: -- check create view without select privileges
+create table t1(i int)
+POSTHOOK: type: CREATETABLE
+POSTHOOK: Output: default@t1
+PREHOOK: query: create view v1 as select * from t1
+PREHOOK: type: CREATEVIEW
+PREHOOK: Input: default@t1
+POSTHOOK: query: create view v1 as select * from t1
+POSTHOOK: type: CREATEVIEW
+POSTHOOK: Input: default@t1
+POSTHOOK: Output: default@v1
+FAILED: HiveAccessControlException Permission denied. Principal [name=user1, type=USER] does not have following privileges on Object [type=TABLE_OR_VIEW, name=default.v1] : [SELECT]
Added: hive/trunk/ql/src/test/results/clientnegative/authorization_set_role_neg1.q.out
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/results/clientnegative/authorization_set_role_neg1.q.out?rev=1568352&view=auto
==============================================================================
--- hive/trunk/ql/src/test/results/clientnegative/authorization_set_role_neg1.q.out (added)
+++ hive/trunk/ql/src/test/results/clientnegative/authorization_set_role_neg1.q.out Fri Feb 14 16:57:53 2014
@@ -0,0 +1,5 @@
+PREHOOK: query: -- an error should be thrown if 'set role ' is done for role that does not exist
+
+set role nosuchroleexists
+PREHOOK: type: SHOW_ROLES
+FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. hive_test_user doesn't belong to role nosuchroleexists
Added: hive/trunk/ql/src/test/results/clientnegative/authorization_set_role_neg2.q.out
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/results/clientnegative/authorization_set_role_neg2.q.out?rev=1568352&view=auto
==============================================================================
--- hive/trunk/ql/src/test/results/clientnegative/authorization_set_role_neg2.q.out (added)
+++ hive/trunk/ql/src/test/results/clientnegative/authorization_set_role_neg2.q.out Fri Feb 14 16:57:53 2014
@@ -0,0 +1,19 @@
+PREHOOK: query: set role ADMIN
+PREHOOK: type: SHOW_ROLES
+POSTHOOK: query: set role ADMIN
+POSTHOOK: type: SHOW_ROLES
+PREHOOK: query: -- an error should be thrown if 'set role ' is done for role that does not exist
+
+create role rset_role_neg
+PREHOOK: type: CREATEROLE
+POSTHOOK: query: -- an error should be thrown if 'set role ' is done for role that does not exist
+
+create role rset_role_neg
+POSTHOOK: type: CREATEROLE
+PREHOOK: query: grant role rset_role_neg to user user2
+PREHOOK: type: GRANT_ROLE
+POSTHOOK: query: grant role rset_role_neg to user user2
+POSTHOOK: type: GRANT_ROLE
+PREHOOK: query: set role rset_role_neg
+PREHOOK: type: SHOW_ROLES
+FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. hive_admin_user doesn't belong to role rset_role_neg
Modified: hive/trunk/ql/src/test/results/clientnegative/authorization_show_roles_no_admin.q.out
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/results/clientnegative/authorization_show_roles_no_admin.q.out?rev=1568352&r1=1568351&r2=1568352&view=diff
==============================================================================
--- hive/trunk/ql/src/test/results/clientnegative/authorization_show_roles_no_admin.q.out (original)
+++ hive/trunk/ql/src/test/results/clientnegative/authorization_show_roles_no_admin.q.out Fri Feb 14 16:57:53 2014
@@ -1,4 +1,4 @@
PREHOOK: query: -- This test will fail because hive_test_user is not in admin role
show roles
PREHOOK: type: SHOW_ROLES
-FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. Current user : hive_test_user is not allowed to list roles. Only users belonging to admin role can list roles.
+FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. Current user : hive_test_user is not allowed to list roles. User has to belong to ADMIN role and have it as current role, for this action.
Added: hive/trunk/ql/src/test/results/clientnegative/authorization_truncate.q.out
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/results/clientnegative/authorization_truncate.q.out?rev=1568352&view=auto
==============================================================================
--- hive/trunk/ql/src/test/results/clientnegative/authorization_truncate.q.out (added)
+++ hive/trunk/ql/src/test/results/clientnegative/authorization_truncate.q.out Fri Feb 14 16:57:53 2014
@@ -0,0 +1,8 @@
+PREHOOK: query: -- check add partition without insert privilege
+create table t1(i int, j int)
+PREHOOK: type: CREATETABLE
+POSTHOOK: query: -- check add partition without insert privilege
+create table t1(i int, j int)
+POSTHOOK: type: CREATETABLE
+POSTHOOK: Output: default@t1
+FAILED: HiveAccessControlException Permission denied. Principal [name=user1, type=USER] does not have following privileges on Object [type=TABLE_OR_VIEW, name=default.t1] : [OBJECT OWNERSHIP]
Added: hive/trunk/ql/src/test/results/clientpositive/authorization_admin_almighty1.q.out
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/results/clientpositive/authorization_admin_almighty1.q.out?rev=1568352&view=auto
==============================================================================
--- hive/trunk/ql/src/test/results/clientpositive/authorization_admin_almighty1.q.out (added)
+++ hive/trunk/ql/src/test/results/clientpositive/authorization_admin_almighty1.q.out Fri Feb 14 16:57:53 2014
@@ -0,0 +1,55 @@
+PREHOOK: query: -- actions from admin should work as if admin has all privileges
+
+create table t1(i int)
+PREHOOK: type: CREATETABLE
+POSTHOOK: query: -- actions from admin should work as if admin has all privileges
+
+create table t1(i int)
+POSTHOOK: type: CREATETABLE
+POSTHOOK: Output: default@t1
+PREHOOK: query: show current roles
+PREHOOK: type: SHOW_ROLES
+POSTHOOK: query: show current roles
+POSTHOOK: type: SHOW_ROLES
+PUBLIC
+
+PREHOOK: query: set role ADMIN
+PREHOOK: type: SHOW_ROLES
+POSTHOOK: query: set role ADMIN
+POSTHOOK: type: SHOW_ROLES
+PREHOOK: query: show current roles
+PREHOOK: type: SHOW_ROLES
+POSTHOOK: query: show current roles
+POSTHOOK: type: SHOW_ROLES
+ADMIN
+
+PREHOOK: query: select * from t1
+PREHOOK: type: QUERY
+PREHOOK: Input: default@t1
+#### A masked pattern was here ####
+POSTHOOK: query: select * from t1
+POSTHOOK: type: QUERY
+POSTHOOK: Input: default@t1
+#### A masked pattern was here ####
+PREHOOK: query: grant all on table t1 to user user1
+PREHOOK: type: GRANT_PRIVILEGE
+PREHOOK: Output: default@t1
+POSTHOOK: query: grant all on table t1 to user user1
+POSTHOOK: type: GRANT_PRIVILEGE
+POSTHOOK: Output: default@t1
+PREHOOK: query: show grant user user1 on table t1
+PREHOOK: type: SHOW_GRANT
+POSTHOOK: query: show grant user user1 on table t1
+POSTHOOK: type: SHOW_GRANT
+default t1 user1 USER DELETE false -1 hive_admin_user
+default t1 user1 USER INSERT false -1 hive_admin_user
+default t1 user1 USER SELECT false -1 hive_admin_user
+default t1 user1 USER UPDATE false -1 hive_admin_user
+PREHOOK: query: drop table t1
+PREHOOK: type: DROPTABLE
+PREHOOK: Input: default@t1
+PREHOOK: Output: default@t1
+POSTHOOK: query: drop table t1
+POSTHOOK: type: DROPTABLE
+POSTHOOK: Input: default@t1
+POSTHOOK: Output: default@t1
Added: hive/trunk/ql/src/test/results/clientpositive/authorization_owner_actions.q.out
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/results/clientpositive/authorization_owner_actions.q.out?rev=1568352&view=auto
==============================================================================
--- hive/trunk/ql/src/test/results/clientpositive/authorization_owner_actions.q.out (added)
+++ hive/trunk/ql/src/test/results/clientpositive/authorization_owner_actions.q.out Fri Feb 14 16:57:53 2014
@@ -0,0 +1,52 @@
+#### A masked pattern was here ####
+create table t1(i int)
+PREHOOK: type: CREATETABLE
+#### A masked pattern was here ####
+create table t1(i int)
+POSTHOOK: type: CREATETABLE
+POSTHOOK: Output: default@t1
+PREHOOK: query: ALTER TABLE t1 SET SERDEPROPERTIES ('field.delim' = ',')
+PREHOOK: type: ALTERTABLE_SERDEPROPERTIES
+PREHOOK: Input: default@t1
+PREHOOK: Output: default@t1
+POSTHOOK: query: ALTER TABLE t1 SET SERDEPROPERTIES ('field.delim' = ',')
+POSTHOOK: type: ALTERTABLE_SERDEPROPERTIES
+POSTHOOK: Input: default@t1
+POSTHOOK: Output: default@t1
+PREHOOK: query: drop table t1
+PREHOOK: type: DROPTABLE
+PREHOOK: Input: default@t1
+PREHOOK: Output: default@t1
+POSTHOOK: query: drop table t1
+POSTHOOK: type: DROPTABLE
+POSTHOOK: Input: default@t1
+POSTHOOK: Output: default@t1
+PREHOOK: query: create table t1(i int)
+PREHOOK: type: CREATETABLE
+POSTHOOK: query: create table t1(i int)
+POSTHOOK: type: CREATETABLE
+POSTHOOK: Output: default@t1
+PREHOOK: query: create view vt1 as select * from t1
+PREHOOK: type: CREATEVIEW
+PREHOOK: Input: default@t1
+POSTHOOK: query: create view vt1 as select * from t1
+POSTHOOK: type: CREATEVIEW
+POSTHOOK: Input: default@t1
+POSTHOOK: Output: default@vt1
+PREHOOK: query: drop view vt1
+PREHOOK: type: DROPVIEW
+PREHOOK: Input: default@vt1
+PREHOOK: Output: default@vt1
+POSTHOOK: query: drop view vt1
+POSTHOOK: type: DROPVIEW
+POSTHOOK: Input: default@vt1
+POSTHOOK: Output: default@vt1
+PREHOOK: query: alter table t1 rename to tnew1
+PREHOOK: type: ALTERTABLE_RENAME
+PREHOOK: Input: default@t1
+PREHOOK: Output: default@t1
+POSTHOOK: query: alter table t1 rename to tnew1
+POSTHOOK: type: ALTERTABLE_RENAME
+POSTHOOK: Input: default@t1
+POSTHOOK: Output: default@t1
+POSTHOOK: Output: default@tnew1
Modified: hive/trunk/ql/src/test/results/clientpositive/authorization_revoke_table_priv.q.out
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/results/clientpositive/authorization_revoke_table_priv.q.out?rev=1568352&r1=1568351&r2=1568352&view=diff
==============================================================================
--- hive/trunk/ql/src/test/results/clientpositive/authorization_revoke_table_priv.q.out (original)
+++ hive/trunk/ql/src/test/results/clientpositive/authorization_revoke_table_priv.q.out Fri Feb 14 16:57:53 2014
@@ -1,10 +1,10 @@
PREHOOK: query: -- current user has been set (comment line before the set cmd is resulting in parse error!!)
-CREATE TABLE table_priv_rev(i int)
+CREATE TABLE table_priv_rev(i int)
PREHOOK: type: CREATETABLE
POSTHOOK: query: -- current user has been set (comment line before the set cmd is resulting in parse error!!)
-CREATE TABLE table_priv_rev(i int)
+CREATE TABLE table_priv_rev(i int)
POSTHOOK: type: CREATETABLE
POSTHOOK: Output: default@table_priv_rev
PREHOOK: query: -- grant insert privilege to user2
@@ -148,3 +148,29 @@ PREHOOK: query: SHOW GRANT USER user2 ON
PREHOOK: type: SHOW_GRANT
POSTHOOK: query: SHOW GRANT USER user2 ON TABLE table_priv_rev
POSTHOOK: type: SHOW_GRANT
+PREHOOK: query: -- grant all followed by revoke all
+GRANT ALL ON table_priv_rev TO USER user2
+PREHOOK: type: GRANT_PRIVILEGE
+PREHOOK: Output: default@table_priv_rev
+POSTHOOK: query: -- grant all followed by revoke all
+GRANT ALL ON table_priv_rev TO USER user2
+POSTHOOK: type: GRANT_PRIVILEGE
+POSTHOOK: Output: default@table_priv_rev
+PREHOOK: query: SHOW GRANT USER user2 ON TABLE table_priv_rev
+PREHOOK: type: SHOW_GRANT
+POSTHOOK: query: SHOW GRANT USER user2 ON TABLE table_priv_rev
+POSTHOOK: type: SHOW_GRANT
+default table_priv_rev user2 USER DELETE false -1 user1
+default table_priv_rev user2 USER INSERT false -1 user1
+default table_priv_rev user2 USER SELECT false -1 user1
+default table_priv_rev user2 USER UPDATE false -1 user1
+PREHOOK: query: REVOKE ALL ON TABLE table_priv_rev FROM USER user2
+PREHOOK: type: REVOKE_PRIVILEGE
+PREHOOK: Output: default@table_priv_rev
+POSTHOOK: query: REVOKE ALL ON TABLE table_priv_rev FROM USER user2
+POSTHOOK: type: REVOKE_PRIVILEGE
+POSTHOOK: Output: default@table_priv_rev
+PREHOOK: query: SHOW GRANT USER user2 ON TABLE table_priv_rev
+PREHOOK: type: SHOW_GRANT
+POSTHOOK: query: SHOW GRANT USER user2 ON TABLE table_priv_rev
+POSTHOOK: type: SHOW_GRANT
Added: hive/trunk/ql/src/test/results/clientpositive/authorization_view_sqlstd.q.out
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/results/clientpositive/authorization_view_sqlstd.q.out?rev=1568352&view=auto
==============================================================================
--- hive/trunk/ql/src/test/results/clientpositive/authorization_view_sqlstd.q.out (added)
+++ hive/trunk/ql/src/test/results/clientpositive/authorization_view_sqlstd.q.out Fri Feb 14 16:57:53 2014
@@ -0,0 +1,98 @@
+PREHOOK: query: create table t1(i int, j int, k int)
+PREHOOK: type: CREATETABLE
+POSTHOOK: query: create table t1(i int, j int, k int)
+POSTHOOK: type: CREATETABLE
+POSTHOOK: Output: default@t1
+PREHOOK: query: -- protecting certain columns
+create view vt1 as select i,k from t1
+PREHOOK: type: CREATEVIEW
+PREHOOK: Input: default@t1
+POSTHOOK: query: -- protecting certain columns
+create view vt1 as select i,k from t1
+POSTHOOK: type: CREATEVIEW
+POSTHOOK: Input: default@t1
+POSTHOOK: Output: default@vt1
+PREHOOK: query: -- protecting certain rows
+create view vt2 as select * from t1 where i > 1
+PREHOOK: type: CREATEVIEW
+PREHOOK: Input: default@t1
+POSTHOOK: query: -- protecting certain rows
+create view vt2 as select * from t1 where i > 1
+POSTHOOK: type: CREATEVIEW
+POSTHOOK: Input: default@t1
+POSTHOOK: Output: default@vt2
+PREHOOK: query: --view grant to user
+
+grant select on view vt1 to user user2
+PREHOOK: type: GRANT_PRIVILEGE
+PREHOOK: Output: default@vt1
+POSTHOOK: query: --view grant to user
+
+grant select on view vt1 to user user2
+POSTHOOK: type: GRANT_PRIVILEGE
+POSTHOOK: Output: default@vt1
+PREHOOK: query: grant insert on view vt1 to user user3
+PREHOOK: type: GRANT_PRIVILEGE
+PREHOOK: Output: default@vt1
+POSTHOOK: query: grant insert on view vt1 to user user3
+POSTHOOK: type: GRANT_PRIVILEGE
+POSTHOOK: Output: default@vt1
+PREHOOK: query: show grant user user2 on table vt1
+PREHOOK: type: SHOW_GRANT
+POSTHOOK: query: show grant user user2 on table vt1
+POSTHOOK: type: SHOW_GRANT
+default vt1 user2 USER SELECT false -1 user1
+PREHOOK: query: show grant user user3 on table vt1
+PREHOOK: type: SHOW_GRANT
+POSTHOOK: query: show grant user user3 on table vt1
+POSTHOOK: type: SHOW_GRANT
+default vt1 user3 USER INSERT false -1 user1
+PREHOOK: query: select * from vt1
+PREHOOK: type: QUERY
+PREHOOK: Input: default@t1
+PREHOOK: Input: default@vt1
+#### A masked pattern was here ####
+POSTHOOK: query: select * from vt1
+POSTHOOK: type: QUERY
+POSTHOOK: Input: default@t1
+POSTHOOK: Input: default@vt1
+#### A masked pattern was here ####
+PREHOOK: query: grant all on view vt2 to user user2
+PREHOOK: type: GRANT_PRIVILEGE
+PREHOOK: Output: default@vt2
+POSTHOOK: query: grant all on view vt2 to user user2
+POSTHOOK: type: GRANT_PRIVILEGE
+POSTHOOK: Output: default@vt2
+PREHOOK: query: show grant user user2 on table vt2
+PREHOOK: type: SHOW_GRANT
+POSTHOOK: query: show grant user user2 on table vt2
+POSTHOOK: type: SHOW_GRANT
+default vt2 user2 USER DELETE false -1 user1
+default vt2 user2 USER INSERT false -1 user1
+default vt2 user2 USER SELECT false -1 user1
+default vt2 user2 USER UPDATE false -1 user1
+PREHOOK: query: revoke all on view vt2 from user user2
+PREHOOK: type: REVOKE_PRIVILEGE
+PREHOOK: Output: default@vt2
+POSTHOOK: query: revoke all on view vt2 from user user2
+POSTHOOK: type: REVOKE_PRIVILEGE
+POSTHOOK: Output: default@vt2
+PREHOOK: query: show grant user user2 on table vt2
+PREHOOK: type: SHOW_GRANT
+POSTHOOK: query: show grant user user2 on table vt2
+POSTHOOK: type: SHOW_GRANT
+PREHOOK: query: revoke select on view vt1 from user user2
+PREHOOK: type: REVOKE_PRIVILEGE
+PREHOOK: Output: default@vt1
+POSTHOOK: query: revoke select on view vt1 from user user2
+POSTHOOK: type: REVOKE_PRIVILEGE
+POSTHOOK: Output: default@vt1
+PREHOOK: query: show grant user user2 on table vt1
+PREHOOK: type: SHOW_GRANT
+POSTHOOK: query: show grant user user2 on table vt1
+POSTHOOK: type: SHOW_GRANT
+PREHOOK: query: show grant user user3 on table vt1
+PREHOOK: type: SHOW_GRANT
+POSTHOOK: query: show grant user user3 on table vt1
+POSTHOOK: type: SHOW_GRANT
+default vt1 user3 USER INSERT false -1 user1