You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hive.apache.org by Ashutosh Chauhan <ha...@apache.org> on 2014/02/11 07:53:23 UTC
Review Request 17939: authorize role ops
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/17939/
-----------------------------------------------------------
Review request for hive.
Bugs: HIVE-5944
https://issues.apache.org/jira/browse/HIVE-5944
Repository: hive
Description
-------
authorize role ops
Diffs
-----
trunk/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java 1566991
trunk/itests/util/src/main/java/org/apache/hadoop/hive/ql/QTestUtil.java 1566991
trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAccessControlException.java 1566991
trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAccessController.java 1566991
trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizer.java 1566991
trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizerImpl.java 1566991
trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessController.java 1566991
trunk/ql/src/test/queries/clientnegative/authorization_create_role_no_admin.q PRE-CREATION
trunk/ql/src/test/queries/clientnegative/authorization_role_cycles1.q 1566991
trunk/ql/src/test/queries/clientnegative/authorization_role_cycles2.q 1566991
trunk/ql/src/test/queries/clientnegative/authorization_show_roles_no_admin.q PRE-CREATION
trunk/ql/src/test/queries/clientpositive/authorization_1_sql_std.q 1566991
trunk/ql/src/test/queries/clientpositive/authorization_role_grant1.q 1566991
trunk/ql/src/test/queries/clientpositive/authorization_set_show_current_role.q 1566991
trunk/ql/src/test/results/clientnegative/authorization_create_role_no_admin.q.out PRE-CREATION
trunk/ql/src/test/results/clientnegative/authorization_show_roles_no_admin.q.out PRE-CREATION
trunk/ql/src/test/results/clientpositive/authorization_1_sql_std.q.out 1566991
trunk/ql/src/test/results/clientpositive/authorization_role_grant1.q.out 1566991
trunk/ql/src/test/results/clientpositive/authorization_set_show_current_role.q.out 1566991
Diff: https://reviews.apache.org/r/17939/diff/
Testing
-------
Added new tests.
Thanks,
Ashutosh Chauhan
Re: Review Request 17939: authorize role ops
Posted by Thejas Nair <th...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/17939/#review34211
-----------------------------------------------------------
trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizer.java
<https://reviews.apache.org/r/17939/#comment64228>
Sorry, didn't think of this in last review and comment about it -
isUserAdmin is not used from rest of hive code, and I don't see it being used from there. I think we should not add it to the interface. It should be just a package private method in SQLAccessController.
trunk/ql/src/test/results/clientpositive/authorization_set_show_current_role.q.out
<https://reviews.apache.org/r/17939/#comment64226>
there seems to be a problem here . The type for 'set role' is SHOW_ROLES. That does not seem to be related to this change. Can you please open another jira for that ?
- Thejas Nair
On Feb. 11, 2014, 6:41 p.m., Ashutosh Chauhan wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/17939/
> -----------------------------------------------------------
>
> (Updated Feb. 11, 2014, 6:41 p.m.)
>
>
> Review request for hive.
>
>
> Bugs: HIVE-5944
> https://issues.apache.org/jira/browse/HIVE-5944
>
>
> Repository: hive
>
>
> Description
> -------
>
> authorize role ops
>
>
> Diffs
> -----
>
> trunk/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java 1567278
> trunk/itests/util/src/main/java/org/apache/hadoop/hive/ql/QTestUtil.java 1567278
> trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAccessControlException.java 1567278
> trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAccessController.java 1567278
> trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizer.java 1567278
> trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizerImpl.java 1567278
> trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessController.java 1567278
> trunk/ql/src/test/queries/clientnegative/authorization_create_role_no_admin.q PRE-CREATION
> trunk/ql/src/test/queries/clientnegative/authorization_drop_role_no_admin.q PRE-CREATION
> trunk/ql/src/test/queries/clientnegative/authorization_role_cycles1.q 1567278
> trunk/ql/src/test/queries/clientnegative/authorization_role_cycles2.q 1567278
> trunk/ql/src/test/queries/clientnegative/authorization_show_roles_no_admin.q PRE-CREATION
> trunk/ql/src/test/queries/clientpositive/authorization_1_sql_std.q 1567278
> trunk/ql/src/test/queries/clientpositive/authorization_role_grant1.q 1567278
> trunk/ql/src/test/queries/clientpositive/authorization_set_show_current_role.q 1567278
> trunk/ql/src/test/results/clientnegative/authorization_create_role_no_admin.q.out PRE-CREATION
> trunk/ql/src/test/results/clientnegative/authorization_drop_role_no_admin.q.out PRE-CREATION
> trunk/ql/src/test/results/clientnegative/authorization_role_cycles1.q.out 1567278
> trunk/ql/src/test/results/clientnegative/authorization_role_cycles2.q.out 1567278
> trunk/ql/src/test/results/clientnegative/authorization_show_roles_no_admin.q.out PRE-CREATION
> trunk/ql/src/test/results/clientpositive/authorization_1_sql_std.q.out 1567278
> trunk/ql/src/test/results/clientpositive/authorization_role_grant1.q.out 1567278
> trunk/ql/src/test/results/clientpositive/authorization_set_show_current_role.q.out 1567278
>
> Diff: https://reviews.apache.org/r/17939/diff/
>
>
> Testing
> -------
>
> Added new tests.
>
>
> Thanks,
>
> Ashutosh Chauhan
>
>
Re: Review Request 17939: authorize role ops
Posted by Thejas Nair <th...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/17939/#review34229
-----------------------------------------------------------
Ship it!
Ship It!
- Thejas Nair
On Feb. 11, 2014, 7:18 p.m., Ashutosh Chauhan wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/17939/
> -----------------------------------------------------------
>
> (Updated Feb. 11, 2014, 7:18 p.m.)
>
>
> Review request for hive.
>
>
> Bugs: HIVE-5944
> https://issues.apache.org/jira/browse/HIVE-5944
>
>
> Repository: hive
>
>
> Description
> -------
>
> authorize role ops
>
>
> Diffs
> -----
>
> trunk/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java 1567278
> trunk/itests/util/src/main/java/org/apache/hadoop/hive/ql/QTestUtil.java 1567278
> trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAccessControlException.java 1567278
> trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAccessController.java 1567278
> trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizer.java 1567278
> trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizerImpl.java 1567278
> trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessController.java 1567278
> trunk/ql/src/test/queries/clientnegative/authorization_create_role_no_admin.q PRE-CREATION
> trunk/ql/src/test/queries/clientnegative/authorization_drop_role_no_admin.q PRE-CREATION
> trunk/ql/src/test/queries/clientnegative/authorization_role_cycles1.q 1567278
> trunk/ql/src/test/queries/clientnegative/authorization_role_cycles2.q 1567278
> trunk/ql/src/test/queries/clientnegative/authorization_show_roles_no_admin.q PRE-CREATION
> trunk/ql/src/test/queries/clientpositive/authorization_1_sql_std.q 1567278
> trunk/ql/src/test/queries/clientpositive/authorization_role_grant1.q 1567278
> trunk/ql/src/test/queries/clientpositive/authorization_set_show_current_role.q 1567278
> trunk/ql/src/test/results/clientnegative/authorization_create_role_no_admin.q.out PRE-CREATION
> trunk/ql/src/test/results/clientnegative/authorization_drop_role_no_admin.q.out PRE-CREATION
> trunk/ql/src/test/results/clientnegative/authorization_role_cycles1.q.out 1567278
> trunk/ql/src/test/results/clientnegative/authorization_role_cycles2.q.out 1567278
> trunk/ql/src/test/results/clientnegative/authorization_show_roles_no_admin.q.out PRE-CREATION
> trunk/ql/src/test/results/clientpositive/authorization_1_sql_std.q.out 1567278
> trunk/ql/src/test/results/clientpositive/authorization_role_grant1.q.out 1567278
> trunk/ql/src/test/results/clientpositive/authorization_set_show_current_role.q.out 1567278
>
> Diff: https://reviews.apache.org/r/17939/diff/
>
>
> Testing
> -------
>
> Added new tests.
>
>
> Thanks,
>
> Ashutosh Chauhan
>
>
Re: Review Request 17939: authorize role ops
Posted by Ashutosh Chauhan <ha...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/17939/
-----------------------------------------------------------
(Updated Feb. 11, 2014, 7:18 p.m.)
Review request for hive.
Changes
-------
Incorporated more feedback.
Bugs: HIVE-5944
https://issues.apache.org/jira/browse/HIVE-5944
Repository: hive
Description
-------
authorize role ops
Diffs (updated)
-----
trunk/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java 1567278
trunk/itests/util/src/main/java/org/apache/hadoop/hive/ql/QTestUtil.java 1567278
trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAccessControlException.java 1567278
trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAccessController.java 1567278
trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizer.java 1567278
trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizerImpl.java 1567278
trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessController.java 1567278
trunk/ql/src/test/queries/clientnegative/authorization_create_role_no_admin.q PRE-CREATION
trunk/ql/src/test/queries/clientnegative/authorization_drop_role_no_admin.q PRE-CREATION
trunk/ql/src/test/queries/clientnegative/authorization_role_cycles1.q 1567278
trunk/ql/src/test/queries/clientnegative/authorization_role_cycles2.q 1567278
trunk/ql/src/test/queries/clientnegative/authorization_show_roles_no_admin.q PRE-CREATION
trunk/ql/src/test/queries/clientpositive/authorization_1_sql_std.q 1567278
trunk/ql/src/test/queries/clientpositive/authorization_role_grant1.q 1567278
trunk/ql/src/test/queries/clientpositive/authorization_set_show_current_role.q 1567278
trunk/ql/src/test/results/clientnegative/authorization_create_role_no_admin.q.out PRE-CREATION
trunk/ql/src/test/results/clientnegative/authorization_drop_role_no_admin.q.out PRE-CREATION
trunk/ql/src/test/results/clientnegative/authorization_role_cycles1.q.out 1567278
trunk/ql/src/test/results/clientnegative/authorization_role_cycles2.q.out 1567278
trunk/ql/src/test/results/clientnegative/authorization_show_roles_no_admin.q.out PRE-CREATION
trunk/ql/src/test/results/clientpositive/authorization_1_sql_std.q.out 1567278
trunk/ql/src/test/results/clientpositive/authorization_role_grant1.q.out 1567278
trunk/ql/src/test/results/clientpositive/authorization_set_show_current_role.q.out 1567278
Diff: https://reviews.apache.org/r/17939/diff/
Testing
-------
Added new tests.
Thanks,
Ashutosh Chauhan
Re: Review Request 17939: authorize role ops
Posted by Ashutosh Chauhan <ha...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/17939/
-----------------------------------------------------------
(Updated Feb. 11, 2014, 6:41 p.m.)
Review request for hive.
Changes
-------
Incorporated Thejas & Mohammad feedback.
Bugs: HIVE-5944
https://issues.apache.org/jira/browse/HIVE-5944
Repository: hive
Description
-------
authorize role ops
Diffs (updated)
-----
trunk/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java 1567278
trunk/itests/util/src/main/java/org/apache/hadoop/hive/ql/QTestUtil.java 1567278
trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAccessControlException.java 1567278
trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAccessController.java 1567278
trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizer.java 1567278
trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizerImpl.java 1567278
trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessController.java 1567278
trunk/ql/src/test/queries/clientnegative/authorization_create_role_no_admin.q PRE-CREATION
trunk/ql/src/test/queries/clientnegative/authorization_drop_role_no_admin.q PRE-CREATION
trunk/ql/src/test/queries/clientnegative/authorization_role_cycles1.q 1567278
trunk/ql/src/test/queries/clientnegative/authorization_role_cycles2.q 1567278
trunk/ql/src/test/queries/clientnegative/authorization_show_roles_no_admin.q PRE-CREATION
trunk/ql/src/test/queries/clientpositive/authorization_1_sql_std.q 1567278
trunk/ql/src/test/queries/clientpositive/authorization_role_grant1.q 1567278
trunk/ql/src/test/queries/clientpositive/authorization_set_show_current_role.q 1567278
trunk/ql/src/test/results/clientnegative/authorization_create_role_no_admin.q.out PRE-CREATION
trunk/ql/src/test/results/clientnegative/authorization_drop_role_no_admin.q.out PRE-CREATION
trunk/ql/src/test/results/clientnegative/authorization_role_cycles1.q.out 1567278
trunk/ql/src/test/results/clientnegative/authorization_role_cycles2.q.out 1567278
trunk/ql/src/test/results/clientnegative/authorization_show_roles_no_admin.q.out PRE-CREATION
trunk/ql/src/test/results/clientpositive/authorization_1_sql_std.q.out 1567278
trunk/ql/src/test/results/clientpositive/authorization_role_grant1.q.out 1567278
trunk/ql/src/test/results/clientpositive/authorization_set_show_current_role.q.out 1567278
Diff: https://reviews.apache.org/r/17939/diff/
Testing
-------
Added new tests.
Thanks,
Ashutosh Chauhan
Re: Review Request 17939: authorize role ops
Posted by Thejas Nair <th...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/17939/#review34197
-----------------------------------------------------------
trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessController.java
<https://reviews.apache.org/r/17939/#comment64213>
indentation within this loop is not right.
trunk/ql/src/test/queries/clientnegative/authorization_create_role_no_admin.q
<https://reviews.apache.org/r/17939/#comment64215>
can you add a similar test for drop role as well ?
trunk/ql/src/test/queries/clientnegative/authorization_show_roles_no_admin.q
<https://reviews.apache.org/r/17939/#comment64211>
comment should say hive_test_user ?
- Thejas Nair
On Feb. 11, 2014, 6:53 a.m., Ashutosh Chauhan wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/17939/
> -----------------------------------------------------------
>
> (Updated Feb. 11, 2014, 6:53 a.m.)
>
>
> Review request for hive.
>
>
> Bugs: HIVE-5944
> https://issues.apache.org/jira/browse/HIVE-5944
>
>
> Repository: hive
>
>
> Description
> -------
>
> authorize role ops
>
>
> Diffs
> -----
>
> trunk/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java 1566991
> trunk/itests/util/src/main/java/org/apache/hadoop/hive/ql/QTestUtil.java 1566991
> trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAccessControlException.java 1566991
> trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAccessController.java 1566991
> trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizer.java 1566991
> trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizerImpl.java 1566991
> trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessController.java 1566991
> trunk/ql/src/test/queries/clientnegative/authorization_create_role_no_admin.q PRE-CREATION
> trunk/ql/src/test/queries/clientnegative/authorization_role_cycles1.q 1566991
> trunk/ql/src/test/queries/clientnegative/authorization_role_cycles2.q 1566991
> trunk/ql/src/test/queries/clientnegative/authorization_show_roles_no_admin.q PRE-CREATION
> trunk/ql/src/test/queries/clientpositive/authorization_1_sql_std.q 1566991
> trunk/ql/src/test/queries/clientpositive/authorization_role_grant1.q 1566991
> trunk/ql/src/test/queries/clientpositive/authorization_set_show_current_role.q 1566991
> trunk/ql/src/test/results/clientnegative/authorization_create_role_no_admin.q.out PRE-CREATION
> trunk/ql/src/test/results/clientnegative/authorization_show_roles_no_admin.q.out PRE-CREATION
> trunk/ql/src/test/results/clientpositive/authorization_1_sql_std.q.out 1566991
> trunk/ql/src/test/results/clientpositive/authorization_role_grant1.q.out 1566991
> trunk/ql/src/test/results/clientpositive/authorization_set_show_current_role.q.out 1566991
>
> Diff: https://reviews.apache.org/r/17939/diff/
>
>
> Testing
> -------
>
> Added new tests.
>
>
> Thanks,
>
> Ashutosh Chauhan
>
>
Re: Review Request 17939: authorize role ops
Posted by Thejas Nair <th...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/17939/#review34195
-----------------------------------------------------------
trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessController.java
<https://reviews.apache.org/r/17939/#comment64206>
non admin users should be allowed to grant/revoke role if they have admin privileges on the role.
But that can be addressed in followup jira as well.
trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessController.java
<https://reviews.apache.org/r/17939/#comment64207>
It should return true only if the admin role is among the current roles (getCurrentRoles()).
Can you also add that to this function javadoc ?
- Thejas Nair
On Feb. 11, 2014, 6:53 a.m., Ashutosh Chauhan wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/17939/
> -----------------------------------------------------------
>
> (Updated Feb. 11, 2014, 6:53 a.m.)
>
>
> Review request for hive.
>
>
> Bugs: HIVE-5944
> https://issues.apache.org/jira/browse/HIVE-5944
>
>
> Repository: hive
>
>
> Description
> -------
>
> authorize role ops
>
>
> Diffs
> -----
>
> trunk/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java 1566991
> trunk/itests/util/src/main/java/org/apache/hadoop/hive/ql/QTestUtil.java 1566991
> trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAccessControlException.java 1566991
> trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAccessController.java 1566991
> trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizer.java 1566991
> trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizerImpl.java 1566991
> trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessController.java 1566991
> trunk/ql/src/test/queries/clientnegative/authorization_create_role_no_admin.q PRE-CREATION
> trunk/ql/src/test/queries/clientnegative/authorization_role_cycles1.q 1566991
> trunk/ql/src/test/queries/clientnegative/authorization_role_cycles2.q 1566991
> trunk/ql/src/test/queries/clientnegative/authorization_show_roles_no_admin.q PRE-CREATION
> trunk/ql/src/test/queries/clientpositive/authorization_1_sql_std.q 1566991
> trunk/ql/src/test/queries/clientpositive/authorization_role_grant1.q 1566991
> trunk/ql/src/test/queries/clientpositive/authorization_set_show_current_role.q 1566991
> trunk/ql/src/test/results/clientnegative/authorization_create_role_no_admin.q.out PRE-CREATION
> trunk/ql/src/test/results/clientnegative/authorization_show_roles_no_admin.q.out PRE-CREATION
> trunk/ql/src/test/results/clientpositive/authorization_1_sql_std.q.out 1566991
> trunk/ql/src/test/results/clientpositive/authorization_role_grant1.q.out 1566991
> trunk/ql/src/test/results/clientpositive/authorization_set_show_current_role.q.out 1566991
>
> Diff: https://reviews.apache.org/r/17939/diff/
>
>
> Testing
> -------
>
> Added new tests.
>
>
> Thanks,
>
> Ashutosh Chauhan
>
>
Re: Review Request 17939: authorize role ops
Posted by Mohammad Islam <mi...@yahoo.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/17939/#review34172
-----------------------------------------------------------
Very good.
minor comments about formatting and etc.
trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessController.java
<https://reviews.apache.org/r/17939/#comment64188>
nit: formatting. same in next few places.
trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessController.java
<https://reviews.apache.org/r/17939/#comment64189>
Add more description as done in previous instances. something like " Only users belonging to admin role can grant roles."
trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessController.java
<https://reviews.apache.org/r/17939/#comment64190>
Ditto
trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessController.java
<https://reviews.apache.org/r/17939/#comment64191>
equalsIgnoreCase could be better.
- Mohammad Islam
On Feb. 11, 2014, 6:53 a.m., Ashutosh Chauhan wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/17939/
> -----------------------------------------------------------
>
> (Updated Feb. 11, 2014, 6:53 a.m.)
>
>
> Review request for hive.
>
>
> Bugs: HIVE-5944
> https://issues.apache.org/jira/browse/HIVE-5944
>
>
> Repository: hive
>
>
> Description
> -------
>
> authorize role ops
>
>
> Diffs
> -----
>
> trunk/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java 1566991
> trunk/itests/util/src/main/java/org/apache/hadoop/hive/ql/QTestUtil.java 1566991
> trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAccessControlException.java 1566991
> trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAccessController.java 1566991
> trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizer.java 1566991
> trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizerImpl.java 1566991
> trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessController.java 1566991
> trunk/ql/src/test/queries/clientnegative/authorization_create_role_no_admin.q PRE-CREATION
> trunk/ql/src/test/queries/clientnegative/authorization_role_cycles1.q 1566991
> trunk/ql/src/test/queries/clientnegative/authorization_role_cycles2.q 1566991
> trunk/ql/src/test/queries/clientnegative/authorization_show_roles_no_admin.q PRE-CREATION
> trunk/ql/src/test/queries/clientpositive/authorization_1_sql_std.q 1566991
> trunk/ql/src/test/queries/clientpositive/authorization_role_grant1.q 1566991
> trunk/ql/src/test/queries/clientpositive/authorization_set_show_current_role.q 1566991
> trunk/ql/src/test/results/clientnegative/authorization_create_role_no_admin.q.out PRE-CREATION
> trunk/ql/src/test/results/clientnegative/authorization_show_roles_no_admin.q.out PRE-CREATION
> trunk/ql/src/test/results/clientpositive/authorization_1_sql_std.q.out 1566991
> trunk/ql/src/test/results/clientpositive/authorization_role_grant1.q.out 1566991
> trunk/ql/src/test/results/clientpositive/authorization_set_show_current_role.q.out 1566991
>
> Diff: https://reviews.apache.org/r/17939/diff/
>
>
> Testing
> -------
>
> Added new tests.
>
>
> Thanks,
>
> Ashutosh Chauhan
>
>