You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hive.apache.org by Navis Ryu <na...@nexr.com> on 2013/12/05 07:14:51 UTC
Review Request 16034: Add explain authorize for checking privileges
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/16034/
-----------------------------------------------------------
Review request for hive.
Bugs: HIVE-5961
https://issues.apache.org/jira/browse/HIVE-5961
Repository: hive-git
Description
-------
For easy checking of need privileges for a query,
{noformat}
explain authorize select * from src join srcpart
INPUTS:
default@srcpart
default@srcpart@ds=2008-04-08/hr=11
default@srcpart@ds=2008-04-08/hr=12
default@srcpart@ds=2008-04-09/hr=11
default@srcpart@ds=2008-04-09/hr=12
default@src
OUTPUTS:
file:/home/navis/apache/oss-hive/itests/qtest/target/tmp/localscratchdir/hive_2013-12-04_21-57-53_748_5323811717799107868-1/-mr-10000
CURRENT_USER:
hive_test_user
OPERATION:
QUERY
AUTHORIZATION_FAILURES:
No privilege 'Select' found for inputs { database:default, table:srcpart, columnName:key}
No privilege 'Select' found for inputs { database:default, table:src, columnName:key}
No privilege 'Select' found for inputs { database:default, table:src, columnName:key}
{noformat}
Hopefully good for debugging of authorization, which is in progress on HIVE-5837.
Diffs
-----
ql/src/java/org/apache/hadoop/hive/ql/Driver.java 86db406
ql/src/java/org/apache/hadoop/hive/ql/exec/ExplainTask.java f0da57d
ql/src/java/org/apache/hadoop/hive/ql/parse/BaseSemanticAnalyzer.java da80d81
ql/src/java/org/apache/hadoop/hive/ql/parse/ExplainSemanticAnalyzer.java 9b1c36e
ql/src/java/org/apache/hadoop/hive/ql/parse/HiveLexer.g 366b714
ql/src/java/org/apache/hadoop/hive/ql/parse/HiveParser.g 5e5b8cf
ql/src/java/org/apache/hadoop/hive/ql/parse/SemanticAnalyzerFactory.java 97454e4
ql/src/java/org/apache/hadoop/hive/ql/plan/ExplainWork.java 0cb6a9b
ql/src/java/org/apache/hadoop/hive/ql/security/authorization/AuthorizationFactory.java PRE-CREATION
ql/src/java/org/apache/hadoop/hive/ql/security/authorization/DelegatableAuthorizationProvider.java PRE-CREATION
ql/src/test/queries/clientpositive/authorization_explain.q PRE-CREATION
ql/src/test/results/clientpositive/authorization_explain.q.out PRE-CREATION
Diff: https://reviews.apache.org/r/16034/diff/
Testing
-------
Thanks,
Navis Ryu
Re: Review Request 16034: Add explain authorize for checking privileges
Posted by Ashutosh Chauhan <ha...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/16034/#review43899
-----------------------------------------------------------
Ship it!
Ship It!
- Ashutosh Chauhan
On May 24, 2014, 8:45 a.m., Navis Ryu wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/16034/
> -----------------------------------------------------------
>
> (Updated May 24, 2014, 8:45 a.m.)
>
>
> Review request for hive.
>
>
> Bugs: HIVE-5961
> https://issues.apache.org/jira/browse/HIVE-5961
>
>
> Repository: hive-git
>
>
> Description
> -------
>
> For easy checking of need privileges for a query,
> {noformat}
> explain authorize select * from src join srcpart
> INPUTS:
> default@srcpart
> default@srcpart@ds=2008-04-08/hr=11
> default@srcpart@ds=2008-04-08/hr=12
> default@srcpart@ds=2008-04-09/hr=11
> default@srcpart@ds=2008-04-09/hr=12
> default@src
> OUTPUTS:
> file:/home/navis/apache/oss-hive/itests/qtest/target/tmp/localscratchdir/hive_2013-12-04_21-57-53_748_5323811717799107868-1/-mr-10000
> CURRENT_USER:
> hive_test_user
> OPERATION:
> QUERY
> AUTHORIZATION_FAILURES:
> No privilege 'Select' found for inputs { database:default, table:srcpart, columnName:key}
> No privilege 'Select' found for inputs { database:default, table:src, columnName:key}
> No privilege 'Select' found for inputs { database:default, table:src, columnName:key}
> {noformat}
>
> Hopefully good for debugging of authorization, which is in progress on HIVE-5837.
>
>
> Diffs
> -----
>
> ql/src/java/org/apache/hadoop/hive/ql/Driver.java d57dabb
> ql/src/java/org/apache/hadoop/hive/ql/exec/ExplainTask.java 35f4fa9
> ql/src/java/org/apache/hadoop/hive/ql/parse/BaseSemanticAnalyzer.java db9fa74
> ql/src/java/org/apache/hadoop/hive/ql/parse/ExplainSemanticAnalyzer.java 26863f1
> ql/src/java/org/apache/hadoop/hive/ql/parse/HiveLexer.g 38e8e25
> ql/src/java/org/apache/hadoop/hive/ql/parse/HiveParser.g af3ecd0
> ql/src/java/org/apache/hadoop/hive/ql/parse/IdentifiersParser.g 5406412
> ql/src/java/org/apache/hadoop/hive/ql/parse/SemanticAnalyzerFactory.java b6f3748
> ql/src/java/org/apache/hadoop/hive/ql/plan/ExplainWork.java d7140ca
> ql/src/java/org/apache/hadoop/hive/ql/security/authorization/AuthorizationFactory.java PRE-CREATION
> ql/src/test/queries/clientpositive/authorization_explain.q PRE-CREATION
> ql/src/test/results/clientpositive/authorization_explain.q.out PRE-CREATION
>
> Diff: https://reviews.apache.org/r/16034/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Navis Ryu
>
>
Re: Review Request 16034: Add explain authorize for checking privileges
Posted by Navis Ryu <na...@nexr.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/16034/
-----------------------------------------------------------
(Updated May 24, 2014, 8:45 a.m.)
Review request for hive.
Changes
-------
Addressed comments
Bugs: HIVE-5961
https://issues.apache.org/jira/browse/HIVE-5961
Repository: hive-git
Description
-------
For easy checking of need privileges for a query,
{noformat}
explain authorize select * from src join srcpart
INPUTS:
default@srcpart
default@srcpart@ds=2008-04-08/hr=11
default@srcpart@ds=2008-04-08/hr=12
default@srcpart@ds=2008-04-09/hr=11
default@srcpart@ds=2008-04-09/hr=12
default@src
OUTPUTS:
file:/home/navis/apache/oss-hive/itests/qtest/target/tmp/localscratchdir/hive_2013-12-04_21-57-53_748_5323811717799107868-1/-mr-10000
CURRENT_USER:
hive_test_user
OPERATION:
QUERY
AUTHORIZATION_FAILURES:
No privilege 'Select' found for inputs { database:default, table:srcpart, columnName:key}
No privilege 'Select' found for inputs { database:default, table:src, columnName:key}
No privilege 'Select' found for inputs { database:default, table:src, columnName:key}
{noformat}
Hopefully good for debugging of authorization, which is in progress on HIVE-5837.
Diffs (updated)
-----
ql/src/java/org/apache/hadoop/hive/ql/Driver.java d57dabb
ql/src/java/org/apache/hadoop/hive/ql/exec/ExplainTask.java 35f4fa9
ql/src/java/org/apache/hadoop/hive/ql/parse/BaseSemanticAnalyzer.java db9fa74
ql/src/java/org/apache/hadoop/hive/ql/parse/ExplainSemanticAnalyzer.java 26863f1
ql/src/java/org/apache/hadoop/hive/ql/parse/HiveLexer.g 38e8e25
ql/src/java/org/apache/hadoop/hive/ql/parse/HiveParser.g af3ecd0
ql/src/java/org/apache/hadoop/hive/ql/parse/IdentifiersParser.g 5406412
ql/src/java/org/apache/hadoop/hive/ql/parse/SemanticAnalyzerFactory.java b6f3748
ql/src/java/org/apache/hadoop/hive/ql/plan/ExplainWork.java d7140ca
ql/src/java/org/apache/hadoop/hive/ql/security/authorization/AuthorizationFactory.java PRE-CREATION
ql/src/test/queries/clientpositive/authorization_explain.q PRE-CREATION
ql/src/test/results/clientpositive/authorization_explain.q.out PRE-CREATION
Diff: https://reviews.apache.org/r/16034/diff/
Testing
-------
Thanks,
Navis Ryu
Re: Review Request 16034: Add explain authorize for checking privileges
Posted by Navis Ryu <na...@nexr.com>.
> On May 24, 2014, 12:51 a.m., Ashutosh Chauhan wrote:
> > ql/src/java/org/apache/hadoop/hive/ql/exec/ExplainTask.java, line 325
> > <https://reviews.apache.org/r/16034/diff/4/?file=545573#file545573line325>
> >
> > This if condition can never be false, right ?
Simple explain needs full authorization. This should be true only for "explain authorize".
> On May 24, 2014, 12:51 a.m., Ashutosh Chauhan wrote:
> > ql/src/java/org/apache/hadoop/hive/ql/exec/ExplainTask.java, line 302
> > <https://reviews.apache.org/r/16034/diff/4/?file=545573#file545573line302>
> >
> > Better name : collectReferedEntitiesNDoAuth()
Renamed to collectAuthRelatedEntities. This just collects(ignores) authorization exception.
> On May 24, 2014, 12:51 a.m., Ashutosh Chauhan wrote:
> > ql/src/java/org/apache/hadoop/hive/ql/parse/HiveLexer.g, line 297
> > <https://reviews.apache.org/r/16034/diff/4/?file=545576#file545576line297>
> >
> > We need to add this to nonReserved list in IdentifiersParser.g as well.
ah, sure.
> On May 24, 2014, 12:51 a.m., Ashutosh Chauhan wrote:
> > ql/src/java/org/apache/hadoop/hive/ql/parse/HiveLexer.g, line 298
> > <https://reviews.apache.org/r/16034/diff/4/?file=545576#file545576line298>
> >
> > Also I think
> > explain authorization select * from T
> > is more clear than
> > explain authorize select * from T
done.
> On May 24, 2014, 12:51 a.m., Ashutosh Chauhan wrote:
> > ql/src/java/org/apache/hadoop/hive/ql/Driver.java, line 496
> > <https://reviews.apache.org/r/16034/diff/4/?file=545572#file545572line496>
> >
> > This could be
> > HiveAuthorizationProvider authorizer = AuthorizationFactory.create(ss.getAuthorizer());
> > See my corresponding comment in create().
> >
> > I want to avoid DelegtableAuthProvider in non-explain case, if possible.
done.
> On May 24, 2014, 12:51 a.m., Ashutosh Chauhan wrote:
> > ql/src/java/org/apache/hadoop/hive/ql/security/authorization/AuthorizationFactory.java, line 40
> > <https://reviews.apache.org/r/16034/diff/4/?file=545580#file545580line40>
> >
> > This should instead be
> > return delegated;
> >
> > That will avoid creating DelegatableAuthProvider in non-explain case.
done.
> On May 24, 2014, 12:51 a.m., Ashutosh Chauhan wrote:
> > ql/src/java/org/apache/hadoop/hive/ql/security/authorization/AuthorizationFactory.java, lines 50-56
> > <https://reviews.apache.org/r/16034/diff/4/?file=545580#file545580line50>
> >
> > Not able to understand this. Can you add comments whats happening here?
It's not related to this issue. There was an authorization issue on view which should be authorized by the owner of view, not by current user, which was fixed long before than this(yes, in my version).
I should book that as a following issue. Will remove this part for that.
> On May 24, 2014, 12:51 a.m., Ashutosh Chauhan wrote:
> > ql/src/java/org/apache/hadoop/hive/ql/security/authorization/AuthorizationFactory.java, line 104
> > <https://reviews.apache.org/r/16034/diff/4/?file=545580#file545580line104>
> >
> > Can you add comments when this class is used and for what?
same as above
- Navis
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/16034/#review43887
-----------------------------------------------------------
On April 2, 2014, 9:07 a.m., Navis Ryu wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/16034/
> -----------------------------------------------------------
>
> (Updated April 2, 2014, 9:07 a.m.)
>
>
> Review request for hive.
>
>
> Bugs: HIVE-5961
> https://issues.apache.org/jira/browse/HIVE-5961
>
>
> Repository: hive-git
>
>
> Description
> -------
>
> For easy checking of need privileges for a query,
> {noformat}
> explain authorize select * from src join srcpart
> INPUTS:
> default@srcpart
> default@srcpart@ds=2008-04-08/hr=11
> default@srcpart@ds=2008-04-08/hr=12
> default@srcpart@ds=2008-04-09/hr=11
> default@srcpart@ds=2008-04-09/hr=12
> default@src
> OUTPUTS:
> file:/home/navis/apache/oss-hive/itests/qtest/target/tmp/localscratchdir/hive_2013-12-04_21-57-53_748_5323811717799107868-1/-mr-10000
> CURRENT_USER:
> hive_test_user
> OPERATION:
> QUERY
> AUTHORIZATION_FAILURES:
> No privilege 'Select' found for inputs { database:default, table:srcpart, columnName:key}
> No privilege 'Select' found for inputs { database:default, table:src, columnName:key}
> No privilege 'Select' found for inputs { database:default, table:src, columnName:key}
> {noformat}
>
> Hopefully good for debugging of authorization, which is in progress on HIVE-5837.
>
>
> Diffs
> -----
>
> ql/src/java/org/apache/hadoop/hive/ql/Driver.java d42895a
> ql/src/java/org/apache/hadoop/hive/ql/exec/ExplainTask.java 35f4fa9
> ql/src/java/org/apache/hadoop/hive/ql/parse/BaseSemanticAnalyzer.java db9fa74
> ql/src/java/org/apache/hadoop/hive/ql/parse/ExplainSemanticAnalyzer.java 77fb8bd
> ql/src/java/org/apache/hadoop/hive/ql/parse/HiveLexer.g 3e673ca
> ql/src/java/org/apache/hadoop/hive/ql/parse/HiveParser.g 13bbf0a
> ql/src/java/org/apache/hadoop/hive/ql/parse/SemanticAnalyzerFactory.java e7d0359
> ql/src/java/org/apache/hadoop/hive/ql/plan/ExplainWork.java d7140ca
> ql/src/java/org/apache/hadoop/hive/ql/security/authorization/AuthorizationFactory.java PRE-CREATION
> ql/src/java/org/apache/hadoop/hive/ql/security/authorization/DelegatableAuthorizationProvider.java PRE-CREATION
> ql/src/test/queries/clientpositive/authorization_explain.q PRE-CREATION
> ql/src/test/results/clientpositive/authorization_explain.q.out PRE-CREATION
>
> Diff: https://reviews.apache.org/r/16034/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Navis Ryu
>
>
Re: Review Request 16034: Add explain authorize for checking privileges
Posted by Ashutosh Chauhan <ha...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/16034/#review43887
-----------------------------------------------------------
ql/src/java/org/apache/hadoop/hive/ql/Driver.java
<https://reviews.apache.org/r/16034/#comment78163>
This could be
HiveAuthorizationProvider authorizer = AuthorizationFactory.create(ss.getAuthorizer());
See my corresponding comment in create().
I want to avoid DelegtableAuthProvider in non-explain case, if possible.
ql/src/java/org/apache/hadoop/hive/ql/exec/ExplainTask.java
<https://reviews.apache.org/r/16034/#comment78169>
Better name : collectReferedEntitiesNDoAuth()
ql/src/java/org/apache/hadoop/hive/ql/exec/ExplainTask.java
<https://reviews.apache.org/r/16034/#comment78168>
This if condition can never be false, right ?
ql/src/java/org/apache/hadoop/hive/ql/parse/HiveLexer.g
<https://reviews.apache.org/r/16034/#comment78164>
We need to add this to nonReserved list in IdentifiersParser.g as well.
ql/src/java/org/apache/hadoop/hive/ql/parse/HiveLexer.g
<https://reviews.apache.org/r/16034/#comment78165>
Also I think
explain authorization select * from T
is more clear than
explain authorize select * from T
ql/src/java/org/apache/hadoop/hive/ql/security/authorization/AuthorizationFactory.java
<https://reviews.apache.org/r/16034/#comment78162>
This should instead be
return delegated;
That will avoid creating DelegatableAuthProvider in non-explain case.
ql/src/java/org/apache/hadoop/hive/ql/security/authorization/AuthorizationFactory.java
<https://reviews.apache.org/r/16034/#comment78166>
Not able to understand this. Can you add comments whats happening here?
ql/src/java/org/apache/hadoop/hive/ql/security/authorization/AuthorizationFactory.java
<https://reviews.apache.org/r/16034/#comment78167>
Can you add comments when this class is used and for what?
- Ashutosh Chauhan
On April 2, 2014, 9:07 a.m., Navis Ryu wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/16034/
> -----------------------------------------------------------
>
> (Updated April 2, 2014, 9:07 a.m.)
>
>
> Review request for hive.
>
>
> Bugs: HIVE-5961
> https://issues.apache.org/jira/browse/HIVE-5961
>
>
> Repository: hive-git
>
>
> Description
> -------
>
> For easy checking of need privileges for a query,
> {noformat}
> explain authorize select * from src join srcpart
> INPUTS:
> default@srcpart
> default@srcpart@ds=2008-04-08/hr=11
> default@srcpart@ds=2008-04-08/hr=12
> default@srcpart@ds=2008-04-09/hr=11
> default@srcpart@ds=2008-04-09/hr=12
> default@src
> OUTPUTS:
> file:/home/navis/apache/oss-hive/itests/qtest/target/tmp/localscratchdir/hive_2013-12-04_21-57-53_748_5323811717799107868-1/-mr-10000
> CURRENT_USER:
> hive_test_user
> OPERATION:
> QUERY
> AUTHORIZATION_FAILURES:
> No privilege 'Select' found for inputs { database:default, table:srcpart, columnName:key}
> No privilege 'Select' found for inputs { database:default, table:src, columnName:key}
> No privilege 'Select' found for inputs { database:default, table:src, columnName:key}
> {noformat}
>
> Hopefully good for debugging of authorization, which is in progress on HIVE-5837.
>
>
> Diffs
> -----
>
> ql/src/java/org/apache/hadoop/hive/ql/Driver.java d42895a
> ql/src/java/org/apache/hadoop/hive/ql/exec/ExplainTask.java 35f4fa9
> ql/src/java/org/apache/hadoop/hive/ql/parse/BaseSemanticAnalyzer.java db9fa74
> ql/src/java/org/apache/hadoop/hive/ql/parse/ExplainSemanticAnalyzer.java 77fb8bd
> ql/src/java/org/apache/hadoop/hive/ql/parse/HiveLexer.g 3e673ca
> ql/src/java/org/apache/hadoop/hive/ql/parse/HiveParser.g 13bbf0a
> ql/src/java/org/apache/hadoop/hive/ql/parse/SemanticAnalyzerFactory.java e7d0359
> ql/src/java/org/apache/hadoop/hive/ql/plan/ExplainWork.java d7140ca
> ql/src/java/org/apache/hadoop/hive/ql/security/authorization/AuthorizationFactory.java PRE-CREATION
> ql/src/java/org/apache/hadoop/hive/ql/security/authorization/DelegatableAuthorizationProvider.java PRE-CREATION
> ql/src/test/queries/clientpositive/authorization_explain.q PRE-CREATION
> ql/src/test/results/clientpositive/authorization_explain.q.out PRE-CREATION
>
> Diff: https://reviews.apache.org/r/16034/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Navis Ryu
>
>
Re: Review Request 16034: Add explain authorize for checking privileges
Posted by Navis Ryu <na...@nexr.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/16034/
-----------------------------------------------------------
(Updated April 2, 2014, 9:07 a.m.)
Review request for hive.
Changes
-------
Rebased to trunk
Bugs: HIVE-5961
https://issues.apache.org/jira/browse/HIVE-5961
Repository: hive-git
Description
-------
For easy checking of need privileges for a query,
{noformat}
explain authorize select * from src join srcpart
INPUTS:
default@srcpart
default@srcpart@ds=2008-04-08/hr=11
default@srcpart@ds=2008-04-08/hr=12
default@srcpart@ds=2008-04-09/hr=11
default@srcpart@ds=2008-04-09/hr=12
default@src
OUTPUTS:
file:/home/navis/apache/oss-hive/itests/qtest/target/tmp/localscratchdir/hive_2013-12-04_21-57-53_748_5323811717799107868-1/-mr-10000
CURRENT_USER:
hive_test_user
OPERATION:
QUERY
AUTHORIZATION_FAILURES:
No privilege 'Select' found for inputs { database:default, table:srcpart, columnName:key}
No privilege 'Select' found for inputs { database:default, table:src, columnName:key}
No privilege 'Select' found for inputs { database:default, table:src, columnName:key}
{noformat}
Hopefully good for debugging of authorization, which is in progress on HIVE-5837.
Diffs (updated)
-----
ql/src/java/org/apache/hadoop/hive/ql/Driver.java d42895a
ql/src/java/org/apache/hadoop/hive/ql/exec/ExplainTask.java 35f4fa9
ql/src/java/org/apache/hadoop/hive/ql/parse/BaseSemanticAnalyzer.java db9fa74
ql/src/java/org/apache/hadoop/hive/ql/parse/ExplainSemanticAnalyzer.java 77fb8bd
ql/src/java/org/apache/hadoop/hive/ql/parse/HiveLexer.g 3e673ca
ql/src/java/org/apache/hadoop/hive/ql/parse/HiveParser.g 13bbf0a
ql/src/java/org/apache/hadoop/hive/ql/parse/SemanticAnalyzerFactory.java e7d0359
ql/src/java/org/apache/hadoop/hive/ql/plan/ExplainWork.java d7140ca
ql/src/java/org/apache/hadoop/hive/ql/security/authorization/AuthorizationFactory.java PRE-CREATION
ql/src/java/org/apache/hadoop/hive/ql/security/authorization/DelegatableAuthorizationProvider.java PRE-CREATION
ql/src/test/queries/clientpositive/authorization_explain.q PRE-CREATION
ql/src/test/results/clientpositive/authorization_explain.q.out PRE-CREATION
Diff: https://reviews.apache.org/r/16034/diff/
Testing
-------
Thanks,
Navis Ryu
Re: Review Request 16034: Add explain authorize for checking privileges
Posted by Navis Ryu <na...@nexr.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/16034/
-----------------------------------------------------------
(Updated Feb. 7, 2014, 2:31 a.m.)
Review request for hive.
Changes
-------
Rebased to trunk
Bugs: HIVE-5961
https://issues.apache.org/jira/browse/HIVE-5961
Repository: hive-git
Description
-------
For easy checking of need privileges for a query,
{noformat}
explain authorize select * from src join srcpart
INPUTS:
default@srcpart
default@srcpart@ds=2008-04-08/hr=11
default@srcpart@ds=2008-04-08/hr=12
default@srcpart@ds=2008-04-09/hr=11
default@srcpart@ds=2008-04-09/hr=12
default@src
OUTPUTS:
file:/home/navis/apache/oss-hive/itests/qtest/target/tmp/localscratchdir/hive_2013-12-04_21-57-53_748_5323811717799107868-1/-mr-10000
CURRENT_USER:
hive_test_user
OPERATION:
QUERY
AUTHORIZATION_FAILURES:
No privilege 'Select' found for inputs { database:default, table:srcpart, columnName:key}
No privilege 'Select' found for inputs { database:default, table:src, columnName:key}
No privilege 'Select' found for inputs { database:default, table:src, columnName:key}
{noformat}
Hopefully good for debugging of authorization, which is in progress on HIVE-5837.
Diffs (updated)
-----
ql/src/java/org/apache/hadoop/hive/ql/Driver.java 6705ec4
ql/src/java/org/apache/hadoop/hive/ql/exec/ExplainTask.java fe929fc
ql/src/java/org/apache/hadoop/hive/ql/parse/BaseSemanticAnalyzer.java 13d0a56
ql/src/java/org/apache/hadoop/hive/ql/parse/ExplainSemanticAnalyzer.java 77fb8bd
ql/src/java/org/apache/hadoop/hive/ql/parse/HiveLexer.g f83c15d
ql/src/java/org/apache/hadoop/hive/ql/parse/HiveParser.g 7e69912
ql/src/java/org/apache/hadoop/hive/ql/parse/SemanticAnalyzerFactory.java 2495c40
ql/src/java/org/apache/hadoop/hive/ql/plan/ExplainWork.java d7140ca
ql/src/java/org/apache/hadoop/hive/ql/security/authorization/AuthorizationFactory.java PRE-CREATION
ql/src/java/org/apache/hadoop/hive/ql/security/authorization/DelegatableAuthorizationProvider.java PRE-CREATION
ql/src/test/queries/clientpositive/authorization_explain.q PRE-CREATION
ql/src/test/results/clientpositive/authorization_explain.q.out PRE-CREATION
Diff: https://reviews.apache.org/r/16034/diff/
Testing
-------
Thanks,
Navis Ryu
Re: Review Request 16034: Add explain authorize for checking privileges
Posted by Navis Ryu <na...@nexr.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/16034/
-----------------------------------------------------------
(Updated Dec. 10, 2013, 12:57 a.m.)
Review request for hive.
Bugs: HIVE-5961
https://issues.apache.org/jira/browse/HIVE-5961
Repository: hive-git
Description
-------
For easy checking of need privileges for a query,
{noformat}
explain authorize select * from src join srcpart
INPUTS:
default@srcpart
default@srcpart@ds=2008-04-08/hr=11
default@srcpart@ds=2008-04-08/hr=12
default@srcpart@ds=2008-04-09/hr=11
default@srcpart@ds=2008-04-09/hr=12
default@src
OUTPUTS:
file:/home/navis/apache/oss-hive/itests/qtest/target/tmp/localscratchdir/hive_2013-12-04_21-57-53_748_5323811717799107868-1/-mr-10000
CURRENT_USER:
hive_test_user
OPERATION:
QUERY
AUTHORIZATION_FAILURES:
No privilege 'Select' found for inputs { database:default, table:srcpart, columnName:key}
No privilege 'Select' found for inputs { database:default, table:src, columnName:key}
No privilege 'Select' found for inputs { database:default, table:src, columnName:key}
{noformat}
Hopefully good for debugging of authorization, which is in progress on HIVE-5837.
Diffs (updated)
-----
ql/src/java/org/apache/hadoop/hive/ql/Driver.java d18243c
ql/src/java/org/apache/hadoop/hive/ql/exec/ExplainTask.java f0da57d
ql/src/java/org/apache/hadoop/hive/ql/parse/BaseSemanticAnalyzer.java 4b7fc73
ql/src/java/org/apache/hadoop/hive/ql/parse/ExplainSemanticAnalyzer.java 9b1c36e
ql/src/java/org/apache/hadoop/hive/ql/parse/HiveLexer.g 366b714
ql/src/java/org/apache/hadoop/hive/ql/parse/HiveParser.g 5e5b8cf
ql/src/java/org/apache/hadoop/hive/ql/parse/SemanticAnalyzerFactory.java 97454e4
ql/src/java/org/apache/hadoop/hive/ql/plan/ExplainWork.java 0cb6a9b
ql/src/java/org/apache/hadoop/hive/ql/security/authorization/AuthorizationFactory.java PRE-CREATION
ql/src/java/org/apache/hadoop/hive/ql/security/authorization/DelegatableAuthorizationProvider.java PRE-CREATION
ql/src/test/queries/clientpositive/authorization_explain.q PRE-CREATION
ql/src/test/results/clientpositive/authorization_explain.q.out PRE-CREATION
Diff: https://reviews.apache.org/r/16034/diff/
Testing
-------
Thanks,
Navis Ryu