You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hive.apache.org by th...@apache.org on 2014/01/04 00:22:48 UTC
svn commit: r1555280 - in /hive/trunk/ql/src:
java/org/apache/hadoop/hive/ql/exec/ java/org/apache/hadoop/hive/ql/parse/
java/org/apache/hadoop/hive/ql/plan/ test/queries/clientpositive/
test/results/clientpositive/
Author: thejas
Date: Fri Jan 3 23:22:47 2014
New Revision: 1555280
URL: http://svn.apache.org/r1555280
Log:
HIVE-5923 : SQL std auth - parser changes (Thejas Nair, reviewed by Brock Noland)
Added:
hive/trunk/ql/src/test/queries/clientpositive/authorization_role_grant1.q
hive/trunk/ql/src/test/results/clientpositive/authorization_role_grant1.q.out
Modified:
hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/exec/DDLTask.java
hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/parse/DDLSemanticAnalyzer.java
hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/parse/HiveLexer.g
hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/parse/HiveParser.g
hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/parse/IdentifiersParser.g
hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/plan/PrivilegeObjectDesc.java
hive/trunk/ql/src/test/queries/clientpositive/authorization_2.q
hive/trunk/ql/src/test/results/clientpositive/authorization_2.q.out
Modified: hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/exec/DDLTask.java
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/exec/DDLTask.java?rev=1555280&r1=1555279&r2=1555280&view=diff
==============================================================================
--- hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/exec/DDLTask.java (original)
+++ hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/exec/DDLTask.java Fri Jan 3 23:22:47 2014
@@ -637,7 +637,7 @@ public class DDLTask extends Task<DDLWor
throw new HiveException("Grant does not support partition level.");
}
String obj = privSubjectDesc.getObject();
- boolean notFound = true;
+
if (privSubjectDesc.getTable()) {
String[] dbTab = obj.split("\\.");
if (dbTab.length == 2) {
@@ -648,15 +648,19 @@ public class DDLTask extends Task<DDLWor
tableName = obj;
}
dbObj = db.getDatabase(dbName);
+ if (dbObj == null) {
+ throwNotFound("Database", dbName);
+ }
tableObj = db.getTable(dbName, tableName);
- notFound = (dbObj == null || tableObj == null);
+ if (tableObj == null) {
+ throwNotFound("Table", obj);
+ }
} else {
dbName = privSubjectDesc.getObject();
dbObj = db.getDatabase(dbName);
- notFound = (dbObj == null);
- }
- if (notFound) {
- throw new HiveException(obj + " can not be found");
+ if (dbObj == null) {
+ throwNotFound("Database", dbName);
+ }
}
}
@@ -753,6 +757,10 @@ public class DDLTask extends Task<DDLWor
return 0;
}
+ private void throwNotFound(String objType, String objName) throws HiveException {
+ throw new HiveException(objType + " " + objName + " not found");
+ }
+
private int roleDDL(RoleDDLDesc roleDDLDesc) {
RoleDDLDesc.RoleOperation operation = roleDDLDesc.getOperation();
DataOutput outStream = null;
Modified: hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/parse/DDLSemanticAnalyzer.java
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/parse/DDLSemanticAnalyzer.java?rev=1555280&r1=1555279&r2=1555280&view=diff
==============================================================================
--- hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/parse/DDLSemanticAnalyzer.java (original)
+++ hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/parse/DDLSemanticAnalyzer.java Fri Jan 3 23:22:47 2014
@@ -456,8 +456,17 @@ public class DDLSemanticAnalyzer extends
private void analyzeGrantRevokeRole(boolean grant, ASTNode ast) {
List<PrincipalDesc> principalDesc = analyzePrincipalListDef(
(ASTNode) ast.getChild(0));
+
+ //check if admin option has been specified
+ int rolesStartPos = 1;
+ ASTNode wAdminOption = (ASTNode) ast.getChild(1);
+ if(wAdminOption.getToken().getType() == HiveParser.TOK_GRANT_WITH_ADMIN_OPTION){
+ rolesStartPos = 2; //start reading role names from next postion
+ //TODO: use the admin option
+ }
+
List<String> roles = new ArrayList<String>();
- for (int i = 1; i < ast.getChildCount(); i++) {
+ for (int i = rolesStartPos; i < ast.getChildCount(); i++) {
roles.add(unescapeIdentifier(ast.getChild(i).getText()));
}
String roleOwnerName = "";
@@ -489,21 +498,26 @@ public class DDLSemanticAnalyzer extends
}
String principalName = unescapeIdentifier(principal.getChild(0).getText());
PrincipalDesc principalDesc = new PrincipalDesc(principalName, type);
+
List<String> cols = null;
if (ast.getChildCount() > 1) {
ASTNode child = (ASTNode) ast.getChild(1);
if (child.getToken().getType() == HiveParser.TOK_PRIV_OBJECT_COL) {
privHiveObj = new PrivilegeObjectDesc();
+ //set object name
privHiveObj.setObject(unescapeIdentifier(child.getChild(0).getText()));
- if (child.getChildCount() > 1) {
- for (int i = 1; i < child.getChildCount(); i++) {
+ //set object type
+ ASTNode objTypeNode = (ASTNode) child.getChild(1);
+ privHiveObj.setTable(objTypeNode.getToken().getType() == HiveParser.TOK_TABLE_TYPE);
+
+ //set col and partition spec if specified
+ if (child.getChildCount() > 2) {
+ for (int i = 2; i < child.getChildCount(); i++) {
ASTNode grandChild = (ASTNode) child.getChild(i);
if (grandChild.getToken().getType() == HiveParser.TOK_PARTSPEC) {
privHiveObj.setPartSpec(DDLSemanticAnalyzer.getPartSpec(grandChild));
} else if (grandChild.getToken().getType() == HiveParser.TOK_TABCOLNAME) {
cols = getColumnNames((ASTNode) grandChild);
- } else {
- privHiveObj.setTable(child.getChild(i) != null);
}
}
}
@@ -574,16 +588,15 @@ public class DDLSemanticAnalyzer extends
HashSet<WriteEntity> outputs)
throws SemanticException {
PrivilegeObjectDesc subject = new PrivilegeObjectDesc();
+ //set object identifier
subject.setObject(unescapeIdentifier(ast.getChild(0).getText()));
- if (ast.getChildCount() > 1) {
- for (int i = 0; i < ast.getChildCount(); i++) {
- ASTNode astChild = (ASTNode) ast.getChild(i);
- if (astChild.getToken().getType() == HiveParser.TOK_PARTSPEC) {
- subject.setPartSpec(DDLSemanticAnalyzer.getPartSpec(astChild));
- } else {
- subject.setTable(ast.getChild(0) != null);
- }
- }
+ //set object type
+ ASTNode objTypeNode = (ASTNode) ast.getChild(1);
+ subject.setTable(objTypeNode.getToken().getType() == HiveParser.TOK_TABLE_TYPE);
+ if (ast.getChildCount() == 3) {
+ //if partition spec node is present, set partition spec
+ ASTNode partSpecNode = (ASTNode) ast.getChild(2);
+ subject.setPartSpec(DDLSemanticAnalyzer.getPartSpec(partSpecNode));
}
if (subject.getTable()) {
Modified: hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/parse/HiveLexer.g
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/parse/HiveLexer.g?rev=1555280&r1=1555279&r2=1555280&view=diff
==============================================================================
--- hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/parse/HiveLexer.g (original)
+++ hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/parse/HiveLexer.g Fri Jan 3 23:22:47 2014
@@ -282,6 +282,7 @@ KW_USER: 'USER';
KW_ROLE: 'ROLE';
KW_INNER: 'INNER';
KW_EXCHANGE: 'EXCHANGE';
+KW_ADMIN: 'ADMIN';
// Operators
// NOTE: if you add a new function/operator, add it to sysFuncNames so that describe function _FUNC_ will work.
Modified: hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/parse/HiveParser.g
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/parse/HiveParser.g?rev=1555280&r1=1555279&r2=1555280&view=diff
==============================================================================
--- hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/parse/HiveParser.g (original)
+++ hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/parse/HiveParser.g Fri Jan 3 23:22:47 2014
@@ -261,6 +261,7 @@ TOK_USER;
TOK_GROUP;
TOK_ROLE;
TOK_GRANT_WITH_OPTION;
+TOK_GRANT_WITH_ADMIN_OPTION;
TOK_PRIV_ALL;
TOK_PRIV_ALTER_METADATA;
TOK_PRIV_ALTER_DATA;
@@ -310,6 +311,8 @@ TOK_SUBQUERY_EXPR;
TOK_SUBQUERY_OP;
TOK_SUBQUERY_OP_NOTIN;
TOK_SUBQUERY_OP_NOTEXISTS;
+TOK_DB_TYPE;
+TOK_TABLE_TYPE;
}
@@ -1299,8 +1302,8 @@ grantPrivileges
: KW_GRANT privList=privilegeList
privilegeObject?
KW_TO principalSpecification
- (KW_WITH withOption)?
- -> ^(TOK_GRANT $privList principalSpecification privilegeObject? withOption?)
+ withGrantOption?
+ -> ^(TOK_GRANT $privList principalSpecification privilegeObject? withGrantOption?)
;
revokePrivileges
@@ -1313,15 +1316,15 @@ revokePrivileges
grantRole
@init {msgs.push("grant role");}
@after {msgs.pop();}
- : KW_GRANT KW_ROLE identifier (COMMA identifier)* KW_TO principalSpecification
- -> ^(TOK_GRANT_ROLE principalSpecification identifier+)
+ : KW_GRANT KW_ROLE? identifier (COMMA identifier)* KW_TO principalSpecification withAdminOption?
+ -> ^(TOK_GRANT_ROLE principalSpecification withAdminOption? identifier+)
;
revokeRole
@init {msgs.push("revoke role");}
@after {msgs.pop();}
- : KW_REVOKE KW_ROLE identifier (COMMA identifier)* KW_FROM principalSpecification
- -> ^(TOK_REVOKE_ROLE principalSpecification identifier+)
+ : KW_REVOKE KW_ROLE? identifier (COMMA identifier)* KW_FROM principalSpecification withAdminOption?
+ -> ^(TOK_REVOKE_ROLE principalSpecification withAdminOption? identifier+)
;
showRoleGrants
@@ -1341,17 +1344,27 @@ showGrants
privilegeIncludeColObject
@init {msgs.push("privilege object including columns");}
@after {msgs.pop();}
- : KW_ON (table=KW_TABLE|KW_DATABASE) identifier (LPAREN cols=columnNameList RPAREN)? partitionSpec?
- -> ^(TOK_PRIV_OBJECT_COL identifier $table? $cols? partitionSpec?)
+ : KW_ON privObjectType identifier (LPAREN cols=columnNameList RPAREN)? partitionSpec?
+ -> ^(TOK_PRIV_OBJECT_COL identifier privObjectType $cols? partitionSpec?)
;
privilegeObject
@init {msgs.push("privilege subject");}
@after {msgs.pop();}
- : KW_ON (table=KW_TABLE|KW_DATABASE) identifier partitionSpec?
- -> ^(TOK_PRIV_OBJECT identifier $table? partitionSpec?)
+ : KW_ON privObjectType identifier partitionSpec?
+ -> ^(TOK_PRIV_OBJECT identifier privObjectType partitionSpec?)
;
+
+// database or table type. Type is optional, default type is table
+privObjectType
+@init {msgs.push("privilege object type type");}
+@after {msgs.pop();}
+ : KW_DATABASE -> ^(TOK_DB_TYPE)
+ | KW_TABLE? -> ^(TOK_TABLE_TYPE)
+ ;
+
+
privilegeList
@init {msgs.push("grant privilege list");}
@after {msgs.pop();}
@@ -1394,13 +1407,20 @@ principalName
| KW_ROLE identifier -> ^(TOK_ROLE identifier)
;
-withOption
-@init {msgs.push("grant with option");}
+withGrantOption
+@init {msgs.push("with grant option");}
@after {msgs.pop();}
- : KW_GRANT KW_OPTION
+ : KW_WITH KW_GRANT KW_OPTION
-> ^(TOK_GRANT_WITH_OPTION)
;
+withAdminOption
+@init {msgs.push("with admin option");}
+@after {msgs.pop();}
+ : KW_WITH KW_ADMIN KW_OPTION
+ -> ^(TOK_GRANT_WITH_ADMIN_OPTION)
+ ;
+
metastoreCheck
@init { msgs.push("metastore check statement"); }
@after { msgs.pop(); }
Modified: hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/parse/IdentifiersParser.g
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/parse/IdentifiersParser.g?rev=1555280&r1=1555279&r2=1555280&view=diff
==============================================================================
--- hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/parse/IdentifiersParser.g (original)
+++ hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/parse/IdentifiersParser.g Fri Jan 3 23:22:47 2014
@@ -532,8 +532,8 @@ identifier
Identifier
| nonReserved -> Identifier[$nonReserved.text]
;
-
+
nonReserved
:
- KW_TRUE | KW_FALSE | KW_LIKE | KW_EXISTS | KW_ASC | KW_DESC | KW_ORDER | KW_GROUP | KW_BY | KW_AS | KW_INSERT | KW_OVERWRITE | KW_OUTER | KW_LEFT | KW_RIGHT | KW_FULL | KW_PARTITION | KW_PARTITIONS | KW_TABLE | KW_TABLES | KW_COLUMNS | KW_INDEX | KW_INDEXES | KW_REBUILD | KW_FUNCTIONS | KW_SHOW | KW_MSCK | KW_REPAIR | KW_DIRECTORY | KW_LOCAL | KW_USING | KW_CLUSTER | KW_DISTRIBUTE | KW_SORT | KW_UNION | KW_LOAD | KW_EXPORT | KW_IMPORT | KW_DATA | KW_INPATH | KW_IS | KW_NULL | KW_CREATE | KW_EXTERNAL | KW_ALTER | KW_CHANGE | KW_FIRST | KW_AFTER | KW_DESCRIBE | KW_DROP | KW_RENAME | KW_IGNORE | KW_PROTECTION | KW_TO | KW_COMMENT | KW_BOOLEAN | KW_TINYINT | KW_SMALLINT | KW_INT | KW_BIGINT | KW_FLOAT | KW_DOUBLE | KW_DATE | KW_DATETIME | KW_TIMESTAMP | KW_DECIMAL | KW_STRING | KW_ARRAY | KW_STRUCT | KW_UNIONTYPE | KW_PARTITIONED | KW_CLUSTERED | KW_SORTED | KW_INTO | KW_BUCKETS | KW_ROW | KW_ROWS | KW_FORMAT | KW_DELIMITED | KW_FIELDS | KW_TERMINATED | KW_ESCAPED | KW_COLLECTION |
KW_ITEMS | KW_KEYS | KW_KEY_TYPE | KW_LINES | KW_STORED | KW_FILEFORMAT | KW_SEQUENCEFILE | KW_TEXTFILE | KW_RCFILE | KW_ORCFILE | KW_INPUTFORMAT | KW_OUTPUTFORMAT | KW_INPUTDRIVER | KW_OUTPUTDRIVER | KW_OFFLINE | KW_ENABLE | KW_DISABLE | KW_READONLY | KW_NO_DROP | KW_LOCATION | KW_BUCKET | KW_OUT | KW_OF | KW_PERCENT | KW_ADD | KW_REPLACE | KW_RLIKE | KW_REGEXP | KW_TEMPORARY | KW_EXPLAIN | KW_FORMATTED | KW_PRETTY | KW_DEPENDENCY | KW_LOGICAL | KW_SERDE | KW_WITH | KW_DEFERRED | KW_SERDEPROPERTIES | KW_DBPROPERTIES | KW_LIMIT | KW_SET | KW_UNSET | KW_TBLPROPERTIES | KW_IDXPROPERTIES | KW_VALUE_TYPE | KW_ELEM_TYPE | KW_MAPJOIN | KW_STREAMTABLE | KW_HOLD_DDLTIME | KW_CLUSTERSTATUS | KW_UTC | KW_UTCTIMESTAMP | KW_LONG | KW_DELETE | KW_PLUS | KW_MINUS | KW_FETCH | KW_INTERSECT | KW_VIEW | KW_IN | KW_DATABASES | KW_MATERIALIZED | KW_SCHEMA | KW_SCHEMAS | KW_GRANT | KW_REVOKE | KW_SSL | KW_UNDO | KW_LOCK | KW_LOCKS | KW_UNLOCK | KW_SHARED | KW_EXCLUSIVE | KW_PROCEDURE | KW_UNSIGNED | KW
_WHILE | KW_READ | KW_READS | KW_PURGE | KW_RANGE | KW_ANALYZE | KW_BEFORE | KW_BETWEEN | KW_BOTH | KW_BINARY | KW_CONTINUE | KW_CURSOR | KW_TRIGGER | KW_RECORDREADER | KW_RECORDWRITER | KW_SEMI | KW_LATERAL | KW_TOUCH | KW_ARCHIVE | KW_UNARCHIVE | KW_COMPUTE | KW_STATISTICS | KW_USE | KW_OPTION | KW_CONCATENATE | KW_SHOW_DATABASE | KW_UPDATE | KW_RESTRICT | KW_CASCADE | KW_SKEWED | KW_ROLLUP | KW_CUBE | KW_DIRECTORIES | KW_FOR | KW_GROUPING | KW_SETS | KW_TRUNCATE | KW_NOSCAN | KW_USER | KW_ROLE | KW_INNER | KW_DEFINED
+ KW_TRUE | KW_FALSE | KW_LIKE | KW_EXISTS | KW_ASC | KW_DESC | KW_ORDER | KW_GROUP | KW_BY | KW_AS | KW_INSERT | KW_OVERWRITE | KW_OUTER | KW_LEFT | KW_RIGHT | KW_FULL | KW_PARTITION | KW_PARTITIONS | KW_TABLE | KW_TABLES | KW_COLUMNS | KW_INDEX | KW_INDEXES | KW_REBUILD | KW_FUNCTIONS | KW_SHOW | KW_MSCK | KW_REPAIR | KW_DIRECTORY | KW_LOCAL | KW_USING | KW_CLUSTER | KW_DISTRIBUTE | KW_SORT | KW_UNION | KW_LOAD | KW_EXPORT | KW_IMPORT | KW_DATA | KW_INPATH | KW_IS | KW_NULL | KW_CREATE | KW_EXTERNAL | KW_ALTER | KW_CHANGE | KW_FIRST | KW_AFTER | KW_DESCRIBE | KW_DROP | KW_RENAME | KW_IGNORE | KW_PROTECTION | KW_TO | KW_COMMENT | KW_BOOLEAN | KW_TINYINT | KW_SMALLINT | KW_INT | KW_BIGINT | KW_FLOAT | KW_DOUBLE | KW_DATE | KW_DATETIME | KW_TIMESTAMP | KW_DECIMAL | KW_STRING | KW_ARRAY | KW_STRUCT | KW_UNIONTYPE | KW_PARTITIONED | KW_CLUSTERED | KW_SORTED | KW_INTO | KW_BUCKETS | KW_ROW | KW_ROWS | KW_FORMAT | KW_DELIMITED | KW_FIELDS | KW_TERMINATED | KW_ESCAPED | KW_COLLECTION |
KW_ITEMS | KW_KEYS | KW_KEY_TYPE | KW_LINES | KW_STORED | KW_FILEFORMAT | KW_SEQUENCEFILE | KW_TEXTFILE | KW_RCFILE | KW_ORCFILE | KW_INPUTFORMAT | KW_OUTPUTFORMAT | KW_INPUTDRIVER | KW_OUTPUTDRIVER | KW_OFFLINE | KW_ENABLE | KW_DISABLE | KW_READONLY | KW_NO_DROP | KW_LOCATION | KW_BUCKET | KW_OUT | KW_OF | KW_PERCENT | KW_ADD | KW_REPLACE | KW_RLIKE | KW_REGEXP | KW_TEMPORARY | KW_EXPLAIN | KW_FORMATTED | KW_PRETTY | KW_DEPENDENCY | KW_LOGICAL | KW_SERDE | KW_WITH | KW_DEFERRED | KW_SERDEPROPERTIES | KW_DBPROPERTIES | KW_LIMIT | KW_SET | KW_UNSET | KW_TBLPROPERTIES | KW_IDXPROPERTIES | KW_VALUE_TYPE | KW_ELEM_TYPE | KW_MAPJOIN | KW_STREAMTABLE | KW_HOLD_DDLTIME | KW_CLUSTERSTATUS | KW_UTC | KW_UTCTIMESTAMP | KW_LONG | KW_DELETE | KW_PLUS | KW_MINUS | KW_FETCH | KW_INTERSECT | KW_VIEW | KW_IN | KW_DATABASES | KW_MATERIALIZED | KW_SCHEMA | KW_SCHEMAS | KW_GRANT | KW_REVOKE | KW_SSL | KW_UNDO | KW_LOCK | KW_LOCKS | KW_UNLOCK | KW_SHARED | KW_EXCLUSIVE | KW_PROCEDURE | KW_UNSIGNED | KW
_WHILE | KW_READ | KW_READS | KW_PURGE | KW_RANGE | KW_ANALYZE | KW_BEFORE | KW_BETWEEN | KW_BOTH | KW_BINARY | KW_CONTINUE | KW_CURSOR | KW_TRIGGER | KW_RECORDREADER | KW_RECORDWRITER | KW_SEMI | KW_LATERAL | KW_TOUCH | KW_ARCHIVE | KW_UNARCHIVE | KW_COMPUTE | KW_STATISTICS | KW_USE | KW_OPTION | KW_CONCATENATE | KW_SHOW_DATABASE | KW_UPDATE | KW_RESTRICT | KW_CASCADE | KW_SKEWED | KW_ROLLUP | KW_CUBE | KW_DIRECTORIES | KW_FOR | KW_GROUPING | KW_SETS | KW_TRUNCATE | KW_NOSCAN | KW_USER | KW_ROLE | KW_INNER | KW_DEFINED | KW_ADMIN
;
Modified: hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/plan/PrivilegeObjectDesc.java
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/plan/PrivilegeObjectDesc.java?rev=1555280&r1=1555279&r2=1555280&view=diff
==============================================================================
--- hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/plan/PrivilegeObjectDesc.java (original)
+++ hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/plan/PrivilegeObjectDesc.java Fri Jan 3 23:22:47 2014
@@ -23,7 +23,8 @@ import java.util.HashMap;
@Explain(displayName="privilege subject")
public class PrivilegeObjectDesc {
- private boolean table;
+ //default type is table
+ private boolean table = true;
private String object;
Modified: hive/trunk/ql/src/test/queries/clientpositive/authorization_2.q
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/queries/clientpositive/authorization_2.q?rev=1555280&r1=1555279&r2=1555280&view=diff
==============================================================================
--- hive/trunk/ql/src/test/queries/clientpositive/authorization_2.q (original)
+++ hive/trunk/ql/src/test/queries/clientpositive/authorization_2.q Fri Jan 3 23:22:47 2014
@@ -6,7 +6,7 @@ ALTER TABLE authorization_part SET TBLPR
set hive.security.authorization.enabled=true;
-- column grant to user
-grant Create on table authorization_part to user hive_test_user;
+grant Create on authorization_part to user hive_test_user;
grant Update on table authorization_part to user hive_test_user;
grant Drop on table authorization_part to user hive_test_user;
grant select on table src_auth_tmp to user hive_test_user;
Added: hive/trunk/ql/src/test/queries/clientpositive/authorization_role_grant1.q
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/queries/clientpositive/authorization_role_grant1.q?rev=1555280&view=auto
==============================================================================
--- hive/trunk/ql/src/test/queries/clientpositive/authorization_role_grant1.q (added)
+++ hive/trunk/ql/src/test/queries/clientpositive/authorization_role_grant1.q Fri Jan 3 23:22:47 2014
@@ -0,0 +1,20 @@
+-- role granting without role keyword
+create role src_role2;
+grant src_role2 to user user2 ;
+show role grant user user2;
+
+-- revoke role without role keyword
+revoke src_role2 from user user2;
+show role grant user user2;
+
+----------------------------------------
+-- role granting without role keyword, with admin option (syntax check)
+----------------------------------------
+
+create role src_role_wadmin;
+grant src_role_wadmin to user user2 with admin option;
+show role grant user user2;
+
+-- revoke role without role keyword
+revoke src_role_wadmin from user user2 with admin option;
+show role grant user user2;
Modified: hive/trunk/ql/src/test/results/clientpositive/authorization_2.q.out
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/results/clientpositive/authorization_2.q.out?rev=1555280&r1=1555279&r2=1555280&view=diff
==============================================================================
--- hive/trunk/ql/src/test/results/clientpositive/authorization_2.q.out (original)
+++ hive/trunk/ql/src/test/results/clientpositive/authorization_2.q.out Fri Jan 3 23:22:47 2014
@@ -23,11 +23,11 @@ POSTHOOK: type: ALTERTABLE_PROPERTIES
POSTHOOK: Input: default@authorization_part
POSTHOOK: Output: default@authorization_part
PREHOOK: query: -- column grant to user
-grant Create on table authorization_part to user hive_test_user
+grant Create on authorization_part to user hive_test_user
PREHOOK: type: GRANT_PRIVILEGE
PREHOOK: Output: default@authorization_part
POSTHOOK: query: -- column grant to user
-grant Create on table authorization_part to user hive_test_user
+grant Create on authorization_part to user hive_test_user
POSTHOOK: type: GRANT_PRIVILEGE
POSTHOOK: Output: default@authorization_part
PREHOOK: query: grant Update on table authorization_part to user hive_test_user
Added: hive/trunk/ql/src/test/results/clientpositive/authorization_role_grant1.q.out
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/results/clientpositive/authorization_role_grant1.q.out?rev=1555280&view=auto
==============================================================================
--- hive/trunk/ql/src/test/results/clientpositive/authorization_role_grant1.q.out (added)
+++ hive/trunk/ql/src/test/results/clientpositive/authorization_role_grant1.q.out Fri Jan 3 23:22:47 2014
@@ -0,0 +1,56 @@
+PREHOOK: query: -- role granting without role keyword
+create role src_role2
+PREHOOK: type: CREATEROLE
+POSTHOOK: query: -- role granting without role keyword
+create role src_role2
+POSTHOOK: type: CREATEROLE
+PREHOOK: query: grant src_role2 to user user2
+PREHOOK: type: GRANT_ROLE
+POSTHOOK: query: grant src_role2 to user user2
+POSTHOOK: type: GRANT_ROLE
+PREHOOK: query: show role grant user user2
+PREHOOK: type: SHOW_ROLE_GRANT
+POSTHOOK: query: show role grant user user2
+POSTHOOK: type: SHOW_ROLE_GRANT
+src_role2
+PREHOOK: query: -- revoke role without role keyword
+revoke src_role2 from user user2
+PREHOOK: type: REVOKE_ROLE
+POSTHOOK: query: -- revoke role without role keyword
+revoke src_role2 from user user2
+POSTHOOK: type: REVOKE_ROLE
+PREHOOK: query: show role grant user user2
+PREHOOK: type: SHOW_ROLE_GRANT
+POSTHOOK: query: show role grant user user2
+POSTHOOK: type: SHOW_ROLE_GRANT
+PREHOOK: query: ----------------------------------------
+-- role granting without role keyword, with admin option (syntax check)
+----------------------------------------
+
+create role src_role_wadmin
+PREHOOK: type: CREATEROLE
+POSTHOOK: query: ----------------------------------------
+-- role granting without role keyword, with admin option (syntax check)
+----------------------------------------
+
+create role src_role_wadmin
+POSTHOOK: type: CREATEROLE
+PREHOOK: query: grant src_role_wadmin to user user2 with admin option
+PREHOOK: type: GRANT_ROLE
+POSTHOOK: query: grant src_role_wadmin to user user2 with admin option
+POSTHOOK: type: GRANT_ROLE
+PREHOOK: query: show role grant user user2
+PREHOOK: type: SHOW_ROLE_GRANT
+POSTHOOK: query: show role grant user user2
+POSTHOOK: type: SHOW_ROLE_GRANT
+src_role_wadmin
+PREHOOK: query: -- revoke role without role keyword
+revoke src_role_wadmin from user user2 with admin option
+PREHOOK: type: REVOKE_ROLE
+POSTHOOK: query: -- revoke role without role keyword
+revoke src_role_wadmin from user user2 with admin option
+POSTHOOK: type: REVOKE_ROLE
+PREHOOK: query: show role grant user user2
+PREHOOK: type: SHOW_ROLE_GRANT
+POSTHOOK: query: show role grant user user2
+POSTHOOK: type: SHOW_ROLE_GRANT