You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hive.apache.org by th...@apache.org on 2014/04/02 20:19:01 UTC
svn commit: r1584118 - in /hive/trunk/ql/src:
java/org/apache/hadoop/hive/ql/session/SessionState.java
test/queries/clientnegative/authorization_grant_table_dup.q
test/results/clientnegative/authorization_grant_table_dup.q.out
Author: thejas
Date: Wed Apr 2 18:19:01 2014
New Revision: 1584118
URL: http://svn.apache.org/r1584118
Log:
HIVE-6804 : sql std auth - granting existing table privilege to owner should result in error (Thejas Nair, reviewed by Ashutosh Chauhan)
Added:
hive/trunk/ql/src/test/queries/clientnegative/authorization_grant_table_dup.q
hive/trunk/ql/src/test/results/clientnegative/authorization_grant_table_dup.q.out
Modified:
hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/session/SessionState.java
Modified: hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/session/SessionState.java
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/session/SessionState.java?rev=1584118&r1=1584117&r2=1584118&view=diff
==============================================================================
--- hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/session/SessionState.java (original)
+++ hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/session/SessionState.java Wed Apr 2 18:19:01 2014
@@ -387,7 +387,7 @@ public class SessionState {
authorizerV2 = authorizerFactory.createHiveAuthorizer(new HiveMetastoreClientFactoryImpl(),
getConf(), authenticator);
// grant all privileges for table to its owner
- getConf().setVar(ConfVars.HIVE_AUTHORIZATION_TABLE_OWNER_GRANTS, "insert,select,update,delete");
+ getConf().setVar(ConfVars.HIVE_AUTHORIZATION_TABLE_OWNER_GRANTS, "INSERT,SELECT,UPDATE,DELETE");
String hooks = getConf().getVar(ConfVars.PREEXECHOOKS).trim();
if (hooks.isEmpty()) {
hooks = DisallowTransformHook.class.getName();
Added: hive/trunk/ql/src/test/queries/clientnegative/authorization_grant_table_dup.q
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/queries/clientnegative/authorization_grant_table_dup.q?rev=1584118&view=auto
==============================================================================
--- hive/trunk/ql/src/test/queries/clientnegative/authorization_grant_table_dup.q (added)
+++ hive/trunk/ql/src/test/queries/clientnegative/authorization_grant_table_dup.q Wed Apr 2 18:19:01 2014
@@ -0,0 +1,16 @@
+set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory;
+set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator;
+
+set user.name=user1;
+-- current user has been set (comment line before the set cmd is resulting in parse error!!)
+
+CREATE TABLE tauth_gdup(i int);
+
+-- It should be possible to revert owners privileges
+revoke SELECT ON tauth_gdup from user user1;
+
+show grant user user1 on table tauth_gdup;
+
+-- Owner already has all privileges granted, another grant would become duplicate
+-- and result in error
+GRANT INSERT ON tauth_gdup TO USER user1;
Added: hive/trunk/ql/src/test/results/clientnegative/authorization_grant_table_dup.q.out
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/results/clientnegative/authorization_grant_table_dup.q.out?rev=1584118&view=auto
==============================================================================
--- hive/trunk/ql/src/test/results/clientnegative/authorization_grant_table_dup.q.out (added)
+++ hive/trunk/ql/src/test/results/clientnegative/authorization_grant_table_dup.q.out Wed Apr 2 18:19:01 2014
@@ -0,0 +1,32 @@
+PREHOOK: query: -- current user has been set (comment line before the set cmd is resulting in parse error!!)
+
+CREATE TABLE tauth_gdup(i int)
+PREHOOK: type: CREATETABLE
+PREHOOK: Output: database:default
+POSTHOOK: query: -- current user has been set (comment line before the set cmd is resulting in parse error!!)
+
+CREATE TABLE tauth_gdup(i int)
+POSTHOOK: type: CREATETABLE
+POSTHOOK: Output: database:default
+POSTHOOK: Output: default@tauth_gdup
+#### A masked pattern was here ####
+revoke SELECT ON tauth_gdup from user user1
+PREHOOK: type: REVOKE_PRIVILEGE
+PREHOOK: Output: default@tauth_gdup
+#### A masked pattern was here ####
+revoke SELECT ON tauth_gdup from user user1
+POSTHOOK: type: REVOKE_PRIVILEGE
+POSTHOOK: Output: default@tauth_gdup
+PREHOOK: query: show grant user user1 on table tauth_gdup
+PREHOOK: type: SHOW_GRANT
+POSTHOOK: query: show grant user user1 on table tauth_gdup
+POSTHOOK: type: SHOW_GRANT
+default tauth_gdup user1 USER DELETE true -1 user1
+default tauth_gdup user1 USER INSERT true -1 user1
+default tauth_gdup user1 USER UPDATE true -1 user1
+#### A masked pattern was here ####
+-- and result in error
+GRANT INSERT ON tauth_gdup TO USER user1
+PREHOOK: type: GRANT_PRIVILEGE
+PREHOOK: Output: default@tauth_gdup
+FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. Error granting privileges: InvalidObjectException(message:INSERT is already granted on table [default,tauth_gdup] by user1)