You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@impala.apache.org by jo...@apache.org on 2018/08/18 20:38:24 UTC
[5/7] impala git commit: IMPALA-7345: Add the OWNER privilege
http://git-wip-us.apache.org/repos/asf/impala/blob/1d4df941/fe/src/test/java/org/apache/impala/analysis/AuthorizationStmtTest.java
----------------------------------------------------------------------
diff --git a/fe/src/test/java/org/apache/impala/analysis/AuthorizationStmtTest.java b/fe/src/test/java/org/apache/impala/analysis/AuthorizationStmtTest.java
index abfff91..7e10eee 100644
--- a/fe/src/test/java/org/apache/impala/analysis/AuthorizationStmtTest.java
+++ b/fe/src/test/java/org/apache/impala/analysis/AuthorizationStmtTest.java
@@ -347,57 +347,72 @@ public class AuthorizationStmtTest extends FrontendTestBase {
authorize("select id from functional.alltypes"),
// With clause with select.
authorize("with t as (select id from functional.alltypes) select * from t")}) {
- authzTest.ok(onServer(TPrivilegeLevel.ALL))
+ authzTest
.ok(onServer(TPrivilegeLevel.ALL))
+ .ok(onServer(TPrivilegeLevel.OWNER))
.ok(onServer(TPrivilegeLevel.SELECT))
.ok(onDatabase("functional", TPrivilegeLevel.ALL))
+ .ok(onDatabase("functional", TPrivilegeLevel.OWNER))
.ok(onDatabase("functional", TPrivilegeLevel.SELECT))
.ok(onTable("functional", "alltypes", TPrivilegeLevel.ALL))
+ .ok(onTable("functional", "alltypes", TPrivilegeLevel.OWNER))
.ok(onTable("functional", "alltypes", TPrivilegeLevel.SELECT))
.ok(onColumn("functional", "alltypes", "id", TPrivilegeLevel.SELECT))
.error(selectError("functional.alltypes"))
.error(selectError("functional.alltypes"), onServer(allExcept(
- TPrivilegeLevel.ALL, TPrivilegeLevel.SELECT)))
+ TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER, TPrivilegeLevel.SELECT)))
.error(selectError("functional.alltypes"), onDatabase("functional",
- allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.SELECT)))
+ allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER,
+ TPrivilegeLevel.SELECT)))
.error(selectError("functional.alltypes"), onTable("functional",
- "alltypes", allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.SELECT)));
+ "alltypes", allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER,
+ TPrivilegeLevel.SELECT)));
}
// Select without referencing a column.
authorize("select 1 from functional.alltypes")
.ok(onServer(TPrivilegeLevel.ALL))
+ .ok(onServer(TPrivilegeLevel.OWNER))
.ok(onServer(TPrivilegeLevel.SELECT))
.ok(onDatabase("functional", TPrivilegeLevel.ALL))
+ .ok(onDatabase("functional", TPrivilegeLevel.OWNER))
.ok(onDatabase("functional", TPrivilegeLevel.SELECT))
.ok(onTable("functional", "alltypes", TPrivilegeLevel.ALL))
+ .ok(onTable("functional", "alltypes", TPrivilegeLevel.OWNER))
.ok(onTable("functional", "alltypes", TPrivilegeLevel.SELECT))
.error(selectError("functional.alltypes"))
.error(selectError("functional.alltypes"), onServer(allExcept(
- TPrivilegeLevel.ALL, TPrivilegeLevel.SELECT)))
+ TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER, TPrivilegeLevel.SELECT)))
.error(selectError("functional.alltypes"), onDatabase("functional",
- allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.SELECT)))
+ allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER,
+ TPrivilegeLevel.SELECT)))
.error(selectError("functional.alltypes"), onTable("functional", "alltypes",
- allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.SELECT)));
+ allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER,
+ TPrivilegeLevel.SELECT)));
// Select a specific column on a view.
// Column-level privileges on views are not currently supported.
authorize("select id from functional.alltypes_view")
.ok(onServer(TPrivilegeLevel.ALL))
+ .ok(onServer(TPrivilegeLevel.OWNER))
.ok(onServer(TPrivilegeLevel.SELECT))
.ok(onDatabase("functional", TPrivilegeLevel.ALL))
+ .ok(onDatabase("functional", TPrivilegeLevel.OWNER))
.ok(onDatabase("functional", TPrivilegeLevel.SELECT))
.ok(onTable("functional", "alltypes_view", TPrivilegeLevel.ALL))
+ .ok(onTable("functional", "alltypes_view", TPrivilegeLevel.OWNER))
.ok(onTable("functional", "alltypes_view", TPrivilegeLevel.SELECT))
.error(selectError("functional.alltypes_view"))
.error(selectError("functional.alltypes_view"), onServer(allExcept(
- TPrivilegeLevel.ALL, TPrivilegeLevel.SELECT)))
+ TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER, TPrivilegeLevel.SELECT)))
.error(selectError("functional.alltypes_view"), onDatabase("functional",
- allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.SELECT)))
+ allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER,
+ TPrivilegeLevel.SELECT)))
.error(selectError("functional.alltypes_view"), onTable("functional",
- "alltypes_view", allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.SELECT)));
+ "alltypes_view", allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER,
+ TPrivilegeLevel.SELECT)));
// Constant select.
authorize("select 1").ok();
@@ -406,51 +421,68 @@ public class AuthorizationStmtTest extends FrontendTestBase {
authorize("select a.id from functional.view_view a " +
"join functional.alltypesagg b ON (a.id = b.id)")
.ok(onServer(TPrivilegeLevel.ALL))
+ .ok(onServer(TPrivilegeLevel.OWNER))
.ok(onServer(TPrivilegeLevel.SELECT))
.ok(onDatabase("functional", TPrivilegeLevel.ALL))
+ .ok(onDatabase("functional", TPrivilegeLevel.OWNER))
.ok(onDatabase("functional", TPrivilegeLevel.SELECT))
.ok(onTable("functional", "view_view", TPrivilegeLevel.ALL),
onTable("functional", "alltypesagg", TPrivilegeLevel.ALL))
+ .ok(onTable("functional", "view_view", TPrivilegeLevel.OWNER),
+ onTable("functional", "alltypesagg", TPrivilegeLevel.OWNER))
.ok(onTable("functional", "view_view", TPrivilegeLevel.ALL),
onTable("functional", "alltypesagg", TPrivilegeLevel.SELECT))
+ .ok(onTable("functional", "view_view", TPrivilegeLevel.OWNER),
+ onTable("functional", "alltypesagg", TPrivilegeLevel.SELECT))
.ok(onTable("functional", "view_view", TPrivilegeLevel.SELECT),
onTable("functional", "alltypesagg", TPrivilegeLevel.ALL))
.ok(onTable("functional", "view_view", TPrivilegeLevel.SELECT),
+ onTable("functional", "alltypesagg", TPrivilegeLevel.OWNER))
+ .ok(onTable("functional", "view_view", TPrivilegeLevel.SELECT),
onTable("functional", "alltypesagg", TPrivilegeLevel.SELECT))
.error(selectError("functional.view_view"))
.error(selectError("functional.view_view"), onServer(allExcept(
- TPrivilegeLevel.ALL, TPrivilegeLevel.SELECT)))
+ TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER, TPrivilegeLevel.SELECT)))
.error(selectError("functional.view_view"), onDatabase("functional",
- allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.SELECT)))
+ allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER,
+ TPrivilegeLevel.SELECT)))
.error(selectError("functional.view_view"), onTable("functional", "view_view",
- allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.SELECT)), onTable("functional",
- "alltypesagg", allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.SELECT)));
+ allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER,
+ TPrivilegeLevel.SELECT)), onTable("functional", "alltypesagg",
+ allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER,
+ TPrivilegeLevel.SELECT)));
// Tests authorization after a statement has been rewritten (IMPALA-3915).
authorize("select * from functional_seq_snap.subquery_view")
.ok(onServer(TPrivilegeLevel.ALL))
+ .ok(onServer(TPrivilegeLevel.OWNER))
.ok(onServer(TPrivilegeLevel.SELECT))
.ok(onDatabase("functional_seq_snap", TPrivilegeLevel.ALL))
+ .ok(onDatabase("functional_seq_snap", TPrivilegeLevel.OWNER))
.ok(onDatabase("functional_seq_snap", TPrivilegeLevel.SELECT))
.ok(onTable("functional_seq_snap", "subquery_view", TPrivilegeLevel.ALL))
+ .ok(onTable("functional_seq_snap", "subquery_view", TPrivilegeLevel.OWNER))
.ok(onTable("functional_seq_snap", "subquery_view", TPrivilegeLevel.SELECT))
.error(selectError("functional_seq_snap.subquery_view"))
.error(selectError("functional_seq_snap.subquery_view"), onServer(
- allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.SELECT)))
+ allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER,
+ TPrivilegeLevel.SELECT)))
.error(selectError("functional_seq_snap.subquery_view"),
onDatabase("functional_seq_snap", allExcept(TPrivilegeLevel.ALL,
- TPrivilegeLevel.SELECT)))
+ TPrivilegeLevel.OWNER, TPrivilegeLevel.SELECT)))
.error(selectError("functional_seq_snap.subquery_view"),
onTable("functional_seq_snap", "subquery_view", allExcept(
- TPrivilegeLevel.ALL, TPrivilegeLevel.SELECT)));
+ TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER, TPrivilegeLevel.SELECT)));
// Select a UDF.
ScalarFunction fn = addFunction("functional", "f");
try {
authorize("select functional.f()")
.ok(onServer(TPrivilegeLevel.ALL))
+ .ok(onServer(TPrivilegeLevel.OWNER))
.ok(onServer(viewMetadataPrivileges()))
.ok(onDatabase("functional", TPrivilegeLevel.ALL))
+ .ok(onDatabase("functional", TPrivilegeLevel.OWNER))
.ok(onDatabase("functional", viewMetadataPrivileges()))
.error(accessError("functional"))
.error(accessError("functional"), onServer(allExcept(
@@ -472,75 +504,96 @@ public class AuthorizationStmtTest extends FrontendTestBase {
// Select with inline view.
authorize("select a.* from (select * from functional.alltypes) a")
.ok(onServer(TPrivilegeLevel.ALL))
+ .ok(onServer(TPrivilegeLevel.OWNER))
.ok(onServer(TPrivilegeLevel.SELECT))
.ok(onDatabase("functional", TPrivilegeLevel.ALL))
+ .ok(onDatabase("functional", TPrivilegeLevel.OWNER))
.ok(onDatabase("functional", TPrivilegeLevel.SELECT))
.ok(onTable("functional", "alltypes", TPrivilegeLevel.ALL))
+ .ok(onTable("functional", "alltypes", TPrivilegeLevel.OWNER))
.ok(onTable("functional", "alltypes", TPrivilegeLevel.SELECT))
.ok(onColumn("functional", "alltypes", ALLTYPES_COLUMNS, TPrivilegeLevel.SELECT))
.error(selectError("functional.alltypes"))
.error(selectError("functional.alltypes"), onServer(allExcept(
- TPrivilegeLevel.ALL, TPrivilegeLevel.SELECT)))
+ TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER, TPrivilegeLevel.SELECT)))
.error(selectError("functional.alltypes"), onDatabase("functional",
- allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.SELECT)))
+ allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER,
+ TPrivilegeLevel.SELECT)))
.error(selectError("functional.alltypes"), onTable("functional", "alltypes",
- allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.SELECT)));
+ allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER,
+ TPrivilegeLevel.SELECT)));
// Select with columns referenced in function, where clause and group by.
authorize("select count(id), int_col from functional.alltypes where id = 10 " +
"group by id, int_col")
.ok(onServer(TPrivilegeLevel.ALL))
+ .ok(onServer(TPrivilegeLevel.OWNER))
.ok(onServer(TPrivilegeLevel.SELECT))
.ok(onDatabase("functional", TPrivilegeLevel.ALL))
+ .ok(onDatabase("functional", TPrivilegeLevel.OWNER))
.ok(onDatabase("functional", TPrivilegeLevel.SELECT))
.ok(onTable("functional", "alltypes", TPrivilegeLevel.ALL))
+ .ok(onTable("functional", "alltypes", TPrivilegeLevel.OWNER))
.ok(onTable("functional", "alltypes", TPrivilegeLevel.SELECT))
.ok(onColumn("functional", "alltypes", new String[]{"id", "int_col"},
TPrivilegeLevel.SELECT))
.error(selectError("functional.alltypes"))
.error(selectError("functional.alltypes"), onServer(allExcept(
- TPrivilegeLevel.ALL, TPrivilegeLevel.SELECT)))
+ TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER, TPrivilegeLevel.SELECT)))
.error(selectError("functional.alltypes"), onDatabase("functional",
- allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.SELECT)))
+ allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER,
+ TPrivilegeLevel.SELECT)))
.error(selectError("functional.alltypes"), onTable("functional", "alltypes",
- allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.SELECT)));
+ allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER,
+ TPrivilegeLevel.SELECT)));
// Select on tables with complex types.
authorize("select a.int_struct_col.f1 from functional.allcomplextypes a " +
"where a.id = 1")
.ok(onServer(TPrivilegeLevel.ALL))
+ .ok(onServer(TPrivilegeLevel.OWNER))
.ok(onServer(TPrivilegeLevel.SELECT))
.ok(onDatabase("functional", TPrivilegeLevel.ALL))
+ .ok(onDatabase("functional", TPrivilegeLevel.OWNER))
.ok(onDatabase("functional", TPrivilegeLevel.SELECT))
.ok(onTable("functional", "allcomplextypes", TPrivilegeLevel.ALL))
+ .ok(onTable("functional", "allcomplextypes", TPrivilegeLevel.OWNER))
.ok(onTable("functional", "allcomplextypes", TPrivilegeLevel.SELECT))
.ok(onColumn("functional", "allcomplextypes",
new String[]{"id", "int_struct_col"}, TPrivilegeLevel.SELECT))
.error(selectError("functional.allcomplextypes"))
.error(selectError("functional.allcomplextypes"), onServer(
- allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.SELECT)))
+ allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER,
+ TPrivilegeLevel.SELECT)))
.error(selectError("functional.allcomplextypes"), onDatabase("functional",
- allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.SELECT)))
+ allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER,
+ TPrivilegeLevel.SELECT)))
.error(selectError("functional.allcomplextypes"), onTable("functional",
- "allcomplextypes", allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.SELECT)));
+ "allcomplextypes", allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER,
+ TPrivilegeLevel.SELECT)));
authorize("select key, pos, item.f1, f2 from functional.allcomplextypes t, " +
"t.struct_array_col, functional.allcomplextypes.int_map_col")
.ok(onServer(TPrivilegeLevel.ALL))
+ .ok(onServer(TPrivilegeLevel.OWNER))
.ok(onServer(TPrivilegeLevel.SELECT))
.ok(onDatabase("functional", TPrivilegeLevel.ALL))
+ .ok(onDatabase("functional", TPrivilegeLevel.OWNER))
.ok(onDatabase("functional", TPrivilegeLevel.SELECT))
.ok(onTable("functional", "allcomplextypes", TPrivilegeLevel.ALL))
+ .ok(onTable("functional", "allcomplextypes", TPrivilegeLevel.OWNER))
.ok(onTable("functional", "allcomplextypes", TPrivilegeLevel.SELECT))
.ok(onColumn("functional", "allcomplextypes",
new String[]{"struct_array_col", "int_map_col"}, TPrivilegeLevel.SELECT))
.error(selectError("functional.allcomplextypes"))
.error(selectError("functional.allcomplextypes"), onServer(allExcept(
- TPrivilegeLevel.ALL, TPrivilegeLevel.SELECT)))
+ TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER, TPrivilegeLevel.SELECT)))
.error(selectError("functional.allcomplextypes"), onDatabase("functional",
- allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.SELECT)))
+ allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER,
+ TPrivilegeLevel.SELECT)))
.error(selectError("functional.allcomplextypes"), onTable("functional",
- "allcomplextypes", allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.SELECT)));
+ "allcomplextypes", allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER,
+ TPrivilegeLevel.SELECT)));
for (AuthzTest authzTest: new AuthzTest[]{
// Select with cross join.
@@ -550,15 +603,23 @@ public class AuthorizationStmtTest extends FrontendTestBase {
authorize("select * from functional.alltypes a cross join " +
"functional.alltypessmall b")}) {
authzTest.ok(onServer(TPrivilegeLevel.ALL))
+ .ok(onServer(TPrivilegeLevel.OWNER))
.ok(onServer(TPrivilegeLevel.SELECT))
.ok(onDatabase("functional", TPrivilegeLevel.ALL))
+ .ok(onDatabase("functional", TPrivilegeLevel.OWNER))
.ok(onDatabase("functional", TPrivilegeLevel.SELECT))
.ok(onTable("functional", "alltypes", TPrivilegeLevel.ALL),
onTable("functional", "alltypessmall", TPrivilegeLevel.ALL))
+ .ok(onTable("functional", "alltypes", TPrivilegeLevel.OWNER),
+ onTable("functional", "alltypessmall", TPrivilegeLevel.OWNER))
.ok(onTable("functional", "alltypes", TPrivilegeLevel.SELECT),
onTable("functional", "alltypessmall", TPrivilegeLevel.ALL))
+ .ok(onTable("functional", "alltypes", TPrivilegeLevel.SELECT),
+ onTable("functional", "alltypessmall", TPrivilegeLevel.OWNER))
.ok(onTable("functional", "alltypes", TPrivilegeLevel.ALL),
onTable("functional", "alltypessmall", TPrivilegeLevel.SELECT))
+ .ok(onTable("functional", "alltypes", TPrivilegeLevel.OWNER),
+ onTable("functional", "alltypessmall", TPrivilegeLevel.SELECT))
.ok(onTable("functional", "alltypes", TPrivilegeLevel.SELECT),
onTable("functional", "alltypessmall", TPrivilegeLevel.SELECT))
.ok(onColumn("functional", "alltypes", ALLTYPES_COLUMNS,
@@ -566,12 +627,15 @@ public class AuthorizationStmtTest extends FrontendTestBase {
ALLTYPES_COLUMNS, TPrivilegeLevel.SELECT))
.error(selectError("functional.alltypes"))
.error(selectError("functional.alltypes"), onServer(
- allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.SELECT)))
+ allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER,
+ TPrivilegeLevel.SELECT)))
.error(selectError("functional.alltypes"), onDatabase("functional",
- allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.SELECT)))
+ allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER,
+ TPrivilegeLevel.SELECT)))
.error(selectError("functional.alltypes"), onTable("functional", "alltypes",
- allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.SELECT)),
- onTable("functional", "alltypessmall", allExcept(TPrivilegeLevel.ALL,
+ allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER,
+ TPrivilegeLevel.SELECT)), onTable("functional", "alltypessmall",
+ allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER,
TPrivilegeLevel.SELECT)))
.error(selectError("functional.alltypessmall"), onColumn("functional",
"alltypes", ALLTYPES_COLUMNS, TPrivilegeLevel.SELECT))
@@ -584,23 +648,30 @@ public class AuthorizationStmtTest extends FrontendTestBase {
authorize("select id from functional.alltypes_view union all " +
"select x from functional.alltypes_view_sub")
.ok(onServer(TPrivilegeLevel.ALL))
+ .ok(onServer(TPrivilegeLevel.OWNER))
.ok(onServer(TPrivilegeLevel.SELECT))
.ok(onDatabase("functional", TPrivilegeLevel.ALL))
+ .ok(onDatabase("functional", TPrivilegeLevel.OWNER))
.ok(onDatabase("functional", TPrivilegeLevel.SELECT))
.ok(onTable("functional", "alltypes_view", TPrivilegeLevel.ALL),
onTable("functional", "alltypes_view_sub", TPrivilegeLevel.ALL))
+ .ok(onTable("functional", "alltypes_view", TPrivilegeLevel.OWNER),
+ onTable("functional", "alltypes_view_sub", TPrivilegeLevel.OWNER))
.ok(onTable("functional", "alltypes_view", TPrivilegeLevel.SELECT),
onTable("functional", "alltypes_view_sub", TPrivilegeLevel.SELECT))
.error(selectError("functional.alltypes_view"))
.error(selectError("functional.alltypes_view"), onServer(allExcept(
- TPrivilegeLevel.ALL, TPrivilegeLevel.SELECT)))
+ TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER, TPrivilegeLevel.SELECT)))
.error(selectError("functional.alltypes_view"), onDatabase("functional",
- allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.SELECT)))
+ allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER,
+ TPrivilegeLevel.SELECT)))
.error(selectError("functional.alltypes_view"), onTable("functional",
- "alltypes_view", allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.SELECT)),
+ "alltypes_view", allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER,
+ TPrivilegeLevel.SELECT)),
onTable("functional", "alltypes_view_sub", TPrivilegeLevel.SELECT))
.error(selectError("functional.alltypes_view_sub"), onTable("functional",
- "alltypes_view_sub", allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.SELECT)),
+ "alltypes_view_sub", allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER,
+ TPrivilegeLevel.SELECT)),
onTable("functional", "alltypes_view", TPrivilegeLevel.SELECT));
// Union from non-existent databases.
@@ -620,18 +691,23 @@ public class AuthorizationStmtTest extends FrontendTestBase {
// Explain insert.
authorize("explain insert into functional.zipcode_incomes(id) values('123')")}) {
test.ok(onServer(TPrivilegeLevel.ALL))
+ .ok(onServer(TPrivilegeLevel.OWNER))
.ok(onServer(TPrivilegeLevel.INSERT))
.ok(onDatabase("functional", TPrivilegeLevel.ALL))
+ .ok(onDatabase("functional", TPrivilegeLevel.OWNER))
.ok(onDatabase("functional", TPrivilegeLevel.INSERT))
.ok(onTable("functional", "zipcode_incomes", TPrivilegeLevel.ALL))
+ .ok(onTable("functional", "zipcode_incomes", TPrivilegeLevel.OWNER))
.ok(onTable("functional", "zipcode_incomes", TPrivilegeLevel.INSERT))
.error(insertError("functional.zipcode_incomes"))
.error(insertError("functional.zipcode_incomes"), onServer(allExcept(
- TPrivilegeLevel.ALL, TPrivilegeLevel.INSERT)))
+ TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER, TPrivilegeLevel.INSERT)))
.error(insertError("functional.zipcode_incomes"), onDatabase("functional",
- allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.INSERT)))
+ allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER,
+ TPrivilegeLevel.INSERT)))
.error(insertError("functional.zipcode_incomes"), onTable("functional",
- "zipcode_incomes", allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.INSERT)));
+ "zipcode_incomes", allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER,
+ TPrivilegeLevel.INSERT)));
}
for (AuthzTest test: new AuthzTest[]{
@@ -643,11 +719,15 @@ public class AuthorizationStmtTest extends FrontendTestBase {
authorize("insert into functional.alltypes partition(month, year) " +
"select * from functional.alltypestiny where id < 100")}) {
test.ok(onServer(TPrivilegeLevel.ALL))
+ .ok(onServer(TPrivilegeLevel.OWNER))
.ok(onServer(TPrivilegeLevel.INSERT, TPrivilegeLevel.SELECT))
.ok(onDatabase("functional", TPrivilegeLevel.ALL))
+ .ok(onDatabase("functional", TPrivilegeLevel.OWNER))
.ok(onDatabase("functional", TPrivilegeLevel.INSERT, TPrivilegeLevel.SELECT))
.ok(onTable("functional", "alltypes", TPrivilegeLevel.ALL),
onTable("functional", "alltypestiny", TPrivilegeLevel.ALL))
+ .ok(onTable("functional", "alltypes", TPrivilegeLevel.OWNER),
+ onTable("functional", "alltypestiny", TPrivilegeLevel.OWNER))
.ok(onTable("functional", "alltypes", TPrivilegeLevel.INSERT),
onTable("functional", "alltypestiny", TPrivilegeLevel.SELECT))
.ok(onTable("functional", "alltypes", TPrivilegeLevel.INSERT),
@@ -655,16 +735,19 @@ public class AuthorizationStmtTest extends FrontendTestBase {
TPrivilegeLevel.SELECT))
.error(selectError("functional.alltypestiny"))
.error(selectError("functional.alltypestiny"), onServer(allExcept(
- TPrivilegeLevel.ALL, TPrivilegeLevel.INSERT, TPrivilegeLevel.SELECT)))
- .error(selectError("functional.alltypestiny"), onDatabase("functional",
- allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.INSERT,
+ TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER, TPrivilegeLevel.INSERT,
TPrivilegeLevel.SELECT)))
+ .error(selectError("functional.alltypestiny"), onDatabase("functional",
+ allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER,
+ TPrivilegeLevel.INSERT, TPrivilegeLevel.SELECT)))
.error(insertError("functional.alltypes"), onTable("functional",
"alltypestiny", TPrivilegeLevel.SELECT), onTable("functional",
- "alltypes", allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.INSERT)))
+ "alltypes", allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER,
+ TPrivilegeLevel.INSERT)))
.error(selectError("functional.alltypestiny"), onTable("functional",
- "alltypestiny", allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.SELECT)),
- onTable("functional", "alltypes", TPrivilegeLevel.INSERT));
+ "alltypestiny", allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER,
+ TPrivilegeLevel.SELECT)), onTable("functional", "alltypes",
+ TPrivilegeLevel.INSERT));
}
// Insert with select on a target view.
@@ -672,24 +755,31 @@ public class AuthorizationStmtTest extends FrontendTestBase {
authorize("insert into functional.alltypes partition(month, year) " +
"select * from functional.alltypes_view where id < 100")
.ok(onServer(TPrivilegeLevel.ALL))
+ .ok(onServer(TPrivilegeLevel.OWNER))
.ok(onServer(TPrivilegeLevel.INSERT, TPrivilegeLevel.SELECT))
.ok(onDatabase("functional", TPrivilegeLevel.ALL))
+ .ok(onDatabase("functional", TPrivilegeLevel.OWNER))
.ok(onDatabase("functional", TPrivilegeLevel.INSERT, TPrivilegeLevel.SELECT))
.ok(onTable("functional", "alltypes", TPrivilegeLevel.ALL),
onTable("functional", "alltypes_view", TPrivilegeLevel.ALL))
+ .ok(onTable("functional", "alltypes", TPrivilegeLevel.OWNER),
+ onTable("functional", "alltypes_view", TPrivilegeLevel.OWNER))
.ok(onTable("functional", "alltypes", TPrivilegeLevel.INSERT),
onTable("functional", "alltypes_view", TPrivilegeLevel.SELECT))
.error(selectError("functional.alltypes_view"))
.error(selectError("functional.alltypes_view"), onServer(allExcept(
- TPrivilegeLevel.ALL, TPrivilegeLevel.INSERT, TPrivilegeLevel.SELECT)))
+ TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER, TPrivilegeLevel.INSERT,
+ TPrivilegeLevel.SELECT)))
.error(selectError("functional.alltypes_view"), onDatabase("functional",
- allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.INSERT,
+ allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER, TPrivilegeLevel.INSERT,
TPrivilegeLevel.SELECT)))
.error(insertError("functional.alltypes"), onTable("functional",
"alltypes_view", TPrivilegeLevel.SELECT), onTable("functional",
- "alltypes", allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.INSERT)))
+ "alltypes", allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER,
+ TPrivilegeLevel.INSERT)))
.error(selectError("functional.alltypes_view"), onTable("functional",
- "alltypes_view", allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.SELECT)),
+ "alltypes_view", allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER,
+ TPrivilegeLevel.SELECT)),
onTable("functional", "alltypes", TPrivilegeLevel.INSERT));
// Insert with inline view.
@@ -697,31 +787,41 @@ public class AuthorizationStmtTest extends FrontendTestBase {
"select b.* from functional.alltypesagg a join (select * from " +
"functional.alltypestiny) b on (a.int_col = b.int_col)")
.ok(onServer(TPrivilegeLevel.ALL))
+ .ok(onServer(TPrivilegeLevel.OWNER))
.ok(onServer(TPrivilegeLevel.INSERT, TPrivilegeLevel.SELECT))
.ok(onDatabase("functional", TPrivilegeLevel.ALL))
+ .ok(onDatabase("functional", TPrivilegeLevel.OWNER))
.ok(onDatabase("functional", TPrivilegeLevel.INSERT, TPrivilegeLevel.SELECT))
.ok(onTable("functional", "alltypes", TPrivilegeLevel.ALL),
onTable("functional", "alltypesagg", TPrivilegeLevel.ALL),
onTable("functional", "alltypestiny", TPrivilegeLevel.ALL))
+ .ok(onTable("functional", "alltypes", TPrivilegeLevel.OWNER),
+ onTable("functional", "alltypesagg", TPrivilegeLevel.OWNER),
+ onTable("functional", "alltypestiny", TPrivilegeLevel.OWNER))
.ok(onTable("functional", "alltypes", TPrivilegeLevel.INSERT),
onTable("functional", "alltypesagg", TPrivilegeLevel.SELECT),
onTable("functional", "alltypestiny", TPrivilegeLevel.SELECT))
.error(selectError("functional.alltypesagg"))
.error(selectError("functional.alltypesagg"), onServer(allExcept(
- TPrivilegeLevel.ALL, TPrivilegeLevel.INSERT, TPrivilegeLevel.SELECT)))
+ TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER, TPrivilegeLevel.INSERT,
+ TPrivilegeLevel.SELECT)))
.error(selectError("functional.alltypesagg"), onDatabase("functional", allExcept(
- TPrivilegeLevel.ALL, TPrivilegeLevel.INSERT, TPrivilegeLevel.SELECT)))
+ TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER, TPrivilegeLevel.INSERT,
+ TPrivilegeLevel.SELECT)))
.error(insertError("functional.alltypes"), onTable("functional",
"alltypesagg", TPrivilegeLevel.SELECT), onTable("functional",
"alltypestiny", TPrivilegeLevel.SELECT), onTable("functional",
- "alltypes", allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.INSERT)))
+ "alltypes", allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER,
+ TPrivilegeLevel.INSERT)))
.error(selectError("functional.alltypesagg"), onTable("functional",
- "alltypesagg", allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.SELECT)),
+ "alltypesagg", allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER,
+ TPrivilegeLevel.SELECT)),
onTable("functional", "alltypestiny", TPrivilegeLevel.SELECT),
onTable("functional", "alltypes", TPrivilegeLevel.INSERT))
.error(selectError("functional.alltypestiny"), onTable("functional",
"alltypesagg", TPrivilegeLevel.SELECT), onTable("functional",
- "alltypestiny", allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.SELECT)),
+ "alltypestiny", allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER,
+ TPrivilegeLevel.SELECT)),
onTable("functional", "alltypes", TPrivilegeLevel.INSERT));
// Inserting into a view is not allowed.
@@ -763,18 +863,22 @@ public class AuthorizationStmtTest extends FrontendTestBase {
// Truncate a table.
authorize("truncate table functional.alltypes")
.ok(onServer(TPrivilegeLevel.ALL))
+ .ok(onServer(TPrivilegeLevel.OWNER))
.ok(onServer(TPrivilegeLevel.INSERT))
.ok(onDatabase("functional", TPrivilegeLevel.ALL))
+ .ok(onDatabase("functional", TPrivilegeLevel.OWNER))
.ok(onDatabase("functional", TPrivilegeLevel.INSERT))
.ok(onTable("functional", "alltypes", TPrivilegeLevel.ALL))
+ .ok(onTable("functional", "alltypes", TPrivilegeLevel.OWNER))
.ok(onTable("functional", "alltypes", TPrivilegeLevel.INSERT))
.error(insertError("functional.alltypes"))
.error(insertError("functional.alltypes"), onServer(allExcept(
- TPrivilegeLevel.ALL, TPrivilegeLevel.INSERT)))
+ TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER, TPrivilegeLevel.INSERT)))
.error(insertError("functional.alltypes"), onDatabase("functional", allExcept(
- TPrivilegeLevel.ALL, TPrivilegeLevel.INSERT)))
+ TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER, TPrivilegeLevel.INSERT)))
.error(insertError("functional.alltypes"), onTable("functional", "alltypes",
- allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.INSERT)));
+ allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER,
+ TPrivilegeLevel.INSERT)));
// Truncate a non-existent database.
authorize("truncate table nodb.alltypes")
@@ -795,18 +899,31 @@ public class AuthorizationStmtTest extends FrontendTestBase {
authorize("load data inpath 'hdfs://localhost:20500/test-warehouse/tpch.lineitem' " +
"into table functional.alltypes partition(month=10, year=2009)")
.ok(onServer(TPrivilegeLevel.ALL))
+ .ok(onServer(TPrivilegeLevel.OWNER))
.ok(onDatabase("functional", TPrivilegeLevel.ALL),
onUri("hdfs://localhost:20500/test-warehouse/tpch.lineitem",
TPrivilegeLevel.ALL))
+ .ok(onDatabase("functional", TPrivilegeLevel.OWNER),
+ onUri("hdfs://localhost:20500/test-warehouse/tpch.lineitem",
+ TPrivilegeLevel.OWNER))
.ok(onDatabase("functional", TPrivilegeLevel.INSERT),
onUri("hdfs://localhost:20500/test-warehouse/tpch.lineitem",
TPrivilegeLevel.ALL))
+ .ok(onDatabase("functional", TPrivilegeLevel.INSERT),
+ onUri("hdfs://localhost:20500/test-warehouse/tpch.lineitem",
+ TPrivilegeLevel.OWNER))
.ok(onTable("functional", "alltypes", TPrivilegeLevel.ALL),
onUri("hdfs://localhost:20500/test-warehouse/tpch.lineitem",
TPrivilegeLevel.ALL))
+ .ok(onTable("functional", "alltypes", TPrivilegeLevel.OWNER),
+ onUri("hdfs://localhost:20500/test-warehouse/tpch.lineitem",
+ TPrivilegeLevel.OWNER))
.ok(onTable("functional", "alltypes", TPrivilegeLevel.INSERT),
onUri("hdfs://localhost:20500/test-warehouse/tpch.lineitem",
TPrivilegeLevel.ALL))
+ .ok(onTable("functional", "alltypes", TPrivilegeLevel.INSERT),
+ onUri("hdfs://localhost:20500/test-warehouse/tpch.lineitem",
+ TPrivilegeLevel.OWNER))
.error(insertError("functional.alltypes"))
.error(accessError("hdfs://localhost:20500/test-warehouse/tpch.lineitem"),
onDatabase("functional", TPrivilegeLevel.INSERT))
@@ -814,7 +931,10 @@ public class AuthorizationStmtTest extends FrontendTestBase {
onTable("functional", "alltypes", TPrivilegeLevel.INSERT))
.error(insertError("functional.alltypes"),
onUri("hdfs://localhost:20500/test-warehouse/tpch.lineitem",
- TPrivilegeLevel.ALL));
+ TPrivilegeLevel.ALL))
+ .error(insertError("functional.alltypes"),
+ onUri("hdfs://localhost:20500/test-warehouse/tpch.lineitem",
+ TPrivilegeLevel.OWNER));
// Load from non-existent URI.
authorize("load data inpath 'hdfs://localhost:20500/test-warehouse/nouri' " +
@@ -830,14 +950,18 @@ public class AuthorizationStmtTest extends FrontendTestBase {
"into table nodb.alltypes partition(month=10, year=2009)")
.error(insertError("nodb.alltypes"))
.error(insertError("nodb.alltypes"), onUri(
- "hdfs://localhost:20500/test-warehouse/tpch.nouri", TPrivilegeLevel.ALL));
+ "hdfs://localhost:20500/test-warehouse/tpch.nouri", TPrivilegeLevel.ALL))
+ .error(insertError("nodb.alltypes"), onUri(
+ "hdfs://localhost:20500/test-warehouse/tpch.nouri", TPrivilegeLevel.OWNER));
// Load into non-existent table.
authorize("load data inpath 'hdfs://localhost:20500/test-warehouse/tpch.lineitem' " +
"into table functional.notbl partition(month=10, year=2009)")
.error(insertError("functional.notbl"))
.error(insertError("functional.notbl"), onUri(
- "hdfs://localhost:20500/test-warehouse/tpch.nouri", TPrivilegeLevel.ALL));
+ "hdfs://localhost:20500/test-warehouse/tpch.nouri", TPrivilegeLevel.ALL))
+ .error(insertError("functional.notbl"), onUri(
+ "hdfs://localhost:20500/test-warehouse/tpch.nouri", TPrivilegeLevel.OWNER));
// Load into a view is not supported.
authorize("load data inpath 'hdfs://localhost:20500/test-warehouse/tpch.lineitem' " +
@@ -850,6 +974,7 @@ public class AuthorizationStmtTest extends FrontendTestBase {
// Invalidate metadata on server.
authorize("invalidate metadata")
.ok(onServer(TPrivilegeLevel.ALL))
+ .ok(onServer(TPrivilegeLevel.OWNER))
.ok(onServer(TPrivilegeLevel.REFRESH))
.error(refreshError("server"));
@@ -859,28 +984,33 @@ public class AuthorizationStmtTest extends FrontendTestBase {
authorize("invalidate metadata functional." + name),
authorize("refresh functional." + name)}) {
test.ok(onServer(TPrivilegeLevel.ALL))
+ .ok(onServer(TPrivilegeLevel.OWNER))
.ok(onServer(TPrivilegeLevel.REFRESH))
.ok(onDatabase("functional", TPrivilegeLevel.ALL))
+ .ok(onDatabase("functional", TPrivilegeLevel.OWNER))
.ok(onDatabase("functional", TPrivilegeLevel.REFRESH))
.ok(onTable("functional", name, TPrivilegeLevel.ALL))
+ .ok(onTable("functional", name, TPrivilegeLevel.OWNER))
.ok(onTable("functional", name, TPrivilegeLevel.REFRESH))
.error(refreshError("functional." + name))
.error(refreshError("functional." + name), onDatabase("functional", allExcept(
- TPrivilegeLevel.ALL, TPrivilegeLevel.REFRESH)))
+ TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER, TPrivilegeLevel.REFRESH)))
.error(refreshError("functional." + name), onTable("functional", name,
- allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.REFRESH)));
+ allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER,
+ TPrivilegeLevel.REFRESH)));
}
}
authorize("refresh functions functional")
.ok(onServer(TPrivilegeLevel.REFRESH))
.ok(onDatabase("functional", TPrivilegeLevel.ALL))
+ .ok(onDatabase("functional", TPrivilegeLevel.OWNER))
.ok(onDatabase("functional", TPrivilegeLevel.REFRESH))
.error(refreshError("functional"))
.error(refreshError("functional"), onServer(allExcept(TPrivilegeLevel.ALL,
- TPrivilegeLevel.REFRESH)))
+ TPrivilegeLevel.OWNER, TPrivilegeLevel.REFRESH)))
.error(refreshError("functional"), onDatabase("functional", allExcept(
- TPrivilegeLevel.ALL, TPrivilegeLevel.REFRESH)));
+ TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER, TPrivilegeLevel.REFRESH)));
// Reset metadata in non-existent database.
authorize("invalidate metadata nodb").error(refreshError("default.nodb"));
@@ -1187,69 +1317,81 @@ public class AuthorizationStmtTest extends FrontendTestBase {
// Compute stats.
authorize("compute stats functional.alltypes")
.ok(onServer(TPrivilegeLevel.ALL))
+ .ok(onServer(TPrivilegeLevel.OWNER))
.ok(onServer(TPrivilegeLevel.ALTER, TPrivilegeLevel.SELECT))
.ok(onDatabase("functional", TPrivilegeLevel.ALL))
+ .ok(onDatabase("functional", TPrivilegeLevel.OWNER))
.ok(onDatabase("functional", TPrivilegeLevel.ALTER, TPrivilegeLevel.SELECT))
.ok(onTable("functional", "alltypes", TPrivilegeLevel.ALL))
+ .ok(onTable("functional", "alltypes", TPrivilegeLevel.OWNER))
.ok(onTable("functional", "alltypes", TPrivilegeLevel.ALTER,
TPrivilegeLevel.SELECT))
.error(alterError("functional.alltypes"))
.error(alterError("functional.alltypes"), onServer(allExcept(
- TPrivilegeLevel.ALL, TPrivilegeLevel.ALTER, TPrivilegeLevel.SELECT)))
+ TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER, TPrivilegeLevel.ALTER,
+ TPrivilegeLevel.SELECT)))
.error(alterError("functional.alltypes"), onDatabase("functional",
- allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.ALTER,
+ allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER, TPrivilegeLevel.ALTER,
TPrivilegeLevel.SELECT)))
.error(alterError("functional.alltypes"), onTable("functional", "alltypes",
- allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.ALTER,
+ allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER, TPrivilegeLevel.ALTER,
TPrivilegeLevel.SELECT)));
// Compute stats on database that does not exist.
authorize("compute stats nodb.notbl")
.error(alterError("nodb.notbl"))
.error(alterError("nodb.notbl"), onServer(allExcept(
- TPrivilegeLevel.ALL, TPrivilegeLevel.ALTER, TPrivilegeLevel.SELECT)))
+ TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER, TPrivilegeLevel.ALTER,
+ TPrivilegeLevel.SELECT)))
.error(alterError("nodb.notbl"), onDatabase("nodb", allExcept(
- TPrivilegeLevel.ALL, TPrivilegeLevel.ALTER, TPrivilegeLevel.SELECT)));
+ TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER, TPrivilegeLevel.ALTER,
+ TPrivilegeLevel.SELECT)));
// Compute stats on table that does not exist.
authorize("compute stats functional.notbl")
.error(alterError("functional.notbl"))
.error(alterError("functional.notbl"), onServer(allExcept(
- TPrivilegeLevel.ALL, TPrivilegeLevel.ALTER, TPrivilegeLevel.SELECT)))
+ TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER, TPrivilegeLevel.ALTER,
+ TPrivilegeLevel.SELECT)))
.error(alterError("functional.notbl"), onDatabase("functional", allExcept(
- TPrivilegeLevel.ALL, TPrivilegeLevel.ALTER, TPrivilegeLevel.SELECT)));
+ TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER, TPrivilegeLevel.ALTER,
+ TPrivilegeLevel.SELECT)));
// Drop stats.
authorize("drop stats functional.alltypes")
.ok(onServer(TPrivilegeLevel.ALL))
+ .ok(onServer(TPrivilegeLevel.OWNER))
.ok(onServer(TPrivilegeLevel.ALTER))
.ok(onDatabase("functional", TPrivilegeLevel.ALL))
+ .ok(onDatabase("functional", TPrivilegeLevel.OWNER))
.ok(onDatabase("functional", TPrivilegeLevel.ALTER))
.ok(onTable("functional", "alltypes", TPrivilegeLevel.ALL))
+ .ok(onTable("functional", "alltypes", TPrivilegeLevel.OWNER))
.ok(onTable("functional", "alltypes", TPrivilegeLevel.ALTER))
.error(alterError("functional.alltypes"))
.error(alterError("functional.alltypes"), onServer(allExcept(
- TPrivilegeLevel.ALL, TPrivilegeLevel.ALTER)))
+ TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER, TPrivilegeLevel.ALTER)))
.error(alterError("functional.alltypes"), onDatabase("functional",
- allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.ALTER)))
+ allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER, TPrivilegeLevel.ALTER)))
.error(alterError("functional.alltypes"), onTable("functional", "alltypes",
- allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.ALTER)));
+ allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER,
+ TPrivilegeLevel.ALTER)));
// Drop stats on database that does not exist.
authorize("drop stats nodb.notbl")
.error(alterError("nodb.notbl"))
.error(alterError("nodb.notbl"), onServer(allExcept(
- TPrivilegeLevel.ALL, TPrivilegeLevel.ALTER)))
+ TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER, TPrivilegeLevel.ALTER)))
.error(alterError("nodb.notbl"), onDatabase("nodb", allExcept(
- TPrivilegeLevel.ALL, TPrivilegeLevel.ALTER)));
+ TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER, TPrivilegeLevel.ALTER)));
// Drop stats on table that does not exist.
authorize("drop stats functional.notbl")
.error(alterError("functional.notbl"))
.error(alterError("functional.notbl"), onServer(allExcept(
- TPrivilegeLevel.ALL, TPrivilegeLevel.ALTER)))
+ TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER, TPrivilegeLevel.ALTER)))
.error(alterError("functional.notbl"), onDatabase("functional", allExcept(
- TPrivilegeLevel.ALL, TPrivilegeLevel.ALTER)));
+ TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER, TPrivilegeLevel.ALTER)));
}
@Test
@@ -1258,22 +1400,29 @@ public class AuthorizationStmtTest extends FrontendTestBase {
authorize("create database newdb"),
authorize("create database if not exists newdb")}) {
test.ok(onServer(TPrivilegeLevel.ALL))
+ .ok(onServer(TPrivilegeLevel.OWNER))
.ok(onServer(TPrivilegeLevel.CREATE))
.error(createError("newdb"))
.error(createError("newdb"), onServer(allExcept(TPrivilegeLevel.ALL,
- TPrivilegeLevel.CREATE)));
+ TPrivilegeLevel.OWNER, TPrivilegeLevel.CREATE)));
}
// Create a database with a specific location.
authorize("create database newdb location " +
"'hdfs://localhost:20500/test-warehouse/new_location'")
.ok(onServer(TPrivilegeLevel.ALL))
+ .ok(onServer(TPrivilegeLevel.OWNER))
.ok(onServer(TPrivilegeLevel.CREATE), onUri(
"hdfs://localhost:20500/test-warehouse/new_location", TPrivilegeLevel.ALL))
+ .ok(onServer(TPrivilegeLevel.CREATE), onUri(
+ "hdfs://localhost:20500/test-warehouse/new_location", TPrivilegeLevel.OWNER))
.error(createError("newdb"))
.error(createError("newdb"), onServer(allExcept(TPrivilegeLevel.ALL,
- TPrivilegeLevel.CREATE)), onUri(
+ TPrivilegeLevel.OWNER, TPrivilegeLevel.CREATE)), onUri(
"hdfs://localhost:20500/test-warehouse/new_location", TPrivilegeLevel.ALL))
+ .error(createError("newdb"), onServer(allExcept(TPrivilegeLevel.ALL,
+ TPrivilegeLevel.OWNER, TPrivilegeLevel.CREATE)), onUri(
+ "hdfs://localhost:20500/test-warehouse/new_location", TPrivilegeLevel.OWNER))
.error(accessError("hdfs://localhost:20500/test-warehouse/new_location"),
onServer(TPrivilegeLevel.CREATE));
@@ -1283,11 +1432,12 @@ public class AuthorizationStmtTest extends FrontendTestBase {
authorize("create database if not exists functional")}) {
test.error(createError("functional"))
.error(createError("functional"), onServer(allExcept(
- TPrivilegeLevel.ALL, TPrivilegeLevel.CREATE)));
+ TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER, TPrivilegeLevel.CREATE)));
}
authorize("create database if not exists _impala_builtins")
- .error(systemDbError(), onServer(TPrivilegeLevel.ALL));
+ .error(systemDbError(), onServer(TPrivilegeLevel.ALL))
+ .error(systemDbError(), onServer(TPrivilegeLevel.OWNER));
}
@Test
@@ -1296,20 +1446,24 @@ public class AuthorizationStmtTest extends FrontendTestBase {
authorize("create table functional.new_table(i int)"),
authorize("create external table functional.new_table(i int)")}) {
test.ok(onServer(TPrivilegeLevel.ALL))
+ .ok(onServer(TPrivilegeLevel.OWNER))
.ok(onServer(TPrivilegeLevel.CREATE))
.ok(onDatabase("functional", TPrivilegeLevel.ALL))
+ .ok(onDatabase("functional", TPrivilegeLevel.OWNER))
.ok(onDatabase("functional", TPrivilegeLevel.CREATE))
.error(createError("functional"), onServer(allExcept(
- TPrivilegeLevel.ALL, TPrivilegeLevel.CREATE)))
+ TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER, TPrivilegeLevel.CREATE)))
.error(createError("functional"), onDatabase("functional", allExcept(
- TPrivilegeLevel.ALL, TPrivilegeLevel.CREATE)));
+ TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER, TPrivilegeLevel.CREATE)));
}
// Create table like.
authorize("create table functional.new_table like functional.alltypes")
.ok(onServer(TPrivilegeLevel.ALL))
+ .ok(onServer(TPrivilegeLevel.OWNER))
.ok(onServer(join(viewMetadataPrivileges(), TPrivilegeLevel.CREATE)))
.ok(onDatabase("functional", TPrivilegeLevel.ALL))
+ .ok(onDatabase("functional", TPrivilegeLevel.OWNER))
.ok(onDatabase("functional", join(viewMetadataPrivileges(),
TPrivilegeLevel.CREATE)))
.ok(onDatabase("functional"), onDatabase("functional", TPrivilegeLevel.CREATE),
@@ -1318,9 +1472,10 @@ public class AuthorizationStmtTest extends FrontendTestBase {
.error(accessError("functional.alltypes"), onServer(allExcept(
join(viewMetadataPrivileges(), TPrivilegeLevel.CREATE))))
.error(createError("functional"), onDatabase("functional", allExcept(
- TPrivilegeLevel.ALL, TPrivilegeLevel.CREATE, TPrivilegeLevel.SELECT)))
+ TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER, TPrivilegeLevel.CREATE,
+ TPrivilegeLevel.SELECT)))
.error(createError("functional"), onDatabase("functional", allExcept(
- TPrivilegeLevel.ALL, TPrivilegeLevel.CREATE)), onTable(
+ TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER, TPrivilegeLevel.CREATE)), onTable(
"functional", "alltypes", viewMetadataPrivileges()))
.error(accessError("functional.alltypes"), onDatabase("functional",
TPrivilegeLevel.CREATE), onTable("functional", "alltypes", allExcept(
@@ -1332,9 +1487,9 @@ public class AuthorizationStmtTest extends FrontendTestBase {
authorize("create table if not exists functional.alltypes(i int)")}) {
test.error(createError("functional"))
.error(createError("functional"), onServer(allExcept(
- TPrivilegeLevel.ALL, TPrivilegeLevel.CREATE)))
+ TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER, TPrivilegeLevel.CREATE)))
.error(createError("functional"), onDatabase("functional", allExcept(
- TPrivilegeLevel.ALL, TPrivilegeLevel.CREATE)));
+ TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER, TPrivilegeLevel.CREATE)));
}
// CTAS.
@@ -1345,9 +1500,11 @@ public class AuthorizationStmtTest extends FrontendTestBase {
authorize("explain create table functional.new_table as " +
"select int_col from functional.alltypes")}) {
test.ok(onServer(TPrivilegeLevel.ALL))
+ .ok(onServer(TPrivilegeLevel.OWNER))
.ok(onServer(TPrivilegeLevel.CREATE, TPrivilegeLevel.INSERT,
TPrivilegeLevel.SELECT))
.ok(onDatabase("functional", TPrivilegeLevel.ALL))
+ .ok(onDatabase("functional", TPrivilegeLevel.OWNER))
.ok(onDatabase("functional", TPrivilegeLevel.CREATE, TPrivilegeLevel.INSERT,
TPrivilegeLevel.SELECT))
.ok(onDatabase("functional"), onDatabase("functional", TPrivilegeLevel.CREATE,
@@ -1356,32 +1513,44 @@ public class AuthorizationStmtTest extends FrontendTestBase {
.ok(onDatabase("functional"), onDatabase("functional", TPrivilegeLevel.CREATE,
TPrivilegeLevel.INSERT), onColumn("functional", "alltypes", "int_col",
TPrivilegeLevel.ALL))
+ .ok(onDatabase("functional"), onDatabase("functional", TPrivilegeLevel.CREATE,
+ TPrivilegeLevel.INSERT), onColumn("functional", "alltypes", "int_col",
+ TPrivilegeLevel.OWNER))
.error(createError("functional"))
.error(createError("functional"), onServer(allExcept(
- TPrivilegeLevel.ALL, TPrivilegeLevel.CREATE, TPrivilegeLevel.INSERT,
- TPrivilegeLevel.SELECT)))
+ TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER, TPrivilegeLevel.CREATE,
+ TPrivilegeLevel.INSERT, TPrivilegeLevel.SELECT)))
.error(createError("functional"), onDatabase("functional", allExcept(
- TPrivilegeLevel.ALL, TPrivilegeLevel.CREATE, TPrivilegeLevel.INSERT,
- TPrivilegeLevel.SELECT)))
+ TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER, TPrivilegeLevel.CREATE,
+ TPrivilegeLevel.INSERT, TPrivilegeLevel.SELECT)))
.error(createError("functional"), onDatabase("functional", allExcept(
- TPrivilegeLevel.ALL, TPrivilegeLevel.CREATE, TPrivilegeLevel.INSERT)),
+ TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER, TPrivilegeLevel.CREATE,
+ TPrivilegeLevel.INSERT)),
onTable("functional", "alltypes", TPrivilegeLevel.SELECT))
.error(selectError("functional"), onDatabase("functional",
TPrivilegeLevel.CREATE, TPrivilegeLevel.INSERT), onTable("functional",
- "alltypes", allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.SELECT)));
+ "alltypes", allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER,
+ TPrivilegeLevel.SELECT)));
}
// Table with a specific location.
authorize("create table functional.new_table(i int) location " +
"'hdfs://localhost:20500/test-warehouse/new_table'")
.ok(onServer(TPrivilegeLevel.ALL))
+ .ok(onServer(TPrivilegeLevel.OWNER))
.ok(onServer(TPrivilegeLevel.CREATE),
onUri("hdfs://localhost:20500/test-warehouse/new_table", TPrivilegeLevel.ALL))
+ .ok(onServer(TPrivilegeLevel.CREATE),
+ onUri("hdfs://localhost:20500/test-warehouse/new_table",
+ TPrivilegeLevel.OWNER))
.error(createError("functional"), onServer(allExcept(
- TPrivilegeLevel.ALL, TPrivilegeLevel.CREATE)))
+ TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER, TPrivilegeLevel.CREATE)))
.error(createError("functional"), onDatabase("functional", allExcept(
- TPrivilegeLevel.ALL, TPrivilegeLevel.CREATE)), onUri(
+ TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER, TPrivilegeLevel.CREATE)), onUri(
"hdfs://localhost:20500/test-warehouse/new_table", TPrivilegeLevel.ALL))
+ .error(createError("functional"), onDatabase("functional", allExcept(
+ TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER, TPrivilegeLevel.CREATE)), onUri(
+ "hdfs://localhost:20500/test-warehouse/new_table", TPrivilegeLevel.OWNER))
.error(accessError("hdfs://localhost:20500/test-warehouse/new_table"),
onDatabase("functional", TPrivilegeLevel.CREATE));
@@ -1389,65 +1558,93 @@ public class AuthorizationStmtTest extends FrontendTestBase {
authorize("create external table functional.new_table(i int) location " +
"'hdfs://localhost:20500/test-warehouse/UPPER_CASE/test'")
.ok(onServer(TPrivilegeLevel.ALL))
+ .ok(onServer(TPrivilegeLevel.OWNER))
.ok(onServer(TPrivilegeLevel.CREATE),
onUri("hdfs://localhost:20500/test-warehouse/UPPER_CASE/test",
TPrivilegeLevel.ALL))
+ .ok(onServer(TPrivilegeLevel.CREATE),
+ onUri("hdfs://localhost:20500/test-warehouse/UPPER_CASE/test",
+ TPrivilegeLevel.OWNER))
// Wrong case letters on URI.
.error(accessError("hdfs://localhost:20500/test-warehouse/UPPER_CASE/test"),
onServer(TPrivilegeLevel.CREATE),
onUri("hdfs://localhost:20500/test-warehouse/upper_case/test",
TPrivilegeLevel.ALL))
+ .error(accessError("hdfs://localhost:20500/test-warehouse/UPPER_CASE/test"),
+ onServer(TPrivilegeLevel.CREATE),
+ onUri("hdfs://localhost:20500/test-warehouse/upper_case/test",
+ TPrivilegeLevel.OWNER))
.error(createError("functional"), onServer(allExcept(
- TPrivilegeLevel.ALL, TPrivilegeLevel.CREATE)))
+ TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER, TPrivilegeLevel.CREATE)))
.error(createError("functional"), onDatabase("functional", allExcept(
- TPrivilegeLevel.ALL, TPrivilegeLevel.CREATE)), onUri(
+ TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER, TPrivilegeLevel.CREATE)), onUri(
"hdfs://localhost:20500/test-warehouse/UPPER_CASE/test", TPrivilegeLevel.ALL))
+ .error(createError("functional"), onDatabase("functional", allExcept(
+ TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER, TPrivilegeLevel.CREATE)), onUri(
+ "hdfs://localhost:20500/test-warehouse/UPPER_CASE/test",
+ TPrivilegeLevel.OWNER))
.error(accessError("hdfs://localhost:20500/test-warehouse/UPPER_CASE/test"),
onDatabase("functional", TPrivilegeLevel.CREATE));
authorize("create table functional.new_table like parquet "
+ "'hdfs://localhost:20500/test-warehouse/schemas/alltypestiny.parquet'")
.ok(onServer(TPrivilegeLevel.ALL))
+ .ok(onServer(TPrivilegeLevel.OWNER))
.ok(onServer(TPrivilegeLevel.CREATE),
onUri("hdfs://localhost:20500/test-warehouse/schemas/alltypestiny.parquet",
TPrivilegeLevel.ALL))
+ .ok(onServer(TPrivilegeLevel.CREATE),
+ onUri("hdfs://localhost:20500/test-warehouse/schemas/alltypestiny.parquet",
+ TPrivilegeLevel.OWNER))
.error(accessError(
"hdfs://localhost:20500/test-warehouse/schemas/alltypestiny.parquet"),
- onServer(allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.CREATE)))
+ onServer(allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER,
+ TPrivilegeLevel.CREATE)))
.error(createError("functional"), onDatabase("functional", allExcept(
- TPrivilegeLevel.ALL, TPrivilegeLevel.CREATE)), onUri(
+ TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER, TPrivilegeLevel.CREATE)), onUri(
"hdfs://localhost:20500/test-warehouse/schemas/alltypestiny.parquet",
TPrivilegeLevel.ALL))
+ .error(createError("functional"), onDatabase("functional", allExcept(
+ TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER, TPrivilegeLevel.CREATE)), onUri(
+ "hdfs://localhost:20500/test-warehouse/schemas/alltypestiny.parquet",
+ TPrivilegeLevel.OWNER))
.error(accessError(
"hdfs://localhost:20500/test-warehouse/schemas/alltypestiny.parquet"),
onDatabase("functional", TPrivilegeLevel.CREATE));
authorize("create table if not exists _impala_builtins.new_table(i int)")
- .error(systemDbError(), onServer(TPrivilegeLevel.ALL));
+ .error(systemDbError(), onServer(TPrivilegeLevel.ALL))
+ .error(systemDbError(), onServer(TPrivilegeLevel.OWNER));
- // IMPALA-4000: Only users with ALL privileges on SERVER may create external Kudu
- // tables.
+ // IMPALA-4000: Only users with ALL/OWNER privileges on SERVER may create external
+ // Kudu tables.
authorize("create external table functional.kudu_tbl stored as kudu " +
"tblproperties ('kudu.master_addresses'='127.0.0.1', 'kudu.table_name'='tbl')")
.ok(onServer(TPrivilegeLevel.ALL))
+ .ok(onServer(TPrivilegeLevel.OWNER))
.error(createError("functional"))
- .error(accessError("server1"), onServer(allExcept(TPrivilegeLevel.ALL)))
- .error(accessError("server1"), onDatabase("functional", TPrivilegeLevel.ALL));
+ .error(accessError("server1"), onServer(allExcept(TPrivilegeLevel.ALL,
+ TPrivilegeLevel.OWNER)))
+ .error(accessError("server1"), onDatabase("functional", TPrivilegeLevel.ALL))
+ .error(accessError("server1"), onDatabase("functional", TPrivilegeLevel.OWNER));
- // IMPALA-4000: ALL privileges on SERVER are not required to create managed tables.
+ // IMPALA-4000: ALL/OWNER privileges on SERVER are not required to create managed
+ // tables.
authorize("create table functional.kudu_tbl (i int, j int, primary key (i))" +
" partition by hash (i) partitions 9 stored as kudu")
.ok(onServer(TPrivilegeLevel.ALL))
+ .ok(onServer(TPrivilegeLevel.OWNER))
.ok(onDatabase("functional", TPrivilegeLevel.ALL))
+ .ok(onDatabase("functional", TPrivilegeLevel.OWNER))
.ok(onDatabase("functional", TPrivilegeLevel.CREATE))
.error(createError("functional"))
.error(createError("functional"), onServer(allExcept(
- TPrivilegeLevel.ALL, TPrivilegeLevel.CREATE)))
+ TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER, TPrivilegeLevel.CREATE)))
.error(createError("functional"), onDatabase("functional", allExcept(
- TPrivilegeLevel.ALL, TPrivilegeLevel.CREATE)));
+ TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER, TPrivilegeLevel.CREATE)));
// IMPALA-6451: CTAS for Kudu tables on non-external tables and without
- // TBLPROPERTIES ('kudu.master_addresses') should not require ALL privileges
+ // TBLPROPERTIES ('kudu.master_addresses') should not require ALL/OWNER privileges
// on SERVER.
// The statement below causes the SQL statement to be rewritten.
authorize("create table functional.kudu_tbl primary key (bigint_col) " +
@@ -1456,22 +1653,24 @@ public class AuthorizationStmtTest extends FrontendTestBase {
"from functional.alltypes " +
"where exists (select 1 from functional.alltypes)")
.ok(onServer(TPrivilegeLevel.ALL))
+ .ok(onServer(TPrivilegeLevel.OWNER))
.ok(onDatabase("functional", TPrivilegeLevel.CREATE, TPrivilegeLevel.INSERT,
TPrivilegeLevel.SELECT))
.error(createError("functional"))
.error(createError("functional"), onServer(allExcept(TPrivilegeLevel.ALL,
- TPrivilegeLevel.CREATE, TPrivilegeLevel.INSERT, TPrivilegeLevel.SELECT)))
+ TPrivilegeLevel.OWNER, TPrivilegeLevel.CREATE, TPrivilegeLevel.INSERT,
+ TPrivilegeLevel.SELECT)))
.error(createError("functional"), onDatabase("functional", allExcept(
- TPrivilegeLevel.ALL, TPrivilegeLevel.CREATE, TPrivilegeLevel.INSERT,
- TPrivilegeLevel.SELECT)));
+ TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER, TPrivilegeLevel.CREATE,
+ TPrivilegeLevel.INSERT, TPrivilegeLevel.SELECT)));
// Database does not exist.
authorize("create table nodb.new_table(i int)")
.error(createError("nodb"))
.error(createError("nodb"), onServer(allExcept(
- TPrivilegeLevel.ALL, TPrivilegeLevel.CREATE)))
+ TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER, TPrivilegeLevel.CREATE)))
.error(createError("nodb"), onDatabase("functional", allExcept(
- TPrivilegeLevel.ALL, TPrivilegeLevel.CREATE)));
+ TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER, TPrivilegeLevel.CREATE)));
}
@Test
@@ -1482,35 +1681,44 @@ public class AuthorizationStmtTest extends FrontendTestBase {
authorize("create view functional.new_view(a) as " +
"select int_col from functional.alltypes")}) {
test.ok(onServer(TPrivilegeLevel.ALL))
+ .ok(onServer(TPrivilegeLevel.OWNER))
.ok(onServer(TPrivilegeLevel.CREATE, TPrivilegeLevel.SELECT))
.ok(onDatabase("functional", TPrivilegeLevel.ALL))
+ .ok(onDatabase("functional", TPrivilegeLevel.OWNER))
.ok(onDatabase("functional", TPrivilegeLevel.CREATE, TPrivilegeLevel.SELECT))
.ok(onDatabase("functional", TPrivilegeLevel.CREATE), onTable(
"functional", "alltypes", TPrivilegeLevel.SELECT))
.ok(onDatabase("functional", TPrivilegeLevel.CREATE), onColumn(
"functional", "alltypes", "int_col", TPrivilegeLevel.ALL))
+ .ok(onDatabase("functional", TPrivilegeLevel.CREATE), onColumn(
+ "functional", "alltypes", "int_col", TPrivilegeLevel.OWNER))
.error(selectError("functional.alltypes"))
.error(selectError("functional.alltypes"), onServer(allExcept(
- TPrivilegeLevel.ALL, TPrivilegeLevel.CREATE, TPrivilegeLevel.SELECT)))
+ TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER, TPrivilegeLevel.CREATE,
+ TPrivilegeLevel.SELECT)))
.error(createError("functional"), onDatabase("functional", allExcept(
- TPrivilegeLevel.ALL, TPrivilegeLevel.CREATE)))
+ TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER, TPrivilegeLevel.CREATE)))
.error(selectError("functional.alltypes"), onDatabase("functional", allExcept(
- TPrivilegeLevel.ALL, TPrivilegeLevel.SELECT)))
+ TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER, TPrivilegeLevel.SELECT)))
.error(selectError("functional.alltypes"), onTable("functional", "alltypes",
- allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.SELECT)));
+ allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER,
+ TPrivilegeLevel.SELECT)));
}
// View with constant select.
authorize("create view functional.new_view as select 1")
.ok(onServer(TPrivilegeLevel.ALL))
+ .ok(onServer(TPrivilegeLevel.OWNER))
.ok(onServer(TPrivilegeLevel.CREATE))
.ok(onDatabase("functional", TPrivilegeLevel.ALL))
+ .ok(onDatabase("functional", TPrivilegeLevel.OWNER))
.ok(onDatabase("functional", TPrivilegeLevel.CREATE))
.error(createError("functional"))
.error(createError("functional"), onServer(allExcept(
- TPrivilegeLevel.ALL, TPrivilegeLevel.CREATE, TPrivilegeLevel.SELECT)))
+ TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER, TPrivilegeLevel.CREATE,
+ TPrivilegeLevel.SELECT)))
.error(createError("functional"), onDatabase("functional", allExcept(
- TPrivilegeLevel.ALL, TPrivilegeLevel.CREATE)));
+ TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER, TPrivilegeLevel.CREATE)));
// View already exists.
for (AuthzTest test: new AuthzTest[]{
@@ -1520,25 +1728,28 @@ public class AuthorizationStmtTest extends FrontendTestBase {
"select int_col from functional.alltypes")}) {
test.error(selectError("functional.alltypes"))
.error(selectError("functional.alltypes"), onServer(allExcept(
- TPrivilegeLevel.ALL, TPrivilegeLevel.CREATE, TPrivilegeLevel.SELECT)))
+ TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER, TPrivilegeLevel.CREATE,
+ TPrivilegeLevel.SELECT)))
.error(createError("functional"), onDatabase("functional", allExcept(
- TPrivilegeLevel.ALL, TPrivilegeLevel.CREATE)))
+ TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER, TPrivilegeLevel.CREATE)))
.error(selectError("functional.alltypes"), onDatabase("functional", allExcept(
- TPrivilegeLevel.ALL, TPrivilegeLevel.SELECT)))
+ TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER, TPrivilegeLevel.SELECT)))
.error(selectError("functional.alltypes"), onTable("functional", "alltypes",
- allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.SELECT)));
+ allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER,
+ TPrivilegeLevel.SELECT)));
}
authorize("create view if not exists _impala_builtins.new_view as select 1")
- .error(systemDbError(), onServer(TPrivilegeLevel.ALL));
+ .error(systemDbError(), onServer(TPrivilegeLevel.ALL))
+ .error(systemDbError(), onServer(TPrivilegeLevel.OWNER));
// Database does not exist.
authorize("create view nodb.new_view as select 1")
.error(createError("nodb"))
.error(createError("nodb"), onServer(allExcept(
- TPrivilegeLevel.ALL, TPrivilegeLevel.CREATE)))
+ TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER, TPrivilegeLevel.CREATE)))
.error(createError("nodb"), onDatabase("functional", allExcept(
- TPrivilegeLevel.ALL, TPrivilegeLevel.CREATE)));
+ TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER, TPrivilegeLevel.CREATE)));
}
@Test
@@ -1548,14 +1759,17 @@ public class AuthorizationStmtTest extends FrontendTestBase {
authorize("drop database functional cascade"),
authorize("drop database functional restrict")}) {
test.ok(onServer(TPrivilegeLevel.ALL))
+ .ok(onServer(TPrivilegeLevel.OWNER))
.ok(onServer(TPrivilegeLevel.DROP))
.ok(onDatabase("functional", TPrivilegeLevel.ALL))
+ .ok(onDatabase("functional", TPrivilegeLevel.OWNER))
.ok(onDatabase("functional", TPrivilegeLevel.DROP))
.error(dropError("functional"))
.error(dropError("functional"), onServer(allExcept(
- TPrivilegeLevel.ALL, TPrivilegeLevel.DROP)))
+ TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER, TPrivilegeLevel.DROP)))
.error(dropError("functional"), onDatabase("functional",
- allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.DROP)));
+ allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER,
+ TPrivilegeLevel.DROP)));
}
// Database does not exist.
@@ -1565,7 +1779,8 @@ public class AuthorizationStmtTest extends FrontendTestBase {
authorize("drop database nodb restrict")}) {
test.error(dropError("nodb"))
.error(dropError("nodb"), onServer(
- allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.DROP)));
+ allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER,
+ TPrivilegeLevel.DROP)));
}
// Database does not exist but with if exists clause.
@@ -1574,117 +1789,132 @@ public class AuthorizationStmtTest extends FrontendTestBase {
authorize("drop database if exists nodb cascade"),
authorize("drop database if exists nodb restrict")}) {
test.ok(onServer(TPrivilegeLevel.ALL))
+ .ok(onServer(TPrivilegeLevel.OWNER))
.ok(onServer(TPrivilegeLevel.DROP))
.error(dropError("nodb"))
.error(dropError("nodb"), onServer(allExcept(
- TPrivilegeLevel.ALL, TPrivilegeLevel.DROP)));
+ TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER, TPrivilegeLevel.DROP)));
}
- // Dropping system database is not allowed even if with ALL privilege on server.
+ // Dropping system database is not allowed even if with ALL/OWNER privilege on server.
authorize("drop database _impala_builtins")
- .error(systemDbError(), onServer(TPrivilegeLevel.ALL));
+ .error(systemDbError(), onServer(TPrivilegeLevel.ALL))
+ .error(systemDbError(), onServer(TPrivilegeLevel.OWNER));
}
@Test
public void testDropTable() throws ImpalaException {
authorize("drop table functional.alltypes")
.ok(onServer(TPrivilegeLevel.ALL))
+ .ok(onServer(TPrivilegeLevel.OWNER))
.ok(onServer(TPrivilegeLevel.DROP))
.ok(onDatabase("functional", TPrivilegeLevel.ALL))
+ .ok(onDatabase("functional", TPrivilegeLevel.OWNER))
.ok(onDatabase("functional", TPrivilegeLevel.DROP))
.ok(onTable("functional", "alltypes", TPrivilegeLevel.ALL))
+ .ok(onTable("functional", "alltypes", TPrivilegeLevel.OWNER))
.ok(onTable("functional", "alltypes", TPrivilegeLevel.DROP))
.error(dropError("functional.alltypes"))
.error(dropError("functional.alltypes"), onServer(allExcept(
- TPrivilegeLevel.ALL, TPrivilegeLevel.DROP)))
+ TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER, TPrivilegeLevel.DROP)))
.error(dropError("functional.alltypes"), onDatabase("functional",
- allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.DROP)))
+ allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER, TPrivilegeLevel.DROP)))
.error(dropError("functional.alltypes"), onTable("functional", "alltypes",
- allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.DROP)));
+ allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER, TPrivilegeLevel.DROP)));
// Database/Table does not exist.
authorize("drop table nodb.notbl")
.error(dropError("nodb.notbl"))
.error(dropError("nodb.notbl"), onServer(allExcept(
- TPrivilegeLevel.ALL, TPrivilegeLevel.DROP)))
+ TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER, TPrivilegeLevel.DROP)))
.error(dropError("nodb.notbl"), onDatabase("functional",
- allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.DROP)));
+ allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER, TPrivilegeLevel.DROP)));
// Table does not exist.
authorize("drop table functional.notbl")
.error(dropError("functional.notbl"))
.error(dropError("functional.notbl"), onServer(allExcept(
- TPrivilegeLevel.ALL, TPrivilegeLevel.DROP)))
+ TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER, TPrivilegeLevel.DROP)))
.error(dropError("functional.notbl"), onDatabase("functional",
- allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.DROP)));
+ allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER, TPrivilegeLevel.DROP)));
// Table does not exist but with if exists clause.
authorize("drop table if exists functional.notbl")
.ok(onServer(TPrivilegeLevel.ALL))
+ .ok(onServer(TPrivilegeLevel.OWNER))
.ok(onServer(TPrivilegeLevel.DROP))
.ok(onDatabase("functional", TPrivilegeLevel.ALL))
+ .ok(onDatabase("functional", TPrivilegeLevel.OWNER))
.ok(onDatabase("functional", TPrivilegeLevel.DROP))
.error(dropError("functional.notbl"))
.error(dropError("functional.notbl"), onServer(allExcept(
- TPrivilegeLevel.ALL, TPrivilegeLevel.DROP)))
+ TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER, TPrivilegeLevel.DROP)))
.error(dropError("functional.notbl"), onDatabase("functional",
- allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.DROP)));
+ allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER, TPrivilegeLevel.DROP)));
- // Dropping any tables in the system database is not allowed even with ALL privilege
- // on server.
+ // Dropping any tables in the system database is not allowed even with ALL/OWNER
+ // privilege on server.
authorize("drop table _impala_builtins.tbl")
- .error(systemDbError(), onServer(TPrivilegeLevel.ALL));
+ .error(systemDbError(), onServer(TPrivilegeLevel.ALL))
+ .error(systemDbError(), onServer(TPrivilegeLevel.OWNER));
}
@Test
public void testDropView() throws ImpalaException {
authorize("drop view functional.alltypes_view")
.ok(onServer(TPrivilegeLevel.ALL))
+ .ok(onServer(TPrivilegeLevel.OWNER))
.ok(onServer(TPrivilegeLevel.DROP))
.ok(onDatabase("functional", TPrivilegeLevel.ALL))
+ .ok(onDatabase("functional", TPrivilegeLevel.OWNER))
.ok(onDatabase("functional", TPrivilegeLevel.DROP))
.ok(onTable("functional", "alltypes_view", TPrivilegeLevel.ALL))
+ .ok(onTable("functional", "alltypes_view", TPrivilegeLevel.OWNER))
.ok(onTable("functional", "alltypes_view", TPrivilegeLevel.DROP))
.error(dropError("functional.alltypes_view"))
.error(dropError("functional.alltypes_view"), onServer(allExcept(
- TPrivilegeLevel.ALL, TPrivilegeLevel.DROP)))
+ TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER, TPrivilegeLevel.DROP)))
.error(dropError("functional.alltypes_view"), onDatabase("functional",
- allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.DROP)))
+ allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER, TPrivilegeLevel.DROP)))
.error(dropError("functional.alltypes_view"), onTable("functional",
- "alltypes_view", allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.DROP)));
+ "alltypes_view", allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER,
+ TPrivilegeLevel.DROP)));
// Database does not exist.
authorize("drop view nodb.noview")
.error(dropError("nodb.noview"))
.error(dropError("nodb.noview"), onServer(allExcept(
- TPrivilegeLevel.ALL, TPrivilegeLevel.DROP)))
+ TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER, TPrivilegeLevel.DROP)))
.error(dropError("nodb.noview"), onDatabase("functional",
- allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.DROP)));
+ allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER, TPrivilegeLevel.DROP)));
// View does not exist.
authorize("drop table functional.noview")
.error(dropError("functional.noview"))
.error(dropError("functional.noview"), onServer(allExcept(
- TPrivilegeLevel.ALL, TPrivilegeLevel.DROP)))
+ TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER, TPrivilegeLevel.DROP)))
.error(dropError("functional.noview"), onDatabase("functional",
- allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.DROP)));
+ allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER, TPrivilegeLevel.DROP)));
// View does not exist but with if exists clause.
authorize("drop table if exists functional.noview")
.ok(onServer(TPrivilegeLevel.ALL))
+ .ok(onServer(TPrivilegeLevel.OWNER))
.ok(onServer(TPrivilegeLevel.DROP))
.ok(onDatabase("functional", TPrivilegeLevel.ALL))
+ .ok(onDatabase("functional", TPrivilegeLevel.OWNER))
.ok(onDatabase("functional", TPrivilegeLevel.DROP))
.error(dropError("functional.noview"))
.error(dropError("functional.noview"), onServer(allExcept(
- TPrivilegeLevel.ALL, TPrivilegeLevel.DROP)))
+ TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER, TPrivilegeLevel.DROP)))
.error(dropError("functional.noview"), onDatabase("functional",
- allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.DROP)));
+ allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER, TPrivilegeLevel.DROP)));
- // Dropping any views in the system database is not allowed even with ALL privilege
- // on server.
+ // Dropping any views in the system database is not allowed even with ALL/OWNER
+ // privilege on server.
authorize("drop table _impala_builtins.v")
- .error(systemDbError(), onServer(TPrivilegeLevel.ALL));
+ .error(systemDbError(), onServer(TPrivilegeLevel.ALL))
+ .error(systemDbError(), onServer(TPrivilegeLevel.OWNER));
}
@Test
@@ -1715,37 +1945,45 @@ public class AuthorizationStmtTest extends FrontendTestBase {
authorize("alter table functional.alltypes set owner user foo_owner"),
authorize("alter table functional.alltypes set owner role foo_owner")}) {
test.ok(onServer(TPrivilegeLevel.ALL))
+ .ok(onServer(TPrivilegeLevel.OWNER))
.ok(onServer(TPrivilegeLevel.ALTER))
.ok(onDatabase("functional", TPrivilegeLevel.ALL))
+ .ok(onDatabase("functional", TPrivilegeLevel.OWNER))
.ok(onDatabase("functional", TPrivilegeLevel.ALTER))
.ok(onTable("functional", "alltypes", TPrivilegeLevel.ALTER))
.error(alterError("functional.alltypes"))
.error(alterError("functional.alltypes"), onServer(allExcept(
- TPrivilegeLevel.ALL, TPrivilegeLevel.ALTER)))
+ TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER, TPrivilegeLevel.ALTER)))
.error(alterError("functional.alltypes"), onDatabase("functional", allExcept(
- TPrivilegeLevel.ALL, TPrivilegeLevel.ALTER)))
+ TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER, TPrivilegeLevel.ALTER)))
.error(alterError("functional.alltypes"), onTable("functional", "alltypes",
- allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.ALTER)));
+ allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER,
+ TPrivilegeLevel.ALTER)));
}
// Alter table rename.
authorize("alter table functional.alltypes rename to functional.new_table")
.ok(onServer(TPrivilegeLevel.ALL))
+ .ok(onServer(TPrivilegeLevel.OWNER))
.ok(onServer(TPrivilegeLevel.ALTER, TPrivilegeLevel.CREATE))
.ok(onDatabase("functional", TPrivilegeLevel.ALL))
+ .ok(onDatabase("functional", TPrivilegeLevel.OWNER))
.ok(onDatabase("functional", TPrivilegeLevel.ALTER, TPrivilegeLevel.CREATE))
.ok(onDatabase("functional", TPrivilegeLevel.CREATE), onTable("functional",
"alltypes", TPrivilegeLevel.ALTER))
.error(alterError("functional.alltypes"))
.error(alterError("functional.alltypes"), onServer(allExcept(
- TPrivilegeLevel.ALL, TPrivilegeLevel.ALTER, TPrivilegeLevel.CREATE)))
+ TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER, TPrivilegeLevel.ALTER,
+ TPrivilegeLevel.CREATE)))
.error(alterError("functional.alltypes"), onDatabase("functional", allExcept(
- TPrivilegeLevel.ALL, TPrivilegeLevel.ALTER, TPrivilegeLevel.CREATE)))
+ TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER, TPrivilegeLevel.ALTER,
+ TPrivilegeLevel.CREATE)))
.error(alterError("functional.alltypes"), onDatabase("functional",
TPrivilegeLevel.CREATE), onTable("functional", "alltypes", allExcept(
- TPrivilegeLevel.ALL, TPrivilegeLevel.ALTER)))
+ TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER, TPrivilegeLevel.ALTER)))
.error(createError("functional"), onDatabase("functional",
- allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.CREATE)),
+ allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER,
+ TPrivilegeLevel.CREATE)),
onTable("functional", "alltypes", TPrivilegeLevel.ALTER));
// Only for Kudu tables.
@@ -1759,18 +1997,23 @@ public class AuthorizationStmtTest extends FrontendTestBase {
authorize("alter table functional_kudu.testtbl drop range partition " +
"1 < values < 2")}) {
test.ok(onServer(TPrivilegeLevel.ALL))
+ .ok(onServer(TPrivilegeLevel.OWNER))
.ok(onServer(TPrivilegeLevel.ALTER))
.ok(onDatabase("functional_kudu", TPrivilegeLevel.ALL))
+ .ok(onDatabase("functional_kudu", TPrivilegeLevel.OWNER))
.ok(onDatabase("functional_kudu", TPrivilegeLevel.ALTER))
.ok(onTable("functional_kudu", "testtbl", TPrivilegeLevel.ALL))
+ .ok(onTable("functional_kudu", "testtbl", TPrivilegeLevel.OWNER))
.ok(onTable("functional_kudu", "testtbl", TPrivilegeLevel.ALTER))
.error(alterError("functional_kudu.testtbl"))
.error(alterError("functional_kudu.testtbl"), onServer(allExcept(
- TPrivilegeLevel.ALL, TPrivilegeLevel.ALTER)))
+ TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER, TPrivilegeLevel.ALTER)))
.error(alterError("functional_kudu.testtbl"), onDatabase("functional_kudu",
- allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.ALTER)))
+ allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER,
+ TPrivilegeLevel.ALTER)))
.error(alterError("functional_kudu.testtbl"), onTable("functional_kudu",
- "testtbl", allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.ALTER)));
+ "testtbl", allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER,
+ TPrivilegeLevel.ALTER)));
}
// Alter table set location.
@@ -1780,25 +2023,38 @@ public class AuthorizationStmtTest extends FrontendTestBase {
authorize("alter table functional.alltypes partition(year=2009, month=1) " +
"set location 'hdfs://localhost:20500/test-warehouse/new_table'")}) {
test.ok(onServer(TPrivilegeLevel.ALL))
+ .ok(onServer(TPrivilegeLevel.OWNER))
.ok(onServer(TPrivilegeLevel.ALTER), onUri(
"hdfs://localhost:20500/test-warehouse/new_table", TPrivilegeLevel.ALL))
+ .ok(onServer(TPrivilegeLevel.ALTER), onUri(
+ "hdfs://localhost:20500/test-warehouse/new_table", TPrivilegeLevel.OWNER))
.ok(onDatabase("functional", TPrivilegeLevel.ALL), onUri(
"hdfs://localhost:20500/test-warehouse/new_table", TPrivilegeLevel.ALL))
+ .ok(onDatabase("functional", TPrivilegeLevel.OWNER), onUri(
+ "hdfs://localhost:20500/test-warehouse/new_table", TPrivilegeLevel.OWNER))
.ok(onDatabase("functional", TPrivilegeLevel.ALTER), onUri(
"hdfs://localhost:20500/test-warehouse/new_table", TPrivilegeLevel.ALL))
+ .ok(onDatabase("functional", TPrivilegeLevel.ALTER), onUri(
+ "hdfs://localhost:20500/test-warehouse/new_table", TPrivilegeLevel.OWNER))
.ok(onTable("functional", "alltypes", TPrivilegeLevel.ALL), onUri(
"hdfs://localhost:20500/test-warehouse/new_table", TPrivilegeLevel.ALL))
+ .ok(onTable("functional", "alltypes", TPrivilegeLevel.OWNER), onUri(
+ "hdfs://localhost:20500/test-warehouse/new_table", TPrivilegeLevel.OWNER))
.ok(onTable("functional", "alltypes", TPrivilegeLevel.ALTER), onUri(
"hdfs://localhost:20500/test-warehouse/new_table", TPrivilegeLevel.ALL))
+ .ok(onTable("functional", "alltypes", TPrivilegeLevel.ALTER), onUri(
+ "hdfs://localhost:20500/test-warehouse/new_table", TPrivilegeLevel.OWNER))
.error(alterError("functional.alltypes"))
.error(alterError("functional.alltypes"),
- onServer(allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.ALTER)),
+ onServer(allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER,
+ TPrivilegeLevel.ALTER)),
onUri("hdfs://localhost:20500/test-warehouse/new_table"))
.error(alterError("functional.alltypes"), onDatabase("functional", allExcept(
- TPrivilegeLevel.ALL, TPrivilegeLevel.ALTER)),
+ TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER, TPrivilegeLevel.ALTER)),
onUri("hdfs://localhost:20500/test-warehouse/new_table"))
.error(alterError("functional.alltypes"), onTable("functional", "alltypes",
- allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.ALTER)),
+ allExcept(TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER,
+ TPrivilegeLevel.ALTER)),
onUri("hdfs://localhost:20500/test-warehouse/new_table"))
.error(accessError("hdfs://localhost:20500/test-warehouse/new_table"),
onDatabase("functional", TPrivilegeLevel.ALTER))
@@ -1810,15 +2066,15 @@ public class AuthorizationStmtTest extends FrontendTestBase {
authorize("alter table nodb.alltypes add columns(c1 int)")
.error(alterError("nodb"))
.error(alterError("nodb"), onServer(allExcept(
- TPrivilegeLevel.ALL, TPrivilegeLevel.ALTER)));
+ TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER, TPrivilegeLevel.ALTER)));
// Table does not exist.
authorize("alter table functional.notbl add columns(c1 int)")
.error(alterError("functional.notbl"))
.error(alterError("functional.notbl"), onServer(allExcept(
- TPrivilegeLevel.ALL, TPrivilegeLevel.ALTER)))
+ TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER, TPrivilegeLevel.ALTER)))
.error(alterError("functional.notbl"), onDatabase("functional", allExcept(
- TPrivilegeLevel.ALL, TPrivilegeLevel.ALTER)));
+ TPrivilegeLevel.ALL, TPrivilegeLevel.OWNER, TPrivilegeLevel.ALTER)));
}
@Test
@@ -1829,95 +2085,115 @@ public class AuthorizationStmtTest extends FrontendTestBase {
authorize("alter view functional.alltypes_view(a) as " +
"select int_col from functional.alltypes")}) {
test.ok(onServer(TPrivilegeLevel.ALL))
+ .ok(onServer(TPrivilegeLevel.OWNER))
.ok(onServer(TPrivilegeLevel.ALTER), onTable("functional", "alltypes",
TPrivilegeLevel.SELECT))
.ok(onDatabase("functional", TPrivilegeLevel.ALL))
+ .ok(onDatabase("functional", TPrivilegeLevel.OWNER))
.ok(onDatabase("functional", TPrivilegeLevel.ALL, TPrivilegeLevel.ALTER,
TPrivilege
<TRUNCATED>