Repository: hive Updated Branches: refs/heads/master 1199754cc -> 949640919
HIVE-12429: Switch default Hive authorization to SQLStandardAuth in 2.0 Project: http://git-wip-us.apache.org/repos/asf/hive/repo Commit: http://git-wip-us.apache.org/repos/asf/hive/commit/95d22735 Tree: http://git-wip-us.apache.org/repos/asf/hive/tree/95d22735 Diff: http://git-wip-us.apache.org/repos/asf/hive/diff/95d22735 Branch: refs/heads/master Commit: 95d22735d73381458354e0ca79a2cb607f8e2150 Parents: 7a1f14c Author: Daniel Dai <da...@hortonworks.com> Authored: Sat Dec 5 21:44:52 2015 -0800 Committer: Daniel Dai <da...@hortonworks.com> Committed: Sat Dec 5 21:45:32 2015 -0800 ---------------------------------------------------------------------- .../org/apache/hadoop/hive/conf/HiveConf.java | 2 +- .../cli/SemanticAnalysis/HCatAuthUtil.java | 5 +- .../cli/SemanticAnalysis/TestHCatAuthUtil.java | 4 +- .../SQLStdHiveAuthorizationValidator.java | 11 -- .../parse/authorization/TestPrivilegesV1.java | 13 +- .../TestSQLStdHiveAccessControllerCLI.java | 16 +- .../authorization_cli_auth_enable.q | 7 - .../clientnegative/authorization_fail_1.q | 1 + .../clientnegative/authorization_fail_2.q | 1 + .../clientnegative/authorization_fail_3.q | 1 + .../clientnegative/authorization_fail_4.q | 1 + .../clientnegative/authorization_fail_5.q | 3 +- .../clientnegative/authorization_fail_6.q | 1 + .../clientnegative/authorization_fail_7.q | 3 +- .../authorization_fail_create_db.q | 1 + .../clientnegative/authorization_fail_drop_db.q | 1 + .../authorization_invalid_priv_v1.q | 1 + .../queries/clientnegative/authorization_part.q | 3 +- .../authorization_public_create.q | 1 + .../clientnegative/authorization_public_drop.q | 1 + .../clientnegative/authorization_role_case.q | 1 + .../clientnegative/authorize_grant_public.q | 1 + .../clientnegative/authorize_revoke_public.q | 1 + .../clientnegative/exim_22_export_authfail.q | 1 + .../exim_23_import_exist_authfail.q | 1 + .../exim_24_import_part_authfail.q | 1 + .../exim_25_import_nonexist_authfail.q | 1 + .../clientnegative/join_nonexistent_part.q | 5 - .../clientnegative/load_exist_part_authfail.q | 1 + .../clientnegative/load_nonpart_authfail.q | 1 + .../queries/clientnegative/load_part_authfail.q | 1 + .../alter_rename_partition_authorization.q | 1 + .../queries/clientpositive/authorization_1.q | 4 +- .../queries/clientpositive/authorization_2.q | 4 +- .../queries/clientpositive/authorization_3.q | 2 + .../queries/clientpositive/authorization_4.q | 4 +- .../queries/clientpositive/authorization_5.q | 2 + .../queries/clientpositive/authorization_6.q | 2 + .../queries/clientpositive/authorization_7.q | 4 +- .../queries/clientpositive/authorization_8.q | 1 + .../queries/clientpositive/authorization_9.q | 1 + ...orization_default_create_table_owner_privs.q | 1 + .../clientpositive/authorization_explain.q | 1 + .../authorization_show_role_principals_v1.q | 1 + .../clientpositive/exim_21_export_authsuccess.q | 1 + .../exim_22_import_exist_authsuccess.q | 1 + .../exim_23_import_part_authsuccess.q | 1 + .../exim_24_import_nonexist_authsuccess.q | 1 + ql/src/test/queries/clientpositive/index_auth.q | 2 + ql/src/test/queries/clientpositive/keyword_1.q | 4 +- .../load_exist_part_authsuccess.q | 1 + .../clientpositive/load_nonpart_authsuccess.q | 1 + .../clientpositive/load_part_authsuccess.q | 1 + ql/src/test/queries/clientpositive/show_roles.q | 2 + .../authorization_cli_auth_enable.q.out | 1 - .../clientnegative/join_nonexistent_part.q.out | 1 - .../clientpositive/authorization_9.q.out | 180 +++++++++++++++++++ .../authorization_explain.q.java1.7.out | 3 - .../authorization_show_grant.q.out | 60 +++++++ 59 files changed, 318 insertions(+), 62 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/hive/blob/95d22735/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java ---------------------------------------------------------------------- diff --git a/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java b/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java index d52f994..a563f2e 100644 --- a/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java +++ b/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java @@ -1641,7 +1641,7 @@ public class HiveConf extends Configuration { HIVE_AUTHORIZATION_ENABLED("hive.security.authorization.enabled", false, "enable or disable the Hive client authorization"), HIVE_AUTHORIZATION_MANAGER("hive.security.authorization.manager", - "org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider", + "org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory", "The Hive client authorization manager class name. The user defined authorization class should implement \n" + "interface org.apache.hadoop.hive.ql.security.authorization.HiveAuthorizationProvider."), HIVE_AUTHENTICATOR_MANAGER("hive.security.authenticator.manager", http://git-wip-us.apache.org/repos/asf/hive/blob/95d22735/hcatalog/core/src/main/java/org/apache/hive/hcatalog/cli/SemanticAnalysis/HCatAuthUtil.java ---------------------------------------------------------------------- diff --git a/hcatalog/core/src/main/java/org/apache/hive/hcatalog/cli/SemanticAnalysis/HCatAuthUtil.java b/hcatalog/core/src/main/java/org/apache/hive/hcatalog/cli/SemanticAnalysis/HCatAuthUtil.java index 6dce9c4..c954245 100644 --- a/hcatalog/core/src/main/java/org/apache/hive/hcatalog/cli/SemanticAnalysis/HCatAuthUtil.java +++ b/hcatalog/core/src/main/java/org/apache/hive/hcatalog/cli/SemanticAnalysis/HCatAuthUtil.java @@ -20,7 +20,7 @@ package org.apache.hive.hcatalog.cli.SemanticAnalysis; import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.hive.conf.HiveConf; -import org.apache.hadoop.hive.ql.session.SessionState; +import org.apache.hadoop.hive.ql.security.authorization.StorageBasedAuthorizationProvider; final class HCatAuthUtil { public static boolean isAuthorizationEnabled(Configuration conf) { @@ -31,6 +31,7 @@ final class HCatAuthUtil { // additional checks if a V2 authorizer is in use. The reccomended configuration is to // use storage based authorization in metastore server return HiveConf.getBoolVar(conf, HiveConf.ConfVars.HIVE_AUTHORIZATION_ENABLED) - && SessionState.get().getAuthorizer() != null; + && HiveConf.getVar(conf, HiveConf.ConfVars.HIVE_AUTHORIZATION_MANAGER) + == StorageBasedAuthorizationProvider.class.getName(); } } http://git-wip-us.apache.org/repos/asf/hive/blob/95d22735/hcatalog/core/src/test/java/org/apache/hive/hcatalog/cli/SemanticAnalysis/TestHCatAuthUtil.java ---------------------------------------------------------------------- diff --git a/hcatalog/core/src/test/java/org/apache/hive/hcatalog/cli/SemanticAnalysis/TestHCatAuthUtil.java b/hcatalog/core/src/test/java/org/apache/hive/hcatalog/cli/SemanticAnalysis/TestHCatAuthUtil.java index 830dcb8..a190002 100644 --- a/hcatalog/core/src/test/java/org/apache/hive/hcatalog/cli/SemanticAnalysis/TestHCatAuthUtil.java +++ b/hcatalog/core/src/test/java/org/apache/hive/hcatalog/cli/SemanticAnalysis/TestHCatAuthUtil.java @@ -24,6 +24,7 @@ import static org.junit.Assert.assertTrue; import org.apache.hadoop.hive.conf.HiveConf; import org.apache.hadoop.hive.conf.HiveConf.ConfVars; import org.apache.hadoop.hive.ql.security.HiveAuthenticationProvider; +import org.apache.hadoop.hive.ql.security.authorization.StorageBasedAuthorizationProvider; import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer; import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizerFactory; import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException; @@ -49,12 +50,13 @@ public class TestHCatAuthUtil { } /** - * Test with auth enabled and v1 auth + * Test with auth enabled and StorageBasedAuthorizationProvider */ @Test public void authEnabledV1Auth() throws Exception { HiveConf hcatConf = new HiveConf(this.getClass()); hcatConf.setBoolVar(ConfVars.HIVE_AUTHORIZATION_ENABLED, true); + hcatConf.setVar(ConfVars.HIVE_AUTHORIZATION_MANAGER, StorageBasedAuthorizationProvider.class.getName()); SessionState.start(hcatConf); assertTrue("hcat auth should be enabled", HCatAuthUtil.isAuthorizationEnabled(hcatConf)); } http://git-wip-us.apache.org/repos/asf/hive/blob/95d22735/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAuthorizationValidator.java ---------------------------------------------------------------------- diff --git a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAuthorizationValidator.java b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAuthorizationValidator.java index ee57f69..9f586be 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAuthorizationValidator.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAuthorizationValidator.java @@ -60,17 +60,6 @@ public class SQLStdHiveAuthorizationValidator implements HiveAuthorizationValida this.authenticator = authenticator; this.privController = privilegeManager; this.ctx = SQLAuthorizationUtils.applyTestSettings(ctx, conf); - assertHiveCliAuthDisabled(conf); - } - - private void assertHiveCliAuthDisabled(HiveConf conf) throws HiveAuthzPluginException { - if (ctx.getClientType() == CLIENT_TYPE.HIVECLI - && conf.getBoolVar(ConfVars.HIVE_AUTHORIZATION_ENABLED)) { - throw new HiveAuthzPluginException( - "SQL standards based authorization should not be enabled from hive cli" - + "Instead the use of storage based authorization in hive metastore is reccomended. Set " - + ConfVars.HIVE_AUTHORIZATION_ENABLED.varname + "=false to disable authz within cli"); - } } @Override http://git-wip-us.apache.org/repos/asf/hive/blob/95d22735/ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/TestPrivilegesV1.java ---------------------------------------------------------------------- diff --git a/ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/TestPrivilegesV1.java b/ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/TestPrivilegesV1.java index c97bbb8..c614630 100644 --- a/ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/TestPrivilegesV1.java +++ b/ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/TestPrivilegesV1.java @@ -76,17 +76,8 @@ public class TestPrivilegesV1 extends PrivilegesTestBase{ */ @Test public void testPrivInGrantNotAccepted() throws Exception{ - grantUserTableFail("insert"); - grantUserTableFail("delete"); - } - - private void grantUserTableFail(String privName) { - try{ - grantUserTable(privName, PrivilegeType.UNKNOWN); - Assert.fail("Exception expected"); - }catch(Exception e){ - - } + grantUserTable("insert", PrivilegeType.INSERT); + grantUserTable("delete", PrivilegeType.DELETE); } private void grantUserTable(String privName, PrivilegeType privType) throws Exception { http://git-wip-us.apache.org/repos/asf/hive/blob/95d22735/ql/src/test/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/TestSQLStdHiveAccessControllerCLI.java ---------------------------------------------------------------------- diff --git a/ql/src/test/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/TestSQLStdHiveAccessControllerCLI.java b/ql/src/test/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/TestSQLStdHiveAccessControllerCLI.java index ac862c5..7d243f0 100644 --- a/ql/src/test/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/TestSQLStdHiveAccessControllerCLI.java +++ b/ql/src/test/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/TestSQLStdHiveAccessControllerCLI.java @@ -68,22 +68,16 @@ public class TestSQLStdHiveAccessControllerCLI { } /** - * Verify that exceptiion is thrown if authorization is enabled from hive cli, + * Verify that no exception is thrown if authorization is enabled from hive cli, * when sql std auth is used */ @Test - public void testAuthEnableError() { + public void testAuthEnable() throws Exception { HiveConf processedConf = new HiveConf(); processedConf.setBoolVar(ConfVars.HIVE_AUTHORIZATION_ENABLED, true); - try { - HiveAuthorizerFactory authorizerFactory = new SQLStdHiveAuthorizerFactory(); - HiveAuthorizer authorizer = authorizerFactory.createHiveAuthorizer(null, processedConf, - new HadoopDefaultAuthenticator(), getCLISessionCtx()); - fail("Exception expected"); - } catch (HiveAuthzPluginException e) { - assertTrue(e.getMessage().contains( - "SQL standards based authorization should not be enabled from hive cli")); - } + HiveAuthorizerFactory authorizerFactory = new SQLStdHiveAuthorizerFactory(); + HiveAuthorizer authorizer = authorizerFactory.createHiveAuthorizer(null, processedConf, + new HadoopDefaultAuthenticator(), getCLISessionCtx()); } } http://git-wip-us.apache.org/repos/asf/hive/blob/95d22735/ql/src/test/queries/clientnegative/authorization_cli_auth_enable.q ---------------------------------------------------------------------- diff --git a/ql/src/test/queries/clientnegative/authorization_cli_auth_enable.q b/ql/src/test/queries/clientnegative/authorization_cli_auth_enable.q deleted file mode 100644 index 4761051..0000000 --- a/ql/src/test/queries/clientnegative/authorization_cli_auth_enable.q +++ /dev/null @@ -1,7 +0,0 @@ -set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest; -set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; -set user.name=hive_test_user; -set hive.security.authorization.enabled=true; - --- verify that sql std auth throws an error with hive cli, if auth is enabled -show tables 'src'; http://git-wip-us.apache.org/repos/asf/hive/blob/95d22735/ql/src/test/queries/clientnegative/authorization_fail_1.q ---------------------------------------------------------------------- diff --git a/ql/src/test/queries/clientnegative/authorization_fail_1.q b/ql/src/test/queries/clientnegative/authorization_fail_1.q index c38dab5..49aa09e 100644 --- a/ql/src/test/queries/clientnegative/authorization_fail_1.q +++ b/ql/src/test/queries/clientnegative/authorization_fail_1.q @@ -1,3 +1,4 @@ +set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider; create table authorization_fail_1 (key int, value string); set hive.security.authorization.enabled=true; http://git-wip-us.apache.org/repos/asf/hive/blob/95d22735/ql/src/test/queries/clientnegative/authorization_fail_2.q ---------------------------------------------------------------------- diff --git a/ql/src/test/queries/clientnegative/authorization_fail_2.q b/ql/src/test/queries/clientnegative/authorization_fail_2.q index 341e447..1a703d5 100644 --- a/ql/src/test/queries/clientnegative/authorization_fail_2.q +++ b/ql/src/test/queries/clientnegative/authorization_fail_2.q @@ -1,3 +1,4 @@ +set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider; create table authorization_fail_2 (key int, value string) partitioned by (ds string); set hive.security.authorization.enabled=true; http://git-wip-us.apache.org/repos/asf/hive/blob/95d22735/ql/src/test/queries/clientnegative/authorization_fail_3.q ---------------------------------------------------------------------- diff --git a/ql/src/test/queries/clientnegative/authorization_fail_3.q b/ql/src/test/queries/clientnegative/authorization_fail_3.q index 6a56daa..03c516d 100644 --- a/ql/src/test/queries/clientnegative/authorization_fail_3.q +++ b/ql/src/test/queries/clientnegative/authorization_fail_3.q @@ -1,3 +1,4 @@ +set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider; -- SORT_BEFORE_DIFF create table authorization_fail_3 (key int, value string) partitioned by (ds string); http://git-wip-us.apache.org/repos/asf/hive/blob/95d22735/ql/src/test/queries/clientnegative/authorization_fail_4.q ---------------------------------------------------------------------- diff --git a/ql/src/test/queries/clientnegative/authorization_fail_4.q b/ql/src/test/queries/clientnegative/authorization_fail_4.q index f0cb645..b3e687e 100644 --- a/ql/src/test/queries/clientnegative/authorization_fail_4.q +++ b/ql/src/test/queries/clientnegative/authorization_fail_4.q @@ -1,3 +1,4 @@ +set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider; -- SORT_BEFORE_DIFF create table authorization_fail_4 (key int, value string) partitioned by (ds string); http://git-wip-us.apache.org/repos/asf/hive/blob/95d22735/ql/src/test/queries/clientnegative/authorization_fail_5.q ---------------------------------------------------------------------- diff --git a/ql/src/test/queries/clientnegative/authorization_fail_5.q b/ql/src/test/queries/clientnegative/authorization_fail_5.q index b4efab5..abf2e81 100644 --- a/ql/src/test/queries/clientnegative/authorization_fail_5.q +++ b/ql/src/test/queries/clientnegative/authorization_fail_5.q @@ -1,3 +1,4 @@ +set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider; -- SORT_BEFORE_DIFF create table authorization_fail (key int, value string) partitioned by (ds string); @@ -17,4 +18,4 @@ revoke Select on table authorization_fail partition (ds='2010') from user hive_t show grant user hive_test_user on table authorization_fail partition (ds='2010'); -select key from authorization_fail where ds='2010'; \ No newline at end of file +select key from authorization_fail where ds='2010'; http://git-wip-us.apache.org/repos/asf/hive/blob/95d22735/ql/src/test/queries/clientnegative/authorization_fail_6.q ---------------------------------------------------------------------- diff --git a/ql/src/test/queries/clientnegative/authorization_fail_6.q b/ql/src/test/queries/clientnegative/authorization_fail_6.q index 9772469..d3322f4 100644 --- a/ql/src/test/queries/clientnegative/authorization_fail_6.q +++ b/ql/src/test/queries/clientnegative/authorization_fail_6.q @@ -1,3 +1,4 @@ +set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider; -- SORT_BEFORE_DIFF create table authorization_part_fail (key int, value string) partitioned by (ds string); http://git-wip-us.apache.org/repos/asf/hive/blob/95d22735/ql/src/test/queries/clientnegative/authorization_fail_7.q ---------------------------------------------------------------------- diff --git a/ql/src/test/queries/clientnegative/authorization_fail_7.q b/ql/src/test/queries/clientnegative/authorization_fail_7.q index 492deed..9eeecc1 100644 --- a/ql/src/test/queries/clientnegative/authorization_fail_7.q +++ b/ql/src/test/queries/clientnegative/authorization_fail_7.q @@ -1,3 +1,4 @@ +set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider; -- SORT_BEFORE_DIFF create table authorization_fail (key int, value string); @@ -14,4 +15,4 @@ show grant role hive_test_role_fail on table authorization_fail; drop role hive_test_role_fail; -select key from authorization_fail; \ No newline at end of file +select key from authorization_fail; http://git-wip-us.apache.org/repos/asf/hive/blob/95d22735/ql/src/test/queries/clientnegative/authorization_fail_create_db.q ---------------------------------------------------------------------- diff --git a/ql/src/test/queries/clientnegative/authorization_fail_create_db.q b/ql/src/test/queries/clientnegative/authorization_fail_create_db.q index d969e39..147c772 100644 --- a/ql/src/test/queries/clientnegative/authorization_fail_create_db.q +++ b/ql/src/test/queries/clientnegative/authorization_fail_create_db.q @@ -1,3 +1,4 @@ +set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider; set hive.security.authorization.enabled=true; create database db_to_fail; http://git-wip-us.apache.org/repos/asf/hive/blob/95d22735/ql/src/test/queries/clientnegative/authorization_fail_drop_db.q ---------------------------------------------------------------------- diff --git a/ql/src/test/queries/clientnegative/authorization_fail_drop_db.q b/ql/src/test/queries/clientnegative/authorization_fail_drop_db.q index 87719b0..5a98620 100644 --- a/ql/src/test/queries/clientnegative/authorization_fail_drop_db.q +++ b/ql/src/test/queries/clientnegative/authorization_fail_drop_db.q @@ -1,3 +1,4 @@ +set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider; set hive.security.authorization.enabled=false; create database db_fail_to_drop; set hive.security.authorization.enabled=true; http://git-wip-us.apache.org/repos/asf/hive/blob/95d22735/ql/src/test/queries/clientnegative/authorization_invalid_priv_v1.q ---------------------------------------------------------------------- diff --git a/ql/src/test/queries/clientnegative/authorization_invalid_priv_v1.q b/ql/src/test/queries/clientnegative/authorization_invalid_priv_v1.q index 2a1da23..2742f0d 100644 --- a/ql/src/test/queries/clientnegative/authorization_invalid_priv_v1.q +++ b/ql/src/test/queries/clientnegative/authorization_invalid_priv_v1.q @@ -1,3 +1,4 @@ +set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider; create table if not exists authorization_invalid_v1 (key int, value string); grant delete on table authorization_invalid_v1 to user hive_test_user; drop table authorization_invalid_v1; http://git-wip-us.apache.org/repos/asf/hive/blob/95d22735/ql/src/test/queries/clientnegative/authorization_part.q ---------------------------------------------------------------------- diff --git a/ql/src/test/queries/clientnegative/authorization_part.q b/ql/src/test/queries/clientnegative/authorization_part.q index a654a23..517f513 100644 --- a/ql/src/test/queries/clientnegative/authorization_part.q +++ b/ql/src/test/queries/clientnegative/authorization_part.q @@ -1,3 +1,4 @@ +set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider; -- SORT_BEFORE_DIFF create table authorization_part_fail (key int, value string) partitioned by (ds string); @@ -34,4 +35,4 @@ revoke select on table authorization_part_fail partition (ds='2010') from group select key,value, ds from authorization_part_fail where ds>='2010' order by key, ds limit 20; drop table authorization_part_fail; -drop table src_auth; \ No newline at end of file +drop table src_auth; http://git-wip-us.apache.org/repos/asf/hive/blob/95d22735/ql/src/test/queries/clientnegative/authorization_public_create.q ---------------------------------------------------------------------- diff --git a/ql/src/test/queries/clientnegative/authorization_public_create.q b/ql/src/test/queries/clientnegative/authorization_public_create.q index 8298ce9..00e542a 100644 --- a/ql/src/test/queries/clientnegative/authorization_public_create.q +++ b/ql/src/test/queries/clientnegative/authorization_public_create.q @@ -1 +1,2 @@ +set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider; create role public; http://git-wip-us.apache.org/repos/asf/hive/blob/95d22735/ql/src/test/queries/clientnegative/authorization_public_drop.q ---------------------------------------------------------------------- diff --git a/ql/src/test/queries/clientnegative/authorization_public_drop.q b/ql/src/test/queries/clientnegative/authorization_public_drop.q index 7e89f6e..1f5025f 100644 --- a/ql/src/test/queries/clientnegative/authorization_public_drop.q +++ b/ql/src/test/queries/clientnegative/authorization_public_drop.q @@ -1 +1,2 @@ +set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider; drop role public; http://git-wip-us.apache.org/repos/asf/hive/blob/95d22735/ql/src/test/queries/clientnegative/authorization_role_case.q ---------------------------------------------------------------------- diff --git a/ql/src/test/queries/clientnegative/authorization_role_case.q b/ql/src/test/queries/clientnegative/authorization_role_case.q index 339239a..bcc075d 100644 --- a/ql/src/test/queries/clientnegative/authorization_role_case.q +++ b/ql/src/test/queries/clientnegative/authorization_role_case.q @@ -1,3 +1,4 @@ +set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider; create role mixCaseRole1; create role mixCaseRole2; http://git-wip-us.apache.org/repos/asf/hive/blob/95d22735/ql/src/test/queries/clientnegative/authorize_grant_public.q ---------------------------------------------------------------------- diff --git a/ql/src/test/queries/clientnegative/authorize_grant_public.q b/ql/src/test/queries/clientnegative/authorize_grant_public.q index e024b50..31d7462 100644 --- a/ql/src/test/queries/clientnegative/authorize_grant_public.q +++ b/ql/src/test/queries/clientnegative/authorize_grant_public.q @@ -1 +1,2 @@ +set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider; grant role public to user hive_test_user; http://git-wip-us.apache.org/repos/asf/hive/blob/95d22735/ql/src/test/queries/clientnegative/authorize_revoke_public.q ---------------------------------------------------------------------- diff --git a/ql/src/test/queries/clientnegative/authorize_revoke_public.q b/ql/src/test/queries/clientnegative/authorize_revoke_public.q index dadd424..4d949ac 100644 --- a/ql/src/test/queries/clientnegative/authorize_revoke_public.q +++ b/ql/src/test/queries/clientnegative/authorize_revoke_public.q @@ -1 +1,2 @@ +set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider; revoke role public from user hive_test_user; http://git-wip-us.apache.org/repos/asf/hive/blob/95d22735/ql/src/test/queries/clientnegative/exim_22_export_authfail.q ---------------------------------------------------------------------- diff --git a/ql/src/test/queries/clientnegative/exim_22_export_authfail.q b/ql/src/test/queries/clientnegative/exim_22_export_authfail.q index b818686..5810be5 100644 --- a/ql/src/test/queries/clientnegative/exim_22_export_authfail.q +++ b/ql/src/test/queries/clientnegative/exim_22_export_authfail.q @@ -1,3 +1,4 @@ +set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider; set hive.test.mode=true; set hive.test.mode.prefix=; http://git-wip-us.apache.org/repos/asf/hive/blob/95d22735/ql/src/test/queries/clientnegative/exim_23_import_exist_authfail.q ---------------------------------------------------------------------- diff --git a/ql/src/test/queries/clientnegative/exim_23_import_exist_authfail.q b/ql/src/test/queries/clientnegative/exim_23_import_exist_authfail.q index 4acefb9..4e302c0 100644 --- a/ql/src/test/queries/clientnegative/exim_23_import_exist_authfail.q +++ b/ql/src/test/queries/clientnegative/exim_23_import_exist_authfail.q @@ -1,3 +1,4 @@ +set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider; set hive.test.mode=true; set hive.test.mode.prefix=; http://git-wip-us.apache.org/repos/asf/hive/blob/95d22735/ql/src/test/queries/clientnegative/exim_24_import_part_authfail.q ---------------------------------------------------------------------- diff --git a/ql/src/test/queries/clientnegative/exim_24_import_part_authfail.q b/ql/src/test/queries/clientnegative/exim_24_import_part_authfail.q index 467014e..0bc070c 100644 --- a/ql/src/test/queries/clientnegative/exim_24_import_part_authfail.q +++ b/ql/src/test/queries/clientnegative/exim_24_import_part_authfail.q @@ -1,3 +1,4 @@ +set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider; set hive.test.mode=true; set hive.test.mode.prefix=; set hive.test.mode.nosamplelist=exim_department,exim_employee; http://git-wip-us.apache.org/repos/asf/hive/blob/95d22735/ql/src/test/queries/clientnegative/exim_25_import_nonexist_authfail.q ---------------------------------------------------------------------- diff --git a/ql/src/test/queries/clientnegative/exim_25_import_nonexist_authfail.q b/ql/src/test/queries/clientnegative/exim_25_import_nonexist_authfail.q index 595fa7e..3ed7a5f 100644 --- a/ql/src/test/queries/clientnegative/exim_25_import_nonexist_authfail.q +++ b/ql/src/test/queries/clientnegative/exim_25_import_nonexist_authfail.q @@ -1,3 +1,4 @@ +set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider; set hive.test.mode=true; set hive.test.mode.prefix=; set hive.test.mode.nosamplelist=exim_department,exim_employee; http://git-wip-us.apache.org/repos/asf/hive/blob/95d22735/ql/src/test/queries/clientnegative/join_nonexistent_part.q ---------------------------------------------------------------------- diff --git a/ql/src/test/queries/clientnegative/join_nonexistent_part.q b/ql/src/test/queries/clientnegative/join_nonexistent_part.q deleted file mode 100644 index bf60d2e..0000000 --- a/ql/src/test/queries/clientnegative/join_nonexistent_part.q +++ /dev/null @@ -1,5 +0,0 @@ -set hive.mapred.mode=nonstrict; -SET hive.security.authorization.enabled = true; -SELECT * -FROM srcpart s1 join src s2 on s1.key == s2.key -WHERE s1.ds='non-existent'; http://git-wip-us.apache.org/repos/asf/hive/blob/95d22735/ql/src/test/queries/clientnegative/load_exist_part_authfail.q ---------------------------------------------------------------------- diff --git a/ql/src/test/queries/clientnegative/load_exist_part_authfail.q b/ql/src/test/queries/clientnegative/load_exist_part_authfail.q index eb72d94..f9ecc6f 100644 --- a/ql/src/test/queries/clientnegative/load_exist_part_authfail.q +++ b/ql/src/test/queries/clientnegative/load_exist_part_authfail.q @@ -1,3 +1,4 @@ +set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider; create table hive_test_src ( col1 string ) partitioned by (pcol1 string) stored as textfile; alter table hive_test_src add partition (pcol1 = 'test_part'); set hive.security.authorization.enabled=true; http://git-wip-us.apache.org/repos/asf/hive/blob/95d22735/ql/src/test/queries/clientnegative/load_nonpart_authfail.q ---------------------------------------------------------------------- diff --git a/ql/src/test/queries/clientnegative/load_nonpart_authfail.q b/ql/src/test/queries/clientnegative/load_nonpart_authfail.q index 3265363..1f40978 100644 --- a/ql/src/test/queries/clientnegative/load_nonpart_authfail.q +++ b/ql/src/test/queries/clientnegative/load_nonpart_authfail.q @@ -1,3 +1,4 @@ +set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider; create table hive_test_src ( col1 string ) stored as textfile; set hive.security.authorization.enabled=true; load data local inpath '../../data/files/test.dat' overwrite into table hive_test_src ; http://git-wip-us.apache.org/repos/asf/hive/blob/95d22735/ql/src/test/queries/clientnegative/load_part_authfail.q ---------------------------------------------------------------------- diff --git a/ql/src/test/queries/clientnegative/load_part_authfail.q b/ql/src/test/queries/clientnegative/load_part_authfail.q index 315988d..5735cd2 100644 --- a/ql/src/test/queries/clientnegative/load_part_authfail.q +++ b/ql/src/test/queries/clientnegative/load_part_authfail.q @@ -1,3 +1,4 @@ +set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider; create table hive_test_src ( col1 string ) partitioned by (pcol1 string) stored as textfile; set hive.security.authorization.enabled=true; load data local inpath '../../data/files/test.dat' overwrite into table hive_test_src partition (pcol1 = 'test_part'); http://git-wip-us.apache.org/repos/asf/hive/blob/95d22735/ql/src/test/queries/clientpositive/alter_rename_partition_authorization.q ---------------------------------------------------------------------- diff --git a/ql/src/test/queries/clientpositive/alter_rename_partition_authorization.q b/ql/src/test/queries/clientpositive/alter_rename_partition_authorization.q index cdefc2d..70f2bb4 100644 --- a/ql/src/test/queries/clientpositive/alter_rename_partition_authorization.q +++ b/ql/src/test/queries/clientpositive/alter_rename_partition_authorization.q @@ -1,3 +1,4 @@ +set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider; -- SORT_BEFORE_DIFF create table src_auth_tmp as select * from src; http://git-wip-us.apache.org/repos/asf/hive/blob/95d22735/ql/src/test/queries/clientpositive/authorization_1.q ---------------------------------------------------------------------- diff --git a/ql/src/test/queries/clientpositive/authorization_1.q b/ql/src/test/queries/clientpositive/authorization_1.q index d5fd2ec..184acc7 100644 --- a/ql/src/test/queries/clientpositive/authorization_1.q +++ b/ql/src/test/queries/clientpositive/authorization_1.q @@ -1,3 +1,5 @@ +set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider; + -- SORT_BEFORE_DIFF create table src_autho_test as select * from src; @@ -86,4 +88,4 @@ revoke select on table src_autho_test from role sRc_roLE; drop role sRc_roLE; set hive.security.authorization.enabled=false; -drop table src_autho_test; \ No newline at end of file +drop table src_autho_test; http://git-wip-us.apache.org/repos/asf/hive/blob/95d22735/ql/src/test/queries/clientpositive/authorization_2.q ---------------------------------------------------------------------- diff --git a/ql/src/test/queries/clientpositive/authorization_2.q b/ql/src/test/queries/clientpositive/authorization_2.q index 3353c53..efb42f7 100644 --- a/ql/src/test/queries/clientpositive/authorization_2.q +++ b/ql/src/test/queries/clientpositive/authorization_2.q @@ -1,3 +1,5 @@ +set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider; + -- SORT_BEFORE_DIFF create table authorization_part (key int, value string) partitioned by (ds string); @@ -108,4 +110,4 @@ show grant group hive_test_group1 on table authorization_part partition (ds='201 revoke select on table src_auth_tmp from user hive_test_user; set hive.security.authorization.enabled=false; -drop table authorization_part; \ No newline at end of file +drop table authorization_part; http://git-wip-us.apache.org/repos/asf/hive/blob/95d22735/ql/src/test/queries/clientpositive/authorization_3.q ---------------------------------------------------------------------- diff --git a/ql/src/test/queries/clientpositive/authorization_3.q b/ql/src/test/queries/clientpositive/authorization_3.q index ba76b00..09c6494 100644 --- a/ql/src/test/queries/clientpositive/authorization_3.q +++ b/ql/src/test/queries/clientpositive/authorization_3.q @@ -1,3 +1,5 @@ +set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider; + -- SORT_BEFORE_DIFF create table src_autho_test as select * from src; http://git-wip-us.apache.org/repos/asf/hive/blob/95d22735/ql/src/test/queries/clientpositive/authorization_4.q ---------------------------------------------------------------------- diff --git a/ql/src/test/queries/clientpositive/authorization_4.q b/ql/src/test/queries/clientpositive/authorization_4.q index 152c8e5..c1848a7 100644 --- a/ql/src/test/queries/clientpositive/authorization_4.q +++ b/ql/src/test/queries/clientpositive/authorization_4.q @@ -1,3 +1,5 @@ +set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider; + -- SORT_BEFORE_DIFF create table src_autho_test as select * from src; @@ -10,4 +12,4 @@ show grant user hive_test_user on table src_autho_test; select key from src_autho_test order by key limit 20; -drop table src_autho_test; \ No newline at end of file +drop table src_autho_test; http://git-wip-us.apache.org/repos/asf/hive/blob/95d22735/ql/src/test/queries/clientpositive/authorization_5.q ---------------------------------------------------------------------- diff --git a/ql/src/test/queries/clientpositive/authorization_5.q b/ql/src/test/queries/clientpositive/authorization_5.q index fec27b4..fb9b262 100644 --- a/ql/src/test/queries/clientpositive/authorization_5.q +++ b/ql/src/test/queries/clientpositive/authorization_5.q @@ -1,3 +1,5 @@ +set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider; + -- SORT_BEFORE_DIFF CREATE DATABASE IF NOT EXISTS test_db COMMENT 'Hive test database'; http://git-wip-us.apache.org/repos/asf/hive/blob/95d22735/ql/src/test/queries/clientpositive/authorization_6.q ---------------------------------------------------------------------- diff --git a/ql/src/test/queries/clientpositive/authorization_6.q b/ql/src/test/queries/clientpositive/authorization_6.q index 258ada4..5f9bde7 100644 --- a/ql/src/test/queries/clientpositive/authorization_6.q +++ b/ql/src/test/queries/clientpositive/authorization_6.q @@ -1,3 +1,5 @@ +set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider; + -- SORT_BEFORE_DIFF create table src_auth_tmp as select * from src; http://git-wip-us.apache.org/repos/asf/hive/blob/95d22735/ql/src/test/queries/clientpositive/authorization_7.q ---------------------------------------------------------------------- diff --git a/ql/src/test/queries/clientpositive/authorization_7.q b/ql/src/test/queries/clientpositive/authorization_7.q index ae49000..216951e 100644 --- a/ql/src/test/queries/clientpositive/authorization_7.q +++ b/ql/src/test/queries/clientpositive/authorization_7.q @@ -1,3 +1,5 @@ +set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider; + GRANT ALL TO USER hive_test_user; SET hive.security.authorization.enabled=true; CREATE TABLE src_authorization_7 (key int, value string); @@ -12,4 +14,4 @@ SET hive.security.authorization.enabled=true; CREATE TABLE src_authorization_7 (key int, value string); DESCRIBE src_authorization_7; DROP TABLE src_authorization_7; -REVOKE ALL FROM GROUP hive_test_group1; \ No newline at end of file +REVOKE ALL FROM GROUP hive_test_group1; http://git-wip-us.apache.org/repos/asf/hive/blob/95d22735/ql/src/test/queries/clientpositive/authorization_8.q ---------------------------------------------------------------------- diff --git a/ql/src/test/queries/clientpositive/authorization_8.q b/ql/src/test/queries/clientpositive/authorization_8.q index 67fcf31..b8571aa 100644 --- a/ql/src/test/queries/clientpositive/authorization_8.q +++ b/ql/src/test/queries/clientpositive/authorization_8.q @@ -1,3 +1,4 @@ +set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider; set hive.security.authorization.enabled=true; GRANT ALL TO USER hive_test_user; CREATE TABLE tbl_j5jbymsx8e (key INT, value STRING) PARTITIONED BY (ds STRING); http://git-wip-us.apache.org/repos/asf/hive/blob/95d22735/ql/src/test/queries/clientpositive/authorization_9.q ---------------------------------------------------------------------- diff --git a/ql/src/test/queries/clientpositive/authorization_9.q b/ql/src/test/queries/clientpositive/authorization_9.q index ed62c45..5f72665 100644 --- a/ql/src/test/queries/clientpositive/authorization_9.q +++ b/ql/src/test/queries/clientpositive/authorization_9.q @@ -1,3 +1,4 @@ +set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider; -- SORT_BEFORE_DIFF create table dummy (key string, value string); http://git-wip-us.apache.org/repos/asf/hive/blob/95d22735/ql/src/test/queries/clientpositive/authorization_default_create_table_owner_privs.q ---------------------------------------------------------------------- diff --git a/ql/src/test/queries/clientpositive/authorization_default_create_table_owner_privs.q b/ql/src/test/queries/clientpositive/authorization_default_create_table_owner_privs.q index c265733..e533ee7 100644 --- a/ql/src/test/queries/clientpositive/authorization_default_create_table_owner_privs.q +++ b/ql/src/test/queries/clientpositive/authorization_default_create_table_owner_privs.q @@ -1,3 +1,4 @@ +set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider; set hive.security.authorization.createtable.owner.grants=ALL; create table default_auth_table_creator_priv_test(i int); http://git-wip-us.apache.org/repos/asf/hive/blob/95d22735/ql/src/test/queries/clientpositive/authorization_explain.q ---------------------------------------------------------------------- diff --git a/ql/src/test/queries/clientpositive/authorization_explain.q b/ql/src/test/queries/clientpositive/authorization_explain.q index fe376bf..6a9475c 100644 --- a/ql/src/test/queries/clientpositive/authorization_explain.q +++ b/ql/src/test/queries/clientpositive/authorization_explain.q @@ -1,3 +1,4 @@ +set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider; set hive.mapred.mode=nonstrict; set hive.security.authorization.enabled=true; http://git-wip-us.apache.org/repos/asf/hive/blob/95d22735/ql/src/test/queries/clientpositive/authorization_show_role_principals_v1.q ---------------------------------------------------------------------- diff --git a/ql/src/test/queries/clientpositive/authorization_show_role_principals_v1.q b/ql/src/test/queries/clientpositive/authorization_show_role_principals_v1.q index 50e9dc2..45e89c5 100644 --- a/ql/src/test/queries/clientpositive/authorization_show_role_principals_v1.q +++ b/ql/src/test/queries/clientpositive/authorization_show_role_principals_v1.q @@ -1,3 +1,4 @@ +set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider; create role role1; grant role1 to user user1 with admin option; grant role1 to user user2 with admin option; http://git-wip-us.apache.org/repos/asf/hive/blob/95d22735/ql/src/test/queries/clientpositive/exim_21_export_authsuccess.q ---------------------------------------------------------------------- diff --git a/ql/src/test/queries/clientpositive/exim_21_export_authsuccess.q b/ql/src/test/queries/clientpositive/exim_21_export_authsuccess.q index 293a011..1e3eaee 100644 --- a/ql/src/test/queries/clientpositive/exim_21_export_authsuccess.q +++ b/ql/src/test/queries/clientpositive/exim_21_export_authsuccess.q @@ -1,3 +1,4 @@ +set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider; set hive.test.mode=true; set hive.test.mode.prefix=; http://git-wip-us.apache.org/repos/asf/hive/blob/95d22735/ql/src/test/queries/clientpositive/exim_22_import_exist_authsuccess.q ---------------------------------------------------------------------- diff --git a/ql/src/test/queries/clientpositive/exim_22_import_exist_authsuccess.q b/ql/src/test/queries/clientpositive/exim_22_import_exist_authsuccess.q index 03714ab..606f9af 100644 --- a/ql/src/test/queries/clientpositive/exim_22_import_exist_authsuccess.q +++ b/ql/src/test/queries/clientpositive/exim_22_import_exist_authsuccess.q @@ -1,6 +1,7 @@ set hive.test.mode=true; set hive.test.mode.prefix=; set hive.test.mode.nosamplelist=exim_department,exim_employee; +set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider; create table exim_department ( dep_id int) stored as textfile; load data local inpath "../../data/files/test.dat" into table exim_department; http://git-wip-us.apache.org/repos/asf/hive/blob/95d22735/ql/src/test/queries/clientpositive/exim_23_import_part_authsuccess.q ---------------------------------------------------------------------- diff --git a/ql/src/test/queries/clientpositive/exim_23_import_part_authsuccess.q b/ql/src/test/queries/clientpositive/exim_23_import_part_authsuccess.q index 9012b0e..316f2e0 100644 --- a/ql/src/test/queries/clientpositive/exim_23_import_part_authsuccess.q +++ b/ql/src/test/queries/clientpositive/exim_23_import_part_authsuccess.q @@ -2,6 +2,7 @@ set hive.mapred.mode=nonstrict; set hive.test.mode=true; set hive.test.mode.prefix=; set hive.test.mode.nosamplelist=exim_department,exim_employee; +set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider; create table exim_employee ( emp_id int comment "employee id") comment "employee table" http://git-wip-us.apache.org/repos/asf/hive/blob/95d22735/ql/src/test/queries/clientpositive/exim_24_import_nonexist_authsuccess.q ---------------------------------------------------------------------- diff --git a/ql/src/test/queries/clientpositive/exim_24_import_nonexist_authsuccess.q b/ql/src/test/queries/clientpositive/exim_24_import_nonexist_authsuccess.q index 8934c47..8ded70b 100644 --- a/ql/src/test/queries/clientpositive/exim_24_import_nonexist_authsuccess.q +++ b/ql/src/test/queries/clientpositive/exim_24_import_nonexist_authsuccess.q @@ -1,6 +1,7 @@ set hive.test.mode=true; set hive.test.mode.prefix=; set hive.test.mode.nosamplelist=exim_department,exim_employee; +set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider; create table exim_department ( dep_id int) stored as textfile; load data local inpath "../../data/files/test.dat" into table exim_department; http://git-wip-us.apache.org/repos/asf/hive/blob/95d22735/ql/src/test/queries/clientpositive/index_auth.q ---------------------------------------------------------------------- diff --git a/ql/src/test/queries/clientpositive/index_auth.q b/ql/src/test/queries/clientpositive/index_auth.q index 03d77f1..b12b742 100644 --- a/ql/src/test/queries/clientpositive/index_auth.q +++ b/ql/src/test/queries/clientpositive/index_auth.q @@ -1,5 +1,7 @@ set hive.stats.dbclass=fs; SET hive.input.format=org.apache.hadoop.hive.ql.io.HiveInputFormat; +set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider; + create table foobar(key int, value string) PARTITIONED BY (ds string, hr string); alter table foobar add partition (ds='2008-04-08',hr='12'); http://git-wip-us.apache.org/repos/asf/hive/blob/95d22735/ql/src/test/queries/clientpositive/keyword_1.q ---------------------------------------------------------------------- diff --git a/ql/src/test/queries/clientpositive/keyword_1.q b/ql/src/test/queries/clientpositive/keyword_1.q index d274515..9277725 100644 --- a/ql/src/test/queries/clientpositive/keyword_1.q +++ b/ql/src/test/queries/clientpositive/keyword_1.q @@ -1,3 +1,5 @@ +set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider; + -- SORT_BEFORE_DIFF create table test_user (`user` string, `group` string); @@ -16,4 +18,4 @@ explain select role from test_user; show grant user hive_test on table test_user; -drop table test_user; \ No newline at end of file +drop table test_user; http://git-wip-us.apache.org/repos/asf/hive/blob/95d22735/ql/src/test/queries/clientpositive/load_exist_part_authsuccess.q ---------------------------------------------------------------------- diff --git a/ql/src/test/queries/clientpositive/load_exist_part_authsuccess.q b/ql/src/test/queries/clientpositive/load_exist_part_authsuccess.q index 35eb219..1ce4824 100644 --- a/ql/src/test/queries/clientpositive/load_exist_part_authsuccess.q +++ b/ql/src/test/queries/clientpositive/load_exist_part_authsuccess.q @@ -1,3 +1,4 @@ +set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider; create table hive_test_src ( col1 string ) partitioned by (pcol1 string) stored as textfile; alter table hive_test_src add partition (pcol1 = 'test_part'); set hive.security.authorization.enabled=true; http://git-wip-us.apache.org/repos/asf/hive/blob/95d22735/ql/src/test/queries/clientpositive/load_nonpart_authsuccess.q ---------------------------------------------------------------------- diff --git a/ql/src/test/queries/clientpositive/load_nonpart_authsuccess.q b/ql/src/test/queries/clientpositive/load_nonpart_authsuccess.q index fdee451..29d4e80 100644 --- a/ql/src/test/queries/clientpositive/load_nonpart_authsuccess.q +++ b/ql/src/test/queries/clientpositive/load_nonpart_authsuccess.q @@ -1,3 +1,4 @@ +set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider; create table hive_test_src ( col1 string ) stored as textfile; set hive.security.authorization.enabled=true; grant Update on table hive_test_src to user hive_test_user; http://git-wip-us.apache.org/repos/asf/hive/blob/95d22735/ql/src/test/queries/clientpositive/load_part_authsuccess.q ---------------------------------------------------------------------- diff --git a/ql/src/test/queries/clientpositive/load_part_authsuccess.q b/ql/src/test/queries/clientpositive/load_part_authsuccess.q index cee5873..868fd6c 100644 --- a/ql/src/test/queries/clientpositive/load_part_authsuccess.q +++ b/ql/src/test/queries/clientpositive/load_part_authsuccess.q @@ -1,3 +1,4 @@ +set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider; create table hive_test_src ( col1 string ) partitioned by (pcol1 string) stored as textfile; set hive.security.authorization.enabled=true; grant Update on table hive_test_src to user hive_test_user; http://git-wip-us.apache.org/repos/asf/hive/blob/95d22735/ql/src/test/queries/clientpositive/show_roles.q ---------------------------------------------------------------------- diff --git a/ql/src/test/queries/clientpositive/show_roles.q b/ql/src/test/queries/clientpositive/show_roles.q index d8ce96a..9e5a6c3 100644 --- a/ql/src/test/queries/clientpositive/show_roles.q +++ b/ql/src/test/queries/clientpositive/show_roles.q @@ -1,3 +1,5 @@ +set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider; + create role role1; create role role2; http://git-wip-us.apache.org/repos/asf/hive/blob/95d22735/ql/src/test/results/clientnegative/authorization_cli_auth_enable.q.out ---------------------------------------------------------------------- diff --git a/ql/src/test/results/clientnegative/authorization_cli_auth_enable.q.out b/ql/src/test/results/clientnegative/authorization_cli_auth_enable.q.out deleted file mode 100644 index 252eb66..0000000 --- a/ql/src/test/results/clientnegative/authorization_cli_auth_enable.q.out +++ /dev/null @@ -1 +0,0 @@ -FAILED: RuntimeException org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException: SQL standards based authorization should not be enabled from hive cliInstead the use of storage based authorization in hive metastore is reccomended. Set hive.security.authorization.enabled=false to disable authz within cli http://git-wip-us.apache.org/repos/asf/hive/blob/95d22735/ql/src/test/results/clientnegative/join_nonexistent_part.q.out ---------------------------------------------------------------------- diff --git a/ql/src/test/results/clientnegative/join_nonexistent_part.q.out b/ql/src/test/results/clientnegative/join_nonexistent_part.q.out deleted file mode 100644 index a924895..0000000 --- a/ql/src/test/results/clientnegative/join_nonexistent_part.q.out +++ /dev/null @@ -1 +0,0 @@ -Authorization failed:No privilege 'Select' found for inputs { database:default, table:srcpart, columnName:key}. Use SHOW GRANT to get more details. http://git-wip-us.apache.org/repos/asf/hive/blob/95d22735/ql/src/test/results/clientpositive/authorization_9.q.out ---------------------------------------------------------------------- diff --git a/ql/src/test/results/clientpositive/authorization_9.q.out b/ql/src/test/results/clientpositive/authorization_9.q.out index 7f95f5e..6bb8ecb 100644 --- a/ql/src/test/results/clientpositive/authorization_9.q.out +++ b/ql/src/test/results/clientpositive/authorization_9.q.out @@ -46,7 +46,67 @@ POSTHOOK: query: show grant user hive_test_user on all POSTHOOK: type: SHOW_GRANT hive_test_user USER SELECT false -1 hive_test_user default hive_test_user USER SELECT false -1 hive_test_user +default alltypesorc hive_test_user USER DELETE true -1 hive_test_user +default alltypesorc hive_test_user USER INSERT true -1 hive_test_user +default alltypesorc hive_test_user USER SELECT true -1 hive_test_user +default alltypesorc hive_test_user USER UPDATE true -1 hive_test_user +default cbo_t1 hive_test_user USER DELETE true -1 hive_test_user +default cbo_t1 hive_test_user USER INSERT true -1 hive_test_user +default cbo_t1 hive_test_user USER SELECT true -1 hive_test_user +default cbo_t1 hive_test_user USER UPDATE true -1 hive_test_user +default cbo_t2 hive_test_user USER DELETE true -1 hive_test_user +default cbo_t2 hive_test_user USER INSERT true -1 hive_test_user +default cbo_t2 hive_test_user USER SELECT true -1 hive_test_user +default cbo_t2 hive_test_user USER UPDATE true -1 hive_test_user +default cbo_t3 hive_test_user USER DELETE true -1 hive_test_user +default cbo_t3 hive_test_user USER INSERT true -1 hive_test_user +default cbo_t3 hive_test_user USER SELECT true -1 hive_test_user +default cbo_t3 hive_test_user USER UPDATE true -1 hive_test_user default dummy hive_test_user USER SELECT false -1 hive_test_user +default lineitem hive_test_user USER DELETE true -1 hive_test_user +default lineitem hive_test_user USER INSERT true -1 hive_test_user +default lineitem hive_test_user USER SELECT true -1 hive_test_user +default lineitem hive_test_user USER UPDATE true -1 hive_test_user +default part hive_test_user USER DELETE true -1 hive_test_user +default part hive_test_user USER INSERT true -1 hive_test_user +default part hive_test_user USER SELECT true -1 hive_test_user +default part hive_test_user USER UPDATE true -1 hive_test_user +default src hive_test_user USER DELETE true -1 hive_test_user +default src hive_test_user USER INSERT true -1 hive_test_user +default src hive_test_user USER SELECT true -1 hive_test_user +default src hive_test_user USER UPDATE true -1 hive_test_user +default src1 hive_test_user USER DELETE true -1 hive_test_user +default src1 hive_test_user USER INSERT true -1 hive_test_user +default src1 hive_test_user USER SELECT true -1 hive_test_user +default src1 hive_test_user USER UPDATE true -1 hive_test_user +default src_cbo hive_test_user USER DELETE true -1 hive_test_user +default src_cbo hive_test_user USER INSERT true -1 hive_test_user +default src_cbo hive_test_user USER SELECT true -1 hive_test_user +default src_cbo hive_test_user USER UPDATE true -1 hive_test_user +default src_json hive_test_user USER DELETE true -1 hive_test_user +default src_json hive_test_user USER INSERT true -1 hive_test_user +default src_json hive_test_user USER SELECT true -1 hive_test_user +default src_json hive_test_user USER UPDATE true -1 hive_test_user +default src_sequencefile hive_test_user USER DELETE true -1 hive_test_user +default src_sequencefile hive_test_user USER INSERT true -1 hive_test_user +default src_sequencefile hive_test_user USER SELECT true -1 hive_test_user +default src_sequencefile hive_test_user USER UPDATE true -1 hive_test_user +default src_thrift hive_test_user USER DELETE true -1 hive_test_user +default src_thrift hive_test_user USER INSERT true -1 hive_test_user +default src_thrift hive_test_user USER SELECT true -1 hive_test_user +default src_thrift hive_test_user USER UPDATE true -1 hive_test_user +default srcbucket hive_test_user USER DELETE true -1 hive_test_user +default srcbucket hive_test_user USER INSERT true -1 hive_test_user +default srcbucket hive_test_user USER SELECT true -1 hive_test_user +default srcbucket hive_test_user USER UPDATE true -1 hive_test_user +default srcbucket2 hive_test_user USER DELETE true -1 hive_test_user +default srcbucket2 hive_test_user USER INSERT true -1 hive_test_user +default srcbucket2 hive_test_user USER SELECT true -1 hive_test_user +default srcbucket2 hive_test_user USER UPDATE true -1 hive_test_user +default srcpart hive_test_user USER DELETE true -1 hive_test_user +default srcpart hive_test_user USER INSERT true -1 hive_test_user +default srcpart hive_test_user USER SELECT true -1 hive_test_user +default srcpart hive_test_user USER UPDATE true -1 hive_test_user default dummy [key] hive_test_user USER SELECT false -1 hive_test_user default dummy [value] hive_test_user USER SELECT false -1 hive_test_user PREHOOK: query: grant select to user hive_test_user2 @@ -78,8 +138,68 @@ POSTHOOK: type: SHOW_GRANT hive_test_user2 USER SELECT false -1 hive_test_user default hive_test_user USER SELECT false -1 hive_test_user default hive_test_user2 USER SELECT false -1 hive_test_user +default alltypesorc hive_test_user USER DELETE true -1 hive_test_user +default alltypesorc hive_test_user USER INSERT true -1 hive_test_user +default alltypesorc hive_test_user USER SELECT true -1 hive_test_user +default alltypesorc hive_test_user USER UPDATE true -1 hive_test_user +default cbo_t1 hive_test_user USER DELETE true -1 hive_test_user +default cbo_t1 hive_test_user USER INSERT true -1 hive_test_user +default cbo_t1 hive_test_user USER SELECT true -1 hive_test_user +default cbo_t1 hive_test_user USER UPDATE true -1 hive_test_user +default cbo_t2 hive_test_user USER DELETE true -1 hive_test_user +default cbo_t2 hive_test_user USER INSERT true -1 hive_test_user +default cbo_t2 hive_test_user USER SELECT true -1 hive_test_user +default cbo_t2 hive_test_user USER UPDATE true -1 hive_test_user +default cbo_t3 hive_test_user USER DELETE true -1 hive_test_user +default cbo_t3 hive_test_user USER INSERT true -1 hive_test_user +default cbo_t3 hive_test_user USER SELECT true -1 hive_test_user +default cbo_t3 hive_test_user USER UPDATE true -1 hive_test_user default dummy hive_test_user USER SELECT false -1 hive_test_user default dummy hive_test_user2 USER SELECT false -1 hive_test_user +default lineitem hive_test_user USER DELETE true -1 hive_test_user +default lineitem hive_test_user USER INSERT true -1 hive_test_user +default lineitem hive_test_user USER SELECT true -1 hive_test_user +default lineitem hive_test_user USER UPDATE true -1 hive_test_user +default part hive_test_user USER DELETE true -1 hive_test_user +default part hive_test_user USER INSERT true -1 hive_test_user +default part hive_test_user USER SELECT true -1 hive_test_user +default part hive_test_user USER UPDATE true -1 hive_test_user +default src hive_test_user USER DELETE true -1 hive_test_user +default src hive_test_user USER INSERT true -1 hive_test_user +default src hive_test_user USER SELECT true -1 hive_test_user +default src hive_test_user USER UPDATE true -1 hive_test_user +default src1 hive_test_user USER DELETE true -1 hive_test_user +default src1 hive_test_user USER INSERT true -1 hive_test_user +default src1 hive_test_user USER SELECT true -1 hive_test_user +default src1 hive_test_user USER UPDATE true -1 hive_test_user +default src_cbo hive_test_user USER DELETE true -1 hive_test_user +default src_cbo hive_test_user USER INSERT true -1 hive_test_user +default src_cbo hive_test_user USER SELECT true -1 hive_test_user +default src_cbo hive_test_user USER UPDATE true -1 hive_test_user +default src_json hive_test_user USER DELETE true -1 hive_test_user +default src_json hive_test_user USER INSERT true -1 hive_test_user +default src_json hive_test_user USER SELECT true -1 hive_test_user +default src_json hive_test_user USER UPDATE true -1 hive_test_user +default src_sequencefile hive_test_user USER DELETE true -1 hive_test_user +default src_sequencefile hive_test_user USER INSERT true -1 hive_test_user +default src_sequencefile hive_test_user USER SELECT true -1 hive_test_user +default src_sequencefile hive_test_user USER UPDATE true -1 hive_test_user +default src_thrift hive_test_user USER DELETE true -1 hive_test_user +default src_thrift hive_test_user USER INSERT true -1 hive_test_user +default src_thrift hive_test_user USER SELECT true -1 hive_test_user +default src_thrift hive_test_user USER UPDATE true -1 hive_test_user +default srcbucket hive_test_user USER DELETE true -1 hive_test_user +default srcbucket hive_test_user USER INSERT true -1 hive_test_user +default srcbucket hive_test_user USER SELECT true -1 hive_test_user +default srcbucket hive_test_user USER UPDATE true -1 hive_test_user +default srcbucket2 hive_test_user USER DELETE true -1 hive_test_user +default srcbucket2 hive_test_user USER INSERT true -1 hive_test_user +default srcbucket2 hive_test_user USER SELECT true -1 hive_test_user +default srcbucket2 hive_test_user USER UPDATE true -1 hive_test_user +default srcpart hive_test_user USER DELETE true -1 hive_test_user +default srcpart hive_test_user USER INSERT true -1 hive_test_user +default srcpart hive_test_user USER SELECT true -1 hive_test_user +default srcpart hive_test_user USER UPDATE true -1 hive_test_user default dummy [key] hive_test_user USER SELECT false -1 hive_test_user default dummy [key] hive_test_user2 USER SELECT false -1 hive_test_user default dummy [value] hive_test_user USER SELECT false -1 hive_test_user @@ -90,7 +210,67 @@ POSTHOOK: query: show grant user hive_test_user on all POSTHOOK: type: SHOW_GRANT hive_test_user USER SELECT false -1 hive_test_user default hive_test_user USER SELECT false -1 hive_test_user +default alltypesorc hive_test_user USER DELETE true -1 hive_test_user +default alltypesorc hive_test_user USER INSERT true -1 hive_test_user +default alltypesorc hive_test_user USER SELECT true -1 hive_test_user +default alltypesorc hive_test_user USER UPDATE true -1 hive_test_user +default cbo_t1 hive_test_user USER DELETE true -1 hive_test_user +default cbo_t1 hive_test_user USER INSERT true -1 hive_test_user +default cbo_t1 hive_test_user USER SELECT true -1 hive_test_user +default cbo_t1 hive_test_user USER UPDATE true -1 hive_test_user +default cbo_t2 hive_test_user USER DELETE true -1 hive_test_user +default cbo_t2 hive_test_user USER INSERT true -1 hive_test_user +default cbo_t2 hive_test_user USER SELECT true -1 hive_test_user +default cbo_t2 hive_test_user USER UPDATE true -1 hive_test_user +default cbo_t3 hive_test_user USER DELETE true -1 hive_test_user +default cbo_t3 hive_test_user USER INSERT true -1 hive_test_user +default cbo_t3 hive_test_user USER SELECT true -1 hive_test_user +default cbo_t3 hive_test_user USER UPDATE true -1 hive_test_user default dummy hive_test_user USER SELECT false -1 hive_test_user +default lineitem hive_test_user USER DELETE true -1 hive_test_user +default lineitem hive_test_user USER INSERT true -1 hive_test_user +default lineitem hive_test_user USER SELECT true -1 hive_test_user +default lineitem hive_test_user USER UPDATE true -1 hive_test_user +default part hive_test_user USER DELETE true -1 hive_test_user +default part hive_test_user USER INSERT true -1 hive_test_user +default part hive_test_user USER SELECT true -1 hive_test_user +default part hive_test_user USER UPDATE true -1 hive_test_user +default src hive_test_user USER DELETE true -1 hive_test_user +default src hive_test_user USER INSERT true -1 hive_test_user +default src hive_test_user USER SELECT true -1 hive_test_user +default src hive_test_user USER UPDATE true -1 hive_test_user +default src1 hive_test_user USER DELETE true -1 hive_test_user +default src1 hive_test_user USER INSERT true -1 hive_test_user +default src1 hive_test_user USER SELECT true -1 hive_test_user +default src1 hive_test_user USER UPDATE true -1 hive_test_user +default src_cbo hive_test_user USER DELETE true -1 hive_test_user +default src_cbo hive_test_user USER INSERT true -1 hive_test_user +default src_cbo hive_test_user USER SELECT true -1 hive_test_user +default src_cbo hive_test_user USER UPDATE true -1 hive_test_user +default src_json hive_test_user USER DELETE true -1 hive_test_user +default src_json hive_test_user USER INSERT true -1 hive_test_user +default src_json hive_test_user USER SELECT true -1 hive_test_user +default src_json hive_test_user USER UPDATE true -1 hive_test_user +default src_sequencefile hive_test_user USER DELETE true -1 hive_test_user +default src_sequencefile hive_test_user USER INSERT true -1 hive_test_user +default src_sequencefile hive_test_user USER SELECT true -1 hive_test_user +default src_sequencefile hive_test_user USER UPDATE true -1 hive_test_user +default src_thrift hive_test_user USER DELETE true -1 hive_test_user +default src_thrift hive_test_user USER INSERT true -1 hive_test_user +default src_thrift hive_test_user USER SELECT true -1 hive_test_user +default src_thrift hive_test_user USER UPDATE true -1 hive_test_user +default srcbucket hive_test_user USER DELETE true -1 hive_test_user +default srcbucket hive_test_user USER INSERT true -1 hive_test_user +default srcbucket hive_test_user USER SELECT true -1 hive_test_user +default srcbucket hive_test_user USER UPDATE true -1 hive_test_user +default srcbucket2 hive_test_user USER DELETE true -1 hive_test_user +default srcbucket2 hive_test_user USER INSERT true -1 hive_test_user +default srcbucket2 hive_test_user USER SELECT true -1 hive_test_user +default srcbucket2 hive_test_user USER UPDATE true -1 hive_test_user +default srcpart hive_test_user USER DELETE true -1 hive_test_user +default srcpart hive_test_user USER INSERT true -1 hive_test_user +default srcpart hive_test_user USER SELECT true -1 hive_test_user +default srcpart hive_test_user USER UPDATE true -1 hive_test_user default dummy [key] hive_test_user USER SELECT false -1 hive_test_user default dummy [value] hive_test_user USER SELECT false -1 hive_test_user PREHOOK: query: show grant user hive_test_user2 on all http://git-wip-us.apache.org/repos/asf/hive/blob/95d22735/ql/src/test/results/clientpositive/authorization_explain.q.java1.7.out ---------------------------------------------------------------------- diff --git a/ql/src/test/results/clientpositive/authorization_explain.q.java1.7.out b/ql/src/test/results/clientpositive/authorization_explain.q.java1.7.out index b7ec209..a9ed049 100644 --- a/ql/src/test/results/clientpositive/authorization_explain.q.java1.7.out +++ b/ql/src/test/results/clientpositive/authorization_explain.q.java1.7.out @@ -20,9 +20,6 @@ CURRENT_USER: hive_test_user OPERATION: QUERY -AUTHORIZATION_FAILURES: - No privilege 'Select' found for inputs { database:default, table:src, columnName:key} - No privilege 'Select' found for inputs { database:default, table:srcpart, columnName:key} Warning: Shuffle Join JOIN[7][tables = [$hdt$_0, $hdt$_1]] in Stage 'Stage-1:MAPRED' is a cross product PREHOOK: query: explain formatted authorization select * from src join srcpart PREHOOK: type: QUERY http://git-wip-us.apache.org/repos/asf/hive/blob/95d22735/ql/src/test/results/clientpositive/authorization_show_grant.q.out ---------------------------------------------------------------------- diff --git a/ql/src/test/results/clientpositive/authorization_show_grant.q.out b/ql/src/test/results/clientpositive/authorization_show_grant.q.out index 2e7d7f6..7fa0b1c 100644 --- a/ql/src/test/results/clientpositive/authorization_show_grant.q.out +++ b/ql/src/test/results/clientpositive/authorization_show_grant.q.out @@ -111,6 +111,66 @@ PREHOOK: query: show grant PREHOOK: type: SHOW_GRANT POSTHOOK: query: show grant POSTHOOK: type: SHOW_GRANT +default alltypesorc hive_test_user USER DELETE true -1 hive_test_user +default alltypesorc hive_test_user USER INSERT true -1 hive_test_user +default alltypesorc hive_test_user USER SELECT true -1 hive_test_user +default alltypesorc hive_test_user USER UPDATE true -1 hive_test_user +default cbo_t1 hive_test_user USER DELETE true -1 hive_test_user +default cbo_t1 hive_test_user USER INSERT true -1 hive_test_user +default cbo_t1 hive_test_user USER SELECT true -1 hive_test_user +default cbo_t1 hive_test_user USER UPDATE true -1 hive_test_user +default cbo_t2 hive_test_user USER DELETE true -1 hive_test_user +default cbo_t2 hive_test_user USER INSERT true -1 hive_test_user +default cbo_t2 hive_test_user USER SELECT true -1 hive_test_user +default cbo_t2 hive_test_user USER UPDATE true -1 hive_test_user +default cbo_t3 hive_test_user USER DELETE true -1 hive_test_user +default cbo_t3 hive_test_user USER INSERT true -1 hive_test_user +default cbo_t3 hive_test_user USER SELECT true -1 hive_test_user +default cbo_t3 hive_test_user USER UPDATE true -1 hive_test_user +default lineitem hive_test_user USER DELETE true -1 hive_test_user +default lineitem hive_test_user USER INSERT true -1 hive_test_user +default lineitem hive_test_user USER SELECT true -1 hive_test_user +default lineitem hive_test_user USER UPDATE true -1 hive_test_user +default part hive_test_user USER DELETE true -1 hive_test_user +default part hive_test_user USER INSERT true -1 hive_test_user +default part hive_test_user USER SELECT true -1 hive_test_user +default part hive_test_user USER UPDATE true -1 hive_test_user +default src hive_test_user USER DELETE true -1 hive_test_user +default src hive_test_user USER INSERT true -1 hive_test_user +default src hive_test_user USER SELECT true -1 hive_test_user +default src hive_test_user USER UPDATE true -1 hive_test_user +default src1 hive_test_user USER DELETE true -1 hive_test_user +default src1 hive_test_user USER INSERT true -1 hive_test_user +default src1 hive_test_user USER SELECT true -1 hive_test_user +default src1 hive_test_user USER UPDATE true -1 hive_test_user +default src_cbo hive_test_user USER DELETE true -1 hive_test_user +default src_cbo hive_test_user USER INSERT true -1 hive_test_user +default src_cbo hive_test_user USER SELECT true -1 hive_test_user +default src_cbo hive_test_user USER UPDATE true -1 hive_test_user +default src_json hive_test_user USER DELETE true -1 hive_test_user +default src_json hive_test_user USER INSERT true -1 hive_test_user +default src_json hive_test_user USER SELECT true -1 hive_test_user +default src_json hive_test_user USER UPDATE true -1 hive_test_user +default src_sequencefile hive_test_user USER DELETE true -1 hive_test_user +default src_sequencefile hive_test_user USER INSERT true -1 hive_test_user +default src_sequencefile hive_test_user USER SELECT true -1 hive_test_user +default src_sequencefile hive_test_user USER UPDATE true -1 hive_test_user +default src_thrift hive_test_user USER DELETE true -1 hive_test_user +default src_thrift hive_test_user USER INSERT true -1 hive_test_user +default src_thrift hive_test_user USER SELECT true -1 hive_test_user +default src_thrift hive_test_user USER UPDATE true -1 hive_test_user +default srcbucket hive_test_user USER DELETE true -1 hive_test_user +default srcbucket hive_test_user USER INSERT true -1 hive_test_user +default srcbucket hive_test_user USER SELECT true -1 hive_test_user +default srcbucket hive_test_user USER UPDATE true -1 hive_test_user +default srcbucket2 hive_test_user USER DELETE true -1 hive_test_user +default srcbucket2 hive_test_user USER INSERT true -1 hive_test_user +default srcbucket2 hive_test_user USER SELECT true -1 hive_test_user +default srcbucket2 hive_test_user USER UPDATE true -1 hive_test_user +default srcpart hive_test_user USER DELETE true -1 hive_test_user +default srcpart hive_test_user USER INSERT true -1 hive_test_user +default srcpart hive_test_user USER SELECT true -1 hive_test_user +default srcpart hive_test_user USER UPDATE true -1 hive_test_user default t1 rolea ROLE SELECT false -1 user1 default t1 user1 USER DELETE true -1 hive_admin_user default t1 user1 USER INSERT true -1 hive_admin_user
