[jira] [Commented] (HIVE-6629) Discuss SET ROLE NONE

Wed, 12 Mar 2014 07:56:39 -0700 

    [ 
https://issues.apache.org/jira/browse/HIVE-6629?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13931835#comment-13931835
 ] 

Thejas M Nair commented on HIVE-6629:
-------------------------------------


The sql standard says "If NONE is specified, then the current role name is 
removed." . If you consider that it resets the action of 'set role' command, it 
should go to the default state.  Standard does not define a "set role default" 
or "set role all". But standard does not allow to have more than one current 
role, which explains why "all"/"default" would not make sense in standard.

In addition to the databases you referenced, I also checked Teradata, that also 
follows the same Oracle style semantics. I am fine changing the action of "set 
role none" to be specified by "set role all". It might also make sense to 
reserve the use of "default" role for future.

 [~alangates] [~ashutoshc] [~sushanth] Do you guys have an opinion on this ?


> Discuss SET ROLE NONE
> ---------------------
>
>                 Key: HIVE-6629
>                 URL: https://issues.apache.org/jira/browse/HIVE-6629
>             Project: Hive
>          Issue Type: Task
>    Affects Versions: 0.13.0
>            Reporter: Brock Noland
>            Priority: Blocker
>             Fix For: 0.13.0
>
>
> I understand this is well after it's been implemented. However, I think we 
> need to discuss the counter-intuitive SET ROLE semantics before we release 
> 0.13.
> The new Hive Authz work implements "SET ROLE NONE" similar to MySQL meaning 
> that "SET ROLE NONE" actually sets your role to the default. This is 
> extremely counter-intuitive.
> * 
> [Oracle|http://docs.oracle.com/cd/B19306_01/server.102/b14200/statements_10004.htm]
>  
> * 
> [Informix|http://pic.dhe.ibm.com/infocenter/idshelp/v117/index.jsp?topic=%2Fcom.ibm.sqls.doc%2Fids_sqs_1186.htm]
> * [Vertica|https://my.vertica.com/docs/5.1.6/HTML/index.htm#15645.htm]
> * 
> [SAP|http://www.sapdb.org/htmhelp/44/a17998442911d3a98200a0c9449261/content.htm]
> All of the widely deployed databases above have "SET ROLE NONE" disable all 
> privileges. Those databases have the intuitive "SET ROLE ALL" or "SET ROLE 
> DEFAULT" enable all privileges.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Reply via email to