[jira] [Commented] (HIVE-5961) Add explain authorize for checking privileges

Tue, 11 Nov 2014 14:35:37 -0800 

    [ 
https://issues.apache.org/jira/browse/HIVE-5961?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14207216#comment-14207216
 ] 

Lefty Leverenz commented on HIVE-5961:
--------------------------------------

Doc note:  This should be documented in the EXPLAIN wikidoc (with version 
information).  The authorization docs should also mention it, perhaps with 
examples, and link to the EXPLAIN syntax.

Question:  Does this work for all three types of authorization?

* [LanguageManual -- Explain | 
https://cwiki.apache.org/confluence/display/Hive/LanguageManual+Explain]
* [LanguageManual -- Authorization | 
https://cwiki.apache.org/confluence/display/Hive/LanguageManual+Authorization]
** [Storage Based Authorization | 
https://cwiki.apache.org/confluence/display/Hive/Storage+Based+Authorization+in+the+Metastore+Server]
** [SQL Standard Based Authorization | 
https://cwiki.apache.org/confluence/display/Hive/SQL+Standard+Based+Hive+Authorization]
** [Default Authorization -- Legacy Mode | 
https://cwiki.apache.org/confluence/display/Hive/Hive+Default+Authorization+-+Legacy+Mode]

> Add explain authorize for checking privileges
> ---------------------------------------------
>
>                 Key: HIVE-5961
>                 URL: https://issues.apache.org/jira/browse/HIVE-5961
>             Project: Hive
>          Issue Type: Improvement
>          Components: Authorization
>            Reporter: Navis
>            Assignee: Navis
>            Priority: Trivial
>              Labels: TODOC14
>             Fix For: 0.14.0
>
>         Attachments: HIVE-5961.1.patch.txt, HIVE-5961.2.patch.txt, 
> HIVE-5961.3.patch.txt, HIVE-5961.4.patch.txt, HIVE-5961.5.patch.txt, 
> HIVE-5961.6.patch.txt
>
>
> For easy checking of need privileges for a query, 
> {noformat}
> explain authorize select * from src join srcpart
> INPUTS: 
>   default@srcpart
>   default@srcpart@ds=2008-04-08/hr=11
>   default@srcpart@ds=2008-04-08/hr=12
>   default@srcpart@ds=2008-04-09/hr=11
>   default@srcpart@ds=2008-04-09/hr=12
>   default@src
> OUTPUTS: 
>   
> file:/home/navis/apache/oss-hive/itests/qtest/target/tmp/localscratchdir/hive_2013-12-04_21-57-53_748_5323811717799107868-1/-mr-10000
> CURRENT_USER: 
>   hive_test_user
> OPERATION: 
>   QUERY
> AUTHORIZATION_FAILURES: 
>   No privilege 'Select' found for inputs { database:default, table:srcpart, 
> columnName:key}
>   No privilege 'Select' found for inputs { database:default, table:src, 
> columnName:key}
>   No privilege 'Select' found for inputs { database:default, table:src, 
> columnName:key}
> {noformat}
> Hopefully good for debugging of authorization, which is in progress on 
> HIVE-5837.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to