zabetak commented on code in PR #4304: URL: https://github.com/apache/hive/pull/4304#discussion_r1274500665
########## ql/src/test/queries/clientnegative/authorization_droptable_fail_11.q: ########## @@ -0,0 +1,12 @@ +set hive.exec.drop.ignorenonexistent=false; + +set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider; + +-- Drop non-existing table WITHOUT DB Drop Privileges Review Comment: "WITHOUT DB DROP..." misleading comment. ########## ql/src/test/queries/clientpositive/authorization_drop_table.q: ########## @@ -1,25 +1,96 @@ set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider; +set hive.security.authorization.enabled=true; + +-- Drop table command for non-existing DB + +DROP TABLE auth_db.auth_permanent_table; + +-- Drop table command for non-existing DB + +DROP TABLE IF EXISTS auth_db.auth_permanent_table; + +-- Drop non-existing table with DB Drop Privileges + +set hive.security.authorization.enabled=false; + +CREATE DATABASE auth_db; +GRANT DROP ON DATABASE auth_db TO USER hive_test_user; + +set hive.security.authorization.enabled=true; + +DROP TABLE auth_db.auth_permanent_table; + +-- Drop non-existing table with IF EXISTS clause with DB Drop Privileges + +DROP TABLE IF EXISTS auth_db.auth_permanent_table; + +--- Create tables for test + set hive.security.authorization.enabled=false; -Create database auth_drop_table; +create table auth_db.drop_table_auth_1 (key int, value string) partitioned by (ds string); +create table auth_db.drop_table_auth_2 (key int, value string); +CREATE TEMPORARY TABLE auth_temp_table_1(key STRING, c1 INT, c2 STRING) STORED AS TEXTFILE; +CREATE TEMPORARY TABLE auth_temp_table_2(key STRING, c1 INT, c2 STRING) STORED AS TEXTFILE; + +GRANT All on table auth_db.drop_table_auth_1 to user hive_test_user; +GRANT All on table auth_db.drop_table_auth_2 to user hive_test_user; + +-- Drop existing regular table -use auth_drop_table; +set hive.security.authorization.enabled=true; +DROP TABLE auth_db.drop_table_auth_1; + +-- Drop existing regular table with IF EXISTS + +DROP TABLE IF EXISTS auth_db.drop_table_auth_2; + +-- Drop temporary table + +DROP TABLE auth_db.auth_temp_table_1; + +-- Drop temporary table with IF EXISTS + +DROP TABLE IF EXISTS auth_db.auth_temp_table_2; + + +-- Drop non-existing table from current database -create table drop_table_auth_1 (key int, value string) partitioned by (ds string); +set hive.security.authorization.enabled=false; -grant All on table drop_table_auth_1 to user hive_test_user; +CREATE DATABASE auth_db_1; +use auth_db_1; +GRANT DROP ON DATABASE auth_db_1 TO USER hive_test_user; -GRANT DROP ON DATABASE auth_drop_table TO USER hive_test_user; +create table drop_table_auth_3 (key int, value string) partitioned by (ds string); +create table drop_table_auth_4 (key int, value string); +CREATE TEMPORARY TABLE auth_temp_table_1(key STRING, c1 INT, c2 STRING) STORED AS TEXTFILE; +CREATE TEMPORARY TABLE auth_temp_table_2(key STRING, c1 INT, c2 STRING) STORED AS TEXTFILE; -show grant user hive_test_user on table drop_table_auth_1; -CREATE TEMPORARY TABLE drop_temp_table LIKE drop_table_auth_1; +GRANT All on table auth_db_1.drop_table_auth_4 to user hive_test_user; +GRANT All on table auth_db_1.drop_table_auth_3 to user hive_test_user; Review Comment: > Hence, no privileges are required for temporary tables. Can you elaborate what does this mean? Are you referring to table privileges? Database privileges? Or all privileges? ########## ql/src/test/queries/clientnegative/authorization_droptable_fail_6.q: ########## @@ -0,0 +1,9 @@ +set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider; +set hive.security.authorization.enabled=false; + +CREATE TEMPORARY TABLE auth_temp_table_2(key STRING, c1 INT, c2 STRING) STORED AS TEXTFILE; + +-- Drop temporary table with IF EXISTS WITHOUT DB Drop Privileges + +set hive.security.authorization.enabled=true; +DROP TABLE auth_temp_table_2; Review Comment: This test seems identical with `authorization_droptable_fail_6.q`. Are we missing something? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
