[
https://issues.apache.org/jira/browse/HIVE-22086?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
xinzhang updated HIVE-22086:
----------------------------
Description:
1. Start hiveserver2
>/opt/hive/hive-bin/bin/hiveserver2 --hiveconf hive.server2.thrift.port=50033
>--hiveconf hive.server2.webui.port=10003
2. create table
#/opt/hive/hive-bin/bin/beeline -u jdbc:hive2://172.31.10.119:50033 -n tools
>use tools;
>create table test1 as select * from tools.test99 limit 10;
>show grant on table tools.test1;
+------------+-------------++---------------------++----------------------------------++---------------------------++--------------------------+
|database | table |partition |column |principal_name |principal_type
|privilege |grant_option | grant_time |grantor |
+------------+-------------++---------------------++----------------------------------++---------------------------++--------------------------+
|tools |test1 | | |da |ROLE |SELECT
|true |1565061852000 |tools |
+------------+-------------++---------------------++----------------------------------++---------------------------++--------------------------+
3. revoke select on role da
> set role damin;
> revoke select on table tools.test1 from role da;
4. err log
FAILED: Execution Error, return code 1 from
org.apache.hadoop.hive.ql.exec.DDLTask. Cannot find privilege Privilege
[name=SELECT, columns=null] for Principal [name=da, type=ROLE] on Object
[type=TABLE_OR_VIEW, name=tools.test1] granted by tools
was:
# Start hiveserver2
>/opt/hive/hive-bin/bin/hiveserver2 --hiveconf hive.server2.thrift.port=50033
>--hiveconf hive.server2.webui.port=10003
# create table
#/opt/hive/hive-bin/bin/beeline -u jdbc:hive2://172.31.10.119:50033 -n tools
>use tools;
>create table test1 as select * from tools.test99 limit 10;
>show grant on table tools.test1;
+-----------+--------------+------------+---------+-----------------+-----------------+------------+---------------+----------------+----------+
| database | table | partition | column | principal_name |
principal_type | privilege | grant_option | grant_time | grantor |
+-----------+--------------+------------+---------+-----------------+-----------------+------------+---------------+----------------+----------+
| tools | test1 | | | da | ROLE |
SELECT | true | 1565061852000 | tools |
+-----------+--------------+------------+---------+-----------------+-----------------+------------+---------------+----------------+----------+
# revoke select on role da
> set role damin;
> revoke select on table tools.test1 from role da;
# err log
FAILED: Execution Error, return code 1 from
org.apache.hadoop.hive.ql.exec.DDLTask. Cannot find privilege Privilege
[name=SELECT, columns=null] for Principal [name=da, type=ROLE] on Object
[type=TABLE_OR_VIEW, name=tools.test1] granted by tools
> Hive revoke the grant err by
> hive.security.authorization.createtable.role.grants ( SQL Standard Based
> Hive Authorization )
> ---------------------------------------------------------------------------------------------------------------------------
>
> Key: HIVE-22086
> URL: https://issues.apache.org/jira/browse/HIVE-22086
> Project: Hive
> Issue Type: Bug
> Components: Authorization, Beeline, HiveServer2
> Affects Versions: 2.3.5
> Environment: host 172.31.10.119
> port 50033
> version apache-hive-2.3.5-bin
> database tools
> hive-site.xml
> <property>
> <name>hive.security.authorization.createtable.role.grants</name>
> <value>da:select;</value>
> </property>
> <property>
> <name>hive.users.in.admin.role</name>
> <value>root,tools </value>
> </property>
> Reporter: xinzhang
> Priority: Major
>
> 1. Start hiveserver2
> >/opt/hive/hive-bin/bin/hiveserver2 --hiveconf hive.server2.thrift.port=50033
> >--hiveconf hive.server2.webui.port=10003
> 2. create table
> #/opt/hive/hive-bin/bin/beeline -u jdbc:hive2://172.31.10.119:50033 -n tools
> >use tools;
> >create table test1 as select * from tools.test99 limit 10;
> >show grant on table tools.test1;
> +------------+-------------++---------------------++----------------------------------++---------------------------++--------------------------+
> |database | table |partition |column |principal_name |principal_type
> |privilege |grant_option | grant_time |grantor |
> +------------+-------------++---------------------++----------------------------------++---------------------------++--------------------------+
> |tools |test1 | | |da |ROLE |SELECT
> |true |1565061852000 |tools |
> +------------+-------------++---------------------++----------------------------------++---------------------------++--------------------------+
>
> 3. revoke select on role da
> > set role damin;
> > revoke select on table tools.test1 from role da;
> 4. err log
> FAILED: Execution Error, return code 1 from
> org.apache.hadoop.hive.ql.exec.DDLTask. Cannot find privilege Privilege
> [name=SELECT, columns=null] for Principal [name=da, type=ROLE] on Object
> [type=TABLE_OR_VIEW, name=tools.test1] granted by tools
>
--
This message was sent by Atlassian JIRA
(v7.6.14#76016)
