[ https://issues.apache.org/jira/browse/HIVE-22086?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
xinzhang updated HIVE-22086: ---------------------------- Description: 1. Start hiveserver2 >/opt/hive/hive-bin/bin/hiveserver2 --hiveconf hive.server2.thrift.port=50033 >--hiveconf hive.server2.webui.port=10003 2. create table #/opt/hive/hive-bin/bin/beeline -u jdbc:hive2://172.31.10.119:50033 -n tools >use tools; >create table test1 as select * from tools.test99 limit 10; >show grant on table tools.test1; +------------+-------------++---------------------++----------------------------------++---------------------------++--------------------------+ |database | table |partition |column |principal_name |principal_type |privilege |grant_option | grant_time |grantor | +------------+-------------++---------------------++----------------------------------++---------------------------++--------------------------+ |tools |test1 | | |da |ROLE |SELECT |true |1565061852000 |tools | +------------+-------------++---------------------++----------------------------------++---------------------------++--------------------------+ 3. revoke select on role da > set role damin; > revoke select on table tools.test1 from role da; 4. err log FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. Cannot find privilege Privilege [name=SELECT, columns=null] for Principal [name=da, type=ROLE] on Object [type=TABLE_OR_VIEW, name=tools.test1] granted by tools was: # Start hiveserver2 >/opt/hive/hive-bin/bin/hiveserver2 --hiveconf hive.server2.thrift.port=50033 >--hiveconf hive.server2.webui.port=10003 # create table #/opt/hive/hive-bin/bin/beeline -u jdbc:hive2://172.31.10.119:50033 -n tools >use tools; >create table test1 as select * from tools.test99 limit 10; >show grant on table tools.test1; +-----------+--------------+------------+---------+-----------------+-----------------+------------+---------------+----------------+----------+ | database | table | partition | column | principal_name | principal_type | privilege | grant_option | grant_time | grantor | +-----------+--------------+------------+---------+-----------------+-----------------+------------+---------------+----------------+----------+ | tools | test1 | | | da | ROLE | SELECT | true | 1565061852000 | tools | +-----------+--------------+------------+---------+-----------------+-----------------+------------+---------------+----------------+----------+ # revoke select on role da > set role damin; > revoke select on table tools.test1 from role da; # err log FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. Cannot find privilege Privilege [name=SELECT, columns=null] for Principal [name=da, type=ROLE] on Object [type=TABLE_OR_VIEW, name=tools.test1] granted by tools > Hive revoke the grant err by > hive.security.authorization.createtable.role.grants ( SQL Standard Based > Hive Authorization ) > --------------------------------------------------------------------------------------------------------------------------- > > Key: HIVE-22086 > URL: https://issues.apache.org/jira/browse/HIVE-22086 > Project: Hive > Issue Type: Bug > Components: Authorization, Beeline, HiveServer2 > Affects Versions: 2.3.5 > Environment: host 172.31.10.119 > port 50033 > version apache-hive-2.3.5-bin > database tools > hive-site.xml > <property> > <name>hive.security.authorization.createtable.role.grants</name> > <value>da:select;</value> > </property> > <property> > <name>hive.users.in.admin.role</name> > <value>root,tools </value> > </property> > Reporter: xinzhang > Priority: Major > > 1. Start hiveserver2 > >/opt/hive/hive-bin/bin/hiveserver2 --hiveconf hive.server2.thrift.port=50033 > >--hiveconf hive.server2.webui.port=10003 > 2. create table > #/opt/hive/hive-bin/bin/beeline -u jdbc:hive2://172.31.10.119:50033 -n tools > >use tools; > >create table test1 as select * from tools.test99 limit 10; > >show grant on table tools.test1; > +------------+-------------++---------------------++----------------------------------++---------------------------++--------------------------+ > |database | table |partition |column |principal_name |principal_type > |privilege |grant_option | grant_time |grantor | > +------------+-------------++---------------------++----------------------------------++---------------------------++--------------------------+ > |tools |test1 | | |da |ROLE |SELECT > |true |1565061852000 |tools | > +------------+-------------++---------------------++----------------------------------++---------------------------++--------------------------+ > > 3. revoke select on role da > > set role damin; > > revoke select on table tools.test1 from role da; > 4. err log > FAILED: Execution Error, return code 1 from > org.apache.hadoop.hive.ql.exec.DDLTask. Cannot find privilege Privilege > [name=SELECT, columns=null] for Principal [name=da, type=ROLE] on Object > [type=TABLE_OR_VIEW, name=tools.test1] granted by tools > -- This message was sent by Atlassian JIRA (v7.6.14#76016)