[jira] [Commented] (HIVE-9941) sql std authorization on partitioned table: truncate and insert
[ https://issues.apache.org/jira/browse/HIVE-9941?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15604595#comment-15604595 ] Lefty Leverenz commented on HIVE-9941: -- Nevermind, this just adds some tests. See Sushanth's comment Jan. 28: bq. ... This issue is fixed as part of HIVE-12875. We can close this issue as a duplicate of the other, but I think this is also a good jira to add in a testcase for the base issue. ... So no doc needed. > sql std authorization on partitioned table: truncate and insert > --- > > Key: HIVE-9941 > URL: https://issues.apache.org/jira/browse/HIVE-9941 > Project: Hive > Issue Type: Bug > Components: Authorization >Affects Versions: 1.0.0, 1.2.0 >Reporter: Olaf Flebbe >Assignee: Sushanth Sowmyan > Fix For: 2.2.0 > > Attachments: HIVE-9941.2.patch, HIVE-9941.3.patch, HIVE-9941.patch > > > sql std authorization works as expected. > However if a table is partitioned any user can truncate it > User foo: > {code} > create table bla (a string) partitioned by (b string); > #.. loading values ... > {code} > Admin: > {code} > 0: jdbc:hive2://localhost:1/default> set role admin; > No rows affected (0,074 seconds) > 0: jdbc:hive2://localhost:1/default> show grant on bla; > +---+++-+-+-++---++--+--+ > | database | table | partition | column | principal_name | > principal_type | privilege | grant_option | grant_time | grantor | > +---+++-+-+-++---++--+--+ > | default | bla|| | foo | USER > | DELETE | true | 1426158997000 | foo | > | default | bla|| | foo | USER > | INSERT | true | 1426158997000 | foo | > | default | bla|| | foo | USER > | SELECT | true | 1426158997000 | foo | > | default | bla|| | foo | USER > | UPDATE | true | 1426158997000 | foo | > +---+++-+-+-++---++--+--+ > {code} > now user olaf > {code} > 0: jdbc:hive2://localhost:1/default> select * from bla; > Error: Error while compiling statement: FAILED: HiveAccessControlException > Permission denied: Principal [name=olaf, type=USER] does not have following > privileges for operation QUERY [[SELECT] on Object [type=TABLE_OR_VIEW, > name=default.bla]] (state=42000,code=4) > {code} > works as expected. > _BUT_ > {code} > 0: jdbc:hive2://localhost:1/default> truncate table bla; > No rows affected (0,18 seconds) > {code} > _And table is empty afterwards_. > Similarily: {{insert into table}} works, too. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HIVE-9941) sql std authorization on partitioned table: truncate and insert
[ https://issues.apache.org/jira/browse/HIVE-9941?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15604412#comment-15604412 ] Lefty Leverenz commented on HIVE-9941: -- Is this just a bug fix, or is it a change of behavior that should be documented in the wiki? > sql std authorization on partitioned table: truncate and insert > --- > > Key: HIVE-9941 > URL: https://issues.apache.org/jira/browse/HIVE-9941 > Project: Hive > Issue Type: Bug > Components: Authorization >Affects Versions: 1.0.0, 1.2.0 >Reporter: Olaf Flebbe >Assignee: Sushanth Sowmyan > Fix For: 2.2.0 > > Attachments: HIVE-9941.2.patch, HIVE-9941.3.patch, HIVE-9941.patch > > > sql std authorization works as expected. > However if a table is partitioned any user can truncate it > User foo: > {code} > create table bla (a string) partitioned by (b string); > #.. loading values ... > {code} > Admin: > {code} > 0: jdbc:hive2://localhost:1/default> set role admin; > No rows affected (0,074 seconds) > 0: jdbc:hive2://localhost:1/default> show grant on bla; > +---+++-+-+-++---++--+--+ > | database | table | partition | column | principal_name | > principal_type | privilege | grant_option | grant_time | grantor | > +---+++-+-+-++---++--+--+ > | default | bla|| | foo | USER > | DELETE | true | 1426158997000 | foo | > | default | bla|| | foo | USER > | INSERT | true | 1426158997000 | foo | > | default | bla|| | foo | USER > | SELECT | true | 1426158997000 | foo | > | default | bla|| | foo | USER > | UPDATE | true | 1426158997000 | foo | > +---+++-+-+-++---++--+--+ > {code} > now user olaf > {code} > 0: jdbc:hive2://localhost:1/default> select * from bla; > Error: Error while compiling statement: FAILED: HiveAccessControlException > Permission denied: Principal [name=olaf, type=USER] does not have following > privileges for operation QUERY [[SELECT] on Object [type=TABLE_OR_VIEW, > name=default.bla]] (state=42000,code=4) > {code} > works as expected. > _BUT_ > {code} > 0: jdbc:hive2://localhost:1/default> truncate table bla; > No rows affected (0,18 seconds) > {code} > _And table is empty afterwards_. > Similarily: {{insert into table}} works, too. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HIVE-9941) sql std authorization on partitioned table: truncate and insert
[ https://issues.apache.org/jira/browse/HIVE-9941?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15586486#comment-15586486 ] Jason Dere commented on HIVE-9941: -- +1 Test failures not related and already have existing issues filed for them under HIVE-14547. > sql std authorization on partitioned table: truncate and insert > --- > > Key: HIVE-9941 > URL: https://issues.apache.org/jira/browse/HIVE-9941 > Project: Hive > Issue Type: Bug > Components: Authorization >Affects Versions: 1.0.0, 1.2.0 >Reporter: Olaf Flebbe >Assignee: Sushanth Sowmyan > Attachments: HIVE-9941.2.patch, HIVE-9941.3.patch, HIVE-9941.patch > > > sql std authorization works as expected. > However if a table is partitioned any user can truncate it > User foo: > {code} > create table bla (a string) partitioned by (b string); > #.. loading values ... > {code} > Admin: > {code} > 0: jdbc:hive2://localhost:1/default> set role admin; > No rows affected (0,074 seconds) > 0: jdbc:hive2://localhost:1/default> show grant on bla; > +---+++-+-+-++---++--+--+ > | database | table | partition | column | principal_name | > principal_type | privilege | grant_option | grant_time | grantor | > +---+++-+-+-++---++--+--+ > | default | bla|| | foo | USER > | DELETE | true | 1426158997000 | foo | > | default | bla|| | foo | USER > | INSERT | true | 1426158997000 | foo | > | default | bla|| | foo | USER > | SELECT | true | 1426158997000 | foo | > | default | bla|| | foo | USER > | UPDATE | true | 1426158997000 | foo | > +---+++-+-+-++---++--+--+ > {code} > now user olaf > {code} > 0: jdbc:hive2://localhost:1/default> select * from bla; > Error: Error while compiling statement: FAILED: HiveAccessControlException > Permission denied: Principal [name=olaf, type=USER] does not have following > privileges for operation QUERY [[SELECT] on Object [type=TABLE_OR_VIEW, > name=default.bla]] (state=42000,code=4) > {code} > works as expected. > _BUT_ > {code} > 0: jdbc:hive2://localhost:1/default> truncate table bla; > No rows affected (0,18 seconds) > {code} > _And table is empty afterwards_. > Similarily: {{insert into table}} works, too. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HIVE-9941) sql std authorization on partitioned table: truncate and insert
[ https://issues.apache.org/jira/browse/HIVE-9941?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15584689#comment-15584689 ] Hive QA commented on HIVE-9941: --- Here are the results of testing the latest attachment: https://issues.apache.org/jira/secure/attachment/12833864/HIVE-9941.3.patch {color:green}SUCCESS:{color} +1 due to 4 test(s) being added or modified. {color:red}ERROR:{color} -1 due to 8 failed/errored test(s), 10596 tests executed *Failed tests:* {noformat} TestBeelineWithHS2ConnectionFile - did not produce a TEST-*.xml file (likely timed out) (batchId=197) org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver[acid_globallimit] (batchId=27) org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver[order_null] (batchId=18) org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver[union_fast_stats] (batchId=46) org.apache.hive.beeline.TestBeelineArgParsing.testAddLocalJarWithoutAddDriverClazz[0] (batchId=155) org.apache.hive.beeline.TestBeelineArgParsing.testAddLocalJar[0] (batchId=155) org.apache.hive.beeline.TestBeelineArgParsing.testAddLocalJar[1] (batchId=155) org.apache.hive.jdbc.authorization.TestJdbcWithSQLAuthorization.testBlackListedUdfUsage (batchId=204) {noformat} Test results: https://builds.apache.org/job/PreCommit-HIVE-Build/1612/testReport Console output: https://builds.apache.org/job/PreCommit-HIVE-Build/1612/console Test logs: http://104.198.109.242/logs/PreCommit-HIVE-Build-1612/ Messages: {noformat} Executing org.apache.hive.ptest.execution.TestCheckPhase Executing org.apache.hive.ptest.execution.PrepPhase Executing org.apache.hive.ptest.execution.ExecutionPhase Executing org.apache.hive.ptest.execution.ReportingPhase Tests exited with: TestsFailedException: 8 tests failed {noformat} This message is automatically generated. ATTACHMENT ID: 12833864 - PreCommit-HIVE-Build > sql std authorization on partitioned table: truncate and insert > --- > > Key: HIVE-9941 > URL: https://issues.apache.org/jira/browse/HIVE-9941 > Project: Hive > Issue Type: Bug > Components: Authorization >Affects Versions: 1.0.0, 1.2.0 >Reporter: Olaf Flebbe >Assignee: Sushanth Sowmyan > Attachments: HIVE-9941.2.patch, HIVE-9941.3.patch, HIVE-9941.patch > > > sql std authorization works as expected. > However if a table is partitioned any user can truncate it > User foo: > {code} > create table bla (a string) partitioned by (b string); > #.. loading values ... > {code} > Admin: > {code} > 0: jdbc:hive2://localhost:1/default> set role admin; > No rows affected (0,074 seconds) > 0: jdbc:hive2://localhost:1/default> show grant on bla; > +---+++-+-+-++---++--+--+ > | database | table | partition | column | principal_name | > principal_type | privilege | grant_option | grant_time | grantor | > +---+++-+-+-++---++--+--+ > | default | bla|| | foo | USER > | DELETE | true | 1426158997000 | foo | > | default | bla|| | foo | USER > | INSERT | true | 1426158997000 | foo | > | default | bla|| | foo | USER > | SELECT | true | 1426158997000 | foo | > | default | bla|| | foo | USER > | UPDATE | true | 1426158997000 | foo | > +---+++-+-+-++---++--+--+ > {code} > now user olaf > {code} > 0: jdbc:hive2://localhost:1/default> select * from bla; > Error: Error while compiling statement: FAILED: HiveAccessControlException > Permission denied: Principal [name=olaf, type=USER] does not have following > privileges for operation QUERY [[SELECT] on Object [type=TABLE_OR_VIEW, > name=default.bla]] (state=42000,code=4) > {code} > works as expected. > _BUT_ > {code} > 0: jdbc:hive2://localhost:1/default> truncate table bla; > No rows affected (0,18 seconds) > {code} > _And table is empty afterwards_. > Similarily: {{insert into table}} works, too. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HIVE-9941) sql std authorization on partitioned table: truncate and insert
[ https://issues.apache.org/jira/browse/HIVE-9941?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15583993#comment-15583993 ] Jason Dere commented on HIVE-9941: -- Actually, I'll hold off my +1 until we see the ptest run, per the discussed new guildlines for waiting on test results before committing. But the test cases look good to me. > sql std authorization on partitioned table: truncate and insert > --- > > Key: HIVE-9941 > URL: https://issues.apache.org/jira/browse/HIVE-9941 > Project: Hive > Issue Type: Bug > Components: Authorization >Affects Versions: 1.0.0, 1.2.0 >Reporter: Olaf Flebbe >Assignee: Sushanth Sowmyan > Attachments: HIVE-9941.2.patch, HIVE-9941.patch > > > sql std authorization works as expected. > However if a table is partitioned any user can truncate it > User foo: > {code} > create table bla (a string) partitioned by (b string); > #.. loading values ... > {code} > Admin: > {code} > 0: jdbc:hive2://localhost:1/default> set role admin; > No rows affected (0,074 seconds) > 0: jdbc:hive2://localhost:1/default> show grant on bla; > +---+++-+-+-++---++--+--+ > | database | table | partition | column | principal_name | > principal_type | privilege | grant_option | grant_time | grantor | > +---+++-+-+-++---++--+--+ > | default | bla|| | foo | USER > | DELETE | true | 1426158997000 | foo | > | default | bla|| | foo | USER > | INSERT | true | 1426158997000 | foo | > | default | bla|| | foo | USER > | SELECT | true | 1426158997000 | foo | > | default | bla|| | foo | USER > | UPDATE | true | 1426158997000 | foo | > +---+++-+-+-++---++--+--+ > {code} > now user olaf > {code} > 0: jdbc:hive2://localhost:1/default> select * from bla; > Error: Error while compiling statement: FAILED: HiveAccessControlException > Permission denied: Principal [name=olaf, type=USER] does not have following > privileges for operation QUERY [[SELECT] on Object [type=TABLE_OR_VIEW, > name=default.bla]] (state=42000,code=4) > {code} > works as expected. > _BUT_ > {code} > 0: jdbc:hive2://localhost:1/default> truncate table bla; > No rows affected (0,18 seconds) > {code} > _And table is empty afterwards_. > Similarily: {{insert into table}} works, too. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HIVE-9941) sql std authorization on partitioned table: truncate and insert
[ https://issues.apache.org/jira/browse/HIVE-9941?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15583988#comment-15583988 ] Jason Dere commented on HIVE-9941: -- +1 if the tests pass > sql std authorization on partitioned table: truncate and insert > --- > > Key: HIVE-9941 > URL: https://issues.apache.org/jira/browse/HIVE-9941 > Project: Hive > Issue Type: Bug > Components: Authorization >Affects Versions: 1.0.0, 1.2.0 >Reporter: Olaf Flebbe >Assignee: Sushanth Sowmyan > Attachments: HIVE-9941.2.patch, HIVE-9941.patch > > > sql std authorization works as expected. > However if a table is partitioned any user can truncate it > User foo: > {code} > create table bla (a string) partitioned by (b string); > #.. loading values ... > {code} > Admin: > {code} > 0: jdbc:hive2://localhost:1/default> set role admin; > No rows affected (0,074 seconds) > 0: jdbc:hive2://localhost:1/default> show grant on bla; > +---+++-+-+-++---++--+--+ > | database | table | partition | column | principal_name | > principal_type | privilege | grant_option | grant_time | grantor | > +---+++-+-+-++---++--+--+ > | default | bla|| | foo | USER > | DELETE | true | 1426158997000 | foo | > | default | bla|| | foo | USER > | INSERT | true | 1426158997000 | foo | > | default | bla|| | foo | USER > | SELECT | true | 1426158997000 | foo | > | default | bla|| | foo | USER > | UPDATE | true | 1426158997000 | foo | > +---+++-+-+-++---++--+--+ > {code} > now user olaf > {code} > 0: jdbc:hive2://localhost:1/default> select * from bla; > Error: Error while compiling statement: FAILED: HiveAccessControlException > Permission denied: Principal [name=olaf, type=USER] does not have following > privileges for operation QUERY [[SELECT] on Object [type=TABLE_OR_VIEW, > name=default.bla]] (state=42000,code=4) > {code} > works as expected. > _BUT_ > {code} > 0: jdbc:hive2://localhost:1/default> truncate table bla; > No rows affected (0,18 seconds) > {code} > _And table is empty afterwards_. > Similarily: {{insert into table}} works, too. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HIVE-9941) sql std authorization on partitioned table: truncate and insert
[ https://issues.apache.org/jira/browse/HIVE-9941?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15300744#comment-15300744 ] Sushanth Sowmyan commented on HIVE-9941: This currently only covers a testcase for a bug that was fixed in HIVE-12875, so you can ignore this jira for your 2.1.0 release. > sql std authorization on partitioned table: truncate and insert > --- > > Key: HIVE-9941 > URL: https://issues.apache.org/jira/browse/HIVE-9941 > Project: Hive > Issue Type: Bug > Components: Authorization >Affects Versions: 1.0.0, 1.2.0 >Reporter: Olaf Flebbe >Assignee: Sushanth Sowmyan > Attachments: HIVE-9941.patch > > > sql std authorization works as expected. > However if a table is partitioned any user can truncate it > User foo: > {code} > create table bla (a string) partitioned by (b string); > #.. loading values ... > {code} > Admin: > {code} > 0: jdbc:hive2://localhost:1/default> set role admin; > No rows affected (0,074 seconds) > 0: jdbc:hive2://localhost:1/default> show grant on bla; > +---+++-+-+-++---++--+--+ > | database | table | partition | column | principal_name | > principal_type | privilege | grant_option | grant_time | grantor | > +---+++-+-+-++---++--+--+ > | default | bla|| | foo | USER > | DELETE | true | 1426158997000 | foo | > | default | bla|| | foo | USER > | INSERT | true | 1426158997000 | foo | > | default | bla|| | foo | USER > | SELECT | true | 1426158997000 | foo | > | default | bla|| | foo | USER > | UPDATE | true | 1426158997000 | foo | > +---+++-+-+-++---++--+--+ > {code} > now user olaf > {code} > 0: jdbc:hive2://localhost:1/default> select * from bla; > Error: Error while compiling statement: FAILED: HiveAccessControlException > Permission denied: Principal [name=olaf, type=USER] does not have following > privileges for operation QUERY [[SELECT] on Object [type=TABLE_OR_VIEW, > name=default.bla]] (state=42000,code=4) > {code} > works as expected. > _BUT_ > {code} > 0: jdbc:hive2://localhost:1/default> truncate table bla; > No rows affected (0,18 seconds) > {code} > _And table is empty afterwards_. > Similarily: {{insert into table}} works, too. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HIVE-9941) sql std authorization on partitioned table: truncate and insert
[ https://issues.apache.org/jira/browse/HIVE-9941?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15126769#comment-15126769 ] Sushanth Sowmyan commented on HIVE-9941: The relevant test case passes, other failures are not related to this change : http://ec2-174-129-184-35.compute-1.amazonaws.com/jenkins/job/PreCommit-HIVE-TRUNK-Build/6804/testReport/org.apache.hadoop.hive.cli/TestNegativeCliDriver/testNegativeCliDriver_authorization_truncate_2/ > sql std authorization on partitioned table: truncate and insert > --- > > Key: HIVE-9941 > URL: https://issues.apache.org/jira/browse/HIVE-9941 > Project: Hive > Issue Type: Bug > Components: Authorization >Affects Versions: 1.0.0, 1.2.0 >Reporter: Olaf Flebbe >Assignee: Sushanth Sowmyan > Attachments: HIVE-9941.patch > > > sql std authorization works as expected. > However if a table is partitioned any user can truncate it > User foo: > {code} > create table bla (a string) partitioned by (b string); > #.. loading values ... > {code} > Admin: > {code} > 0: jdbc:hive2://localhost:1/default> set role admin; > No rows affected (0,074 seconds) > 0: jdbc:hive2://localhost:1/default> show grant on bla; > +---+++-+-+-++---++--+--+ > | database | table | partition | column | principal_name | > principal_type | privilege | grant_option | grant_time | grantor | > +---+++-+-+-++---++--+--+ > | default | bla|| | foo | USER > | DELETE | true | 1426158997000 | foo | > | default | bla|| | foo | USER > | INSERT | true | 1426158997000 | foo | > | default | bla|| | foo | USER > | SELECT | true | 1426158997000 | foo | > | default | bla|| | foo | USER > | UPDATE | true | 1426158997000 | foo | > +---+++-+-+-++---++--+--+ > {code} > now user olaf > {code} > 0: jdbc:hive2://localhost:1/default> select * from bla; > Error: Error while compiling statement: FAILED: HiveAccessControlException > Permission denied: Principal [name=olaf, type=USER] does not have following > privileges for operation QUERY [[SELECT] on Object [type=TABLE_OR_VIEW, > name=default.bla]] (state=42000,code=4) > {code} > works as expected. > _BUT_ > {code} > 0: jdbc:hive2://localhost:1/default> truncate table bla; > No rows affected (0,18 seconds) > {code} > _And table is empty afterwards_. > Similarily: {{insert into table}} works, too. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HIVE-9941) sql std authorization on partitioned table: truncate and insert
[ https://issues.apache.org/jira/browse/HIVE-9941?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15125128#comment-15125128 ] Hive QA commented on HIVE-9941: --- Here are the results of testing the latest attachment: https://issues.apache.org/jira/secure/attachment/12785024/HIVE-9941.patch {color:green}SUCCESS:{color} +1 due to 1 test(s) being added or modified. {color:red}ERROR:{color} -1 due to 5 failed/errored test(s), 10033 tests executed *Failed tests:* {noformat} TestMiniTezCliDriver-vector_left_outer_join2.q-vector_outer_join5.q-custom_input_output_format.q-and-12-more - did not produce a TEST-*.xml file org.apache.hadoop.hive.cli.TestNegativeCliDriver.testNegativeCliDriver_authorization_uri_import org.apache.hive.jdbc.TestSSL.testSSLVersion org.apache.hive.service.TestHS2ImpersonationWithRemoteMS.org.apache.hive.service.TestHS2ImpersonationWithRemoteMS org.apache.hive.service.cli.TestEmbeddedThriftBinaryCLIService.testExecuteStatementAsync {noformat} Test results: http://ec2-174-129-184-35.compute-1.amazonaws.com/jenkins/job/PreCommit-HIVE-TRUNK-Build/6804/testReport Console output: http://ec2-174-129-184-35.compute-1.amazonaws.com/jenkins/job/PreCommit-HIVE-TRUNK-Build/6804/console Test logs: http://ec2-174-129-184-35.compute-1.amazonaws.com/logs/PreCommit-HIVE-TRUNK-Build-6804/ Messages: {noformat} Executing org.apache.hive.ptest.execution.TestCheckPhase Executing org.apache.hive.ptest.execution.PrepPhase Executing org.apache.hive.ptest.execution.ExecutionPhase Executing org.apache.hive.ptest.execution.ReportingPhase Tests exited with: TestsFailedException: 5 tests failed {noformat} This message is automatically generated. ATTACHMENT ID: 12785024 - PreCommit-HIVE-TRUNK-Build > sql std authorization on partitioned table: truncate and insert > --- > > Key: HIVE-9941 > URL: https://issues.apache.org/jira/browse/HIVE-9941 > Project: Hive > Issue Type: Bug > Components: Authorization >Affects Versions: 1.0.0, 1.2.0 >Reporter: Olaf Flebbe >Assignee: Sushanth Sowmyan > Attachments: HIVE-9941.patch > > > sql std authorization works as expected. > However if a table is partitioned any user can truncate it > User foo: > {code} > create table bla (a string) partitioned by (b string); > #.. loading values ... > {code} > Admin: > {code} > 0: jdbc:hive2://localhost:1/default> set role admin; > No rows affected (0,074 seconds) > 0: jdbc:hive2://localhost:1/default> show grant on bla; > +---+++-+-+-++---++--+--+ > | database | table | partition | column | principal_name | > principal_type | privilege | grant_option | grant_time | grantor | > +---+++-+-+-++---++--+--+ > | default | bla|| | foo | USER > | DELETE | true | 1426158997000 | foo | > | default | bla|| | foo | USER > | INSERT | true | 1426158997000 | foo | > | default | bla|| | foo | USER > | SELECT | true | 1426158997000 | foo | > | default | bla|| | foo | USER > | UPDATE | true | 1426158997000 | foo | > +---+++-+-+-++---++--+--+ > {code} > now user olaf > {code} > 0: jdbc:hive2://localhost:1/default> select * from bla; > Error: Error while compiling statement: FAILED: HiveAccessControlException > Permission denied: Principal [name=olaf, type=USER] does not have following > privileges for operation QUERY [[SELECT] on Object [type=TABLE_OR_VIEW, > name=default.bla]] (state=42000,code=4) > {code} > works as expected. > _BUT_ > {code} > 0: jdbc:hive2://localhost:1/default> truncate table bla; > No rows affected (0,18 seconds) > {code} > _And table is empty afterwards_. > Similarily: {{insert into table}} works, too. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HIVE-9941) sql std authorization on partitioned table: truncate and insert
[ https://issues.apache.org/jira/browse/HIVE-9941?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15122303#comment-15122303 ] Sushanth Sowmyan commented on HIVE-9941: Thanks for the report, Olaf! This issue is fixed as part of HIVE-12875. We can close this issue as a duplicate of the other, but I think this is also a good jira to add in a testcase for the base issue. Attaching patch so that precommit tests pick this up. > sql std authorization on partitioned table: truncate and insert > --- > > Key: HIVE-9941 > URL: https://issues.apache.org/jira/browse/HIVE-9941 > Project: Hive > Issue Type: Bug > Components: Authorization >Affects Versions: 1.0.0, 1.2.0 >Reporter: Olaf Flebbe > > sql std authorization works as expected. > However if a table is partitioned any user can truncate it > User foo: > {code} > create table bla (a string) partitioned by (b string); > #.. loading values ... > {code} > Admin: > {code} > 0: jdbc:hive2://localhost:1/default> set role admin; > No rows affected (0,074 seconds) > 0: jdbc:hive2://localhost:1/default> show grant on bla; > +---+++-+-+-++---++--+--+ > | database | table | partition | column | principal_name | > principal_type | privilege | grant_option | grant_time | grantor | > +---+++-+-+-++---++--+--+ > | default | bla|| | foo | USER > | DELETE | true | 1426158997000 | foo | > | default | bla|| | foo | USER > | INSERT | true | 1426158997000 | foo | > | default | bla|| | foo | USER > | SELECT | true | 1426158997000 | foo | > | default | bla|| | foo | USER > | UPDATE | true | 1426158997000 | foo | > +---+++-+-+-++---++--+--+ > {code} > now user olaf > {code} > 0: jdbc:hive2://localhost:1/default> select * from bla; > Error: Error while compiling statement: FAILED: HiveAccessControlException > Permission denied: Principal [name=olaf, type=USER] does not have following > privileges for operation QUERY [[SELECT] on Object [type=TABLE_OR_VIEW, > name=default.bla]] (state=42000,code=4) > {code} > works as expected. > _BUT_ > {code} > 0: jdbc:hive2://localhost:1/default> truncate table bla; > No rows affected (0,18 seconds) > {code} > _And table is empty afterwards_. > Similarily: {{insert into table}} works, too. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HIVE-9941) sql std authorization on partitioned table: truncate and insert
[ https://issues.apache.org/jira/browse/HIVE-9941?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14638331#comment-14638331 ] Olaf Flebbe commented on HIVE-9941: --- Just verified it happens on 1.2.0 too sql std authorization on partitioned table: truncate and insert --- Key: HIVE-9941 URL: https://issues.apache.org/jira/browse/HIVE-9941 Project: Hive Issue Type: Bug Components: Authorization Affects Versions: 1.0.0, 1.2.0 Reporter: Olaf Flebbe sql std authorization works as expected. However if a table is partitioned any user can truncate it User foo: {code} create table bla (a string) partitioned by (b string); #.. loading values ... {code} Admin: {code} 0: jdbc:hive2://localhost:1/default set role admin; No rows affected (0,074 seconds) 0: jdbc:hive2://localhost:1/default show grant on bla; +---+++-+-+-++---++--+--+ | database | table | partition | column | principal_name | principal_type | privilege | grant_option | grant_time | grantor | +---+++-+-+-++---++--+--+ | default | bla|| | foo | USER | DELETE | true | 1426158997000 | foo | | default | bla|| | foo | USER | INSERT | true | 1426158997000 | foo | | default | bla|| | foo | USER | SELECT | true | 1426158997000 | foo | | default | bla|| | foo | USER | UPDATE | true | 1426158997000 | foo | +---+++-+-+-++---++--+--+ {code} now user olaf {code} 0: jdbc:hive2://localhost:1/default select * from bla; Error: Error while compiling statement: FAILED: HiveAccessControlException Permission denied: Principal [name=olaf, type=USER] does not have following privileges for operation QUERY [[SELECT] on Object [type=TABLE_OR_VIEW, name=default.bla]] (state=42000,code=4) {code} works as expected. _BUT_ {code} 0: jdbc:hive2://localhost:1/default truncate table bla; No rows affected (0,18 seconds) {code} _And table is empty afterwards_. Similarily: {{insert into table}} works, too. -- This message was sent by Atlassian JIRA (v6.3.4#6332)