Time taken: 0.14 seconds
hive> create table authorization_part (key int, value string)
partitioned by (ds string);
OK
Time taken: 0.055 seconds
hive> ALTER TABLE authorization_part SET TBLPROPERTIES
("PARTITION_LEVEL_PRIVILEGE"="TRUE");
OK
Time taken: 0.252 seconds
hive> set hive.security.authorization.enabled=true;
hive> grant create on table authorization_part to use edward;
FAILED: Parse Error: line 1:44 cannot recognize input near 'use'
'edward' '<EOF>' in user|group|role name
hive> grant create on table authorization_part to user edward;
OK
Time taken: 0.092 seconds
hive> grant update on table authorization_part to user edward;
OK
Time taken: 0.084 seconds
hive> grant drop on table authorization_part to user edward;
OK
Time taken: 0.136 seconds
hive> grant select on table authorization_part to user edward;
OK
Time taken: 0.083 seconds
hive> alter table authorization_part add partition (ds='1');
OK
Time taken: 0.212 seconds
hive> alter table authorization_part add partition (ds='2');
OK
Time taken: 0.241 seconds
hive> select * from authorization_part where ds='1';
OK
Time taken: 0.168 seconds
hive> show grant user edward on table authorization_part;
OK
database default
table authorization_part
principalName edward
principalType USER
privilege Create
grantTime Thu Mar 22 17:45:39 EDT 2012
grantor edward
database default
table authorization_part
principalName edward
principalType USER
privilege Update
grantTime Thu Mar 22 17:45:52 EDT 2012
grantor edward
database default
table authorization_part
principalName edward
principalType USER
privilege Drop
grantTime Thu Mar 22 17:45:57 EDT 2012
grantor edward
database default
table authorization_part
principalName edward
principalType USER
privilege Select
grantTime Thu Mar 22 17:46:02 EDT 2012
grantor edward
Time taken: 0.049 seconds
hive> show grant user edward on table authorization_part partition (ds='1')
> ;
OK
database default
table authorization_part
partition ds=1
principalName edward
principalType USER
privilege Create
grantTime Thu Mar 22 17:46:45 EDT 2012
grantor edward
database default
table authorization_part
partition ds=1
principalName edward
principalType USER
privilege Update
grantTime Thu Mar 22 17:46:45 EDT 2012
grantor edward
database default
table authorization_part
partition ds=1
principalName edward
principalType USER
privilege Drop
grantTime Thu Mar 22 17:46:45 EDT 2012
grantor edward
database default
table authorization_part
partition ds=1
principalName edward
principalType USER
privilege Select
grantTime Thu Mar 22 17:46:45 EDT 2012
grantor edward
Time taken: 0.055 seconds
hive> revoke select on table authorization_part partition (ds='1')
from user edward;
OK
Time taken: 0.202 seconds
hive> select * from authorization_part where ds='1';
Authorization failed:No privilege 'Select' found for inputs {
database:default, table:authorization_part, partitionName:ds=1,
columnName:key}. Use show grant to get more details.
hive> grant select on table authorization_part partition (ds='1') to
user edward;
Error: Grant does not support partition level.
FAILED: Execution Error, return code 1 from
org.apache.hadoop.hive.ql.exec.DDLTask
hive>
So it seems like user inherits grant select automatically, partition
privileges can be revoked, but then they can not be re-granted?
Am I using these feature wrong or is it still a work in progress? I am
trying to get grant|revoke per partition working with hive 0.8.1
Thank you for any insight.
Edward
