hive-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From hashut...@apache.org
Subject svn commit: r1560464 - in /hive/trunk/ql/src: java/org/apache/hadoop/hive/ql/parse/HiveParser.g test/queries/clientpositive/authorization_view.q test/results/clientpositive/authorization_view.q.out
Date Wed, 22 Jan 2014 18:30:56 GMT
Author: hashutosh
Date: Wed Jan 22 18:30:56 2014
New Revision: 1560464

URL: http://svn.apache.org/r1560464
Log:
HIVE-6181 : support grant/revoke on views - parser changes (Ashutosh Chauhan via Thejas Nair)

Added:
    hive/trunk/ql/src/test/queries/clientpositive/authorization_view.q
    hive/trunk/ql/src/test/results/clientpositive/authorization_view.q.out
Modified:
    hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/parse/HiveParser.g

Modified: hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/parse/HiveParser.g
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/parse/HiveParser.g?rev=1560464&r1=1560463&r2=1560464&view=diff
==============================================================================
--- hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/parse/HiveParser.g (original)
+++ hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/parse/HiveParser.g Wed Jan 22 18:30:56
2014
@@ -1377,6 +1377,7 @@ privObjectType
 @init {msgs.push("privilege object type type");}
 @after {msgs.pop();}
     : KW_DATABASE -> ^(TOK_DB_TYPE)
+    | KW_VIEW -> ^(TOK_TABLE_TYPE)
     | KW_TABLE? -> ^(TOK_TABLE_TYPE)
     ;
 

Added: hive/trunk/ql/src/test/queries/clientpositive/authorization_view.q
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/queries/clientpositive/authorization_view.q?rev=1560464&view=auto
==============================================================================
--- hive/trunk/ql/src/test/queries/clientpositive/authorization_view.q (added)
+++ hive/trunk/ql/src/test/queries/clientpositive/authorization_view.q Wed Jan 22 18:30:56
2014
@@ -0,0 +1,77 @@
+-- SORT_BEFORE_DIFF
+
+create view src_autho_test as select * from src;
+
+set hive.security.authorization.enabled=true;
+
+--view grant to user
+
+grant select on view src_autho_test to user hive_test_user;
+
+show grant user hive_test_user on view src_autho_test;
+show grant user hive_test_user on view src_autho_test(key);
+
+revoke select on view src_autho_test from user hive_test_user;
+show grant user hive_test_user on view src_autho_test;
+show grant user hive_test_user on view src_autho_test(key);
+
+--column grant to user
+
+grant select(key) on view src_autho_test to user hive_test_user;
+
+show grant user hive_test_user on view src_autho_test;
+show grant user hive_test_user on view src_autho_test(key);
+
+revoke select(key) on view src_autho_test from user hive_test_user;
+show grant user hive_test_user on view src_autho_test;
+show grant user hive_test_user on view src_autho_test(key); 
+
+--view grant to group
+
+grant select on view src_autho_test to group hive_test_group1;
+
+show grant group hive_test_group1 on view src_autho_test;
+show grant group hive_test_group1 on view src_autho_test(key);
+
+revoke select on view src_autho_test from group hive_test_group1;
+show grant group hive_test_group1 on view src_autho_test;
+show grant group hive_test_group1 on view src_autho_test(key);
+
+--column grant to group
+
+grant select(key) on view src_autho_test to group hive_test_group1;
+
+show grant group hive_test_group1 on view src_autho_test;
+show grant group hive_test_group1 on view src_autho_test(key);
+
+revoke select(key) on view src_autho_test from group hive_test_group1;
+show grant group hive_test_group1 on view src_autho_test;
+show grant group hive_test_group1 on view src_autho_test(key);
+
+--role
+create role src_role;
+grant role src_role to user hive_test_user;
+show role grant user hive_test_user;
+
+--column grant to role
+
+grant select(key) on view src_autho_test to role src_role;
+
+show grant role src_role on view src_autho_test;
+show grant role src_role on view src_autho_test(key);
+
+revoke select(key) on view src_autho_test from role src_role;
+
+--view grant to role
+
+grant select on view src_autho_test to role src_role;
+
+show grant role src_role on view src_autho_test;
+show grant role src_role on view src_autho_test(key);
+revoke select on view src_autho_test from role src_role;
+
+-- drop role
+drop role src_role;
+
+set hive.security.authorization.enabled=false;
+drop view src_autho_test;

Added: hive/trunk/ql/src/test/results/clientpositive/authorization_view.q.out
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/results/clientpositive/authorization_view.q.out?rev=1560464&view=auto
==============================================================================
--- hive/trunk/ql/src/test/results/clientpositive/authorization_view.q.out (added)
+++ hive/trunk/ql/src/test/results/clientpositive/authorization_view.q.out Wed Jan 22 18:30:56
2014
@@ -0,0 +1,259 @@
+PREHOOK: query: -- SORT_BEFORE_DIFF
+
+create view src_autho_test as select * from src
+PREHOOK: type: CREATEVIEW
+POSTHOOK: query: -- SORT_BEFORE_DIFF
+
+create view src_autho_test as select * from src
+POSTHOOK: type: CREATEVIEW
+POSTHOOK: Output: default@src_autho_test
+PREHOOK: query: --view grant to user
+
+grant select on view src_autho_test to user hive_test_user
+PREHOOK: type: GRANT_PRIVILEGE
+PREHOOK: Output: default@src_autho_test
+POSTHOOK: query: --view grant to user
+
+grant select on view src_autho_test to user hive_test_user
+POSTHOOK: type: GRANT_PRIVILEGE
+POSTHOOK: Output: default@src_autho_test
+PREHOOK: query: show grant user hive_test_user on view src_autho_test
+PREHOOK: type: SHOW_GRANT
+POSTHOOK: query: show grant user hive_test_user on view src_autho_test
+POSTHOOK: type: SHOW_GRANT
+database	default
+table	src_autho_test
+principalName	hive_test_user
+principalType	USER
+privilege	Select
+#### A masked pattern was here ####
+grantor	hive_test_user
+PREHOOK: query: show grant user hive_test_user on view src_autho_test(key)
+PREHOOK: type: SHOW_GRANT
+POSTHOOK: query: show grant user hive_test_user on view src_autho_test(key)
+POSTHOOK: type: SHOW_GRANT
+PREHOOK: query: revoke select on view src_autho_test from user hive_test_user
+PREHOOK: type: REVOKE_PRIVILEGE
+PREHOOK: Output: default@src_autho_test
+POSTHOOK: query: revoke select on view src_autho_test from user hive_test_user
+POSTHOOK: type: REVOKE_PRIVILEGE
+POSTHOOK: Output: default@src_autho_test
+PREHOOK: query: show grant user hive_test_user on view src_autho_test
+PREHOOK: type: SHOW_GRANT
+POSTHOOK: query: show grant user hive_test_user on view src_autho_test
+POSTHOOK: type: SHOW_GRANT
+PREHOOK: query: show grant user hive_test_user on view src_autho_test(key)
+PREHOOK: type: SHOW_GRANT
+POSTHOOK: query: show grant user hive_test_user on view src_autho_test(key)
+POSTHOOK: type: SHOW_GRANT
+PREHOOK: query: --column grant to user
+
+grant select(key) on view src_autho_test to user hive_test_user
+PREHOOK: type: GRANT_PRIVILEGE
+PREHOOK: Output: default@src_autho_test
+POSTHOOK: query: --column grant to user
+
+grant select(key) on view src_autho_test to user hive_test_user
+POSTHOOK: type: GRANT_PRIVILEGE
+POSTHOOK: Output: default@src_autho_test
+PREHOOK: query: show grant user hive_test_user on view src_autho_test
+PREHOOK: type: SHOW_GRANT
+POSTHOOK: query: show grant user hive_test_user on view src_autho_test
+POSTHOOK: type: SHOW_GRANT
+PREHOOK: query: show grant user hive_test_user on view src_autho_test(key)
+PREHOOK: type: SHOW_GRANT
+POSTHOOK: query: show grant user hive_test_user on view src_autho_test(key)
+POSTHOOK: type: SHOW_GRANT
+database	default
+table	src_autho_test
+columnName	key
+principalName	hive_test_user
+principalType	USER
+privilege	Select
+#### A masked pattern was here ####
+grantor	hive_test_user
+PREHOOK: query: revoke select(key) on view src_autho_test from user hive_test_user
+PREHOOK: type: REVOKE_PRIVILEGE
+PREHOOK: Output: default@src_autho_test
+POSTHOOK: query: revoke select(key) on view src_autho_test from user hive_test_user
+POSTHOOK: type: REVOKE_PRIVILEGE
+POSTHOOK: Output: default@src_autho_test
+PREHOOK: query: show grant user hive_test_user on view src_autho_test
+PREHOOK: type: SHOW_GRANT
+POSTHOOK: query: show grant user hive_test_user on view src_autho_test
+POSTHOOK: type: SHOW_GRANT
+PREHOOK: query: show grant user hive_test_user on view src_autho_test(key)
+PREHOOK: type: SHOW_GRANT
+POSTHOOK: query: show grant user hive_test_user on view src_autho_test(key)
+POSTHOOK: type: SHOW_GRANT
+PREHOOK: query: --view grant to group
+
+grant select on view src_autho_test to group hive_test_group1
+PREHOOK: type: GRANT_PRIVILEGE
+PREHOOK: Output: default@src_autho_test
+POSTHOOK: query: --view grant to group
+
+grant select on view src_autho_test to group hive_test_group1
+POSTHOOK: type: GRANT_PRIVILEGE
+POSTHOOK: Output: default@src_autho_test
+PREHOOK: query: show grant group hive_test_group1 on view src_autho_test
+PREHOOK: type: SHOW_GRANT
+POSTHOOK: query: show grant group hive_test_group1 on view src_autho_test
+POSTHOOK: type: SHOW_GRANT
+database	default
+table	src_autho_test
+principalName	hive_test_group1
+principalType	GROUP
+privilege	Select
+#### A masked pattern was here ####
+grantor	hive_test_user
+PREHOOK: query: show grant group hive_test_group1 on view src_autho_test(key)
+PREHOOK: type: SHOW_GRANT
+POSTHOOK: query: show grant group hive_test_group1 on view src_autho_test(key)
+POSTHOOK: type: SHOW_GRANT
+PREHOOK: query: revoke select on view src_autho_test from group hive_test_group1
+PREHOOK: type: REVOKE_PRIVILEGE
+PREHOOK: Output: default@src_autho_test
+POSTHOOK: query: revoke select on view src_autho_test from group hive_test_group1
+POSTHOOK: type: REVOKE_PRIVILEGE
+POSTHOOK: Output: default@src_autho_test
+PREHOOK: query: show grant group hive_test_group1 on view src_autho_test
+PREHOOK: type: SHOW_GRANT
+POSTHOOK: query: show grant group hive_test_group1 on view src_autho_test
+POSTHOOK: type: SHOW_GRANT
+PREHOOK: query: show grant group hive_test_group1 on view src_autho_test(key)
+PREHOOK: type: SHOW_GRANT
+POSTHOOK: query: show grant group hive_test_group1 on view src_autho_test(key)
+POSTHOOK: type: SHOW_GRANT
+PREHOOK: query: --column grant to group
+
+grant select(key) on view src_autho_test to group hive_test_group1
+PREHOOK: type: GRANT_PRIVILEGE
+PREHOOK: Output: default@src_autho_test
+POSTHOOK: query: --column grant to group
+
+grant select(key) on view src_autho_test to group hive_test_group1
+POSTHOOK: type: GRANT_PRIVILEGE
+POSTHOOK: Output: default@src_autho_test
+PREHOOK: query: show grant group hive_test_group1 on view src_autho_test
+PREHOOK: type: SHOW_GRANT
+POSTHOOK: query: show grant group hive_test_group1 on view src_autho_test
+POSTHOOK: type: SHOW_GRANT
+PREHOOK: query: show grant group hive_test_group1 on view src_autho_test(key)
+PREHOOK: type: SHOW_GRANT
+POSTHOOK: query: show grant group hive_test_group1 on view src_autho_test(key)
+POSTHOOK: type: SHOW_GRANT
+database	default
+table	src_autho_test
+columnName	key
+principalName	hive_test_group1
+principalType	GROUP
+privilege	Select
+#### A masked pattern was here ####
+grantor	hive_test_user
+PREHOOK: query: revoke select(key) on view src_autho_test from group hive_test_group1
+PREHOOK: type: REVOKE_PRIVILEGE
+PREHOOK: Output: default@src_autho_test
+POSTHOOK: query: revoke select(key) on view src_autho_test from group hive_test_group1
+POSTHOOK: type: REVOKE_PRIVILEGE
+POSTHOOK: Output: default@src_autho_test
+PREHOOK: query: show grant group hive_test_group1 on view src_autho_test
+PREHOOK: type: SHOW_GRANT
+POSTHOOK: query: show grant group hive_test_group1 on view src_autho_test
+POSTHOOK: type: SHOW_GRANT
+PREHOOK: query: show grant group hive_test_group1 on view src_autho_test(key)
+PREHOOK: type: SHOW_GRANT
+POSTHOOK: query: show grant group hive_test_group1 on view src_autho_test(key)
+POSTHOOK: type: SHOW_GRANT
+PREHOOK: query: --role
+create role src_role
+PREHOOK: type: CREATEROLE
+POSTHOOK: query: --role
+create role src_role
+POSTHOOK: type: CREATEROLE
+PREHOOK: query: grant role src_role to user hive_test_user
+PREHOOK: type: GRANT_ROLE
+POSTHOOK: query: grant role src_role to user hive_test_user
+POSTHOOK: type: GRANT_ROLE
+PREHOOK: query: show role grant user hive_test_user
+PREHOOK: type: SHOW_ROLE_GRANT
+POSTHOOK: query: show role grant user hive_test_user
+POSTHOOK: type: SHOW_ROLE_GRANT
+src_role
+PREHOOK: query: --column grant to role
+
+grant select(key) on view src_autho_test to role src_role
+PREHOOK: type: GRANT_PRIVILEGE
+PREHOOK: Output: default@src_autho_test
+POSTHOOK: query: --column grant to role
+
+grant select(key) on view src_autho_test to role src_role
+POSTHOOK: type: GRANT_PRIVILEGE
+POSTHOOK: Output: default@src_autho_test
+PREHOOK: query: show grant role src_role on view src_autho_test
+PREHOOK: type: SHOW_GRANT
+POSTHOOK: query: show grant role src_role on view src_autho_test
+POSTHOOK: type: SHOW_GRANT
+PREHOOK: query: show grant role src_role on view src_autho_test(key)
+PREHOOK: type: SHOW_GRANT
+POSTHOOK: query: show grant role src_role on view src_autho_test(key)
+POSTHOOK: type: SHOW_GRANT
+database	default
+table	src_autho_test
+columnName	key
+principalName	src_role
+principalType	ROLE
+privilege	Select
+#### A masked pattern was here ####
+grantor	hive_test_user
+PREHOOK: query: revoke select(key) on view src_autho_test from role src_role
+PREHOOK: type: REVOKE_PRIVILEGE
+PREHOOK: Output: default@src_autho_test
+POSTHOOK: query: revoke select(key) on view src_autho_test from role src_role
+POSTHOOK: type: REVOKE_PRIVILEGE
+POSTHOOK: Output: default@src_autho_test
+PREHOOK: query: --view grant to role
+
+grant select on view src_autho_test to role src_role
+PREHOOK: type: GRANT_PRIVILEGE
+PREHOOK: Output: default@src_autho_test
+POSTHOOK: query: --view grant to role
+
+grant select on view src_autho_test to role src_role
+POSTHOOK: type: GRANT_PRIVILEGE
+POSTHOOK: Output: default@src_autho_test
+PREHOOK: query: show grant role src_role on view src_autho_test
+PREHOOK: type: SHOW_GRANT
+POSTHOOK: query: show grant role src_role on view src_autho_test
+POSTHOOK: type: SHOW_GRANT
+database	default
+table	src_autho_test
+principalName	src_role
+principalType	ROLE
+privilege	Select
+#### A masked pattern was here ####
+grantor	hive_test_user
+PREHOOK: query: show grant role src_role on view src_autho_test(key)
+PREHOOK: type: SHOW_GRANT
+POSTHOOK: query: show grant role src_role on view src_autho_test(key)
+POSTHOOK: type: SHOW_GRANT
+PREHOOK: query: revoke select on view src_autho_test from role src_role
+PREHOOK: type: REVOKE_PRIVILEGE
+PREHOOK: Output: default@src_autho_test
+POSTHOOK: query: revoke select on view src_autho_test from role src_role
+POSTHOOK: type: REVOKE_PRIVILEGE
+POSTHOOK: Output: default@src_autho_test
+PREHOOK: query: -- drop role
+drop role src_role
+PREHOOK: type: DROPROLE
+POSTHOOK: query: -- drop role
+drop role src_role
+POSTHOOK: type: DROPROLE
+PREHOOK: query: drop view src_autho_test
+PREHOOK: type: DROPVIEW
+PREHOOK: Input: default@src_autho_test
+PREHOOK: Output: default@src_autho_test
+POSTHOOK: query: drop view src_autho_test
+POSTHOOK: type: DROPVIEW
+POSTHOOK: Input: default@src_autho_test
+POSTHOOK: Output: default@src_autho_test



Mime
View raw message