hive-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From hashut...@apache.org
Subject svn commit: r1594259 - in /hive/trunk: metastore/src/java/org/apache/hadoop/hive/metastore/ ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/ ql/src/test/queries/clientnegative/ ql/src/test/queries/clientpositive/ ql/src/test/results...
Date Tue, 13 May 2014 16:11:12 GMT
Author: hashutosh
Date: Tue May 13 16:11:11 2014
New Revision: 1594259

URL: http://svn.apache.org/r1594259
Log:
HIVE-7033 : grant statements should check if the role exists (Thejas Nair via Ashutosh Chauhan)

Added:
    hive/trunk/ql/src/test/queries/clientnegative/authorization_role_grant_nosuchrole.q
    hive/trunk/ql/src/test/queries/clientnegative/authorization_table_grant_nosuchrole.q
    hive/trunk/ql/src/test/results/clientnegative/authorization_role_grant_nosuchrole.q.out
    hive/trunk/ql/src/test/results/clientnegative/authorization_table_grant_nosuchrole.q.out
Modified:
    hive/trunk/metastore/src/java/org/apache/hadoop/hive/metastore/ObjectStore.java
    hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HivePrincipal.java
    hive/trunk/ql/src/test/queries/clientpositive/authorization_1_sql_std.q
    hive/trunk/ql/src/test/queries/clientpositive/authorization_role_grant1.q
    hive/trunk/ql/src/test/queries/clientpositive/authorization_role_grant2.q
    hive/trunk/ql/src/test/results/clientpositive/authorization_1_sql_std.q.out
    hive/trunk/ql/src/test/results/clientpositive/authorization_role_grant1.q.out
    hive/trunk/ql/src/test/results/clientpositive/authorization_role_grant2.q.out

Modified: hive/trunk/metastore/src/java/org/apache/hadoop/hive/metastore/ObjectStore.java
URL: http://svn.apache.org/viewvc/hive/trunk/metastore/src/java/org/apache/hadoop/hive/metastore/ObjectStore.java?rev=1594259&r1=1594258&r2=1594259&view=diff
==============================================================================
--- hive/trunk/metastore/src/java/org/apache/hadoop/hive/metastore/ObjectStore.java (original)
+++ hive/trunk/metastore/src/java/org/apache/hadoop/hive/metastore/ObjectStore.java Tue May
13 16:11:11 2014
@@ -3040,6 +3040,7 @@ public class ObjectStore implements RawS
     boolean success = false;
     boolean commited = false;
     try {
+      openTransaction();
       MRoleMap roleMap = null;
       try {
         roleMap = this.getMSecurityUserRoleMap(userName, principalType, role
@@ -3050,7 +3051,9 @@ public class ObjectStore implements RawS
         throw new InvalidObjectException("Principal " + userName
             + " already has the role " + role.getRoleName());
       }
-      openTransaction();
+      if (principalType == PrincipalType.ROLE) {
+        validateRole(userName);
+      }
       MRole mRole = getMRole(role.getRoleName());
       long now = System.currentTimeMillis()/1000;
       MRoleMap roleMember = new MRoleMap(userName, principalType.toString(),
@@ -3066,6 +3069,19 @@ public class ObjectStore implements RawS
     return success;
   }
 
+  /**
+   * Verify that role with given name exists, if not throw exception
+   * @param roleName
+   * @throws NoSuchObjectException
+   */
+  private void validateRole(String roleName) throws NoSuchObjectException {
+    // if grantee is a role, check if it exists
+    MRole granteeRole = getMRole(roleName);
+    if (granteeRole == null) {
+      throw new NoSuchObjectException("Role " + roleName + " does not exist");
+    }
+  }
+
   @Override
   public boolean revokeRole(Role role, String userName, PrincipalType principalType) throws
MetaException, NoSuchObjectException {
     boolean success = false;
@@ -3698,6 +3714,10 @@ public class ObjectStore implements RawS
           boolean grantOption = privDef.getGrantInfo().isGrantOption();
           privSet.clear();
 
+          if(principalType == PrincipalType.ROLE){
+            validateRole(userName);
+          }
+
           if (hiveObject.getObjectType() == HiveObjectType.GLOBAL) {
             List<MGlobalPrivilege> globalPrivs = this
                 .listPrincipalGlobalGrants(userName, principalType);

Modified: hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HivePrincipal.java
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HivePrincipal.java?rev=1594259&r1=1594258&r2=1594259&view=diff
==============================================================================
--- hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HivePrincipal.java
(original)
+++ hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HivePrincipal.java
Tue May 13 16:11:11 2014
@@ -40,8 +40,16 @@ public class HivePrincipal {
   private final HivePrincipalType type;
 
   public HivePrincipal(String name, HivePrincipalType type){
-    this.name = name;
     this.type = type;
+    if (type == HivePrincipalType.ROLE) {
+      // lower case role to make operations on it case insensitive
+      // when the old default authorization gets deprecated, this can move
+      // to ObjectStore code base
+      this.name = name.toLowerCase();
+    } else {
+      this.name = name;
+    }
+
   }
   public String getName() {
     return name;

Added: hive/trunk/ql/src/test/queries/clientnegative/authorization_role_grant_nosuchrole.q
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/queries/clientnegative/authorization_role_grant_nosuchrole.q?rev=1594259&view=auto
==============================================================================
--- hive/trunk/ql/src/test/queries/clientnegative/authorization_role_grant_nosuchrole.q (added)
+++ hive/trunk/ql/src/test/queries/clientnegative/authorization_role_grant_nosuchrole.q Tue
May 13 16:11:11 2014
@@ -0,0 +1,13 @@
+set hive.users.in.admin.role=hive_admin_user;
+set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest;
+set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator;
+set user.name=hive_admin_user;
+
+set role ADMIN;
+
+----------------------------------------
+-- granting role to a role that does not exist should fail
+----------------------------------------
+
+create role role1;
+grant role1 to role nosuchrole;

Added: hive/trunk/ql/src/test/queries/clientnegative/authorization_table_grant_nosuchrole.q
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/queries/clientnegative/authorization_table_grant_nosuchrole.q?rev=1594259&view=auto
==============================================================================
--- hive/trunk/ql/src/test/queries/clientnegative/authorization_table_grant_nosuchrole.q (added)
+++ hive/trunk/ql/src/test/queries/clientnegative/authorization_table_grant_nosuchrole.q Tue
May 13 16:11:11 2014
@@ -0,0 +1,8 @@
+set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest;
+set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator;
+
+----------------------------------------
+-- granting object privilege to a role that does not exist should fail
+----------------------------------------
+create table t1(i int);
+grant ALL on t1 to role nosuchrole;

Modified: hive/trunk/ql/src/test/queries/clientpositive/authorization_1_sql_std.q
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/queries/clientpositive/authorization_1_sql_std.q?rev=1594259&r1=1594258&r2=1594259&view=diff
==============================================================================
--- hive/trunk/ql/src/test/queries/clientpositive/authorization_1_sql_std.q (original)
+++ hive/trunk/ql/src/test/queries/clientpositive/authorization_1_sql_std.q Tue May 13 16:11:11
2014
@@ -24,13 +24,14 @@ show role grant user user_sauth;
 
 --table grant to role
 
-grant select on table src_autho_test to role src_role;
+-- also verify case insesitive behavior of role name
+grant select on table src_autho_test to role Src_ROle;
 
 show grant role src_role on table src_autho_test;
-revoke select on table src_autho_test from role src_role;
+revoke select on table src_autho_test from role src_rolE;
 
 -- drop role
-drop role src_role;
+drop role SRc_role;
 
 set hive.security.authorization.enabled=false;
 drop table src_autho_test;

Modified: hive/trunk/ql/src/test/queries/clientpositive/authorization_role_grant1.q
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/queries/clientpositive/authorization_role_grant1.q?rev=1594259&r1=1594258&r2=1594259&view=diff
==============================================================================
--- hive/trunk/ql/src/test/queries/clientpositive/authorization_role_grant1.q (original)
+++ hive/trunk/ql/src/test/queries/clientpositive/authorization_role_grant1.q Tue May 13 16:11:11
2014
@@ -5,14 +5,16 @@ set user.name=hive_admin_user;
 
 -- enable sql standard authorization
 -- role granting without role keyword
+-- also test role being treated as case insensitive
 set role ADMIN;
-create role src_role2;
-grant  src_role2 to user user2 ;
+create role src_Role2;
+
+grant SRC_role2 to user user2 ;
 show role grant user user2;
 show roles;
 
 -- revoke role without role keyword
-revoke src_role2 from user user2;
+revoke src_rolE2 from user user2;
 show role grant user user2;
 show roles;
 
@@ -21,18 +23,16 @@ show roles;
 ----------------------------------------
 
 create role src_role_wadmin;
-grant  src_role_wadmin to user user2 with admin option;
+grant src_role_wadmin to user user2 with admin option;
 show role grant user user2;
 
 -- revoke role without role keyword
 revoke src_role_wadmin from user user2;
 show role grant user user2;
 
-
-
 -- drop roles
 show roles;
-drop role src_role2;
+drop role Src_role2;
 show roles;
-drop role src_role_wadmin;
+drop role sRc_role_wadmin;
 show roles;

Modified: hive/trunk/ql/src/test/queries/clientpositive/authorization_role_grant2.q
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/queries/clientpositive/authorization_role_grant2.q?rev=1594259&r1=1594258&r2=1594259&view=diff
==============================================================================
--- hive/trunk/ql/src/test/queries/clientpositive/authorization_role_grant2.q (original)
+++ hive/trunk/ql/src/test/queries/clientpositive/authorization_role_grant2.q Tue May 13 16:11:11
2014
@@ -9,25 +9,38 @@ set role ADMIN;
 ----------------------------------------
 -- role granting with admin option
 ----------------------------------------
+-- Also test case sensitivity of role name
 
-create role src_role_wadmin;
-grant  src_role_wadmin to user user2 with admin option;
+create role srC_role_wadmin;
+create role src_roLe2;
+grant src_role_wadmin to user user2 with admin option;
 show role grant user user2;
 show principals src_role_wadmin;
 
+
 set user.name=user2;
-set role src_role_wadmin;
-grant  src_role_wadmin to user user3;
+set role src_role_WadMin;
+-- grant role to another user
+grant src_Role_wadmin to user user3;
 show role grant user user3;
+-- grant role to another role
+grant src_role_wadmin to role sRc_role2;;
+show role grant role src_Role2;;
+
+
 
 set user.name=hive_admin_user;
 set role ADMIN;
-show principals src_role_wadmin;
+show principals src_ROle_wadmin;
 
 set user.name=user2;
 set role src_role_wadmin;
-revoke src_role_wadmin from user user3;
+-- revoke user from role
+revoke src_rolE_wadmin from user user3;
 show role grant user user3;
+-- revoke role from role
+revoke src_rolE_wadmin from role sRc_role2;
+show role grant role sRc_role2;
 
 set user.name=hive_admin_user;
 set role ADMIN;

Added: hive/trunk/ql/src/test/results/clientnegative/authorization_role_grant_nosuchrole.q.out
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/results/clientnegative/authorization_role_grant_nosuchrole.q.out?rev=1594259&view=auto
==============================================================================
--- hive/trunk/ql/src/test/results/clientnegative/authorization_role_grant_nosuchrole.q.out
(added)
+++ hive/trunk/ql/src/test/results/clientnegative/authorization_role_grant_nosuchrole.q.out
Tue May 13 16:11:11 2014
@@ -0,0 +1,19 @@
+PREHOOK: query: set role ADMIN
+PREHOOK: type: SHOW_ROLES
+POSTHOOK: query: set role ADMIN
+POSTHOOK: type: SHOW_ROLES
+PREHOOK: query: ----------------------------------------
+-- granting role to a role that does not exist should fail
+----------------------------------------
+
+create role role1
+PREHOOK: type: CREATEROLE
+POSTHOOK: query: ----------------------------------------
+-- granting role to a role that does not exist should fail
+----------------------------------------
+
+create role role1
+POSTHOOK: type: CREATEROLE
+PREHOOK: query: grant role1 to role nosuchrole
+PREHOOK: type: GRANT_ROLE
+FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException:
Error granting roles for nosuchrole to role role1: NoSuchObjectException(message:Role nosuchrole
does not exist)

Added: hive/trunk/ql/src/test/results/clientnegative/authorization_table_grant_nosuchrole.q.out
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/results/clientnegative/authorization_table_grant_nosuchrole.q.out?rev=1594259&view=auto
==============================================================================
--- hive/trunk/ql/src/test/results/clientnegative/authorization_table_grant_nosuchrole.q.out
(added)
+++ hive/trunk/ql/src/test/results/clientnegative/authorization_table_grant_nosuchrole.q.out
Tue May 13 16:11:11 2014
@@ -0,0 +1,17 @@
+PREHOOK: query: ----------------------------------------
+-- granting object privilege to a role that does not exist should fail
+----------------------------------------
+create table t1(i int)
+PREHOOK: type: CREATETABLE
+PREHOOK: Output: database:default
+POSTHOOK: query: ----------------------------------------
+-- granting object privilege to a role that does not exist should fail
+----------------------------------------
+create table t1(i int)
+POSTHOOK: type: CREATETABLE
+POSTHOOK: Output: database:default
+POSTHOOK: Output: default@t1
+PREHOOK: query: grant ALL on t1 to role nosuchrole
+PREHOOK: type: GRANT_PRIVILEGE
+PREHOOK: Output: default@t1
+FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. Error
granting privileges: NoSuchObjectException(message:Role nosuchrole does not exist)

Modified: hive/trunk/ql/src/test/results/clientpositive/authorization_1_sql_std.q.out
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/results/clientpositive/authorization_1_sql_std.q.out?rev=1594259&r1=1594258&r2=1594259&view=diff
==============================================================================
--- hive/trunk/ql/src/test/results/clientpositive/authorization_1_sql_std.q.out (original)
+++ hive/trunk/ql/src/test/results/clientpositive/authorization_1_sql_std.q.out Tue May 13
16:11:11 2014
@@ -52,12 +52,14 @@ public	false	-1	
 src_role	false	-1	hive_admin_user
 PREHOOK: query: --table grant to role
 
-grant select on table src_autho_test to role src_role
+-- also verify case insesitive behavior of role name
+grant select on table src_autho_test to role Src_ROle
 PREHOOK: type: GRANT_PRIVILEGE
 PREHOOK: Output: default@src_autho_test
 POSTHOOK: query: --table grant to role
 
-grant select on table src_autho_test to role src_role
+-- also verify case insesitive behavior of role name
+grant select on table src_autho_test to role Src_ROle
 POSTHOOK: type: GRANT_PRIVILEGE
 POSTHOOK: Output: default@src_autho_test
 PREHOOK: query: show grant role src_role on table src_autho_test
@@ -65,17 +67,17 @@ PREHOOK: type: SHOW_GRANT
 POSTHOOK: query: show grant role src_role on table src_autho_test
 POSTHOOK: type: SHOW_GRANT
 default	src_autho_test			src_role	ROLE	SELECT	false	-1	hive_admin_user
-PREHOOK: query: revoke select on table src_autho_test from role src_role
+PREHOOK: query: revoke select on table src_autho_test from role src_rolE
 PREHOOK: type: REVOKE_PRIVILEGE
 PREHOOK: Output: default@src_autho_test
-POSTHOOK: query: revoke select on table src_autho_test from role src_role
+POSTHOOK: query: revoke select on table src_autho_test from role src_rolE
 POSTHOOK: type: REVOKE_PRIVILEGE
 POSTHOOK: Output: default@src_autho_test
 PREHOOK: query: -- drop role
-drop role src_role
+drop role SRc_role
 PREHOOK: type: DROPROLE
 POSTHOOK: query: -- drop role
-drop role src_role
+drop role SRc_role
 POSTHOOK: type: DROPROLE
 PREHOOK: query: drop table src_autho_test
 PREHOOK: type: DROPTABLE

Modified: hive/trunk/ql/src/test/results/clientpositive/authorization_role_grant1.q.out
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/results/clientpositive/authorization_role_grant1.q.out?rev=1594259&r1=1594258&r2=1594259&view=diff
==============================================================================
--- hive/trunk/ql/src/test/results/clientpositive/authorization_role_grant1.q.out (original)
+++ hive/trunk/ql/src/test/results/clientpositive/authorization_role_grant1.q.out Tue May
13 16:11:11 2014
@@ -1,18 +1,20 @@
 PREHOOK: query: -- enable sql standard authorization
 -- role granting without role keyword
+-- also test role being treated as case insensitive
 set role ADMIN
 PREHOOK: type: SHOW_ROLES
 POSTHOOK: query: -- enable sql standard authorization
 -- role granting without role keyword
+-- also test role being treated as case insensitive
 set role ADMIN
 POSTHOOK: type: SHOW_ROLES
-PREHOOK: query: create role src_role2
+PREHOOK: query: create role src_Role2
 PREHOOK: type: CREATEROLE
-POSTHOOK: query: create role src_role2
+POSTHOOK: query: create role src_Role2
 POSTHOOK: type: CREATEROLE
-PREHOOK: query: grant  src_role2 to user user2
+PREHOOK: query: grant SRC_role2 to user user2
 PREHOOK: type: GRANT_ROLE
-POSTHOOK: query: grant  src_role2 to user user2
+POSTHOOK: query: grant SRC_role2 to user user2
 POSTHOOK: type: GRANT_ROLE
 PREHOOK: query: show role grant user user2
 PREHOOK: type: SHOW_ROLE_GRANT
@@ -29,10 +31,10 @@ public
 src_role2
 
 PREHOOK: query: -- revoke role without role keyword
-revoke src_role2 from user user2
+revoke src_rolE2 from user user2
 PREHOOK: type: REVOKE_ROLE
 POSTHOOK: query: -- revoke role without role keyword
-revoke src_role2 from user user2
+revoke src_rolE2 from user user2
 POSTHOOK: type: REVOKE_ROLE
 PREHOOK: query: show role grant user user2
 PREHOOK: type: SHOW_ROLE_GRANT
@@ -59,9 +61,9 @@ POSTHOOK: query: -----------------------
 
 create role src_role_wadmin
 POSTHOOK: type: CREATEROLE
-PREHOOK: query: grant  src_role_wadmin to user user2 with admin option
+PREHOOK: query: grant src_role_wadmin to user user2 with admin option
 PREHOOK: type: GRANT_ROLE
-POSTHOOK: query: grant  src_role_wadmin to user user2 with admin option
+POSTHOOK: query: grant src_role_wadmin to user user2 with admin option
 POSTHOOK: type: GRANT_ROLE
 PREHOOK: query: show role grant user user2
 PREHOOK: type: SHOW_ROLE_GRANT
@@ -91,9 +93,9 @@ public
 src_role2
 src_role_wadmin
 
-PREHOOK: query: drop role src_role2
+PREHOOK: query: drop role Src_role2
 PREHOOK: type: DROPROLE
-POSTHOOK: query: drop role src_role2
+POSTHOOK: query: drop role Src_role2
 POSTHOOK: type: DROPROLE
 PREHOOK: query: show roles
 PREHOOK: type: SHOW_ROLES
@@ -103,9 +105,9 @@ admin
 public
 src_role_wadmin
 
-PREHOOK: query: drop role src_role_wadmin
+PREHOOK: query: drop role sRc_role_wadmin
 PREHOOK: type: DROPROLE
-POSTHOOK: query: drop role src_role_wadmin
+POSTHOOK: query: drop role sRc_role_wadmin
 POSTHOOK: type: DROPROLE
 PREHOOK: query: show roles
 PREHOOK: type: SHOW_ROLES

Modified: hive/trunk/ql/src/test/results/clientpositive/authorization_role_grant2.q.out
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/results/clientpositive/authorization_role_grant2.q.out?rev=1594259&r1=1594258&r2=1594259&view=diff
==============================================================================
--- hive/trunk/ql/src/test/results/clientpositive/authorization_role_grant2.q.out (original)
+++ hive/trunk/ql/src/test/results/clientpositive/authorization_role_grant2.q.out Tue May
13 16:11:11 2014
@@ -5,18 +5,24 @@ POSTHOOK: type: SHOW_ROLES
 PREHOOK: query: ----------------------------------------
 -- role granting with admin option
 ----------------------------------------
+-- Also test case sensitivity of role name
 
-create role src_role_wadmin
+create role srC_role_wadmin
 PREHOOK: type: CREATEROLE
 POSTHOOK: query: ----------------------------------------
 -- role granting with admin option
 ----------------------------------------
+-- Also test case sensitivity of role name
 
-create role src_role_wadmin
+create role srC_role_wadmin
 POSTHOOK: type: CREATEROLE
-PREHOOK: query: grant  src_role_wadmin to user user2 with admin option
+PREHOOK: query: create role src_roLe2
+PREHOOK: type: CREATEROLE
+POSTHOOK: query: create role src_roLe2
+POSTHOOK: type: CREATEROLE
+PREHOOK: query: grant src_role_wadmin to user user2 with admin option
 PREHOOK: type: GRANT_ROLE
-POSTHOOK: query: grant  src_role_wadmin to user user2 with admin option
+POSTHOOK: query: grant src_role_wadmin to user user2 with admin option
 POSTHOOK: type: GRANT_ROLE
 PREHOOK: query: show role grant user user2
 PREHOOK: type: SHOW_ROLE_GRANT
@@ -31,13 +37,15 @@ POSTHOOK: query: show principals src_rol
 POSTHOOK: type: SHOW_ROLE_PRINCIPALS
 principal_name	principal_type	grant_option	grantor	grantor_type	grant_time
 user2	USER	true	hive_admin_user	USER	-1
-PREHOOK: query: set role src_role_wadmin
+PREHOOK: query: set role src_role_WadMin
 PREHOOK: type: SHOW_ROLES
-POSTHOOK: query: set role src_role_wadmin
+POSTHOOK: query: set role src_role_WadMin
 POSTHOOK: type: SHOW_ROLES
-PREHOOK: query: grant  src_role_wadmin to user user3
+PREHOOK: query: -- grant role to another user
+grant src_Role_wadmin to user user3
 PREHOOK: type: GRANT_ROLE
-POSTHOOK: query: grant  src_role_wadmin to user user3
+POSTHOOK: query: -- grant role to another user
+grant src_Role_wadmin to user user3
 POSTHOOK: type: GRANT_ROLE
 PREHOOK: query: show role grant user user3
 PREHOOK: type: SHOW_ROLE_GRANT
@@ -46,24 +54,39 @@ POSTHOOK: type: SHOW_ROLE_GRANT
 role	grant_option	grant_time	grantor
 public	false	-1	
 src_role_wadmin	false	-1	user2
+PREHOOK: query: -- grant role to another role
+grant src_role_wadmin to role sRc_role2
+PREHOOK: type: GRANT_ROLE
+POSTHOOK: query: -- grant role to another role
+grant src_role_wadmin to role sRc_role2
+POSTHOOK: type: GRANT_ROLE
+PREHOOK: query: show role grant role src_Role2
+PREHOOK: type: SHOW_ROLE_GRANT
+POSTHOOK: query: show role grant role src_Role2
+POSTHOOK: type: SHOW_ROLE_GRANT
+role	grant_option	grant_time	grantor
+src_role_wadmin	false	-1	user2
 PREHOOK: query: set role ADMIN
 PREHOOK: type: SHOW_ROLES
 POSTHOOK: query: set role ADMIN
 POSTHOOK: type: SHOW_ROLES
-PREHOOK: query: show principals src_role_wadmin
+PREHOOK: query: show principals src_ROle_wadmin
 PREHOOK: type: SHOW_ROLE_PRINCIPALS
-POSTHOOK: query: show principals src_role_wadmin
+POSTHOOK: query: show principals src_ROle_wadmin
 POSTHOOK: type: SHOW_ROLE_PRINCIPALS
 principal_name	principal_type	grant_option	grantor	grantor_type	grant_time
+src_role2	ROLE	false	user2	USER	-1
 user2	USER	true	hive_admin_user	USER	-1
 user3	USER	false	user2	USER	-1
 PREHOOK: query: set role src_role_wadmin
 PREHOOK: type: SHOW_ROLES
 POSTHOOK: query: set role src_role_wadmin
 POSTHOOK: type: SHOW_ROLES
-PREHOOK: query: revoke src_role_wadmin from user user3
+PREHOOK: query: -- revoke user from role
+revoke src_rolE_wadmin from user user3
 PREHOOK: type: REVOKE_ROLE
-POSTHOOK: query: revoke src_role_wadmin from user user3
+POSTHOOK: query: -- revoke user from role
+revoke src_rolE_wadmin from user user3
 POSTHOOK: type: REVOKE_ROLE
 PREHOOK: query: show role grant user user3
 PREHOOK: type: SHOW_ROLE_GRANT
@@ -71,6 +94,17 @@ POSTHOOK: query: show role grant user us
 POSTHOOK: type: SHOW_ROLE_GRANT
 role	grant_option	grant_time	grantor
 public	false	-1	
+PREHOOK: query: -- revoke role from role
+revoke src_rolE_wadmin from role sRc_role2
+PREHOOK: type: REVOKE_ROLE
+POSTHOOK: query: -- revoke role from role
+revoke src_rolE_wadmin from role sRc_role2
+POSTHOOK: type: REVOKE_ROLE
+PREHOOK: query: show role grant role sRc_role2
+PREHOOK: type: SHOW_ROLE_GRANT
+POSTHOOK: query: show role grant role sRc_role2
+POSTHOOK: type: SHOW_ROLE_GRANT
+role	grant_option	grant_time	grantor
 PREHOOK: query: set role ADMIN
 PREHOOK: type: SHOW_ROLES
 POSTHOOK: query: set role ADMIN



Mime
View raw message