hive-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From the...@apache.org
Subject svn commit: r1618283 [1/2] - in /hive/trunk: common/src/java/org/apache/hadoop/hive/conf/ itests/hive-unit/src/test/java/org/apache/hadoop/hive/ql/security/authorization/plugin/ itests/hive-unit/src/test/java/org/apache/hive/jdbc/authorization/ itests/...
Date Fri, 15 Aug 2014 21:44:50 GMT
Author: thejas
Date: Fri Aug 15 21:44:48 2014
New Revision: 1618283

URL: http://svn.apache.org/r1618283
Log:
HIVE-7533 : sql std auth - set authorization privileges for tables when created from hive cli (Thejas Nair, reviewed by Jason Dere)

Added:
    hive/trunk/itests/hive-unit/src/test/java/org/apache/hive/jdbc/authorization/TestCLIAuthzSessionContext.java
    hive/trunk/itests/hive-unit/src/test/java/org/apache/hive/jdbc/authorization/TestHS2AuthzSessionContext.java
    hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthzSessionContext.java
    hive/trunk/ql/src/test/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/TestSQLStdHiveAccessControllerCLI.java
    hive/trunk/ql/src/test/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/TestSQLStdHiveAccessControllerHS2.java
    hive/trunk/ql/src/test/queries/clientnegative/authorization_cli_auth_enable.q
    hive/trunk/ql/src/test/queries/clientpositive/authorization_cli_createtab.q
    hive/trunk/ql/src/test/results/clientnegative/authorization_cli_auth_enable.q.out
    hive/trunk/ql/src/test/results/clientpositive/authorization_cli_createtab.q.out
Modified:
    hive/trunk/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java
    hive/trunk/itests/hive-unit/src/test/java/org/apache/hadoop/hive/ql/security/authorization/plugin/TestHiveAuthorizerCheckInvocation.java
    hive/trunk/itests/hive-unit/src/test/java/org/apache/hive/jdbc/authorization/TestHS2AuthzContext.java
    hive/trunk/itests/util/src/main/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessControllerForTest.java
    hive/trunk/itests/util/src/main/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAuthorizerFactoryForTest.java
    hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/Driver.java
    hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/processors/CommandUtil.java
    hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizerFactory.java
    hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthzContext.java
    hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessController.java
    hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAuthorizerFactory.java
    hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/session/SessionState.java
    hive/trunk/ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/TestSessionUserName.java
    hive/trunk/ql/src/test/queries/clientnegative/authorization_addjar.q
    hive/trunk/ql/src/test/queries/clientnegative/authorization_addpartition.q
    hive/trunk/ql/src/test/queries/clientnegative/authorization_alter_db_owner.q
    hive/trunk/ql/src/test/queries/clientnegative/authorization_alter_db_owner_default.q
    hive/trunk/ql/src/test/queries/clientnegative/authorization_cannot_create_all_role.q
    hive/trunk/ql/src/test/queries/clientnegative/authorization_cannot_create_default_role.q
    hive/trunk/ql/src/test/queries/clientnegative/authorization_cannot_create_none_role.q
    hive/trunk/ql/src/test/queries/clientnegative/authorization_caseinsensitivity.q
    hive/trunk/ql/src/test/queries/clientnegative/authorization_compile.q
    hive/trunk/ql/src/test/queries/clientnegative/authorization_create_func1.q
    hive/trunk/ql/src/test/queries/clientnegative/authorization_create_func2.q
    hive/trunk/ql/src/test/queries/clientnegative/authorization_create_index.q
    hive/trunk/ql/src/test/queries/clientnegative/authorization_create_macro1.q
    hive/trunk/ql/src/test/queries/clientnegative/authorization_create_role_no_admin.q
    hive/trunk/ql/src/test/queries/clientnegative/authorization_createview.q
    hive/trunk/ql/src/test/queries/clientnegative/authorization_ctas.q
    hive/trunk/ql/src/test/queries/clientnegative/authorization_deletejar.q
    hive/trunk/ql/src/test/queries/clientnegative/authorization_desc_table_nosel.q
    hive/trunk/ql/src/test/queries/clientnegative/authorization_dfs.q
    hive/trunk/ql/src/test/queries/clientnegative/authorization_disallow_transform.q
    hive/trunk/ql/src/test/queries/clientnegative/authorization_drop_admin_role.q
    hive/trunk/ql/src/test/queries/clientnegative/authorization_drop_db_cascade.q
    hive/trunk/ql/src/test/queries/clientnegative/authorization_drop_db_empty.q
    hive/trunk/ql/src/test/queries/clientnegative/authorization_drop_index.q
    hive/trunk/ql/src/test/queries/clientnegative/authorization_drop_role_no_admin.q
    hive/trunk/ql/src/test/queries/clientnegative/authorization_droppartition.q
    hive/trunk/ql/src/test/queries/clientnegative/authorization_fail_8.q
    hive/trunk/ql/src/test/queries/clientnegative/authorization_grant_table_allpriv.q
    hive/trunk/ql/src/test/queries/clientnegative/authorization_grant_table_dup.q
    hive/trunk/ql/src/test/queries/clientnegative/authorization_grant_table_fail1.q
    hive/trunk/ql/src/test/queries/clientnegative/authorization_grant_table_fail_nogrant.q
    hive/trunk/ql/src/test/queries/clientnegative/authorization_insert_noinspriv.q
    hive/trunk/ql/src/test/queries/clientnegative/authorization_insert_noselectpriv.q
    hive/trunk/ql/src/test/queries/clientnegative/authorization_insertoverwrite_nodel.q
    hive/trunk/ql/src/test/queries/clientnegative/authorization_invalid_priv_v2.q
    hive/trunk/ql/src/test/queries/clientnegative/authorization_not_owner_alter_tab_rename.q
    hive/trunk/ql/src/test/queries/clientnegative/authorization_not_owner_alter_tab_serdeprop.q
    hive/trunk/ql/src/test/queries/clientnegative/authorization_not_owner_drop_tab.q
    hive/trunk/ql/src/test/queries/clientnegative/authorization_not_owner_drop_view.q
    hive/trunk/ql/src/test/queries/clientnegative/authorization_priv_current_role_neg.q
    hive/trunk/ql/src/test/queries/clientnegative/authorization_revoke_table_fail1.q
    hive/trunk/ql/src/test/queries/clientnegative/authorization_revoke_table_fail2.q
    hive/trunk/ql/src/test/queries/clientnegative/authorization_role_cycles1.q
    hive/trunk/ql/src/test/queries/clientnegative/authorization_role_cycles2.q
    hive/trunk/ql/src/test/queries/clientnegative/authorization_role_grant.q
    hive/trunk/ql/src/test/queries/clientnegative/authorization_role_grant2.q
    hive/trunk/ql/src/test/queries/clientnegative/authorization_role_grant_nosuchrole.q
    hive/trunk/ql/src/test/queries/clientnegative/authorization_role_grant_otherrole.q
    hive/trunk/ql/src/test/queries/clientnegative/authorization_role_grant_otheruser.q
    hive/trunk/ql/src/test/queries/clientnegative/authorization_rolehierarchy_privs.q
    hive/trunk/ql/src/test/queries/clientnegative/authorization_select.q
    hive/trunk/ql/src/test/queries/clientnegative/authorization_select_view.q
    hive/trunk/ql/src/test/queries/clientnegative/authorization_set_role_neg1.q
    hive/trunk/ql/src/test/queries/clientnegative/authorization_set_role_neg2.q
    hive/trunk/ql/src/test/queries/clientnegative/authorization_show_grant_otherrole.q
    hive/trunk/ql/src/test/queries/clientnegative/authorization_show_grant_otheruser_all.q
    hive/trunk/ql/src/test/queries/clientnegative/authorization_show_grant_otheruser_alltabs.q
    hive/trunk/ql/src/test/queries/clientnegative/authorization_show_grant_otheruser_wtab.q
    hive/trunk/ql/src/test/queries/clientnegative/authorization_show_parts_nosel.q
    hive/trunk/ql/src/test/queries/clientnegative/authorization_show_role_principals_no_admin.q
    hive/trunk/ql/src/test/queries/clientnegative/authorization_show_roles_no_admin.q
    hive/trunk/ql/src/test/queries/clientnegative/authorization_table_grant_nosuchrole.q
    hive/trunk/ql/src/test/queries/clientnegative/authorization_truncate.q
    hive/trunk/ql/src/test/queries/clientnegative/authorization_uri_add_partition.q
    hive/trunk/ql/src/test/queries/clientnegative/authorization_uri_alterpart_loc.q
    hive/trunk/ql/src/test/queries/clientnegative/authorization_uri_altertab_setloc.q
    hive/trunk/ql/src/test/queries/clientnegative/authorization_uri_create_table1.q
    hive/trunk/ql/src/test/queries/clientnegative/authorization_uri_create_table_ext.q
    hive/trunk/ql/src/test/queries/clientnegative/authorization_uri_createdb.q
    hive/trunk/ql/src/test/queries/clientnegative/authorization_uri_index.q
    hive/trunk/ql/src/test/queries/clientnegative/authorization_uri_insert.q
    hive/trunk/ql/src/test/queries/clientnegative/authorization_uri_insert_local.q
    hive/trunk/ql/src/test/queries/clientnegative/authorization_uri_load_data.q
    hive/trunk/ql/src/test/queries/clientnegative/authorize_create_tbl.q
    hive/trunk/ql/src/test/queries/clientnegative/temp_table_authorize_create_tbl.q
    hive/trunk/ql/src/test/queries/clientpositive/authorization_1_sql_std.q
    hive/trunk/ql/src/test/queries/clientpositive/authorization_admin_almighty1.q
    hive/trunk/ql/src/test/queries/clientpositive/authorization_admin_almighty2.q
    hive/trunk/ql/src/test/queries/clientpositive/authorization_create_func1.q
    hive/trunk/ql/src/test/queries/clientpositive/authorization_create_macro1.q
    hive/trunk/ql/src/test/queries/clientpositive/authorization_create_table_owner_privs.q
    hive/trunk/ql/src/test/queries/clientpositive/authorization_create_temp_table.q
    hive/trunk/ql/src/test/queries/clientpositive/authorization_grant_public_role.q
    hive/trunk/ql/src/test/queries/clientpositive/authorization_grant_table_priv.q
    hive/trunk/ql/src/test/queries/clientpositive/authorization_index.q
    hive/trunk/ql/src/test/queries/clientpositive/authorization_insert.q
    hive/trunk/ql/src/test/queries/clientpositive/authorization_owner_actions.q
    hive/trunk/ql/src/test/queries/clientpositive/authorization_owner_actions_db.q
    hive/trunk/ql/src/test/queries/clientpositive/authorization_parts.q
    hive/trunk/ql/src/test/queries/clientpositive/authorization_reset.q
    hive/trunk/ql/src/test/queries/clientpositive/authorization_revoke_table_priv.q
    hive/trunk/ql/src/test/queries/clientpositive/authorization_role_grant1.q
    hive/trunk/ql/src/test/queries/clientpositive/authorization_role_grant2.q
    hive/trunk/ql/src/test/queries/clientpositive/authorization_set_show_current_role.q
    hive/trunk/ql/src/test/queries/clientpositive/authorization_show_grant.q
    hive/trunk/ql/src/test/queries/clientpositive/authorization_view_sqlstd.q

Modified: hive/trunk/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java
URL: http://svn.apache.org/viewvc/hive/trunk/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java?rev=1618283&r1=1618282&r2=1618283&view=diff
==============================================================================
--- hive/trunk/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java (original)
+++ hive/trunk/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java Fri Aug 15 21:44:48 2014
@@ -36,12 +36,14 @@ import java.util.regex.Pattern;
 
 import javax.security.auth.login.LoginException;
 
-import static org.apache.hadoop.hive.conf.Validator.*;
 import org.apache.commons.lang.StringUtils;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.apache.hadoop.conf.Configuration;
 import org.apache.hadoop.hive.common.classification.InterfaceAudience.LimitedPrivate;
+import org.apache.hadoop.hive.conf.Validator.PatternSet;
+import org.apache.hadoop.hive.conf.Validator.RangeValidator;
+import org.apache.hadoop.hive.conf.Validator.StringSet;
 import org.apache.hadoop.hive.shims.ShimLoader;
 import org.apache.hadoop.mapred.JobConf;
 import org.apache.hadoop.security.UserGroupInformation;
@@ -296,9 +298,9 @@ public class HiveConf extends Configurat
 
     LOCALMODEAUTO("hive.exec.mode.local.auto", false,
         "Let Hive determine whether to run in local mode automatically"),
-    LOCALMODEMAXBYTES("hive.exec.mode.local.auto.inputbytes.max", 134217728L, 
+    LOCALMODEMAXBYTES("hive.exec.mode.local.auto.inputbytes.max", 134217728L,
         "When hive.exec.mode.local.auto is true, input bytes should less than this for local mode."),
-    LOCALMODEMAXINPUTFILES("hive.exec.mode.local.auto.input.files.max", 4, 
+    LOCALMODEMAXINPUTFILES("hive.exec.mode.local.auto.input.files.max", 4,
         "When hive.exec.mode.local.auto is true, the number of tasks should less than this for local mode."),
 
     DROPIGNORESNONEXISTENT("hive.exec.drop.ignorenonexistent", true,
@@ -369,7 +371,7 @@ public class HiveConf extends Configurat
         "The number of times to retry a HMSHandler call if there were a connection error"),
     HMSHANDLERINTERVAL("hive.hmshandler.retry.interval", 1000,
         "The number of milliseconds between HMSHandler retry attempts"),
-    HMSHANDLERFORCERELOADCONF("hive.hmshandler.force.reload.conf", false, 
+    HMSHANDLERFORCERELOADCONF("hive.hmshandler.force.reload.conf", false,
         "Whether to force reloading of the HMSHandler configuration (including\n" +
         "the connection URL, before the next metastore query that accesses the\n" +
         "datastore. Once reloaded, this value is reset to false. Used for\n" +
@@ -382,7 +384,7 @@ public class HiveConf extends Configurat
         "Whether to enable TCP keepalive for the metastore server. Keepalive will prevent accumulation of half-open connections."),
 
     METASTORE_INT_ORIGINAL("hive.metastore.archive.intermediate.original",
-        "_INTERMEDIATE_ORIGINAL", 
+        "_INTERMEDIATE_ORIGINAL",
         "Intermediate dir suffixes used for archiving. Not important what they\n" +
         "are, as long as collisions are avoided"),
     METASTORE_INT_ARCHIVED("hive.metastore.archive.intermediate.archived",
@@ -558,7 +560,7 @@ public class HiveConf extends Configurat
     HIVE_SESSION_HISTORY_ENABLED("hive.session.history.enabled", false,
         "Whether to log Hive query, query plan, runtime statistics etc."),
 
-    HIVEQUERYSTRING("hive.query.string", "", 
+    HIVEQUERYSTRING("hive.query.string", "",
         "Query being executed (might be multiple per a session)"),
 
     HIVEQUERYID("hive.query.id", "",
@@ -797,7 +799,7 @@ public class HiveConf extends Configurat
         " for small ORC files. Note that enabling this config will not honor padding tolerance\n" +
         " config (hive.exec.orc.block.padding.tolerance)."),
     HIVEMERGEINPUTFORMATSTRIPELEVEL("hive.merge.input.format.stripe.level",
-        "org.apache.hadoop.hive.ql.io.orc.OrcFileStripeMergeInputFormat", 
+        "org.apache.hadoop.hive.ql.io.orc.OrcFileStripeMergeInputFormat",
 	"Input file format to use for ORC stripe level merging (for internal use only)"),
     HIVEMERGECURRENTJOBHASDYNAMICPARTITIONS(
         "hive.merge.current.job.has.dynamic.partitions", false, ""),
@@ -813,7 +815,7 @@ public class HiveConf extends Configurat
     HIVE_RCFILE_TOLERATE_CORRUPTIONS("hive.io.rcfile.tolerate.corruptions", false, ""),
     HIVE_RCFILE_RECORD_BUFFER_SIZE("hive.io.rcfile.record.buffer.size", 4194304, ""),   // 4M
 
-    HIVE_ORC_FILE_MEMORY_POOL("hive.exec.orc.memory.pool", 0.5f, 
+    HIVE_ORC_FILE_MEMORY_POOL("hive.exec.orc.memory.pool", 0.5f,
         "Maximum fraction of heap that can be used by ORC file writers"),
     HIVE_ORC_WRITE_FORMAT("hive.exec.orc.write.format", null,
         "Define the version of the file to write"),
@@ -1099,8 +1101,8 @@ public class HiveConf extends Configurat
         "The Java class (implementing the StatsAggregator interface) that is used by default if hive.stats.dbclass is custom type."),
     HIVE_STATS_JDBC_TIMEOUT("hive.stats.jdbc.timeout", 30,
         "Timeout value (number of seconds) used by JDBC connection and statements."),
-    HIVE_STATS_ATOMIC("hive.stats.atomic", false, 
-        "whether to update metastore stats only if all stats are available"), 
+    HIVE_STATS_ATOMIC("hive.stats.atomic", false,
+        "whether to update metastore stats only if all stats are available"),
     HIVE_STATS_RETRIES_MAX("hive.stats.retries.max", 0,
         "Maximum number of retries when stats publisher/aggregator got an exception updating intermediate database. \n" +
         "Default is no tries on failures."),
@@ -1328,6 +1330,8 @@ public class HiveConf extends Configurat
         "Enables type checking for registered Hive configurations"),
 
     SEMANTIC_ANALYZER_HOOK("hive.semantic.analyzer.hook", "", ""),
+    HIVE_TEST_AUTHORIZATION_SQLSTD_HS2_MODE(
+        "hive.test.authz.sstd.hs2.mode", false, "test hs2 mode from .q tests", true),
     HIVE_AUTHORIZATION_ENABLED("hive.security.authorization.enabled", false,
         "enable or disable the Hive client authorization"),
     HIVE_AUTHORIZATION_MANAGER("hive.security.authorization.manager",
@@ -1661,7 +1665,7 @@ public class HiveConf extends Configurat
         "Exceeding this will trigger a flush irrelevant of memory pressure condition."),
     HIVE_VECTORIZATION_GROUPBY_FLUSH_PERCENT("hive.vectorized.groupby.flush.percent", (float) 0.1,
         "Percent of entries in the group by aggregation hash flushed when the memory threshold is exceeded."),
-    
+
 
     HIVE_TYPE_CHECK_ON_INSERT("hive.typecheck.on.insert", true, ""),
 

Modified: hive/trunk/itests/hive-unit/src/test/java/org/apache/hadoop/hive/ql/security/authorization/plugin/TestHiveAuthorizerCheckInvocation.java
URL: http://svn.apache.org/viewvc/hive/trunk/itests/hive-unit/src/test/java/org/apache/hadoop/hive/ql/security/authorization/plugin/TestHiveAuthorizerCheckInvocation.java?rev=1618283&r1=1618282&r2=1618283&view=diff
==============================================================================
--- hive/trunk/itests/hive-unit/src/test/java/org/apache/hadoop/hive/ql/security/authorization/plugin/TestHiveAuthorizerCheckInvocation.java (original)
+++ hive/trunk/itests/hive-unit/src/test/java/org/apache/hadoop/hive/ql/security/authorization/plugin/TestHiveAuthorizerCheckInvocation.java Fri Aug 15 21:44:48 2014
@@ -62,7 +62,7 @@ public class TestHiveAuthorizerCheckInvo
   static class MockedHiveAuthorizerFactory implements HiveAuthorizerFactory {
     @Override
     public HiveAuthorizer createHiveAuthorizer(HiveMetastoreClientFactory metastoreClientFactory,
-        HiveConf conf, HiveAuthenticationProvider authenticator) {
+        HiveConf conf, HiveAuthenticationProvider authenticator, HiveAuthzSessionContext ctx) {
       TestHiveAuthorizerCheckInvocation.mockedAuthorizer = Mockito.mock(HiveAuthorizer.class);
       return TestHiveAuthorizerCheckInvocation.mockedAuthorizer;
     }

Added: hive/trunk/itests/hive-unit/src/test/java/org/apache/hive/jdbc/authorization/TestCLIAuthzSessionContext.java
URL: http://svn.apache.org/viewvc/hive/trunk/itests/hive-unit/src/test/java/org/apache/hive/jdbc/authorization/TestCLIAuthzSessionContext.java?rev=1618283&view=auto
==============================================================================
--- hive/trunk/itests/hive-unit/src/test/java/org/apache/hive/jdbc/authorization/TestCLIAuthzSessionContext.java (added)
+++ hive/trunk/itests/hive-unit/src/test/java/org/apache/hive/jdbc/authorization/TestCLIAuthzSessionContext.java Fri Aug 15 21:44:48 2014
@@ -0,0 +1,88 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.hive.jdbc.authorization;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+
+import org.apache.hadoop.hive.cli.CliDriver;
+import org.apache.hadoop.hive.cli.CliSessionState;
+import org.apache.hadoop.hive.conf.HiveConf;
+import org.apache.hadoop.hive.conf.HiveConf.ConfVars;
+import org.apache.hadoop.hive.ql.security.HiveAuthenticationProvider;
+import org.apache.hadoop.hive.ql.security.SessionStateUserAuthenticator;
+import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer;
+import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizerFactory;
+import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzSessionContext;
+import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveMetastoreClientFactory;
+import org.apache.hadoop.hive.ql.session.SessionState;
+import org.junit.AfterClass;
+import org.junit.BeforeClass;
+import org.junit.Test;
+import org.mockito.Mockito;
+/**
+ * Test context information that gets passed to authorization factory
+ */
+public class TestCLIAuthzSessionContext {
+  private static HiveAuthzSessionContext sessionCtx;
+  private static CliDriver driver;
+
+  /**
+   * This factory captures the HiveAuthzSessionContext argument and returns mocked
+   * HiveAuthorizer class
+   */
+  static class MockedHiveAuthorizerFactory implements HiveAuthorizerFactory {
+    @Override
+    public HiveAuthorizer createHiveAuthorizer(HiveMetastoreClientFactory metastoreClientFactory,
+        HiveConf conf, HiveAuthenticationProvider authenticator, HiveAuthzSessionContext ctx) {
+      TestCLIAuthzSessionContext.sessionCtx = ctx;
+      HiveAuthorizer mockedAuthorizer = Mockito.mock(HiveAuthorizer.class);
+      return mockedAuthorizer;
+    }
+  }
+
+  @BeforeClass
+  public static void beforeTest() throws Exception {
+    HiveConf conf = new HiveConf();
+    conf.setVar(ConfVars.HIVE_AUTHORIZATION_MANAGER, MockedHiveAuthorizerFactory.class.getName());
+    conf.setVar(ConfVars.HIVE_AUTHENTICATOR_MANAGER, SessionStateUserAuthenticator.class.getName());
+    conf.setBoolVar(ConfVars.HIVE_AUTHORIZATION_ENABLED, true);
+    conf.setBoolVar(ConfVars.HIVE_SUPPORT_CONCURRENCY, false);
+
+    // once SessionState for thread is set, CliDriver picks conf from it
+    CliSessionState ss = new CliSessionState(conf);
+    ss.err = System.err;
+    ss.out = System.out;
+    SessionState.start(ss);
+    TestCLIAuthzSessionContext.driver = new CliDriver();
+ }
+
+  @AfterClass
+  public static void afterTest() throws Exception {
+  }
+
+  @Test
+  public void testAuthzSessionContextContents() throws Exception {
+    driver.processCmd("show tables");
+    // session string is supposed to be unique, so its got to be of some reasonable size
+    assertTrue("session string size check", sessionCtx.getSessionString().length() > 10);
+    assertEquals("Client type ", HiveAuthzSessionContext.CLIENT_TYPE.HIVECLI, sessionCtx.getClientType());
+  }
+
+}

Modified: hive/trunk/itests/hive-unit/src/test/java/org/apache/hive/jdbc/authorization/TestHS2AuthzContext.java
URL: http://svn.apache.org/viewvc/hive/trunk/itests/hive-unit/src/test/java/org/apache/hive/jdbc/authorization/TestHS2AuthzContext.java?rev=1618283&r1=1618282&r2=1618283&view=diff
==============================================================================
--- hive/trunk/itests/hive-unit/src/test/java/org/apache/hive/jdbc/authorization/TestHS2AuthzContext.java (original)
+++ hive/trunk/itests/hive-unit/src/test/java/org/apache/hive/jdbc/authorization/TestHS2AuthzContext.java Fri Aug 15 21:44:48 2014
@@ -33,9 +33,12 @@ import org.apache.hadoop.hive.conf.HiveC
 import org.apache.hadoop.hive.conf.HiveConf.ConfVars;
 import org.apache.hadoop.hive.ql.security.HiveAuthenticationProvider;
 import org.apache.hadoop.hive.ql.security.SessionStateUserAuthenticator;
+import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAccessControlException;
 import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer;
 import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizerFactory;
 import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzContext;
+import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException;
+import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzSessionContext;
 import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveMetastoreClientFactory;
 import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveOperationType;
 import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject;
@@ -60,7 +63,7 @@ public class TestHS2AuthzContext {
   static class MockedHiveAuthorizerFactory implements HiveAuthorizerFactory {
     @Override
     public HiveAuthorizer createHiveAuthorizer(HiveMetastoreClientFactory metastoreClientFactory,
-        HiveConf conf, HiveAuthenticationProvider authenticator) {
+        HiveConf conf, HiveAuthenticationProvider authenticator, HiveAuthzSessionContext ctx) {
       TestHS2AuthzContext.mockedAuthorizer = Mockito.mock(HiveAuthorizer.class);
       return TestHS2AuthzContext.mockedAuthorizer;
     }
@@ -88,12 +91,21 @@ public class TestHS2AuthzContext {
   }
 
   @Test
-  public void testAuthzContextContents() throws Exception {
+  public void testAuthzContextContentsDriverCmd() throws Exception {
+    String cmd = "show tables";
+    verifyContextContents(cmd, cmd);
+  }
+
+  @Test
+  public void testAuthzContextContentsCmdProcessorCmd() throws Exception {
+    verifyContextContents("dfs -ls /", "-ls /");
+  }
 
+  private void verifyContextContents(final String cmd, String ctxCmd) throws SQLException,
+      HiveAuthzPluginException, HiveAccessControlException {
     Connection hs2Conn = getConnection("user1");
     Statement stmt = hs2Conn.createStatement();
 
-    final String cmd = "show tables";
     stmt.execute(cmd);
     stmt.close();
     hs2Conn.close();
@@ -107,13 +119,10 @@ public class TestHS2AuthzContext {
 
     HiveAuthzContext context = contextCapturer.getValue();
 
-    assertEquals("Command ", cmd, context.getCommandString());
+    assertEquals("Command ", ctxCmd, context.getCommandString());
     assertTrue("ip address pattern check", context.getIpAddress().contains("."));
     // ip address size check - check for something better than non zero
     assertTrue("ip address size check", context.getIpAddress().length() > 7);
-    // session string is supposed to be unique, so its got to be of some reasonable size
-    assertTrue("session string size check", context.getSessionString().length() > 10);
-    assertEquals("Client type ", HiveAuthzContext.CLIENT_TYPE.HIVESERVER2, context.getClientType());
   }
 
   private Connection getConnection(String userName) throws SQLException {

Added: hive/trunk/itests/hive-unit/src/test/java/org/apache/hive/jdbc/authorization/TestHS2AuthzSessionContext.java
URL: http://svn.apache.org/viewvc/hive/trunk/itests/hive-unit/src/test/java/org/apache/hive/jdbc/authorization/TestHS2AuthzSessionContext.java?rev=1618283&view=auto
==============================================================================
--- hive/trunk/itests/hive-unit/src/test/java/org/apache/hive/jdbc/authorization/TestHS2AuthzSessionContext.java (added)
+++ hive/trunk/itests/hive-unit/src/test/java/org/apache/hive/jdbc/authorization/TestHS2AuthzSessionContext.java Fri Aug 15 21:44:48 2014
@@ -0,0 +1,88 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.hive.jdbc.authorization;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+
+import java.util.HashMap;
+
+import org.apache.hadoop.hive.conf.HiveConf;
+import org.apache.hadoop.hive.conf.HiveConf.ConfVars;
+import org.apache.hadoop.hive.ql.security.HiveAuthenticationProvider;
+import org.apache.hadoop.hive.ql.security.SessionStateUserAuthenticator;
+import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer;
+import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizerFactory;
+import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzSessionContext;
+import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveMetastoreClientFactory;
+import org.apache.hive.jdbc.miniHS2.MiniHS2;
+import org.junit.AfterClass;
+import org.junit.BeforeClass;
+import org.junit.Test;
+import org.mockito.Mockito;
+/**
+ * Test context information that gets passed to authorization factory
+ */
+public class TestHS2AuthzSessionContext {
+  private static MiniHS2 miniHS2 = null;
+  private static HiveAuthzSessionContext sessionCtx;
+
+  /**
+   * This factory captures the HiveAuthzSessionContext argument and returns mocked
+   * HiveAuthorizer class
+   */
+  static class MockedHiveAuthorizerFactory implements HiveAuthorizerFactory {
+    @Override
+    public HiveAuthorizer createHiveAuthorizer(HiveMetastoreClientFactory metastoreClientFactory,
+        HiveConf conf, HiveAuthenticationProvider authenticator, HiveAuthzSessionContext ctx) {
+      TestHS2AuthzSessionContext.sessionCtx = ctx;
+      HiveAuthorizer mockedAuthorizer = Mockito.mock(HiveAuthorizer.class);
+      return mockedAuthorizer;
+    }
+  }
+
+  @BeforeClass
+  public static void beforeTest() throws Exception {
+    Class.forName(MiniHS2.getJdbcDriverName());
+    HiveConf conf = new HiveConf();
+    conf.setVar(ConfVars.HIVE_AUTHORIZATION_MANAGER, MockedHiveAuthorizerFactory.class.getName());
+    conf.setVar(ConfVars.HIVE_AUTHENTICATOR_MANAGER, SessionStateUserAuthenticator.class.getName());
+    conf.setBoolVar(ConfVars.HIVE_AUTHORIZATION_ENABLED, true);
+    conf.setBoolVar(ConfVars.HIVE_SUPPORT_CONCURRENCY, false);
+    conf.setBoolVar(ConfVars.HIVE_SERVER2_ENABLE_DOAS, false);
+
+    miniHS2 = new MiniHS2(conf);
+    miniHS2.start(new HashMap<String, String>());
+  }
+
+  @AfterClass
+  public static void afterTest() throws Exception {
+    if (miniHS2.isStarted()) {
+      miniHS2.stop();
+    }
+  }
+
+  @Test
+  public void testAuthzSessionContextContents() throws Exception {
+    // session string is supposed to be unique, so its got to be of some reasonable size
+    assertTrue("session string size check", sessionCtx.getSessionString().length() > 10);
+    assertEquals("Client type ", HiveAuthzSessionContext.CLIENT_TYPE.HIVESERVER2, sessionCtx.getClientType());
+  }
+
+}

Modified: hive/trunk/itests/util/src/main/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessControllerForTest.java
URL: http://svn.apache.org/viewvc/hive/trunk/itests/util/src/main/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessControllerForTest.java?rev=1618283&r1=1618282&r2=1618283&view=diff
==============================================================================
--- hive/trunk/itests/util/src/main/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessControllerForTest.java (original)
+++ hive/trunk/itests/util/src/main/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessControllerForTest.java Fri Aug 15 21:44:48 2014
@@ -21,6 +21,7 @@ import org.apache.hadoop.classification.
 import org.apache.hadoop.hive.conf.HiveConf;
 import org.apache.hadoop.hive.ql.security.HiveAuthenticationProvider;
 import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException;
+import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzSessionContext;
 import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveMetastoreClientFactory;
 
 /**
@@ -32,8 +33,8 @@ import org.apache.hadoop.hive.ql.securit
 public class SQLStdHiveAccessControllerForTest extends SQLStdHiveAccessController {
 
   SQLStdHiveAccessControllerForTest(HiveMetastoreClientFactory metastoreClientFactory, HiveConf conf,
-      HiveAuthenticationProvider authenticator) throws HiveAuthzPluginException {
-    super(metastoreClientFactory, conf, authenticator);
+      HiveAuthenticationProvider authenticator, HiveAuthzSessionContext ctx) throws HiveAuthzPluginException {
+    super(metastoreClientFactory, conf, authenticator, ctx);
   }
 
 

Modified: hive/trunk/itests/util/src/main/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAuthorizerFactoryForTest.java
URL: http://svn.apache.org/viewvc/hive/trunk/itests/util/src/main/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAuthorizerFactoryForTest.java?rev=1618283&r1=1618282&r2=1618283&view=diff
==============================================================================
--- hive/trunk/itests/util/src/main/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAuthorizerFactoryForTest.java (original)
+++ hive/trunk/itests/util/src/main/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAuthorizerFactoryForTest.java Fri Aug 15 21:44:48 2014
@@ -24,15 +24,16 @@ import org.apache.hadoop.hive.ql.securit
 import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizerFactory;
 import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizerImpl;
 import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException;
+import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzSessionContext;
 import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveMetastoreClientFactory;
 
 @Private
 public class SQLStdHiveAuthorizerFactoryForTest implements HiveAuthorizerFactory{
   @Override
   public HiveAuthorizer createHiveAuthorizer(HiveMetastoreClientFactory metastoreClientFactory,
-      HiveConf conf, HiveAuthenticationProvider authenticator) throws HiveAuthzPluginException {
+      HiveConf conf, HiveAuthenticationProvider authenticator, HiveAuthzSessionContext ctx) throws HiveAuthzPluginException {
     SQLStdHiveAccessController privilegeManager =
-        new SQLStdHiveAccessControllerForTest(metastoreClientFactory, conf, authenticator);
+        new SQLStdHiveAccessControllerForTest(metastoreClientFactory, conf, authenticator, ctx);
     return new HiveAuthorizerImpl(
         privilegeManager,
         new SQLStdHiveAuthorizationValidatorForTest(metastoreClientFactory, conf, authenticator,

Modified: hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/Driver.java
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/Driver.java?rev=1618283&r1=1618282&r2=1618283&view=diff
==============================================================================
--- hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/Driver.java (original)
+++ hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/Driver.java Fri Aug 15 21:44:48 2014
@@ -103,7 +103,6 @@ import org.apache.hadoop.hive.ql.process
 import org.apache.hadoop.hive.ql.security.authorization.AuthorizationUtils;
 import org.apache.hadoop.hive.ql.security.authorization.HiveAuthorizationProvider;
 import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzContext;
-import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzContext.CLIENT_TYPE;
 import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveOperationType;
 import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject;
 import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject.HivePrivObjectActionType;
@@ -703,11 +702,7 @@ public class Driver implements CommandPr
       HashSet<WriteEntity> outputs, String command, Map<String, List<String>> tab2cols) throws HiveException {
 
     HiveAuthzContext.Builder authzContextBuilder = new HiveAuthzContext.Builder();
-
-    authzContextBuilder.setClientType(ss.isHiveServerQuery() ? CLIENT_TYPE.HIVESERVER2
-        : CLIENT_TYPE.HIVECLI);
     authzContextBuilder.setUserIpAddress(ss.getUserIpAddress());
-    authzContextBuilder.setSessionString(ss.getSessionId());
     authzContextBuilder.setCommandString(command);
 
     HiveOperationType hiveOpType = getHiveOperationType(op);

Modified: hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/processors/CommandUtil.java
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/processors/CommandUtil.java?rev=1618283&r1=1618282&r2=1618283&view=diff
==============================================================================
--- hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/processors/CommandUtil.java (original)
+++ hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/processors/CommandUtil.java Fri Aug 15 21:44:48 2014
@@ -22,11 +22,14 @@ import java.util.Arrays;
 import java.util.List;
 
 import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAccessControlException;
+import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzContext;
 import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException;
 import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveOperationType;
 import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject;
 import org.apache.hadoop.hive.ql.session.SessionState;
 
+import com.google.common.base.Joiner;
+
 class CommandUtil {
 
   /**
@@ -68,7 +71,10 @@ class CommandUtil {
   static void authorizeCommandThrowEx(SessionState ss, HiveOperationType type,
       List<String> command) throws HiveAuthzPluginException, HiveAccessControlException {
     HivePrivilegeObject commandObj = HivePrivilegeObject.createHivePrivilegeObject(command);
-    ss.getAuthorizerV2().checkPrivileges(type, Arrays.asList(commandObj), null, null);
+    HiveAuthzContext.Builder ctxBuilder = new HiveAuthzContext.Builder();
+    ctxBuilder.setCommandString(Joiner.on(' ').join(command));
+    ctxBuilder.setUserIpAddress(ss.getUserIpAddress());
+    ss.getAuthorizerV2().checkPrivileges(type, Arrays.asList(commandObj), null, ctxBuilder.build());
   }
 
 

Modified: hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizerFactory.java
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizerFactory.java?rev=1618283&r1=1618282&r2=1618283&view=diff
==============================================================================
--- hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizerFactory.java (original)
+++ hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizerFactory.java Fri Aug 15 21:44:48 2014
@@ -37,9 +37,11 @@ public interface HiveAuthorizerFactory {
    *  different thread, so get the current instance in each method invocation.
    * @param conf - current HiveConf
    * @param hiveAuthenticator - authenticator, provides user name
+   * @param ctx - session context information
    * @return new instance of HiveAuthorizer
    * @throws HiveAuthzPluginException
    */
   HiveAuthorizer createHiveAuthorizer(HiveMetastoreClientFactory metastoreClientFactory,
-      HiveConf conf, HiveAuthenticationProvider hiveAuthenticator) throws HiveAuthzPluginException;
+      HiveConf conf, HiveAuthenticationProvider hiveAuthenticator, HiveAuthzSessionContext ctx)
+      throws HiveAuthzPluginException;
 }

Modified: hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthzContext.java
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthzContext.java?rev=1618283&r1=1618282&r2=1618283&view=diff
==============================================================================
--- hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthzContext.java (original)
+++ hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthzContext.java Fri Aug 15 21:44:48 2014
@@ -29,14 +29,8 @@ import org.apache.hadoop.hive.common.cla
 @Evolving
 public final class HiveAuthzContext {
 
-  public enum CLIENT_TYPE {
-    HIVESERVER2, HIVECLI
-  };
-
   public static class Builder {
     private String userIpAddress;
-    private String sessionString;
-    private CLIENT_TYPE clientType;
     private String commandString;
 
     /**
@@ -50,18 +44,6 @@ public final class HiveAuthzContext {
     public void setUserIpAddress(String userIpAddress) {
       this.userIpAddress = userIpAddress;
     }
-    public String getSessionString() {
-      return sessionString;
-    }
-    public void setSessionString(String sessionString) {
-      this.sessionString = sessionString;
-    }
-    public CLIENT_TYPE getClientType() {
-      return clientType;
-    }
-    public void setClientType(CLIENT_TYPE clientType) {
-      this.clientType = clientType;
-    }
     public String getCommandString() {
       return commandString;
     }
@@ -76,14 +58,10 @@ public final class HiveAuthzContext {
   }
 
   private final String userIpAddress;
-  private final String sessionString;
-  private final CLIENT_TYPE clientType;
   private final String commandString;
 
   private HiveAuthzContext(Builder builder) {
     this.userIpAddress = builder.userIpAddress;
-    this.sessionString = builder.sessionString;
-    this.clientType = builder.clientType;
     this.commandString = builder.commandString;
 
   }
@@ -92,22 +70,14 @@ public final class HiveAuthzContext {
     return userIpAddress;
   }
 
-  public String getSessionString() {
-    return sessionString;
-  }
-
-  public CLIENT_TYPE getClientType() {
-    return clientType;
-  }
-
   public String getCommandString() {
     return commandString;
   }
 
   @Override
   public String toString() {
-    return "HiveAuthzContext [userIpAddress=" + userIpAddress + ", sessionString=" + sessionString
-        + ", clientType=" + clientType + ", commandString=" + commandString + "]";
+    return "HiveAuthzContext [userIpAddress=" + userIpAddress + ", commandString=" + commandString
+        + "]";
   }
 
 }

Added: hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthzSessionContext.java
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthzSessionContext.java?rev=1618283&view=auto
==============================================================================
--- hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthzSessionContext.java (added)
+++ hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthzSessionContext.java Fri Aug 15 21:44:48 2014
@@ -0,0 +1,89 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.hive.ql.security.authorization.plugin;
+
+import org.apache.hadoop.hive.common.classification.InterfaceAudience.LimitedPrivate;
+import org.apache.hadoop.hive.common.classification.InterfaceStability.Evolving;
+
+/**
+ * Provides session context information.
+ * It is an immutable class. Builder inner class is used instantiate it.
+ */
+@LimitedPrivate(value = { "" })
+@Evolving
+public final class HiveAuthzSessionContext {
+
+  public enum CLIENT_TYPE {
+    HIVESERVER2, HIVECLI
+  };
+
+  public static class Builder {
+    private String sessionString;
+    private CLIENT_TYPE clientType;
+
+    public Builder(){};
+
+    /**
+     * Builder that copies values from given instance of HiveAuthzSessionContext
+     * @param other
+     */
+    public Builder(HiveAuthzSessionContext other){
+      this.sessionString = other.getSessionString();
+      this.clientType = other.getClientType();
+    }
+
+    public String getSessionString() {
+      return sessionString;
+    }
+    public void setSessionString(String sessionString) {
+      this.sessionString = sessionString;
+    }
+    public CLIENT_TYPE getClientType() {
+      return clientType;
+    }
+    public void setClientType(CLIENT_TYPE clientType) {
+      this.clientType = clientType;
+    }
+    public HiveAuthzSessionContext build(){
+      return new HiveAuthzSessionContext(this);
+    }
+  }
+
+  private final String sessionString;
+  private final CLIENT_TYPE clientType;
+
+  private HiveAuthzSessionContext(Builder builder) {
+    this.sessionString = builder.sessionString;
+    this.clientType = builder.clientType;
+  }
+
+  public String getSessionString() {
+    return sessionString;
+  }
+
+  public CLIENT_TYPE getClientType() {
+    return clientType;
+  }
+
+  @Override
+  public String toString() {
+    return "HiveAuthzSessionContext [sessionString=" + sessionString + ", clientType=" + clientType
+        + "]";
+  }
+
+}

Modified: hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessController.java
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessController.java?rev=1618283&r1=1618282&r2=1618283&view=diff
==============================================================================
--- hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessController.java (original)
+++ hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessController.java Fri Aug 15 21:44:48 2014
@@ -50,6 +50,8 @@ import org.apache.hadoop.hive.ql.securit
 import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAccessControlException;
 import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAccessController;
 import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException;
+import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzSessionContext;
+import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzSessionContext.CLIENT_TYPE;
 import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveMetastoreClientFactory;
 import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal;
 import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilege;
@@ -81,13 +83,46 @@ public class SQLStdHiveAccessController 
       + "have it as current role, for this action.";
   private final String HAS_ADMIN_PRIV_MSG = "grantor need to have ADMIN OPTION on role being"
       + " granted and have it as a current role for this action.";
+  private final HiveAuthzSessionContext sessionCtx;
   public static final Log LOG = LogFactory.getLog(SQLStdHiveAccessController.class);
 
   public SQLStdHiveAccessController(HiveMetastoreClientFactory metastoreClientFactory, HiveConf conf,
-      HiveAuthenticationProvider authenticator) throws HiveAuthzPluginException {
+      HiveAuthenticationProvider authenticator, HiveAuthzSessionContext ctx) throws HiveAuthzPluginException {
     this.metastoreClientFactory = metastoreClientFactory;
     this.authenticator = authenticator;
+    this.sessionCtx = applyTestSettings(ctx, conf);
+
+    assertHiveCliAuthDisabled(conf);
     initUserRoles();
+    LOG.info("Created SQLStdHiveAccessController for session context : " + sessionCtx);
+  }
+
+  /**
+   * Change the session context based on configuration to aid in testing of sql std auth
+   * @param ctx
+   * @param conf
+   * @return
+   */
+  private HiveAuthzSessionContext applyTestSettings(HiveAuthzSessionContext ctx, HiveConf conf) {
+    if(conf.getBoolVar(ConfVars.HIVE_TEST_AUTHORIZATION_SQLSTD_HS2_MODE) &&
+        ctx.getClientType() == CLIENT_TYPE.HIVECLI
+        ){
+      // create new session ctx object with HS2 as client type
+      HiveAuthzSessionContext.Builder ctxBuilder = new HiveAuthzSessionContext.Builder(ctx);
+      ctxBuilder.setClientType(CLIENT_TYPE.HIVESERVER2);
+      return ctxBuilder.build();
+    }
+    return ctx;
+  }
+
+  private void assertHiveCliAuthDisabled(HiveConf conf) throws HiveAuthzPluginException {
+    if (sessionCtx.getClientType() == CLIENT_TYPE.HIVECLI
+        && conf.getBoolVar(ConfVars.HIVE_AUTHORIZATION_ENABLED)) {
+      throw new HiveAuthzPluginException(
+          "SQL standards based authorization should not be enabled from hive cli"
+              + "Instead the use of storage based authorization in hive metastore is reccomended. Set "
+              + ConfVars.HIVE_AUTHORIZATION_ENABLED.varname + "=false to disable authz within cli");
+    }
   }
 
   /**
@@ -671,31 +706,37 @@ public class SQLStdHiveAccessController 
 
   @Override
   public void applyAuthorizationConfigPolicy(HiveConf hiveConf) {
-    // grant all privileges for table to its owner
+    // First apply configuration applicable to both Hive Cli and HiveServer2
+    // Not adding any authorization related restrictions to hive cli
+    // grant all privileges for table to its owner - set this in cli as well so that owner
+    // has permissions via HiveServer2 as well.
     hiveConf.setVar(ConfVars.HIVE_AUTHORIZATION_TABLE_OWNER_GRANTS, "INSERT,SELECT,UPDATE,DELETE");
 
-    // Configure PREEXECHOOKS with DisallowTransformHook to disallow transform queries
-    String hooks = hiveConf.getVar(ConfVars.PREEXECHOOKS).trim();
-    if (hooks.isEmpty()) {
-      hooks = DisallowTransformHook.class.getName();
-    } else {
-      hooks = hooks + "," +DisallowTransformHook.class.getName();
-    }
-    LOG.debug("Configuring hooks : " + hooks);
-    hiveConf.setVar(ConfVars.PREEXECHOOKS, hooks);
-
-    // restrict the variables that can be set using set command to a list in whitelist
-    hiveConf.setIsModWhiteListEnabled(true);
-    String whiteListParamsStr = hiveConf.getVar(ConfVars.HIVE_AUTHORIZATION_SQL_STD_AUTH_CONFIG_WHITELIST);
-    if (whiteListParamsStr == null || whiteListParamsStr.trim().equals("")){
-      // set the default configs in whitelist
-      whiteListParamsStr = Joiner.on(",").join(defaultModWhiteListSqlStdAuth);
-      hiveConf.setVar(ConfVars.HIVE_AUTHORIZATION_SQL_STD_AUTH_CONFIG_WHITELIST, whiteListParamsStr);
-    }
-    for(String whiteListParam : whiteListParamsStr.split(",")){
-      hiveConf.addToModifiableWhiteList(whiteListParam);
-    }
+    // Apply rest of the configuration only to HiveServer2
+    if(sessionCtx.getClientType() == CLIENT_TYPE.HIVESERVER2) {
+      // Configure PREEXECHOOKS with DisallowTransformHook to disallow transform queries
+      String hooks = hiveConf.getVar(ConfVars.PREEXECHOOKS).trim();
+      if (hooks.isEmpty()) {
+        hooks = DisallowTransformHook.class.getName();
+      } else {
+        hooks = hooks + "," +DisallowTransformHook.class.getName();
+      }
+      LOG.debug("Configuring hooks : " + hooks);
+      hiveConf.setVar(ConfVars.PREEXECHOOKS, hooks);
 
+      // restrict the variables that can be set using set command to a list in whitelist
+      hiveConf.setIsModWhiteListEnabled(true);
+      String whiteListParamsStr = hiveConf.getVar(ConfVars.HIVE_AUTHORIZATION_SQL_STD_AUTH_CONFIG_WHITELIST);
+      if (whiteListParamsStr == null || whiteListParamsStr.trim().equals("")){
+        // set the default configs in whitelist
+        whiteListParamsStr = Joiner.on(",").join(defaultModWhiteListSqlStdAuth);
+        hiveConf.setVar(ConfVars.HIVE_AUTHORIZATION_SQL_STD_AUTH_CONFIG_WHITELIST, whiteListParamsStr);
+      }
+      for(String whiteListParam : whiteListParamsStr.split(",")){
+        hiveConf.addToModifiableWhiteList(whiteListParam);
+      }
+    }
   }
 
+
 }

Modified: hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAuthorizerFactory.java
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAuthorizerFactory.java?rev=1618283&r1=1618282&r2=1618283&view=diff
==============================================================================
--- hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAuthorizerFactory.java (original)
+++ hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAuthorizerFactory.java Fri Aug 15 21:44:48 2014
@@ -24,15 +24,16 @@ import org.apache.hadoop.hive.ql.securit
 import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizerFactory;
 import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizerImpl;
 import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException;
+import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzSessionContext;
 import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveMetastoreClientFactory;
 
 @Private
 public class SQLStdHiveAuthorizerFactory implements HiveAuthorizerFactory{
   @Override
   public HiveAuthorizer createHiveAuthorizer(HiveMetastoreClientFactory metastoreClientFactory,
-      HiveConf conf, HiveAuthenticationProvider authenticator) throws HiveAuthzPluginException {
+      HiveConf conf, HiveAuthenticationProvider authenticator, HiveAuthzSessionContext ctx) throws HiveAuthzPluginException {
     SQLStdHiveAccessController privilegeManager =
-        new SQLStdHiveAccessController(metastoreClientFactory, conf, authenticator);
+        new SQLStdHiveAccessController(metastoreClientFactory, conf, authenticator, ctx);
     return new HiveAuthorizerImpl(
         privilegeManager,
         new SQLStdHiveAuthorizationValidator(metastoreClientFactory, conf, authenticator,

Modified: hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/session/SessionState.java
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/session/SessionState.java?rev=1618283&r1=1618282&r2=1618283&view=diff
==============================================================================
--- hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/session/SessionState.java (original)
+++ hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/session/SessionState.java Fri Aug 15 21:44:48 2014
@@ -62,6 +62,8 @@ import org.apache.hadoop.hive.ql.securit
 import org.apache.hadoop.hive.ql.security.authorization.HiveAuthorizationProvider;
 import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer;
 import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizerFactory;
+import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzSessionContext;
+import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzSessionContext.CLIENT_TYPE;
 import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveMetastoreClientFactoryImpl;
 import org.apache.hadoop.hive.ql.util.DosToUnix;
 import org.apache.hadoop.hive.shims.ShimLoader;
@@ -504,8 +506,13 @@ public class SessionState {
         HiveAuthorizerFactory authorizerFactory = HiveUtils.getAuthorizerFactory(conf,
             HiveConf.ConfVars.HIVE_AUTHORIZATION_MANAGER);
 
+        HiveAuthzSessionContext.Builder authzContextBuilder = new HiveAuthzSessionContext.Builder();
+        authzContextBuilder.setClientType(isHiveServerQuery() ? CLIENT_TYPE.HIVESERVER2
+            : CLIENT_TYPE.HIVECLI);
+        authzContextBuilder.setSessionString(getSessionId());
+
         authorizerV2 = authorizerFactory.createHiveAuthorizer(new HiveMetastoreClientFactoryImpl(),
-            conf, authenticator);
+            conf, authenticator, authzContextBuilder.build());
 
         authorizerV2.applyAuthorizationConfigPolicy(conf);
         // create the create table grants with new config

Modified: hive/trunk/ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/TestSessionUserName.java
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/TestSessionUserName.java?rev=1618283&r1=1618282&r2=1618283&view=diff
==============================================================================
--- hive/trunk/ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/TestSessionUserName.java (original)
+++ hive/trunk/ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/TestSessionUserName.java Fri Aug 15 21:44:48 2014
@@ -28,6 +28,7 @@ import org.apache.hadoop.hive.ql.securit
 import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer;
 import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizerFactory;
 import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizerImpl;
+import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzSessionContext;
 import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveMetastoreClientFactory;
 import org.apache.hadoop.hive.ql.session.SessionState;
 import org.junit.Before;
@@ -111,7 +112,7 @@ public class TestSessionUserName {
 
     @Override
     public HiveAuthorizer createHiveAuthorizer(HiveMetastoreClientFactory metastoreClientFactory,
-        HiveConf conf, HiveAuthenticationProvider authenticator) {
+        HiveConf conf, HiveAuthenticationProvider authenticator, HiveAuthzSessionContext ctx) {
       username = authenticator.getUserName();
       HiveAccessController acontroller = Mockito.mock(HiveAccessController.class);
       return new HiveAuthorizerImpl(acontroller, null);

Added: hive/trunk/ql/src/test/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/TestSQLStdHiveAccessControllerCLI.java
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/TestSQLStdHiveAccessControllerCLI.java?rev=1618283&view=auto
==============================================================================
--- hive/trunk/ql/src/test/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/TestSQLStdHiveAccessControllerCLI.java (added)
+++ hive/trunk/ql/src/test/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/TestSQLStdHiveAccessControllerCLI.java Fri Aug 15 21:44:48 2014
@@ -0,0 +1,89 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd;
+
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
+
+import org.apache.hadoop.hive.conf.HiveConf;
+import org.apache.hadoop.hive.conf.HiveConf.ConfVars;
+import org.apache.hadoop.hive.ql.security.HadoopDefaultAuthenticator;
+import org.apache.hadoop.hive.ql.security.authorization.plugin.DisallowTransformHook;
+import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException;
+import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzSessionContext;
+import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzSessionContext.Builder;
+import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzSessionContext.CLIENT_TYPE;
+import org.junit.Test;
+
+/**
+ * Test SQLStdHiveAccessController
+ */
+public class TestSQLStdHiveAccessControllerCLI {
+
+  /**
+   * Test that SQLStdHiveAccessController is not applying config restrictions on CLI
+   *
+   * @throws HiveAuthzPluginException
+   */
+  @Test
+  public void testConfigProcessing() throws HiveAuthzPluginException {
+    HiveConf processedConf = new HiveConf();
+    SQLStdHiveAccessController accessController = new SQLStdHiveAccessController(null,
+        processedConf, new HadoopDefaultAuthenticator(), getCLISessionCtx()
+        );
+    accessController.applyAuthorizationConfigPolicy(processedConf);
+
+    // check that hook to disable transforms has not been added
+    assertFalse("Check for transform query disabling hook",
+        processedConf.getVar(ConfVars.PREEXECHOOKS).contains(DisallowTransformHook.class.getName()));
+
+    // check that set param whitelist is not set
+    assertTrue(processedConf.getVar(ConfVars.HIVE_AUTHORIZATION_SQL_STD_AUTH_CONFIG_WHITELIST) == null
+        || processedConf.getVar(ConfVars.HIVE_AUTHORIZATION_SQL_STD_AUTH_CONFIG_WHITELIST).trim()
+            .equals(""));
+
+    // verify that some dummy param can be set
+    processedConf.verifyAndSet("dummy.param", "dummy.val");
+  }
+
+  private HiveAuthzSessionContext getCLISessionCtx() {
+    Builder ctxBuilder = new HiveAuthzSessionContext.Builder();
+    ctxBuilder.setClientType(CLIENT_TYPE.HIVECLI);
+    return ctxBuilder.build();
+  }
+
+  /**
+   * Verify that exceptiion is thrown if authorization is enabled from hive cli,
+   * when sql std auth is used
+   */
+  @Test
+  public void testAuthEnableError() {
+    HiveConf processedConf = new HiveConf();
+    processedConf.setBoolVar(ConfVars.HIVE_AUTHORIZATION_ENABLED, true);
+    try {
+      SQLStdHiveAccessController accessController = new SQLStdHiveAccessController(null,
+          processedConf, new HadoopDefaultAuthenticator(), getCLISessionCtx());
+      fail("Exception expected");
+    } catch (HiveAuthzPluginException e) {
+      assertTrue(e.getMessage().contains(
+          "SQL standards based authorization should not be enabled from hive cli"));
+    }
+  }
+
+}

Added: hive/trunk/ql/src/test/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/TestSQLStdHiveAccessControllerHS2.java
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/TestSQLStdHiveAccessControllerHS2.java?rev=1618283&view=auto
==============================================================================
--- hive/trunk/ql/src/test/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/TestSQLStdHiveAccessControllerHS2.java (added)
+++ hive/trunk/ql/src/test/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/TestSQLStdHiveAccessControllerHS2.java Fri Aug 15 21:44:48 2014
@@ -0,0 +1,123 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd;
+
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
+
+import org.apache.hadoop.hive.conf.HiveConf;
+import org.apache.hadoop.hive.conf.HiveConf.ConfVars;
+import org.apache.hadoop.hive.ql.security.HadoopDefaultAuthenticator;
+import org.apache.hadoop.hive.ql.security.authorization.plugin.DisallowTransformHook;
+import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException;
+import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzSessionContext;
+import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzSessionContext.Builder;
+import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzSessionContext.CLIENT_TYPE;
+import org.junit.Test;
+
+import com.google.common.base.Joiner;
+
+/**
+ * Test SQLStdHiveAccessController
+ */
+public class TestSQLStdHiveAccessControllerHS2 {
+
+  /**
+   * Test if SQLStdHiveAccessController is applying configuration security
+   * policy on hiveconf correctly
+   *
+   * @throws HiveAuthzPluginException
+   */
+  @Test
+  public void testConfigProcessing() throws HiveAuthzPluginException {
+    HiveConf processedConf = new HiveConf();
+    SQLStdHiveAccessController accessController = new SQLStdHiveAccessController(null,
+        processedConf, new HadoopDefaultAuthenticator(), getHS2SessionCtx()
+        );
+    accessController.applyAuthorizationConfigPolicy(processedConf);
+
+    // check that hook to disable transforms has been added
+    assertTrue("Check for transform query disabling hook",
+        processedConf.getVar(ConfVars.PREEXECHOOKS).contains(DisallowTransformHook.class.getName()));
+
+    verifyParamSettability(SQLStdHiveAccessController.defaultModWhiteListSqlStdAuth, processedConf);
+
+  }
+
+  private HiveAuthzSessionContext getHS2SessionCtx() {
+    Builder ctxBuilder = new HiveAuthzSessionContext.Builder();
+    ctxBuilder.setClientType(CLIENT_TYPE.HIVESERVER2);
+    return ctxBuilder.build();
+  }
+
+  /**
+   * Verify that params in settableParams can be modified, and other random ones can't be modified
+   * @param settableParams
+   * @param processedConf
+   */
+  private void verifyParamSettability(String [] settableParams, HiveConf processedConf) {
+    // verify that the whitlelist params can be set
+    for (String param : settableParams) {
+      try {
+        processedConf.verifyAndSet(param, "dummy");
+      } catch (IllegalArgumentException e) {
+        fail("Unable to set value for parameter in whitelist " + param + " " + e);
+      }
+    }
+
+    // verify that non whitelist params can't be set
+    assertConfModificationException(processedConf, "dummy.param");
+    // does not make sense to have any of the metastore config variables to be
+    // modifiable
+    for (ConfVars metaVar : HiveConf.metaVars) {
+      assertConfModificationException(processedConf, metaVar.varname);
+    }
+  }
+
+  /**
+   * Test that modifying HIVE_AUTHORIZATION_SQL_STD_AUTH_CONFIG_WHITELIST config works
+   * @throws HiveAuthzPluginException
+   */
+  @Test
+  public void testConfigProcessingCustomSetWhitelist() throws HiveAuthzPluginException {
+
+    HiveConf processedConf = new HiveConf();
+    // add custom value, including one from the default, one new one
+    String[] settableParams = { SQLStdHiveAccessController.defaultModWhiteListSqlStdAuth[0],
+        "abcs.dummy.test.param" };
+   processedConf.setVar(HiveConf.ConfVars.HIVE_AUTHORIZATION_SQL_STD_AUTH_CONFIG_WHITELIST,
+        Joiner.on(",").join(settableParams));
+
+    SQLStdHiveAccessController accessController = new SQLStdHiveAccessController(null,
+        processedConf, new HadoopDefaultAuthenticator(), getHS2SessionCtx());
+    accessController.applyAuthorizationConfigPolicy(processedConf);
+    verifyParamSettability(settableParams, processedConf);
+
+  }
+
+  private void assertConfModificationException(HiveConf processedConf, String param) {
+    boolean caughtEx = false;
+    try {
+      processedConf.verifyAndSet(param, "dummy");
+    } catch (IllegalArgumentException e) {
+      caughtEx = true;
+    }
+    assertTrue("Exception should be thrown while modifying the param " + param, caughtEx);
+  }
+
+}

Modified: hive/trunk/ql/src/test/queries/clientnegative/authorization_addjar.q
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/queries/clientnegative/authorization_addjar.q?rev=1618283&r1=1618282&r2=1618283&view=diff
==============================================================================
--- hive/trunk/ql/src/test/queries/clientnegative/authorization_addjar.q (original)
+++ hive/trunk/ql/src/test/queries/clientnegative/authorization_addjar.q Fri Aug 15 21:44:48 2014
@@ -1,3 +1,4 @@
+set hive.test.authz.sstd.hs2.mode=true;
 set hive.security.authorization.enabled=true;
 set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory;
 

Modified: hive/trunk/ql/src/test/queries/clientnegative/authorization_addpartition.q
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/queries/clientnegative/authorization_addpartition.q?rev=1618283&r1=1618282&r2=1618283&view=diff
==============================================================================
--- hive/trunk/ql/src/test/queries/clientnegative/authorization_addpartition.q (original)
+++ hive/trunk/ql/src/test/queries/clientnegative/authorization_addpartition.q Fri Aug 15 21:44:48 2014
@@ -1,3 +1,4 @@
+set hive.test.authz.sstd.hs2.mode=true;
 set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest;
 set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator;
 set hive.security.authorization.enabled=true;

Modified: hive/trunk/ql/src/test/queries/clientnegative/authorization_alter_db_owner.q
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/queries/clientnegative/authorization_alter_db_owner.q?rev=1618283&r1=1618282&r2=1618283&view=diff
==============================================================================
--- hive/trunk/ql/src/test/queries/clientnegative/authorization_alter_db_owner.q (original)
+++ hive/trunk/ql/src/test/queries/clientnegative/authorization_alter_db_owner.q Fri Aug 15 21:44:48 2014
@@ -1,3 +1,4 @@
+set hive.test.authz.sstd.hs2.mode=true;
 set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest;
 set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator;
 set hive.security.authorization.enabled=true;

Modified: hive/trunk/ql/src/test/queries/clientnegative/authorization_alter_db_owner_default.q
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/queries/clientnegative/authorization_alter_db_owner_default.q?rev=1618283&r1=1618282&r2=1618283&view=diff
==============================================================================
--- hive/trunk/ql/src/test/queries/clientnegative/authorization_alter_db_owner_default.q (original)
+++ hive/trunk/ql/src/test/queries/clientnegative/authorization_alter_db_owner_default.q Fri Aug 15 21:44:48 2014
@@ -1,3 +1,4 @@
+set hive.test.authz.sstd.hs2.mode=true;
 set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest;
 set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator;
 set hive.security.authorization.enabled=true;

Modified: hive/trunk/ql/src/test/queries/clientnegative/authorization_cannot_create_all_role.q
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/queries/clientnegative/authorization_cannot_create_all_role.q?rev=1618283&r1=1618282&r2=1618283&view=diff
==============================================================================
--- hive/trunk/ql/src/test/queries/clientnegative/authorization_cannot_create_all_role.q (original)
+++ hive/trunk/ql/src/test/queries/clientnegative/authorization_cannot_create_all_role.q Fri Aug 15 21:44:48 2014
@@ -1,3 +1,4 @@
+set hive.test.authz.sstd.hs2.mode=true;
 set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest;
 set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator;
 set user.name=hive_admin_user;

Modified: hive/trunk/ql/src/test/queries/clientnegative/authorization_cannot_create_default_role.q
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/queries/clientnegative/authorization_cannot_create_default_role.q?rev=1618283&r1=1618282&r2=1618283&view=diff
==============================================================================
--- hive/trunk/ql/src/test/queries/clientnegative/authorization_cannot_create_default_role.q (original)
+++ hive/trunk/ql/src/test/queries/clientnegative/authorization_cannot_create_default_role.q Fri Aug 15 21:44:48 2014
@@ -1,3 +1,4 @@
+set hive.test.authz.sstd.hs2.mode=true;
 set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest;
 set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator;
 set user.name=hive_admin_user;

Modified: hive/trunk/ql/src/test/queries/clientnegative/authorization_cannot_create_none_role.q
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/queries/clientnegative/authorization_cannot_create_none_role.q?rev=1618283&r1=1618282&r2=1618283&view=diff
==============================================================================
--- hive/trunk/ql/src/test/queries/clientnegative/authorization_cannot_create_none_role.q (original)
+++ hive/trunk/ql/src/test/queries/clientnegative/authorization_cannot_create_none_role.q Fri Aug 15 21:44:48 2014
@@ -1,3 +1,4 @@
+set hive.test.authz.sstd.hs2.mode=true;
 set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest;
 set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator;
 set user.name=hive_admin_user;

Modified: hive/trunk/ql/src/test/queries/clientnegative/authorization_caseinsensitivity.q
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/queries/clientnegative/authorization_caseinsensitivity.q?rev=1618283&r1=1618282&r2=1618283&view=diff
==============================================================================
--- hive/trunk/ql/src/test/queries/clientnegative/authorization_caseinsensitivity.q (original)
+++ hive/trunk/ql/src/test/queries/clientnegative/authorization_caseinsensitivity.q Fri Aug 15 21:44:48 2014
@@ -1,3 +1,4 @@
+set hive.test.authz.sstd.hs2.mode=true;
 set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest;
 set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator;
 set user.name=hive_admin_user;

Added: hive/trunk/ql/src/test/queries/clientnegative/authorization_cli_auth_enable.q
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/queries/clientnegative/authorization_cli_auth_enable.q?rev=1618283&view=auto
==============================================================================
--- hive/trunk/ql/src/test/queries/clientnegative/authorization_cli_auth_enable.q (added)
+++ hive/trunk/ql/src/test/queries/clientnegative/authorization_cli_auth_enable.q Fri Aug 15 21:44:48 2014
@@ -0,0 +1,7 @@
+set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest;
+set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator;
+set user.name=hive_test_user;
+set hive.security.authorization.enabled=true;
+
+-- verify that sql std auth throws an error with hive cli, if auth is enabled
+show tables 'src';

Modified: hive/trunk/ql/src/test/queries/clientnegative/authorization_compile.q
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/queries/clientnegative/authorization_compile.q?rev=1618283&r1=1618282&r2=1618283&view=diff
==============================================================================
--- hive/trunk/ql/src/test/queries/clientnegative/authorization_compile.q (original)
+++ hive/trunk/ql/src/test/queries/clientnegative/authorization_compile.q Fri Aug 15 21:44:48 2014
@@ -1,3 +1,4 @@
+set hive.test.authz.sstd.hs2.mode=true;
 set hive.security.authorization.enabled=true;
 set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory;
 

Modified: hive/trunk/ql/src/test/queries/clientnegative/authorization_create_func1.q
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/queries/clientnegative/authorization_create_func1.q?rev=1618283&r1=1618282&r2=1618283&view=diff
==============================================================================
--- hive/trunk/ql/src/test/queries/clientnegative/authorization_create_func1.q (original)
+++ hive/trunk/ql/src/test/queries/clientnegative/authorization_create_func1.q Fri Aug 15 21:44:48 2014
@@ -1,3 +1,4 @@
+set hive.test.authz.sstd.hs2.mode=true;
 set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest;
 set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator;
 set hive.security.authorization.enabled=true;

Modified: hive/trunk/ql/src/test/queries/clientnegative/authorization_create_func2.q
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/queries/clientnegative/authorization_create_func2.q?rev=1618283&r1=1618282&r2=1618283&view=diff
==============================================================================
--- hive/trunk/ql/src/test/queries/clientnegative/authorization_create_func2.q (original)
+++ hive/trunk/ql/src/test/queries/clientnegative/authorization_create_func2.q Fri Aug 15 21:44:48 2014
@@ -1,3 +1,4 @@
+set hive.test.authz.sstd.hs2.mode=true;
 set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest;
 set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator;
 set hive.security.authorization.enabled=true;

Modified: hive/trunk/ql/src/test/queries/clientnegative/authorization_create_index.q
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/queries/clientnegative/authorization_create_index.q?rev=1618283&r1=1618282&r2=1618283&view=diff
==============================================================================
--- hive/trunk/ql/src/test/queries/clientnegative/authorization_create_index.q (original)
+++ hive/trunk/ql/src/test/queries/clientnegative/authorization_create_index.q Fri Aug 15 21:44:48 2014
@@ -1,3 +1,4 @@
+set hive.test.authz.sstd.hs2.mode=true;
 set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest;
 set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator;
 set hive.security.authorization.enabled=true;

Modified: hive/trunk/ql/src/test/queries/clientnegative/authorization_create_macro1.q
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/queries/clientnegative/authorization_create_macro1.q?rev=1618283&r1=1618282&r2=1618283&view=diff
==============================================================================
--- hive/trunk/ql/src/test/queries/clientnegative/authorization_create_macro1.q (original)
+++ hive/trunk/ql/src/test/queries/clientnegative/authorization_create_macro1.q Fri Aug 15 21:44:48 2014
@@ -1,3 +1,4 @@
+set hive.test.authz.sstd.hs2.mode=true;
 set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest;
 set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator;
 set hive.security.authorization.enabled=true;

Modified: hive/trunk/ql/src/test/queries/clientnegative/authorization_create_role_no_admin.q
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/queries/clientnegative/authorization_create_role_no_admin.q?rev=1618283&r1=1618282&r2=1618283&view=diff
==============================================================================
--- hive/trunk/ql/src/test/queries/clientnegative/authorization_create_role_no_admin.q (original)
+++ hive/trunk/ql/src/test/queries/clientnegative/authorization_create_role_no_admin.q Fri Aug 15 21:44:48 2014
@@ -1,3 +1,4 @@
+set hive.test.authz.sstd.hs2.mode=true;
 set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest;
 -- this test will fail because hive_test_user is not in admin role.
 create role r1;

Modified: hive/trunk/ql/src/test/queries/clientnegative/authorization_createview.q
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/queries/clientnegative/authorization_createview.q?rev=1618283&r1=1618282&r2=1618283&view=diff
==============================================================================
--- hive/trunk/ql/src/test/queries/clientnegative/authorization_createview.q (original)
+++ hive/trunk/ql/src/test/queries/clientnegative/authorization_createview.q Fri Aug 15 21:44:48 2014
@@ -1,3 +1,4 @@
+set hive.test.authz.sstd.hs2.mode=true;
 set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest;
 set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator;
 set hive.security.authorization.enabled=true;

Modified: hive/trunk/ql/src/test/queries/clientnegative/authorization_ctas.q
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/queries/clientnegative/authorization_ctas.q?rev=1618283&r1=1618282&r2=1618283&view=diff
==============================================================================
--- hive/trunk/ql/src/test/queries/clientnegative/authorization_ctas.q (original)
+++ hive/trunk/ql/src/test/queries/clientnegative/authorization_ctas.q Fri Aug 15 21:44:48 2014
@@ -1,3 +1,4 @@
+set hive.test.authz.sstd.hs2.mode=true;
 set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest;
 set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator;
 set hive.security.authorization.enabled=true;

Modified: hive/trunk/ql/src/test/queries/clientnegative/authorization_deletejar.q
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/queries/clientnegative/authorization_deletejar.q?rev=1618283&r1=1618282&r2=1618283&view=diff
==============================================================================
--- hive/trunk/ql/src/test/queries/clientnegative/authorization_deletejar.q (original)
+++ hive/trunk/ql/src/test/queries/clientnegative/authorization_deletejar.q Fri Aug 15 21:44:48 2014
@@ -1,3 +1,4 @@
+set hive.test.authz.sstd.hs2.mode=true;
 set hive.security.authorization.enabled=true;
 set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory;
 

Modified: hive/trunk/ql/src/test/queries/clientnegative/authorization_desc_table_nosel.q
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/queries/clientnegative/authorization_desc_table_nosel.q?rev=1618283&r1=1618282&r2=1618283&view=diff
==============================================================================
--- hive/trunk/ql/src/test/queries/clientnegative/authorization_desc_table_nosel.q (original)
+++ hive/trunk/ql/src/test/queries/clientnegative/authorization_desc_table_nosel.q Fri Aug 15 21:44:48 2014
@@ -1,3 +1,4 @@
+set hive.test.authz.sstd.hs2.mode=true;
 set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest;
 set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator;
 set hive.security.authorization.enabled=true;

Modified: hive/trunk/ql/src/test/queries/clientnegative/authorization_dfs.q
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/queries/clientnegative/authorization_dfs.q?rev=1618283&r1=1618282&r2=1618283&view=diff
==============================================================================
--- hive/trunk/ql/src/test/queries/clientnegative/authorization_dfs.q (original)
+++ hive/trunk/ql/src/test/queries/clientnegative/authorization_dfs.q Fri Aug 15 21:44:48 2014
@@ -1,3 +1,4 @@
+set hive.test.authz.sstd.hs2.mode=true;
 set hive.security.authorization.enabled=true;
 set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory;
 

Modified: hive/trunk/ql/src/test/queries/clientnegative/authorization_disallow_transform.q
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/queries/clientnegative/authorization_disallow_transform.q?rev=1618283&r1=1618282&r2=1618283&view=diff
==============================================================================
--- hive/trunk/ql/src/test/queries/clientnegative/authorization_disallow_transform.q (original)
+++ hive/trunk/ql/src/test/queries/clientnegative/authorization_disallow_transform.q Fri Aug 15 21:44:48 2014
@@ -1,3 +1,4 @@
+set hive.test.authz.sstd.hs2.mode=true;
 set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest;
 set role ALL;
 SELECT TRANSFORM (*) USING 'cat' AS (key, value) FROM src;

Modified: hive/trunk/ql/src/test/queries/clientnegative/authorization_drop_admin_role.q
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/queries/clientnegative/authorization_drop_admin_role.q?rev=1618283&r1=1618282&r2=1618283&view=diff
==============================================================================
--- hive/trunk/ql/src/test/queries/clientnegative/authorization_drop_admin_role.q (original)
+++ hive/trunk/ql/src/test/queries/clientnegative/authorization_drop_admin_role.q Fri Aug 15 21:44:48 2014
@@ -1,3 +1,4 @@
+set hive.test.authz.sstd.hs2.mode=true;
 set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest;
 set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator;
 set user.name=hive_admin_user;

Modified: hive/trunk/ql/src/test/queries/clientnegative/authorization_drop_db_cascade.q
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/queries/clientnegative/authorization_drop_db_cascade.q?rev=1618283&r1=1618282&r2=1618283&view=diff
==============================================================================
--- hive/trunk/ql/src/test/queries/clientnegative/authorization_drop_db_cascade.q (original)
+++ hive/trunk/ql/src/test/queries/clientnegative/authorization_drop_db_cascade.q Fri Aug 15 21:44:48 2014
@@ -1,3 +1,4 @@
+set hive.test.authz.sstd.hs2.mode=true;
 set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest;
 set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator;
 set hive.security.authorization.enabled=true;

Modified: hive/trunk/ql/src/test/queries/clientnegative/authorization_drop_db_empty.q
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/queries/clientnegative/authorization_drop_db_empty.q?rev=1618283&r1=1618282&r2=1618283&view=diff
==============================================================================
--- hive/trunk/ql/src/test/queries/clientnegative/authorization_drop_db_empty.q (original)
+++ hive/trunk/ql/src/test/queries/clientnegative/authorization_drop_db_empty.q Fri Aug 15 21:44:48 2014
@@ -1,3 +1,4 @@
+set hive.test.authz.sstd.hs2.mode=true;
 set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest;
 set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator;
 set hive.security.authorization.enabled=true;



Mime
View raw message