hive-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From the...@apache.org
Subject svn commit: r1621399 - in /hive/trunk: itests/util/src/main/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/ ql/src/java/org/apache/hadoop/hive/ql/parse/authorization/ ql/src/java/org/apache/hadoop/hive/ql/plan/ ql/src/java/org/apac...
Date Sat, 30 Aug 2014 00:22:29 GMT
Author: thejas
Date: Sat Aug 30 00:22:28 2014
New Revision: 1621399

URL: http://svn.apache.org/r1621399
Log:
HIVE-7846 : authorization api should support group, not assume case insensitive role names (Thejas Nair, reviewed by Jason Dere)

Added:
    hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessControllerWrapper.java
    hive/trunk/ql/src/test/queries/clientnegative/authorization_grant_group.q
    hive/trunk/ql/src/test/queries/clientnegative/authorization_role_case.q
    hive/trunk/ql/src/test/results/clientnegative/authorization_grant_group.q.out
    hive/trunk/ql/src/test/results/clientnegative/authorization_role_case.q.out
Modified:
    hive/trunk/itests/util/src/main/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessControllerForTest.java
    hive/trunk/itests/util/src/main/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAuthorizationValidatorForTest.java
    hive/trunk/itests/util/src/main/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAuthorizerFactoryForTest.java
    hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/parse/authorization/HiveAuthorizationTaskFactoryImpl.java
    hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/plan/RoleDDLDesc.java
    hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/AuthorizationUtils.java
    hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HivePrincipal.java
    hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLAuthorizationUtils.java
    hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAuthorizationValidator.java
    hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAuthorizerFactory.java
    hive/trunk/ql/src/test/queries/clientnegative/authorization_public_create.q
    hive/trunk/ql/src/test/queries/clientnegative/authorization_public_drop.q
    hive/trunk/ql/src/test/queries/clientnegative/authorize_grant_public.q
    hive/trunk/ql/src/test/queries/clientnegative/authorize_revoke_public.q
    hive/trunk/ql/src/test/queries/clientpositive/authorization_1.q
    hive/trunk/ql/src/test/queries/clientpositive/authorization_5.q
    hive/trunk/ql/src/test/queries/clientpositive/authorization_grant_public_role.q
    hive/trunk/ql/src/test/queries/clientpositive/authorization_role_grant2.q
    hive/trunk/ql/src/test/results/clientnegative/authorization_public_create.q.out
    hive/trunk/ql/src/test/results/clientnegative/authorization_public_drop.q.out
    hive/trunk/ql/src/test/results/clientnegative/authorize_grant_public.q.out
    hive/trunk/ql/src/test/results/clientnegative/authorize_revoke_public.q.out
    hive/trunk/ql/src/test/results/clientpositive/authorization_1.q.out
    hive/trunk/ql/src/test/results/clientpositive/authorization_5.q.out
    hive/trunk/ql/src/test/results/clientpositive/authorization_grant_public_role.q.out
    hive/trunk/ql/src/test/results/clientpositive/authorization_role_grant2.q.out

Modified: hive/trunk/itests/util/src/main/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessControllerForTest.java
URL: http://svn.apache.org/viewvc/hive/trunk/itests/util/src/main/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessControllerForTest.java?rev=1621399&r1=1621398&r2=1621399&view=diff
==============================================================================
--- hive/trunk/itests/util/src/main/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessControllerForTest.java (original)
+++ hive/trunk/itests/util/src/main/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessControllerForTest.java Sat Aug 30 00:22:28 2014
@@ -30,7 +30,7 @@ import org.apache.hadoop.hive.ql.securit
  * To be used for testing purposes only!
  */
 @Private
-public class SQLStdHiveAccessControllerForTest extends SQLStdHiveAccessController {
+public class SQLStdHiveAccessControllerForTest extends SQLStdHiveAccessControllerWrapper {
 
   SQLStdHiveAccessControllerForTest(HiveMetastoreClientFactory metastoreClientFactory, HiveConf conf,
       HiveAuthenticationProvider authenticator, HiveAuthzSessionContext ctx) throws HiveAuthzPluginException {

Modified: hive/trunk/itests/util/src/main/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAuthorizationValidatorForTest.java
URL: http://svn.apache.org/viewvc/hive/trunk/itests/util/src/main/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAuthorizationValidatorForTest.java?rev=1621399&r1=1621398&r2=1621399&view=diff
==============================================================================
--- hive/trunk/itests/util/src/main/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAuthorizationValidatorForTest.java (original)
+++ hive/trunk/itests/util/src/main/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAuthorizationValidatorForTest.java Sat Aug 30 00:22:28 2014
@@ -38,7 +38,7 @@ public class SQLStdHiveAuthorizationVali
 
   public SQLStdHiveAuthorizationValidatorForTest(HiveMetastoreClientFactory metastoreClientFactory,
       HiveConf conf, HiveAuthenticationProvider authenticator,
-      SQLStdHiveAccessController privController) {
+      SQLStdHiveAccessControllerWrapper privController) {
     super(metastoreClientFactory, conf, authenticator, privController);
   }
 

Modified: hive/trunk/itests/util/src/main/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAuthorizerFactoryForTest.java
URL: http://svn.apache.org/viewvc/hive/trunk/itests/util/src/main/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAuthorizerFactoryForTest.java?rev=1621399&r1=1621398&r2=1621399&view=diff
==============================================================================
--- hive/trunk/itests/util/src/main/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAuthorizerFactoryForTest.java (original)
+++ hive/trunk/itests/util/src/main/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAuthorizerFactoryForTest.java Sat Aug 30 00:22:28 2014
@@ -32,7 +32,7 @@ public class SQLStdHiveAuthorizerFactory
   @Override
   public HiveAuthorizer createHiveAuthorizer(HiveMetastoreClientFactory metastoreClientFactory,
       HiveConf conf, HiveAuthenticationProvider authenticator, HiveAuthzSessionContext ctx) throws HiveAuthzPluginException {
-    SQLStdHiveAccessController privilegeManager =
+    SQLStdHiveAccessControllerWrapper privilegeManager =
         new SQLStdHiveAccessControllerForTest(metastoreClientFactory, conf, authenticator, ctx);
     return new HiveAuthorizerImpl(
         privilegeManager,

Modified: hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/parse/authorization/HiveAuthorizationTaskFactoryImpl.java
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/parse/authorization/HiveAuthorizationTaskFactoryImpl.java?rev=1621399&r1=1621398&r2=1621399&view=diff
==============================================================================
--- hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/parse/authorization/HiveAuthorizationTaskFactoryImpl.java (original)
+++ hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/parse/authorization/HiveAuthorizationTaskFactoryImpl.java Sat Aug 30 00:22:28 2014
@@ -206,7 +206,7 @@ public class HiveAuthorizationTaskFactor
 
     List<String> roles = new ArrayList<String>();
     for (int i = rolesStartPos; i < ast.getChildCount(); i++) {
-      roles.add(BaseSemanticAnalyzer.unescapeIdentifier(ast.getChild(i).getText()).toLowerCase());
+      roles.add(BaseSemanticAnalyzer.unescapeIdentifier(ast.getChild(i).getText()));
     }
 
     String roleOwnerName = SessionState.getUserFromAuthenticator();

Modified: hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/plan/RoleDDLDesc.java
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/plan/RoleDDLDesc.java?rev=1621399&r1=1621398&r2=1621399&view=diff
==============================================================================
--- hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/plan/RoleDDLDesc.java (original)
+++ hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/plan/RoleDDLDesc.java Sat Aug 30 00:22:28 2014
@@ -102,8 +102,7 @@ public class RoleDDLDesc extends DDLDesc
 
   public RoleDDLDesc(String principalName, PrincipalType principalType,
       RoleOperation operation, String roleOwnerName) {
-    this.name = (principalName != null  && principalType == PrincipalType.ROLE) ?
-      principalName.toLowerCase() : principalName;
+    this.name = principalName;
     this.principalType = principalType;
     this.operation = operation;
     this.roleOwnerName = roleOwnerName;

Modified: hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/AuthorizationUtils.java
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/AuthorizationUtils.java?rev=1621399&r1=1621398&r2=1621399&view=diff
==============================================================================
--- hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/AuthorizationUtils.java (original)
+++ hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/AuthorizationUtils.java Sat Aug 30 00:22:28 2014
@@ -67,9 +67,6 @@ public class AuthorizationUtils {
     case ROLE:
       return HivePrincipalType.ROLE;
     case GROUP:
-      if (SessionState.get().getAuthorizationMode() == SessionState.AuthorizationMode.V2) {
-        throw new HiveException(ErrorMsg.UNSUPPORTED_AUTHORIZATION_PRINCIPAL_TYPE_GROUP);
-      }
       return HivePrincipalType.GROUP;
     default:
       //should not happen as we take care of all existing types

Modified: hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HivePrincipal.java
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HivePrincipal.java?rev=1621399&r1=1621398&r2=1621399&view=diff
==============================================================================
--- hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HivePrincipal.java (original)
+++ hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HivePrincipal.java Sat Aug 30 00:22:28 2014
@@ -50,16 +50,9 @@ public class HivePrincipal implements Co
 
   public HivePrincipal(String name, HivePrincipalType type){
     this.type = type;
-    if (type == HivePrincipalType.ROLE) {
-      // lower case role to make operations on it case insensitive
-      // when the old default authorization gets deprecated, this can move
-      // to ObjectStore code base
-      this.name = name.toLowerCase();
-    } else {
-      this.name = name;
-    }
-
+    this.name = name;
   }
+
   public String getName() {
     return name;
   }

Modified: hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLAuthorizationUtils.java
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLAuthorizationUtils.java?rev=1621399&r1=1621398&r2=1621399&view=diff
==============================================================================
--- hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLAuthorizationUtils.java (original)
+++ hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLAuthorizationUtils.java Sat Aug 30 00:22:28 2014
@@ -17,7 +17,6 @@
  */
 package org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd;
 
-import java.io.IOException;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collection;
@@ -25,6 +24,7 @@ import java.util.Collections;
 import java.util.HashMap;
 import java.util.HashSet;
 import java.util.List;
+import java.util.ListIterator;
 import java.util.Locale;
 import java.util.Map;
 import java.util.Set;
@@ -416,4 +416,43 @@ public class SQLAuthorizationUtils {
     return new HiveAuthzPluginException(prefix + ": " + e.getMessage(), e);
   }
 
+  /**
+   * Validate the principal type, and convert role name to lower case
+   * @param hPrincipal
+   * @return validated principal
+   * @throws HiveAuthzPluginException
+   */
+  public static HivePrincipal getValidatedPrincipal(HivePrincipal hPrincipal)
+      throws HiveAuthzPluginException {
+    if (hPrincipal == null || hPrincipal.getType() == null) {
+      // null principal
+      return hPrincipal;
+    }
+    switch (hPrincipal.getType()) {
+    case USER:
+      return hPrincipal;
+    case ROLE:
+      // lower case role names, for case insensitive behavior
+      return new HivePrincipal(hPrincipal.getName().toLowerCase(), hPrincipal.getType());
+    default:
+      throw new HiveAuthzPluginException("Invalid principal type in principal " + hPrincipal);
+    }
+  }
+
+  /**
+   * Calls getValidatedPrincipal on each principal in list and updates the list
+   * @param hivePrincipals
+   * @return
+   * @return
+   * @throws HiveAuthzPluginException
+   */
+  public static List<HivePrincipal> getValidatedPrincipals(List<HivePrincipal> hivePrincipals)
+      throws HiveAuthzPluginException {
+    ListIterator<HivePrincipal> it = hivePrincipals.listIterator();
+    while(it.hasNext()){
+      it.set(getValidatedPrincipal(it.next()));
+    }
+    return hivePrincipals;
+  }
+
 }

Added: hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessControllerWrapper.java
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessControllerWrapper.java?rev=1621399&view=auto
==============================================================================
--- hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessControllerWrapper.java (added)
+++ hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessControllerWrapper.java Sat Aug 30 00:22:28 2014
@@ -0,0 +1,193 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd;
+
+import java.util.List;
+import java.util.ListIterator;
+
+import org.apache.hadoop.classification.InterfaceAudience.Private;
+import org.apache.hadoop.hive.conf.HiveConf;
+import org.apache.hadoop.hive.ql.security.HiveAuthenticationProvider;
+import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAccessControlException;
+import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAccessController;
+import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException;
+import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzSessionContext;
+import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveMetastoreClientFactory;
+import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal;
+import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilege;
+import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeInfo;
+import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject;
+import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveRoleGrant;
+
+/**
+ * Wrapper for {@link SQLStdHiveAccessController} that does validation of
+ * arguments and then calls the real object. Doing the validation in this
+ * separate class, so that the chances of missing any validation is small.
+ *
+ * Validations/Conversions to be done
+ * 1. Call SQLAuthorizationUtils.getValidatedPrincipals on HivePrincipal to validate and
+ * update
+ * 2. Convert roleName to lower case
+ *
+ */
+
+@Private
+public class SQLStdHiveAccessControllerWrapper implements HiveAccessController {
+
+  private final SQLStdHiveAccessController hiveAccessController;
+
+  public SQLStdHiveAccessControllerWrapper(HiveMetastoreClientFactory metastoreClientFactory,
+      HiveConf conf, HiveAuthenticationProvider authenticator, HiveAuthzSessionContext ctx)
+      throws HiveAuthzPluginException {
+    this.hiveAccessController = new SQLStdHiveAccessController(metastoreClientFactory, conf,
+        authenticator, ctx);
+  }
+
+  @Override
+  public void grantPrivileges(List<HivePrincipal> hivePrincipals,
+      List<HivePrivilege> hivePrivileges, HivePrivilegeObject hivePrivObject,
+      HivePrincipal grantorPrincipal, boolean grantOption) throws HiveAuthzPluginException,
+      HiveAccessControlException {
+    // validate principals
+    hivePrincipals = SQLAuthorizationUtils.getValidatedPrincipals(hivePrincipals);
+    grantorPrincipal = SQLAuthorizationUtils.getValidatedPrincipal(grantorPrincipal);
+
+    hiveAccessController.grantPrivileges(hivePrincipals, hivePrivileges, hivePrivObject,
+        grantorPrincipal, grantOption);
+
+  }
+
+  @Override
+  public void revokePrivileges(List<HivePrincipal> hivePrincipals,
+      List<HivePrivilege> hivePrivileges, HivePrivilegeObject hivePrivObject,
+      HivePrincipal grantorPrincipal, boolean grantOption) throws HiveAuthzPluginException,
+      HiveAccessControlException {
+    // validate principals
+    hivePrincipals = SQLAuthorizationUtils.getValidatedPrincipals(hivePrincipals);
+    grantorPrincipal = SQLAuthorizationUtils.getValidatedPrincipal(grantorPrincipal);
+
+    hiveAccessController.revokePrivileges(hivePrincipals, hivePrivileges, hivePrivObject,
+        grantorPrincipal, grantOption);
+  }
+
+  @Override
+  public void createRole(String roleName, HivePrincipal adminGrantor)
+      throws HiveAuthzPluginException, HiveAccessControlException {
+    // validate principals
+    roleName = roleName.toLowerCase();
+    adminGrantor = SQLAuthorizationUtils.getValidatedPrincipal(adminGrantor);
+
+    hiveAccessController.createRole(roleName, adminGrantor);
+  }
+
+  @Override
+  public void dropRole(String roleName) throws HiveAuthzPluginException, HiveAccessControlException {
+    // lower case roleName
+    roleName = roleName.toLowerCase();
+
+    hiveAccessController.dropRole(roleName);
+  }
+
+  @Override
+  public void grantRole(List<HivePrincipal> hivePrincipals, List<String> roles,
+      boolean grantOption, HivePrincipal grantorPrinc) throws HiveAuthzPluginException,
+      HiveAccessControlException {
+    // validate principals
+    hivePrincipals = SQLAuthorizationUtils.getValidatedPrincipals(hivePrincipals);
+    roles = getLowerCaseRoleNames(roles);
+    grantorPrinc = SQLAuthorizationUtils.getValidatedPrincipal(grantorPrinc);
+
+    hiveAccessController.grantRole(hivePrincipals, roles, grantOption, grantorPrinc);
+  }
+
+  @Override
+  public void revokeRole(List<HivePrincipal> hivePrincipals, List<String> roles,
+      boolean grantOption, HivePrincipal grantorPrinc) throws HiveAuthzPluginException,
+      HiveAccessControlException {
+    // validate
+    hivePrincipals = SQLAuthorizationUtils.getValidatedPrincipals(hivePrincipals);
+    roles = getLowerCaseRoleNames(roles);
+    grantorPrinc = SQLAuthorizationUtils.getValidatedPrincipal(grantorPrinc);
+
+    hiveAccessController.revokeRole(hivePrincipals, roles, grantOption, grantorPrinc);
+  }
+
+  @Override
+  public List<String> getAllRoles() throws HiveAuthzPluginException, HiveAccessControlException {
+    return hiveAccessController.getAllRoles();
+  }
+
+  @Override
+  public List<HivePrivilegeInfo> showPrivileges(HivePrincipal principal, HivePrivilegeObject privObj)
+      throws HiveAuthzPluginException, HiveAccessControlException {
+    // validate
+    principal = SQLAuthorizationUtils.getValidatedPrincipal(principal);
+
+    return hiveAccessController.showPrivileges(principal, privObj);
+  }
+
+  @Override
+  public void setCurrentRole(String roleName) throws HiveAuthzPluginException,
+      HiveAccessControlException {
+    // validate
+    roleName = roleName.toLowerCase();
+
+    hiveAccessController.setCurrentRole(roleName);
+  }
+
+  @Override
+  public List<String> getCurrentRoleNames() throws HiveAuthzPluginException {
+    return hiveAccessController.getCurrentRoleNames();
+  }
+
+  @Override
+  public List<HiveRoleGrant> getPrincipalGrantInfoForRole(String roleName)
+      throws HiveAuthzPluginException, HiveAccessControlException {
+    // validate
+    roleName = roleName.toLowerCase();
+
+    return hiveAccessController.getPrincipalGrantInfoForRole(roleName);
+  }
+
+  @Override
+  public List<HiveRoleGrant> getRoleGrantInfoForPrincipal(HivePrincipal principal)
+      throws HiveAuthzPluginException, HiveAccessControlException {
+    // validate
+    principal = SQLAuthorizationUtils.getValidatedPrincipal(principal);
+
+    return hiveAccessController.getRoleGrantInfoForPrincipal(principal);
+  }
+
+  @Override
+  public void applyAuthorizationConfigPolicy(HiveConf hiveConf) {
+    hiveAccessController.applyAuthorizationConfigPolicy(hiveConf);
+  }
+
+  public boolean isUserAdmin() throws HiveAuthzPluginException {
+    return hiveAccessController.isUserAdmin();
+  }
+
+  private List<String> getLowerCaseRoleNames(List<String> roles) {
+    ListIterator<String> roleIter = roles.listIterator();
+    while (roleIter.hasNext()) {
+      roleIter.set(roleIter.next().toLowerCase());
+    }
+    return roles;
+  }
+
+}

Modified: hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAuthorizationValidator.java
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAuthorizationValidator.java?rev=1621399&r1=1621398&r2=1621399&view=diff
==============================================================================
--- hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAuthorizationValidator.java (original)
+++ hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAuthorizationValidator.java Sat Aug 30 00:22:28 2014
@@ -43,17 +43,17 @@ public class SQLStdHiveAuthorizationVali
   private final HiveMetastoreClientFactory metastoreClientFactory;
   private final HiveConf conf;
   private final HiveAuthenticationProvider authenticator;
-  private final SQLStdHiveAccessController privController;
+  private final SQLStdHiveAccessControllerWrapper privController;
   public static final Log LOG = LogFactory.getLog(SQLStdHiveAuthorizationValidator.class);
 
   public SQLStdHiveAuthorizationValidator(HiveMetastoreClientFactory metastoreClientFactory,
       HiveConf conf, HiveAuthenticationProvider authenticator,
-      SQLStdHiveAccessController privController) {
+      SQLStdHiveAccessControllerWrapper privilegeManager) {
 
     this.metastoreClientFactory = metastoreClientFactory;
     this.conf = conf;
     this.authenticator = authenticator;
-    this.privController = privController;
+    this.privController = privilegeManager;
   }
 
   @Override

Modified: hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAuthorizerFactory.java
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAuthorizerFactory.java?rev=1621399&r1=1621398&r2=1621399&view=diff
==============================================================================
--- hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAuthorizerFactory.java (original)
+++ hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAuthorizerFactory.java Sat Aug 30 00:22:28 2014
@@ -32,8 +32,8 @@ public class SQLStdHiveAuthorizerFactory
   @Override
   public HiveAuthorizer createHiveAuthorizer(HiveMetastoreClientFactory metastoreClientFactory,
       HiveConf conf, HiveAuthenticationProvider authenticator, HiveAuthzSessionContext ctx) throws HiveAuthzPluginException {
-    SQLStdHiveAccessController privilegeManager =
-        new SQLStdHiveAccessController(metastoreClientFactory, conf, authenticator, ctx);
+    SQLStdHiveAccessControllerWrapper privilegeManager =
+        new SQLStdHiveAccessControllerWrapper(metastoreClientFactory, conf, authenticator, ctx);
     return new HiveAuthorizerImpl(
         privilegeManager,
         new SQLStdHiveAuthorizationValidator(metastoreClientFactory, conf, authenticator,

Added: hive/trunk/ql/src/test/queries/clientnegative/authorization_grant_group.q
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/queries/clientnegative/authorization_grant_group.q?rev=1621399&view=auto
==============================================================================
--- hive/trunk/ql/src/test/queries/clientnegative/authorization_grant_group.q (added)
+++ hive/trunk/ql/src/test/queries/clientnegative/authorization_grant_group.q Sat Aug 30 00:22:28 2014
@@ -0,0 +1,11 @@
+set hive.test.authz.sstd.hs2.mode=true;
+set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest;
+set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator;
+
+set user.name=user1;
+-- current user has been set (comment line before the set cmd is resulting in parse error!!)
+
+CREATE TABLE table_gg(i int);
+
+-- grant insert on group should fail
+GRANT INSERT ON table_gg TO group g1;

Modified: hive/trunk/ql/src/test/queries/clientnegative/authorization_public_create.q
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/queries/clientnegative/authorization_public_create.q?rev=1621399&r1=1621398&r2=1621399&view=diff
==============================================================================
--- hive/trunk/ql/src/test/queries/clientnegative/authorization_public_create.q (original)
+++ hive/trunk/ql/src/test/queries/clientnegative/authorization_public_create.q Sat Aug 30 00:22:28 2014
@@ -1 +1 @@
-create role PUBLIC;
+create role public;

Modified: hive/trunk/ql/src/test/queries/clientnegative/authorization_public_drop.q
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/queries/clientnegative/authorization_public_drop.q?rev=1621399&r1=1621398&r2=1621399&view=diff
==============================================================================
--- hive/trunk/ql/src/test/queries/clientnegative/authorization_public_drop.q (original)
+++ hive/trunk/ql/src/test/queries/clientnegative/authorization_public_drop.q Sat Aug 30 00:22:28 2014
@@ -1 +1 @@
-drop role PUBLIC;
+drop role public;

Added: hive/trunk/ql/src/test/queries/clientnegative/authorization_role_case.q
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/queries/clientnegative/authorization_role_case.q?rev=1621399&view=auto
==============================================================================
--- hive/trunk/ql/src/test/queries/clientnegative/authorization_role_case.q (added)
+++ hive/trunk/ql/src/test/queries/clientnegative/authorization_role_case.q Sat Aug 30 00:22:28 2014
@@ -0,0 +1,10 @@
+create role mixCaseRole1;
+create role mixCaseRole2;
+
+show roles;
+
+
+create table t1(i int);
+grant SELECT  on table t1 to role mixCaseRole1;
+-- grant with wrong case should fail with legacy auth
+grant UPDATE  on table t1 to role mixcaserole2;

Modified: hive/trunk/ql/src/test/queries/clientnegative/authorize_grant_public.q
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/queries/clientnegative/authorize_grant_public.q?rev=1621399&r1=1621398&r2=1621399&view=diff
==============================================================================
--- hive/trunk/ql/src/test/queries/clientnegative/authorize_grant_public.q (original)
+++ hive/trunk/ql/src/test/queries/clientnegative/authorize_grant_public.q Sat Aug 30 00:22:28 2014
@@ -1 +1 @@
-grant role PUBLIC to user hive_test_user;
+grant role public to user hive_test_user;

Modified: hive/trunk/ql/src/test/queries/clientnegative/authorize_revoke_public.q
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/queries/clientnegative/authorize_revoke_public.q?rev=1621399&r1=1621398&r2=1621399&view=diff
==============================================================================
--- hive/trunk/ql/src/test/queries/clientnegative/authorize_revoke_public.q (original)
+++ hive/trunk/ql/src/test/queries/clientnegative/authorize_revoke_public.q Sat Aug 30 00:22:28 2014
@@ -1 +1 @@
-revoke role PUBLIC from user hive_test_user;
+revoke role public from user hive_test_user;

Modified: hive/trunk/ql/src/test/queries/clientpositive/authorization_1.q
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/queries/clientpositive/authorization_1.q?rev=1621399&r1=1621398&r2=1621399&view=diff
==============================================================================
--- hive/trunk/ql/src/test/queries/clientpositive/authorization_1.q (original)
+++ hive/trunk/ql/src/test/queries/clientpositive/authorization_1.q Sat Aug 30 00:22:28 2014
@@ -57,33 +57,33 @@ show grant group hive_test_group1 on tab
 show grant group hive_test_group1 on table src_autho_test(key);
 
 --role
-create role src_role;
-grant role src_role to user hive_test_user;
+create role sRc_roLE;
+grant role sRc_roLE to user hive_test_user;
 show role grant user hive_test_user;
 
 --column grant to role
 
-grant select(key) on table src_autho_test to role src_role;
+grant select(key) on table src_autho_test to role sRc_roLE;
 
-show grant role src_role on table src_autho_test;
-show grant role src_role on table src_autho_test(key);
+show grant role sRc_roLE on table src_autho_test;
+show grant role sRc_roLE on table src_autho_test(key);
 
 select key from src_autho_test order by key limit 20;
 
-revoke select(key) on table src_autho_test from role src_role;
+revoke select(key) on table src_autho_test from role sRc_roLE;
 
 --table grant to role
 
-grant select on table src_autho_test to role src_role;
+grant select on table src_autho_test to role sRc_roLE;
 
 select key from src_autho_test order by key limit 20;
 
-show grant role src_role on table src_autho_test;
-show grant role src_role on table src_autho_test(key);
-revoke select on table src_autho_test from role src_role;
+show grant role sRc_roLE on table src_autho_test;
+show grant role sRc_roLE on table src_autho_test(key);
+revoke select on table src_autho_test from role sRc_roLE;
 
 -- drop role
-drop role src_role;
+drop role sRc_roLE;
 
 set hive.security.authorization.enabled=false;
 drop table src_autho_test;
\ No newline at end of file

Modified: hive/trunk/ql/src/test/queries/clientpositive/authorization_5.q
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/queries/clientpositive/authorization_5.q?rev=1621399&r1=1621398&r2=1621399&view=diff
==============================================================================
--- hive/trunk/ql/src/test/queries/clientpositive/authorization_5.q (original)
+++ hive/trunk/ql/src/test/queries/clientpositive/authorization_5.q Sat Aug 30 00:22:28 2014
@@ -8,13 +8,13 @@ GRANT select ON DATABASE test_db TO USER
 
 SHOW GRANT USER hive_test_user ON DATABASE test_db;
 
-CREATE ROLE db_test_role;
-GRANT ROLE db_test_role TO USER hive_test_user;
+CREATE ROLE db_TEST_Role;
+GRANT ROLE db_TEST_Role TO USER hive_test_user;
 SHOW ROLE GRANT USER hive_test_user;
 
-GRANT drop ON DATABASE test_db TO ROLE db_test_role;
-GRANT select ON DATABASE test_db TO ROLE db_test_role;
+GRANT drop ON DATABASE test_db TO ROLE db_TEST_Role;
+GRANT select ON DATABASE test_db TO ROLE db_TEST_Role;
 
-SHOW GRANT ROLE db_test_role ON DATABASE test_db;
+SHOW GRANT ROLE db_TEST_Role ON DATABASE test_db;
 
 DROP DATABASE IF EXISTS test_db;

Modified: hive/trunk/ql/src/test/queries/clientpositive/authorization_grant_public_role.q
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/queries/clientpositive/authorization_grant_public_role.q?rev=1621399&r1=1621398&r2=1621399&view=diff
==============================================================================
--- hive/trunk/ql/src/test/queries/clientpositive/authorization_grant_public_role.q (original)
+++ hive/trunk/ql/src/test/queries/clientpositive/authorization_grant_public_role.q Sat Aug 30 00:22:28 2014
@@ -9,10 +9,10 @@ CREATE TABLE  t_gpr1(i int);
 
 -- all privileges should have been set for user
 
-GRANT ALL ON t_gpr1 TO ROLE public;
+GRANT ALL ON t_gpr1 TO ROLE pubLic;
 
 SHOW GRANT USER user1 ON TABLE t_gpr1;
-SHOW GRANT ROLE public ON TABLE t_gpr1;
+SHOW GRANT ROLE pubLic ON TABLE t_gpr1;
 
 set user.name=user2;
 SHOW CURRENT ROLES;

Modified: hive/trunk/ql/src/test/queries/clientpositive/authorization_role_grant2.q
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/queries/clientpositive/authorization_role_grant2.q?rev=1621399&r1=1621398&r2=1621399&view=diff
==============================================================================
--- hive/trunk/ql/src/test/queries/clientpositive/authorization_role_grant2.q (original)
+++ hive/trunk/ql/src/test/queries/clientpositive/authorization_role_grant2.q Sat Aug 30 00:22:28 2014
@@ -31,7 +31,7 @@ set user.name=user2;
 grant src_role_wadmin to role sRc_role2;
 
 set user.name=hive_admin_user;
-set role ADMIN;
+set role ADMIn;
 grant src_role2 to user user3;
 
 set user.name=user3;

Added: hive/trunk/ql/src/test/results/clientnegative/authorization_grant_group.q.out
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/results/clientnegative/authorization_grant_group.q.out?rev=1621399&view=auto
==============================================================================
--- hive/trunk/ql/src/test/results/clientnegative/authorization_grant_group.q.out (added)
+++ hive/trunk/ql/src/test/results/clientnegative/authorization_grant_group.q.out Sat Aug 30 00:22:28 2014
@@ -0,0 +1,17 @@
+PREHOOK: query: -- current user has been set (comment line before the set cmd is resulting in parse error!!)
+
+CREATE TABLE table_gg(i int)
+PREHOOK: type: CREATETABLE
+PREHOOK: Output: database:default
+PREHOOK: Output: default@table_gg
+POSTHOOK: query: -- current user has been set (comment line before the set cmd is resulting in parse error!!)
+
+CREATE TABLE table_gg(i int)
+POSTHOOK: type: CREATETABLE
+POSTHOOK: Output: database:default
+POSTHOOK: Output: default@table_gg
+PREHOOK: query: -- grant insert on group should fail
+GRANT INSERT ON table_gg TO group g1
+PREHOOK: type: GRANT_PRIVILEGE
+PREHOOK: Output: default@table_gg
+FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. Invalid principal type in principal Principal [name=g1, type=GROUP]

Modified: hive/trunk/ql/src/test/results/clientnegative/authorization_public_create.q.out
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/results/clientnegative/authorization_public_create.q.out?rev=1621399&r1=1621398&r2=1621399&view=diff
==============================================================================
--- hive/trunk/ql/src/test/results/clientnegative/authorization_public_create.q.out (original)
+++ hive/trunk/ql/src/test/results/clientnegative/authorization_public_create.q.out Sat Aug 30 00:22:28 2014
@@ -1,3 +1,3 @@
-PREHOOK: query: create role PUBLIC
+PREHOOK: query: create role public
 PREHOOK: type: CREATEROLE
 FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. org.apache.hadoop.hive.ql.metadata.HiveException: MetaException(message:public role implictly exists. It can't be created.)

Modified: hive/trunk/ql/src/test/results/clientnegative/authorization_public_drop.q.out
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/results/clientnegative/authorization_public_drop.q.out?rev=1621399&r1=1621398&r2=1621399&view=diff
==============================================================================
--- hive/trunk/ql/src/test/results/clientnegative/authorization_public_drop.q.out (original)
+++ hive/trunk/ql/src/test/results/clientnegative/authorization_public_drop.q.out Sat Aug 30 00:22:28 2014
@@ -1,3 +1,3 @@
-PREHOOK: query: drop role PUBLIC
+PREHOOK: query: drop role public
 PREHOOK: type: DROPROLE
 FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. org.apache.hadoop.hive.ql.metadata.HiveException: MetaException(message:public,admin roles can't be dropped.)

Added: hive/trunk/ql/src/test/results/clientnegative/authorization_role_case.q.out
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/results/clientnegative/authorization_role_case.q.out?rev=1621399&view=auto
==============================================================================
--- hive/trunk/ql/src/test/results/clientnegative/authorization_role_case.q.out (added)
+++ hive/trunk/ql/src/test/results/clientnegative/authorization_role_case.q.out Sat Aug 30 00:22:28 2014
@@ -0,0 +1,36 @@
+PREHOOK: query: create role mixCaseRole1
+PREHOOK: type: CREATEROLE
+POSTHOOK: query: create role mixCaseRole1
+POSTHOOK: type: CREATEROLE
+PREHOOK: query: create role mixCaseRole2
+PREHOOK: type: CREATEROLE
+POSTHOOK: query: create role mixCaseRole2
+POSTHOOK: type: CREATEROLE
+PREHOOK: query: show roles
+PREHOOK: type: SHOW_ROLES
+POSTHOOK: query: show roles
+POSTHOOK: type: SHOW_ROLES
+admin
+mixCaseRole1
+mixCaseRole2
+public
+
+PREHOOK: query: create table t1(i int)
+PREHOOK: type: CREATETABLE
+PREHOOK: Output: database:default
+PREHOOK: Output: default@t1
+POSTHOOK: query: create table t1(i int)
+POSTHOOK: type: CREATETABLE
+POSTHOOK: Output: database:default
+POSTHOOK: Output: default@t1
+PREHOOK: query: grant SELECT  on table t1 to role mixCaseRole1
+PREHOOK: type: GRANT_PRIVILEGE
+PREHOOK: Output: default@t1
+POSTHOOK: query: grant SELECT  on table t1 to role mixCaseRole1
+POSTHOOK: type: GRANT_PRIVILEGE
+POSTHOOK: Output: default@t1
+PREHOOK: query: -- grant with wrong case should fail with legacy auth
+grant UPDATE  on table t1 to role mixcaserole2
+PREHOOK: type: GRANT_PRIVILEGE
+PREHOOK: Output: default@t1
+FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. org.apache.hadoop.hive.ql.metadata.HiveException: java.lang.RuntimeException: NoSuchObjectException(message:Role mixcaserole2 does not exist)

Modified: hive/trunk/ql/src/test/results/clientnegative/authorize_grant_public.q.out
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/results/clientnegative/authorize_grant_public.q.out?rev=1621399&r1=1621398&r2=1621399&view=diff
==============================================================================
--- hive/trunk/ql/src/test/results/clientnegative/authorize_grant_public.q.out (original)
+++ hive/trunk/ql/src/test/results/clientnegative/authorize_grant_public.q.out Sat Aug 30 00:22:28 2014
@@ -1,3 +1,3 @@
-PREHOOK: query: grant role PUBLIC to user hive_test_user
+PREHOOK: query: grant role public to user hive_test_user
 PREHOOK: type: GRANT_ROLE
 FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. org.apache.hadoop.hive.ql.metadata.HiveException: MetaException(message:No user can be added to public. Since all users implictly belong to public role.)

Modified: hive/trunk/ql/src/test/results/clientnegative/authorize_revoke_public.q.out
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/results/clientnegative/authorize_revoke_public.q.out?rev=1621399&r1=1621398&r2=1621399&view=diff
==============================================================================
--- hive/trunk/ql/src/test/results/clientnegative/authorize_revoke_public.q.out (original)
+++ hive/trunk/ql/src/test/results/clientnegative/authorize_revoke_public.q.out Sat Aug 30 00:22:28 2014
@@ -1,3 +1,3 @@
-PREHOOK: query: revoke role PUBLIC from user hive_test_user
+PREHOOK: query: revoke role public from user hive_test_user
 PREHOOK: type: REVOKE_ROLE
 FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. org.apache.hadoop.hive.ql.metadata.HiveException: MetaException(message:public role can't be revoked.)

Modified: hive/trunk/ql/src/test/results/clientpositive/authorization_1.q.out
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/results/clientpositive/authorization_1.q.out?rev=1621399&r1=1621398&r2=1621399&view=diff
==============================================================================
--- hive/trunk/ql/src/test/results/clientpositive/authorization_1.q.out (original)
+++ hive/trunk/ql/src/test/results/clientpositive/authorization_1.q.out Sat Aug 30 00:22:28 2014
@@ -257,40 +257,40 @@ PREHOOK: type: SHOW_GRANT
 POSTHOOK: query: show grant group hive_test_group1 on table src_autho_test(key)
 POSTHOOK: type: SHOW_GRANT
 PREHOOK: query: --role
-create role src_role
+create role sRc_roLE
 PREHOOK: type: CREATEROLE
 POSTHOOK: query: --role
-create role src_role
+create role sRc_roLE
 POSTHOOK: type: CREATEROLE
-PREHOOK: query: grant role src_role to user hive_test_user
+PREHOOK: query: grant role sRc_roLE to user hive_test_user
 PREHOOK: type: GRANT_ROLE
-POSTHOOK: query: grant role src_role to user hive_test_user
+POSTHOOK: query: grant role sRc_roLE to user hive_test_user
 POSTHOOK: type: GRANT_ROLE
 PREHOOK: query: show role grant user hive_test_user
 PREHOOK: type: SHOW_ROLE_GRANT
 POSTHOOK: query: show role grant user hive_test_user
 POSTHOOK: type: SHOW_ROLE_GRANT
 public	false	-1	
-src_role	false	-1	hive_test_user
+sRc_roLE	false	-1	hive_test_user
 PREHOOK: query: --column grant to role
 
-grant select(key) on table src_autho_test to role src_role
+grant select(key) on table src_autho_test to role sRc_roLE
 PREHOOK: type: GRANT_PRIVILEGE
 PREHOOK: Output: default@src_autho_test
 POSTHOOK: query: --column grant to role
 
-grant select(key) on table src_autho_test to role src_role
+grant select(key) on table src_autho_test to role sRc_roLE
 POSTHOOK: type: GRANT_PRIVILEGE
 POSTHOOK: Output: default@src_autho_test
-PREHOOK: query: show grant role src_role on table src_autho_test
+PREHOOK: query: show grant role sRc_roLE on table src_autho_test
 PREHOOK: type: SHOW_GRANT
-POSTHOOK: query: show grant role src_role on table src_autho_test
+POSTHOOK: query: show grant role sRc_roLE on table src_autho_test
 POSTHOOK: type: SHOW_GRANT
-PREHOOK: query: show grant role src_role on table src_autho_test(key)
+PREHOOK: query: show grant role sRc_roLE on table src_autho_test(key)
 PREHOOK: type: SHOW_GRANT
-POSTHOOK: query: show grant role src_role on table src_autho_test(key)
+POSTHOOK: query: show grant role sRc_roLE on table src_autho_test(key)
 POSTHOOK: type: SHOW_GRANT
-default	src_autho_test		[key]	src_role	ROLE	SELECT	false	-1	hive_test_user
+default	src_autho_test		[key]	sRc_roLE	ROLE	SELECT	false	-1	hive_test_user
 PREHOOK: query: select key from src_autho_test order by key limit 20
 PREHOOK: type: QUERY
 PREHOOK: Input: default@src_autho_test
@@ -319,20 +319,20 @@ POSTHOOK: Input: default@src_autho_test
 118
 118
 119
-PREHOOK: query: revoke select(key) on table src_autho_test from role src_role
+PREHOOK: query: revoke select(key) on table src_autho_test from role sRc_roLE
 PREHOOK: type: REVOKE_PRIVILEGE
 PREHOOK: Output: default@src_autho_test
-POSTHOOK: query: revoke select(key) on table src_autho_test from role src_role
+POSTHOOK: query: revoke select(key) on table src_autho_test from role sRc_roLE
 POSTHOOK: type: REVOKE_PRIVILEGE
 POSTHOOK: Output: default@src_autho_test
 PREHOOK: query: --table grant to role
 
-grant select on table src_autho_test to role src_role
+grant select on table src_autho_test to role sRc_roLE
 PREHOOK: type: GRANT_PRIVILEGE
 PREHOOK: Output: default@src_autho_test
 POSTHOOK: query: --table grant to role
 
-grant select on table src_autho_test to role src_role
+grant select on table src_autho_test to role sRc_roLE
 POSTHOOK: type: GRANT_PRIVILEGE
 POSTHOOK: Output: default@src_autho_test
 PREHOOK: query: select key from src_autho_test order by key limit 20
@@ -363,26 +363,26 @@ POSTHOOK: Input: default@src_autho_test
 118
 118
 119
-PREHOOK: query: show grant role src_role on table src_autho_test
+PREHOOK: query: show grant role sRc_roLE on table src_autho_test
 PREHOOK: type: SHOW_GRANT
-POSTHOOK: query: show grant role src_role on table src_autho_test
+POSTHOOK: query: show grant role sRc_roLE on table src_autho_test
 POSTHOOK: type: SHOW_GRANT
-default	src_autho_test			src_role	ROLE	SELECT	false	-1	hive_test_user
-PREHOOK: query: show grant role src_role on table src_autho_test(key)
+default	src_autho_test			sRc_roLE	ROLE	SELECT	false	-1	hive_test_user
+PREHOOK: query: show grant role sRc_roLE on table src_autho_test(key)
 PREHOOK: type: SHOW_GRANT
-POSTHOOK: query: show grant role src_role on table src_autho_test(key)
+POSTHOOK: query: show grant role sRc_roLE on table src_autho_test(key)
 POSTHOOK: type: SHOW_GRANT
-PREHOOK: query: revoke select on table src_autho_test from role src_role
+PREHOOK: query: revoke select on table src_autho_test from role sRc_roLE
 PREHOOK: type: REVOKE_PRIVILEGE
 PREHOOK: Output: default@src_autho_test
-POSTHOOK: query: revoke select on table src_autho_test from role src_role
+POSTHOOK: query: revoke select on table src_autho_test from role sRc_roLE
 POSTHOOK: type: REVOKE_PRIVILEGE
 POSTHOOK: Output: default@src_autho_test
 PREHOOK: query: -- drop role
-drop role src_role
+drop role sRc_roLE
 PREHOOK: type: DROPROLE
 POSTHOOK: query: -- drop role
-drop role src_role
+drop role sRc_roLE
 POSTHOOK: type: DROPROLE
 PREHOOK: query: drop table src_autho_test
 PREHOOK: type: DROPTABLE

Modified: hive/trunk/ql/src/test/results/clientpositive/authorization_5.q.out
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/results/clientpositive/authorization_5.q.out?rev=1621399&r1=1621398&r2=1621399&view=diff
==============================================================================
--- hive/trunk/ql/src/test/results/clientpositive/authorization_5.q.out (original)
+++ hive/trunk/ql/src/test/results/clientpositive/authorization_5.q.out Sat Aug 30 00:22:28 2014
@@ -28,34 +28,34 @@ POSTHOOK: query: SHOW GRANT USER hive_te
 POSTHOOK: type: SHOW_GRANT
 test_db				hive_test_user	USER	DROP	false	-1	hive_test_user
 test_db				hive_test_user	USER	SELECT	false	-1	hive_test_user
-PREHOOK: query: CREATE ROLE db_test_role
+PREHOOK: query: CREATE ROLE db_TEST_Role
 PREHOOK: type: CREATEROLE
-POSTHOOK: query: CREATE ROLE db_test_role
+POSTHOOK: query: CREATE ROLE db_TEST_Role
 POSTHOOK: type: CREATEROLE
-PREHOOK: query: GRANT ROLE db_test_role TO USER hive_test_user
+PREHOOK: query: GRANT ROLE db_TEST_Role TO USER hive_test_user
 PREHOOK: type: GRANT_ROLE
-POSTHOOK: query: GRANT ROLE db_test_role TO USER hive_test_user
+POSTHOOK: query: GRANT ROLE db_TEST_Role TO USER hive_test_user
 POSTHOOK: type: GRANT_ROLE
 PREHOOK: query: SHOW ROLE GRANT USER hive_test_user
 PREHOOK: type: SHOW_ROLE_GRANT
 POSTHOOK: query: SHOW ROLE GRANT USER hive_test_user
 POSTHOOK: type: SHOW_ROLE_GRANT
-db_test_role	false	-1	hive_test_user
+db_TEST_Role	false	-1	hive_test_user
 public	false	-1	
-PREHOOK: query: GRANT drop ON DATABASE test_db TO ROLE db_test_role
+PREHOOK: query: GRANT drop ON DATABASE test_db TO ROLE db_TEST_Role
 PREHOOK: type: GRANT_PRIVILEGE
-POSTHOOK: query: GRANT drop ON DATABASE test_db TO ROLE db_test_role
+POSTHOOK: query: GRANT drop ON DATABASE test_db TO ROLE db_TEST_Role
 POSTHOOK: type: GRANT_PRIVILEGE
-PREHOOK: query: GRANT select ON DATABASE test_db TO ROLE db_test_role
+PREHOOK: query: GRANT select ON DATABASE test_db TO ROLE db_TEST_Role
 PREHOOK: type: GRANT_PRIVILEGE
-POSTHOOK: query: GRANT select ON DATABASE test_db TO ROLE db_test_role
+POSTHOOK: query: GRANT select ON DATABASE test_db TO ROLE db_TEST_Role
 POSTHOOK: type: GRANT_PRIVILEGE
-PREHOOK: query: SHOW GRANT ROLE db_test_role ON DATABASE test_db
+PREHOOK: query: SHOW GRANT ROLE db_TEST_Role ON DATABASE test_db
 PREHOOK: type: SHOW_GRANT
-POSTHOOK: query: SHOW GRANT ROLE db_test_role ON DATABASE test_db
+POSTHOOK: query: SHOW GRANT ROLE db_TEST_Role ON DATABASE test_db
 POSTHOOK: type: SHOW_GRANT
-test_db				db_test_role	ROLE	DROP	false	-1	hive_test_user
-test_db				db_test_role	ROLE	SELECT	false	-1	hive_test_user
+test_db				db_TEST_Role	ROLE	DROP	false	-1	hive_test_user
+test_db				db_TEST_Role	ROLE	SELECT	false	-1	hive_test_user
 PREHOOK: query: DROP DATABASE IF EXISTS test_db
 PREHOOK: type: DROPDATABASE
 PREHOOK: Input: database:test_db

Modified: hive/trunk/ql/src/test/results/clientpositive/authorization_grant_public_role.q.out
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/results/clientpositive/authorization_grant_public_role.q.out?rev=1621399&r1=1621398&r2=1621399&view=diff
==============================================================================
--- hive/trunk/ql/src/test/results/clientpositive/authorization_grant_public_role.q.out (original)
+++ hive/trunk/ql/src/test/results/clientpositive/authorization_grant_public_role.q.out Sat Aug 30 00:22:28 2014
@@ -12,12 +12,12 @@ POSTHOOK: Output: database:default
 POSTHOOK: Output: default@t_gpr1
 PREHOOK: query: -- all privileges should have been set for user
 
-GRANT ALL ON t_gpr1 TO ROLE public
+GRANT ALL ON t_gpr1 TO ROLE pubLic
 PREHOOK: type: GRANT_PRIVILEGE
 PREHOOK: Output: default@t_gpr1
 POSTHOOK: query: -- all privileges should have been set for user
 
-GRANT ALL ON t_gpr1 TO ROLE public
+GRANT ALL ON t_gpr1 TO ROLE pubLic
 POSTHOOK: type: GRANT_PRIVILEGE
 POSTHOOK: Output: default@t_gpr1
 PREHOOK: query: SHOW GRANT USER user1 ON TABLE t_gpr1
@@ -28,9 +28,9 @@ default	t_gpr1			user1	USER	DELETE	true	
 default	t_gpr1			user1	USER	INSERT	true	-1	user1
 default	t_gpr1			user1	USER	SELECT	true	-1	user1
 default	t_gpr1			user1	USER	UPDATE	true	-1	user1
-PREHOOK: query: SHOW GRANT ROLE public ON TABLE t_gpr1
+PREHOOK: query: SHOW GRANT ROLE pubLic ON TABLE t_gpr1
 PREHOOK: type: SHOW_GRANT
-POSTHOOK: query: SHOW GRANT ROLE public ON TABLE t_gpr1
+POSTHOOK: query: SHOW GRANT ROLE pubLic ON TABLE t_gpr1
 POSTHOOK: type: SHOW_GRANT
 default	t_gpr1			public	ROLE	DELETE	false	-1	user1
 default	t_gpr1			public	ROLE	INSERT	false	-1	user1

Modified: hive/trunk/ql/src/test/results/clientpositive/authorization_role_grant2.q.out
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/results/clientpositive/authorization_role_grant2.q.out?rev=1621399&r1=1621398&r2=1621399&view=diff
==============================================================================
--- hive/trunk/ql/src/test/results/clientpositive/authorization_role_grant2.q.out (original)
+++ hive/trunk/ql/src/test/results/clientpositive/authorization_role_grant2.q.out Sat Aug 30 00:22:28 2014
@@ -60,9 +60,9 @@ PREHOOK: type: GRANT_ROLE
 POSTHOOK: query: -- grant role to another role
 grant src_role_wadmin to role sRc_role2
 POSTHOOK: type: GRANT_ROLE
-PREHOOK: query: set role ADMIN
+PREHOOK: query: set role ADMIn
 PREHOOK: type: SHOW_ROLES
-POSTHOOK: query: set role ADMIN
+POSTHOOK: query: set role ADMIn
 POSTHOOK: type: SHOW_ROLES
 PREHOOK: query: grant src_role2 to user user3
 PREHOOK: type: GRANT_ROLE



Mime
View raw message