hive-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From khorg...@apache.org
Subject hive git commit: HIVE-12429 : Switch default Hive authorization to SQLStandardAuth in 2.0 (Daniel Dai via Sushanth Sowmyan)
Date Tue, 19 Jan 2016 20:48:20 GMT
Repository: hive
Updated Branches:
  refs/heads/master fe81847bb -> b9d65f159


HIVE-12429 : Switch default Hive authorization to SQLStandardAuth in 2.0 (Daniel Dai via Sushanth Sowmyan)


Project: http://git-wip-us.apache.org/repos/asf/hive/repo
Commit: http://git-wip-us.apache.org/repos/asf/hive/commit/b9d65f15
Tree: http://git-wip-us.apache.org/repos/asf/hive/tree/b9d65f15
Diff: http://git-wip-us.apache.org/repos/asf/hive/diff/b9d65f15

Branch: refs/heads/master
Commit: b9d65f159d39614f510c64e58d7b09b4cf38f96f
Parents: fe81847
Author: Sushanth Sowmyan <khorgath@gmail.com>
Authored: Tue Jan 19 12:47:46 2016 -0800
Committer: Sushanth Sowmyan <khorgath@gmail.com>
Committed: Tue Jan 19 12:47:46 2016 -0800

----------------------------------------------------------------------
 .../org/apache/hadoop/hive/conf/HiveConf.java   |   2 +-
 .../cli/SemanticAnalysis/HCatAuthUtil.java      |  27 ++-
 .../cli/SemanticAnalysis/TestHCatAuthUtil.java  |   4 +-
 .../TestMetastoreAuthorizationProvider.java     |   2 +
 .../org/apache/hive/jdbc/TestJdbcDriver2.java   |   1 +
 .../org/apache/hadoop/hive/ql/QTestUtil.java    |   2 +
 .../SQLStdHiveAuthorizationValidator.java       |  11 --
 .../parse/authorization/TestPrivilegesV1.java   |  13 +-
 .../TestSQLStdHiveAccessControllerCLI.java      |  16 +-
 .../authorization_cli_auth_enable.q             |   7 -
 .../clientnegative/authorization_fail_1.q       |   1 +
 .../clientnegative/authorization_fail_2.q       |   1 +
 .../clientnegative/authorization_fail_3.q       |   1 +
 .../clientnegative/authorization_fail_4.q       |   1 +
 .../clientnegative/authorization_fail_5.q       |   3 +-
 .../clientnegative/authorization_fail_6.q       |   1 +
 .../clientnegative/authorization_fail_7.q       |   3 +-
 .../authorization_fail_create_db.q              |   1 +
 .../clientnegative/authorization_fail_drop_db.q |   1 +
 .../authorization_invalid_priv_v1.q             |   1 +
 .../queries/clientnegative/authorization_part.q |   3 +-
 .../authorization_public_create.q               |   1 +
 .../clientnegative/authorization_public_drop.q  |   1 +
 .../clientnegative/authorization_role_case.q    |   1 +
 .../clientnegative/authorize_grant_public.q     |   1 +
 .../clientnegative/authorize_revoke_public.q    |   1 +
 .../clientnegative/exim_22_export_authfail.q    |   1 +
 .../exim_23_import_exist_authfail.q             |   1 +
 .../exim_24_import_part_authfail.q              |   1 +
 .../exim_25_import_nonexist_authfail.q          |   1 +
 .../clientnegative/join_nonexistent_part.q      |   5 -
 .../clientnegative/load_exist_part_authfail.q   |   1 +
 .../clientnegative/load_nonpart_authfail.q      |   1 +
 .../queries/clientnegative/load_part_authfail.q |   1 +
 .../alter_rename_partition_authorization.q      |   1 +
 .../queries/clientpositive/authorization_1.q    |   4 +-
 .../queries/clientpositive/authorization_2.q    |   4 +-
 .../queries/clientpositive/authorization_3.q    |   2 +
 .../queries/clientpositive/authorization_4.q    |   4 +-
 .../queries/clientpositive/authorization_5.q    |   2 +
 .../queries/clientpositive/authorization_6.q    |   2 +
 .../queries/clientpositive/authorization_7.q    |   4 +-
 .../queries/clientpositive/authorization_8.q    |   1 +
 .../queries/clientpositive/authorization_9.q    |   1 +
 ...orization_default_create_table_owner_privs.q |   1 +
 .../clientpositive/authorization_explain.q      |   1 +
 .../authorization_show_role_principals_v1.q     |   1 +
 .../clientpositive/exim_21_export_authsuccess.q |   1 +
 .../exim_22_import_exist_authsuccess.q          |   1 +
 .../exim_23_import_part_authsuccess.q           |   1 +
 .../exim_24_import_nonexist_authsuccess.q       |   1 +
 .../test/queries/clientpositive/explainuser_3.q |   2 +
 ql/src/test/queries/clientpositive/index_auth.q |   2 +
 ql/src/test/queries/clientpositive/keyword_1.q  |   4 +-
 .../load_exist_part_authsuccess.q               |   1 +
 .../clientpositive/load_nonpart_authsuccess.q   |   1 +
 .../clientpositive/load_part_authsuccess.q      |   1 +
 ql/src/test/queries/clientpositive/show_roles.q |   2 +
 ql/src/test/queries/clientpositive/stats5.q     |   2 +-
 .../authorization_cli_auth_enable.q.out         |   1 -
 .../clientnegative/join_nonexistent_part.q.out  |   1 -
 .../clientpositive/authorization_9.q.out        | 180 +++++++++++++++++++
 .../authorization_explain.q.java1.7.out         |   3 -
 .../authorization_show_grant.q.out              |  60 +++++++
 .../results/clientpositive/spark/stats5.q.out   |   2 +-
 ql/src/test/results/clientpositive/stats5.q.out |   2 +-
 .../clientpositive/tez/unionDistinct_2.q.out    |   6 +-
 67 files changed, 349 insertions(+), 72 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/hive/blob/b9d65f15/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java
----------------------------------------------------------------------
diff --git a/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java b/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java
index d61ae39..32049eb 100644
--- a/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java
+++ b/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java
@@ -1649,7 +1649,7 @@ public class HiveConf extends Configuration {
     HIVE_AUTHORIZATION_ENABLED("hive.security.authorization.enabled", false,
         "enable or disable the Hive client authorization"),
     HIVE_AUTHORIZATION_MANAGER("hive.security.authorization.manager",
-        "org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider",
+        "org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory",
         "The Hive client authorization manager class name. The user defined authorization class should implement \n" +
         "interface org.apache.hadoop.hive.ql.security.authorization.HiveAuthorizationProvider."),
     HIVE_AUTHENTICATOR_MANAGER("hive.security.authenticator.manager",

http://git-wip-us.apache.org/repos/asf/hive/blob/b9d65f15/hcatalog/core/src/main/java/org/apache/hive/hcatalog/cli/SemanticAnalysis/HCatAuthUtil.java
----------------------------------------------------------------------
diff --git a/hcatalog/core/src/main/java/org/apache/hive/hcatalog/cli/SemanticAnalysis/HCatAuthUtil.java b/hcatalog/core/src/main/java/org/apache/hive/hcatalog/cli/SemanticAnalysis/HCatAuthUtil.java
index 6dce9c4..ff10b05 100644
--- a/hcatalog/core/src/main/java/org/apache/hive/hcatalog/cli/SemanticAnalysis/HCatAuthUtil.java
+++ b/hcatalog/core/src/main/java/org/apache/hive/hcatalog/cli/SemanticAnalysis/HCatAuthUtil.java
@@ -20,17 +20,32 @@ package org.apache.hive.hcatalog.cli.SemanticAnalysis;
 
 import org.apache.hadoop.conf.Configuration;
 import org.apache.hadoop.hive.conf.HiveConf;
+import org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider;
 import org.apache.hadoop.hive.ql.session.SessionState;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 final class HCatAuthUtil {
+  private static final Logger LOG = LoggerFactory.getLogger(HCatAuthUtil.class);
+
   public static boolean isAuthorizationEnabled(Configuration conf) {
-    // the session state getAuthorizer can return null even if authorization is
-    // enabled if the V2 api of authorizer in use.
+    if (!HiveConf.getBoolVar(conf, HiveConf.ConfVars.HIVE_AUTHORIZATION_ENABLED)) {
+      return false;
+    }
+    // If the V2 api of authorizer in use, the session state getAuthorizer return null.
+    // Here we disable authorization if we use V2 api or the DefaultHiveAuthorizationProvider
     // The additional authorization checks happening in hcatalog are designed to
     // work with  storage based authorization (on client side). It should not try doing
-    // additional checks if a V2 authorizer is in use. The reccomended configuration is to
-    // use storage based authorization in metastore server
-    return HiveConf.getBoolVar(conf, HiveConf.ConfVars.HIVE_AUTHORIZATION_ENABLED)
-        && SessionState.get().getAuthorizer() != null;
+    // additional checks if a V2 authorizer or DefaultHiveAuthorizationProvider is in use.
+    // The recommended configuration is to use storage based authorization in metastore server.
+    // However, if user define a custom V1 authorization, it will be honored.
+    if (SessionState.get().getAuthorizer() == null ||
+        HiveConf.getVar(conf, HiveConf.ConfVars.HIVE_AUTHORIZATION_MANAGER)
+        == DefaultHiveAuthorizationProvider.class.getName()) {
+      LOG.info("Metastore authorizer is skipped for V2 authorizer or"
+        + " DefaultHiveAuthorizationProvider");
+      return false;
+    }
+    return true;
   }
 }

http://git-wip-us.apache.org/repos/asf/hive/blob/b9d65f15/hcatalog/core/src/test/java/org/apache/hive/hcatalog/cli/SemanticAnalysis/TestHCatAuthUtil.java
----------------------------------------------------------------------
diff --git a/hcatalog/core/src/test/java/org/apache/hive/hcatalog/cli/SemanticAnalysis/TestHCatAuthUtil.java b/hcatalog/core/src/test/java/org/apache/hive/hcatalog/cli/SemanticAnalysis/TestHCatAuthUtil.java
index 830dcb8..a190002 100644
--- a/hcatalog/core/src/test/java/org/apache/hive/hcatalog/cli/SemanticAnalysis/TestHCatAuthUtil.java
+++ b/hcatalog/core/src/test/java/org/apache/hive/hcatalog/cli/SemanticAnalysis/TestHCatAuthUtil.java
@@ -24,6 +24,7 @@ import static org.junit.Assert.assertTrue;
 import org.apache.hadoop.hive.conf.HiveConf;
 import org.apache.hadoop.hive.conf.HiveConf.ConfVars;
 import org.apache.hadoop.hive.ql.security.HiveAuthenticationProvider;
+import org.apache.hadoop.hive.ql.security.authorization.StorageBasedAuthorizationProvider;
 import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer;
 import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizerFactory;
 import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException;
@@ -49,12 +50,13 @@ public class TestHCatAuthUtil {
   }
 
   /**
-   * Test with auth enabled and v1 auth
+   * Test with auth enabled and StorageBasedAuthorizationProvider
    */
   @Test
   public void authEnabledV1Auth() throws Exception {
     HiveConf hcatConf = new HiveConf(this.getClass());
     hcatConf.setBoolVar(ConfVars.HIVE_AUTHORIZATION_ENABLED, true);
+    hcatConf.setVar(ConfVars.HIVE_AUTHORIZATION_MANAGER, StorageBasedAuthorizationProvider.class.getName());
     SessionState.start(hcatConf);
     assertTrue("hcat auth should be enabled", HCatAuthUtil.isAuthorizationEnabled(hcatConf));
   }

http://git-wip-us.apache.org/repos/asf/hive/blob/b9d65f15/itests/hive-unit/src/test/java/org/apache/hadoop/hive/ql/security/TestMetastoreAuthorizationProvider.java
----------------------------------------------------------------------
diff --git a/itests/hive-unit/src/test/java/org/apache/hadoop/hive/ql/security/TestMetastoreAuthorizationProvider.java b/itests/hive-unit/src/test/java/org/apache/hadoop/hive/ql/security/TestMetastoreAuthorizationProvider.java
index 4529ce3..3596e30 100644
--- a/itests/hive-unit/src/test/java/org/apache/hadoop/hive/ql/security/TestMetastoreAuthorizationProvider.java
+++ b/itests/hive-unit/src/test/java/org/apache/hadoop/hive/ql/security/TestMetastoreAuthorizationProvider.java
@@ -90,6 +90,8 @@ public class TestMetastoreAuthorizationProvider extends TestCase {
         AuthorizationPreEventListener.class.getName());
     System.setProperty(HiveConf.ConfVars.HIVE_METASTORE_AUTHORIZATION_MANAGER.varname,
         getAuthorizationProvider());
+    System.setProperty(HiveConf.ConfVars.HIVE_AUTHORIZATION_MANAGER.varname,
+        getAuthorizationProvider());
     setupMetaStoreReadAuthorization();
     System.setProperty(HiveConf.ConfVars.HIVE_METASTORE_AUTHENTICATOR_MANAGER.varname,
         InjectableDummyAuthenticator.class.getName());

http://git-wip-us.apache.org/repos/asf/hive/blob/b9d65f15/itests/hive-unit/src/test/java/org/apache/hive/jdbc/TestJdbcDriver2.java
----------------------------------------------------------------------
diff --git a/itests/hive-unit/src/test/java/org/apache/hive/jdbc/TestJdbcDriver2.java b/itests/hive-unit/src/test/java/org/apache/hive/jdbc/TestJdbcDriver2.java
index 09905ea..4eaff10 100644
--- a/itests/hive-unit/src/test/java/org/apache/hive/jdbc/TestJdbcDriver2.java
+++ b/itests/hive-unit/src/test/java/org/apache/hive/jdbc/TestJdbcDriver2.java
@@ -132,6 +132,7 @@ public class TestJdbcDriver2 {
     Connection con1 = getConnection("default");
     System.setProperty(ConfVars.HIVE_SERVER2_LOGGING_OPERATION_LEVEL.varname, "verbose");
     System.setProperty(ConfVars.HIVEMAPREDMODE.varname, "nonstrict");
+    System.setProperty(ConfVars.HIVE_AUTHORIZATION_MANAGER.varname, "org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider");
 
     Statement stmt1 = con1.createStatement();
     assertNotNull("Statement is null", stmt1);

http://git-wip-us.apache.org/repos/asf/hive/blob/b9d65f15/itests/util/src/main/java/org/apache/hadoop/hive/ql/QTestUtil.java
----------------------------------------------------------------------
diff --git a/itests/util/src/main/java/org/apache/hadoop/hive/ql/QTestUtil.java b/itests/util/src/main/java/org/apache/hadoop/hive/ql/QTestUtil.java
index fa16020..54ac85a 100644
--- a/itests/util/src/main/java/org/apache/hadoop/hive/ql/QTestUtil.java
+++ b/itests/util/src/main/java/org/apache/hadoop/hive/ql/QTestUtil.java
@@ -726,6 +726,8 @@ public class QTestUtil {
       return;
     }
 
+    db.getConf().set("hive.metastore.filter.hook",
+        "org.apache.hadoop.hive.metastore.DefaultMetaStoreFilterHookImpl");
     // Delete any tables other than the source tables
     // and any databases other than the default database.
     for (String dbName : db.getAllDatabases()) {

http://git-wip-us.apache.org/repos/asf/hive/blob/b9d65f15/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAuthorizationValidator.java
----------------------------------------------------------------------
diff --git a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAuthorizationValidator.java b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAuthorizationValidator.java
index ee57f69..9f586be 100644
--- a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAuthorizationValidator.java
+++ b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAuthorizationValidator.java
@@ -60,17 +60,6 @@ public class SQLStdHiveAuthorizationValidator implements HiveAuthorizationValida
     this.authenticator = authenticator;
     this.privController = privilegeManager;
     this.ctx = SQLAuthorizationUtils.applyTestSettings(ctx, conf);
-    assertHiveCliAuthDisabled(conf);
-  }
-
-  private void assertHiveCliAuthDisabled(HiveConf conf) throws HiveAuthzPluginException {
-    if (ctx.getClientType() == CLIENT_TYPE.HIVECLI
-        && conf.getBoolVar(ConfVars.HIVE_AUTHORIZATION_ENABLED)) {
-      throw new HiveAuthzPluginException(
-          "SQL standards based authorization should not be enabled from hive cli"
-              + "Instead the use of storage based authorization in hive metastore is reccomended. Set "
-              + ConfVars.HIVE_AUTHORIZATION_ENABLED.varname + "=false to disable authz within cli");
-    }
   }
 
   @Override

http://git-wip-us.apache.org/repos/asf/hive/blob/b9d65f15/ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/TestPrivilegesV1.java
----------------------------------------------------------------------
diff --git a/ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/TestPrivilegesV1.java b/ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/TestPrivilegesV1.java
index c97bbb8..c614630 100644
--- a/ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/TestPrivilegesV1.java
+++ b/ql/src/test/org/apache/hadoop/hive/ql/parse/authorization/TestPrivilegesV1.java
@@ -76,17 +76,8 @@ public class TestPrivilegesV1 extends PrivilegesTestBase{
    */
   @Test
   public void testPrivInGrantNotAccepted() throws Exception{
-    grantUserTableFail("insert");
-    grantUserTableFail("delete");
-  }
-
-  private void grantUserTableFail(String privName) {
-    try{
-      grantUserTable(privName, PrivilegeType.UNKNOWN);
-      Assert.fail("Exception expected");
-    }catch(Exception e){
-
-    }
+    grantUserTable("insert", PrivilegeType.INSERT);
+    grantUserTable("delete", PrivilegeType.DELETE);
   }
 
   private void grantUserTable(String privName, PrivilegeType privType) throws Exception {

http://git-wip-us.apache.org/repos/asf/hive/blob/b9d65f15/ql/src/test/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/TestSQLStdHiveAccessControllerCLI.java
----------------------------------------------------------------------
diff --git a/ql/src/test/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/TestSQLStdHiveAccessControllerCLI.java b/ql/src/test/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/TestSQLStdHiveAccessControllerCLI.java
index ac862c5..7d243f0 100644
--- a/ql/src/test/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/TestSQLStdHiveAccessControllerCLI.java
+++ b/ql/src/test/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/TestSQLStdHiveAccessControllerCLI.java
@@ -68,22 +68,16 @@ public class TestSQLStdHiveAccessControllerCLI {
   }
 
   /**
-   * Verify that exceptiion is thrown if authorization is enabled from hive cli,
+   * Verify that no exception is thrown if authorization is enabled from hive cli,
    * when sql std auth is used
    */
   @Test
-  public void testAuthEnableError() {
+  public void testAuthEnable() throws Exception {
     HiveConf processedConf = new HiveConf();
     processedConf.setBoolVar(ConfVars.HIVE_AUTHORIZATION_ENABLED, true);
-    try {
-      HiveAuthorizerFactory authorizerFactory = new SQLStdHiveAuthorizerFactory();
-      HiveAuthorizer authorizer = authorizerFactory.createHiveAuthorizer(null, processedConf,
-          new HadoopDefaultAuthenticator(), getCLISessionCtx());
-      fail("Exception expected");
-    } catch (HiveAuthzPluginException e) {
-      assertTrue(e.getMessage().contains(
-          "SQL standards based authorization should not be enabled from hive cli"));
-    }
+    HiveAuthorizerFactory authorizerFactory = new SQLStdHiveAuthorizerFactory();
+    HiveAuthorizer authorizer = authorizerFactory.createHiveAuthorizer(null, processedConf,
+        new HadoopDefaultAuthenticator(), getCLISessionCtx());
   }
 
 }

http://git-wip-us.apache.org/repos/asf/hive/blob/b9d65f15/ql/src/test/queries/clientnegative/authorization_cli_auth_enable.q
----------------------------------------------------------------------
diff --git a/ql/src/test/queries/clientnegative/authorization_cli_auth_enable.q b/ql/src/test/queries/clientnegative/authorization_cli_auth_enable.q
deleted file mode 100644
index 4761051..0000000
--- a/ql/src/test/queries/clientnegative/authorization_cli_auth_enable.q
+++ /dev/null
@@ -1,7 +0,0 @@
-set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest;
-set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator;
-set user.name=hive_test_user;
-set hive.security.authorization.enabled=true;
-
--- verify that sql std auth throws an error with hive cli, if auth is enabled
-show tables 'src';

http://git-wip-us.apache.org/repos/asf/hive/blob/b9d65f15/ql/src/test/queries/clientnegative/authorization_fail_1.q
----------------------------------------------------------------------
diff --git a/ql/src/test/queries/clientnegative/authorization_fail_1.q b/ql/src/test/queries/clientnegative/authorization_fail_1.q
index c38dab5..49aa09e 100644
--- a/ql/src/test/queries/clientnegative/authorization_fail_1.q
+++ b/ql/src/test/queries/clientnegative/authorization_fail_1.q
@@ -1,3 +1,4 @@
+set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider;
 create table authorization_fail_1 (key int, value string);
 set hive.security.authorization.enabled=true;
 

http://git-wip-us.apache.org/repos/asf/hive/blob/b9d65f15/ql/src/test/queries/clientnegative/authorization_fail_2.q
----------------------------------------------------------------------
diff --git a/ql/src/test/queries/clientnegative/authorization_fail_2.q b/ql/src/test/queries/clientnegative/authorization_fail_2.q
index 341e447..1a703d5 100644
--- a/ql/src/test/queries/clientnegative/authorization_fail_2.q
+++ b/ql/src/test/queries/clientnegative/authorization_fail_2.q
@@ -1,3 +1,4 @@
+set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider;
 create table authorization_fail_2 (key int, value string) partitioned by (ds string);
 
 set hive.security.authorization.enabled=true;

http://git-wip-us.apache.org/repos/asf/hive/blob/b9d65f15/ql/src/test/queries/clientnegative/authorization_fail_3.q
----------------------------------------------------------------------
diff --git a/ql/src/test/queries/clientnegative/authorization_fail_3.q b/ql/src/test/queries/clientnegative/authorization_fail_3.q
index 6a56daa..03c516d 100644
--- a/ql/src/test/queries/clientnegative/authorization_fail_3.q
+++ b/ql/src/test/queries/clientnegative/authorization_fail_3.q
@@ -1,3 +1,4 @@
+set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider;
 -- SORT_BEFORE_DIFF
 
 create table authorization_fail_3 (key int, value string) partitioned by (ds string);

http://git-wip-us.apache.org/repos/asf/hive/blob/b9d65f15/ql/src/test/queries/clientnegative/authorization_fail_4.q
----------------------------------------------------------------------
diff --git a/ql/src/test/queries/clientnegative/authorization_fail_4.q b/ql/src/test/queries/clientnegative/authorization_fail_4.q
index f0cb645..b3e687e 100644
--- a/ql/src/test/queries/clientnegative/authorization_fail_4.q
+++ b/ql/src/test/queries/clientnegative/authorization_fail_4.q
@@ -1,3 +1,4 @@
+set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider;
 -- SORT_BEFORE_DIFF
 
 create table authorization_fail_4 (key int, value string) partitioned by (ds string);

http://git-wip-us.apache.org/repos/asf/hive/blob/b9d65f15/ql/src/test/queries/clientnegative/authorization_fail_5.q
----------------------------------------------------------------------
diff --git a/ql/src/test/queries/clientnegative/authorization_fail_5.q b/ql/src/test/queries/clientnegative/authorization_fail_5.q
index b4efab5..abf2e81 100644
--- a/ql/src/test/queries/clientnegative/authorization_fail_5.q
+++ b/ql/src/test/queries/clientnegative/authorization_fail_5.q
@@ -1,3 +1,4 @@
+set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider;
 -- SORT_BEFORE_DIFF
 
 create table authorization_fail (key int, value string) partitioned by (ds string);
@@ -17,4 +18,4 @@ revoke Select on table authorization_fail partition (ds='2010') from user hive_t
 
 show grant user hive_test_user on table authorization_fail partition (ds='2010');
 
-select key from authorization_fail where ds='2010';
\ No newline at end of file
+select key from authorization_fail where ds='2010';

http://git-wip-us.apache.org/repos/asf/hive/blob/b9d65f15/ql/src/test/queries/clientnegative/authorization_fail_6.q
----------------------------------------------------------------------
diff --git a/ql/src/test/queries/clientnegative/authorization_fail_6.q b/ql/src/test/queries/clientnegative/authorization_fail_6.q
index 9772469..d3322f4 100644
--- a/ql/src/test/queries/clientnegative/authorization_fail_6.q
+++ b/ql/src/test/queries/clientnegative/authorization_fail_6.q
@@ -1,3 +1,4 @@
+set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider;
 -- SORT_BEFORE_DIFF
 
 create table authorization_part_fail (key int, value string) partitioned by (ds string);

http://git-wip-us.apache.org/repos/asf/hive/blob/b9d65f15/ql/src/test/queries/clientnegative/authorization_fail_7.q
----------------------------------------------------------------------
diff --git a/ql/src/test/queries/clientnegative/authorization_fail_7.q b/ql/src/test/queries/clientnegative/authorization_fail_7.q
index 492deed..9eeecc1 100644
--- a/ql/src/test/queries/clientnegative/authorization_fail_7.q
+++ b/ql/src/test/queries/clientnegative/authorization_fail_7.q
@@ -1,3 +1,4 @@
+set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider;
 -- SORT_BEFORE_DIFF
 
 create table authorization_fail (key int, value string);
@@ -14,4 +15,4 @@ show grant role hive_test_role_fail on table authorization_fail;
 
 drop role hive_test_role_fail;
 
-select key from authorization_fail;
\ No newline at end of file
+select key from authorization_fail;

http://git-wip-us.apache.org/repos/asf/hive/blob/b9d65f15/ql/src/test/queries/clientnegative/authorization_fail_create_db.q
----------------------------------------------------------------------
diff --git a/ql/src/test/queries/clientnegative/authorization_fail_create_db.q b/ql/src/test/queries/clientnegative/authorization_fail_create_db.q
index d969e39..147c772 100644
--- a/ql/src/test/queries/clientnegative/authorization_fail_create_db.q
+++ b/ql/src/test/queries/clientnegative/authorization_fail_create_db.q
@@ -1,3 +1,4 @@
+set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider;
 set hive.security.authorization.enabled=true;
 
 create database db_to_fail;

http://git-wip-us.apache.org/repos/asf/hive/blob/b9d65f15/ql/src/test/queries/clientnegative/authorization_fail_drop_db.q
----------------------------------------------------------------------
diff --git a/ql/src/test/queries/clientnegative/authorization_fail_drop_db.q b/ql/src/test/queries/clientnegative/authorization_fail_drop_db.q
index 87719b0..5a98620 100644
--- a/ql/src/test/queries/clientnegative/authorization_fail_drop_db.q
+++ b/ql/src/test/queries/clientnegative/authorization_fail_drop_db.q
@@ -1,3 +1,4 @@
+set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider;
 set hive.security.authorization.enabled=false;
 create database db_fail_to_drop;
 set hive.security.authorization.enabled=true;

http://git-wip-us.apache.org/repos/asf/hive/blob/b9d65f15/ql/src/test/queries/clientnegative/authorization_invalid_priv_v1.q
----------------------------------------------------------------------
diff --git a/ql/src/test/queries/clientnegative/authorization_invalid_priv_v1.q b/ql/src/test/queries/clientnegative/authorization_invalid_priv_v1.q
index 2a1da23..2742f0d 100644
--- a/ql/src/test/queries/clientnegative/authorization_invalid_priv_v1.q
+++ b/ql/src/test/queries/clientnegative/authorization_invalid_priv_v1.q
@@ -1,3 +1,4 @@
+set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider;
 create table if not exists authorization_invalid_v1 (key int, value string);
 grant delete on table authorization_invalid_v1 to user hive_test_user;
 drop table authorization_invalid_v1;

http://git-wip-us.apache.org/repos/asf/hive/blob/b9d65f15/ql/src/test/queries/clientnegative/authorization_part.q
----------------------------------------------------------------------
diff --git a/ql/src/test/queries/clientnegative/authorization_part.q b/ql/src/test/queries/clientnegative/authorization_part.q
index a654a23..517f513 100644
--- a/ql/src/test/queries/clientnegative/authorization_part.q
+++ b/ql/src/test/queries/clientnegative/authorization_part.q
@@ -1,3 +1,4 @@
+set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider;
 -- SORT_BEFORE_DIFF
 
 create table authorization_part_fail (key int, value string) partitioned by (ds string);
@@ -34,4 +35,4 @@ revoke select on table authorization_part_fail partition (ds='2010') from group
 select key,value, ds from authorization_part_fail where ds>='2010' order by key, ds limit 20;
 
 drop table authorization_part_fail;
-drop table src_auth;
\ No newline at end of file
+drop table src_auth;

http://git-wip-us.apache.org/repos/asf/hive/blob/b9d65f15/ql/src/test/queries/clientnegative/authorization_public_create.q
----------------------------------------------------------------------
diff --git a/ql/src/test/queries/clientnegative/authorization_public_create.q b/ql/src/test/queries/clientnegative/authorization_public_create.q
index 8298ce9..00e542a 100644
--- a/ql/src/test/queries/clientnegative/authorization_public_create.q
+++ b/ql/src/test/queries/clientnegative/authorization_public_create.q
@@ -1 +1,2 @@
+set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider;
 create role public;

http://git-wip-us.apache.org/repos/asf/hive/blob/b9d65f15/ql/src/test/queries/clientnegative/authorization_public_drop.q
----------------------------------------------------------------------
diff --git a/ql/src/test/queries/clientnegative/authorization_public_drop.q b/ql/src/test/queries/clientnegative/authorization_public_drop.q
index 7e89f6e..1f5025f 100644
--- a/ql/src/test/queries/clientnegative/authorization_public_drop.q
+++ b/ql/src/test/queries/clientnegative/authorization_public_drop.q
@@ -1 +1,2 @@
+set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider;
 drop role public;

http://git-wip-us.apache.org/repos/asf/hive/blob/b9d65f15/ql/src/test/queries/clientnegative/authorization_role_case.q
----------------------------------------------------------------------
diff --git a/ql/src/test/queries/clientnegative/authorization_role_case.q b/ql/src/test/queries/clientnegative/authorization_role_case.q
index 339239a..bcc075d 100644
--- a/ql/src/test/queries/clientnegative/authorization_role_case.q
+++ b/ql/src/test/queries/clientnegative/authorization_role_case.q
@@ -1,3 +1,4 @@
+set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider;
 create role mixCaseRole1;
 create role mixCaseRole2;
 

http://git-wip-us.apache.org/repos/asf/hive/blob/b9d65f15/ql/src/test/queries/clientnegative/authorize_grant_public.q
----------------------------------------------------------------------
diff --git a/ql/src/test/queries/clientnegative/authorize_grant_public.q b/ql/src/test/queries/clientnegative/authorize_grant_public.q
index e024b50..31d7462 100644
--- a/ql/src/test/queries/clientnegative/authorize_grant_public.q
+++ b/ql/src/test/queries/clientnegative/authorize_grant_public.q
@@ -1 +1,2 @@
+set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider;
 grant role public to user hive_test_user;

http://git-wip-us.apache.org/repos/asf/hive/blob/b9d65f15/ql/src/test/queries/clientnegative/authorize_revoke_public.q
----------------------------------------------------------------------
diff --git a/ql/src/test/queries/clientnegative/authorize_revoke_public.q b/ql/src/test/queries/clientnegative/authorize_revoke_public.q
index dadd424..4d949ac 100644
--- a/ql/src/test/queries/clientnegative/authorize_revoke_public.q
+++ b/ql/src/test/queries/clientnegative/authorize_revoke_public.q
@@ -1 +1,2 @@
+set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider;
 revoke role public from user hive_test_user;

http://git-wip-us.apache.org/repos/asf/hive/blob/b9d65f15/ql/src/test/queries/clientnegative/exim_22_export_authfail.q
----------------------------------------------------------------------
diff --git a/ql/src/test/queries/clientnegative/exim_22_export_authfail.q b/ql/src/test/queries/clientnegative/exim_22_export_authfail.q
index b818686..5810be5 100644
--- a/ql/src/test/queries/clientnegative/exim_22_export_authfail.q
+++ b/ql/src/test/queries/clientnegative/exim_22_export_authfail.q
@@ -1,3 +1,4 @@
+set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider;
 set hive.test.mode=true;
 set hive.test.mode.prefix=;
 

http://git-wip-us.apache.org/repos/asf/hive/blob/b9d65f15/ql/src/test/queries/clientnegative/exim_23_import_exist_authfail.q
----------------------------------------------------------------------
diff --git a/ql/src/test/queries/clientnegative/exim_23_import_exist_authfail.q b/ql/src/test/queries/clientnegative/exim_23_import_exist_authfail.q
index 4acefb9..4e302c0 100644
--- a/ql/src/test/queries/clientnegative/exim_23_import_exist_authfail.q
+++ b/ql/src/test/queries/clientnegative/exim_23_import_exist_authfail.q
@@ -1,3 +1,4 @@
+set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider;
 set hive.test.mode=true;
 set hive.test.mode.prefix=;
 

http://git-wip-us.apache.org/repos/asf/hive/blob/b9d65f15/ql/src/test/queries/clientnegative/exim_24_import_part_authfail.q
----------------------------------------------------------------------
diff --git a/ql/src/test/queries/clientnegative/exim_24_import_part_authfail.q b/ql/src/test/queries/clientnegative/exim_24_import_part_authfail.q
index 467014e..0bc070c 100644
--- a/ql/src/test/queries/clientnegative/exim_24_import_part_authfail.q
+++ b/ql/src/test/queries/clientnegative/exim_24_import_part_authfail.q
@@ -1,3 +1,4 @@
+set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider;
 set hive.test.mode=true;
 set hive.test.mode.prefix=;
 set hive.test.mode.nosamplelist=exim_department,exim_employee;

http://git-wip-us.apache.org/repos/asf/hive/blob/b9d65f15/ql/src/test/queries/clientnegative/exim_25_import_nonexist_authfail.q
----------------------------------------------------------------------
diff --git a/ql/src/test/queries/clientnegative/exim_25_import_nonexist_authfail.q b/ql/src/test/queries/clientnegative/exim_25_import_nonexist_authfail.q
index 595fa7e..3ed7a5f 100644
--- a/ql/src/test/queries/clientnegative/exim_25_import_nonexist_authfail.q
+++ b/ql/src/test/queries/clientnegative/exim_25_import_nonexist_authfail.q
@@ -1,3 +1,4 @@
+set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider;
 set hive.test.mode=true;
 set hive.test.mode.prefix=;
 set hive.test.mode.nosamplelist=exim_department,exim_employee;

http://git-wip-us.apache.org/repos/asf/hive/blob/b9d65f15/ql/src/test/queries/clientnegative/join_nonexistent_part.q
----------------------------------------------------------------------
diff --git a/ql/src/test/queries/clientnegative/join_nonexistent_part.q b/ql/src/test/queries/clientnegative/join_nonexistent_part.q
deleted file mode 100644
index bf60d2e..0000000
--- a/ql/src/test/queries/clientnegative/join_nonexistent_part.q
+++ /dev/null
@@ -1,5 +0,0 @@
-set hive.mapred.mode=nonstrict;
-SET hive.security.authorization.enabled = true;
-SELECT *
-FROM srcpart s1 join src s2 on s1.key == s2.key
-WHERE s1.ds='non-existent';

http://git-wip-us.apache.org/repos/asf/hive/blob/b9d65f15/ql/src/test/queries/clientnegative/load_exist_part_authfail.q
----------------------------------------------------------------------
diff --git a/ql/src/test/queries/clientnegative/load_exist_part_authfail.q b/ql/src/test/queries/clientnegative/load_exist_part_authfail.q
index eb72d94..f9ecc6f 100644
--- a/ql/src/test/queries/clientnegative/load_exist_part_authfail.q
+++ b/ql/src/test/queries/clientnegative/load_exist_part_authfail.q
@@ -1,3 +1,4 @@
+set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider;
 create table hive_test_src ( col1 string ) partitioned by (pcol1 string) stored as textfile;
 alter table hive_test_src add partition (pcol1 = 'test_part');
 set hive.security.authorization.enabled=true;

http://git-wip-us.apache.org/repos/asf/hive/blob/b9d65f15/ql/src/test/queries/clientnegative/load_nonpart_authfail.q
----------------------------------------------------------------------
diff --git a/ql/src/test/queries/clientnegative/load_nonpart_authfail.q b/ql/src/test/queries/clientnegative/load_nonpart_authfail.q
index 3265363..1f40978 100644
--- a/ql/src/test/queries/clientnegative/load_nonpart_authfail.q
+++ b/ql/src/test/queries/clientnegative/load_nonpart_authfail.q
@@ -1,3 +1,4 @@
+set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider;
 create table hive_test_src ( col1 string ) stored as textfile;
 set hive.security.authorization.enabled=true;
 load data local inpath '../../data/files/test.dat' overwrite into table hive_test_src ;

http://git-wip-us.apache.org/repos/asf/hive/blob/b9d65f15/ql/src/test/queries/clientnegative/load_part_authfail.q
----------------------------------------------------------------------
diff --git a/ql/src/test/queries/clientnegative/load_part_authfail.q b/ql/src/test/queries/clientnegative/load_part_authfail.q
index 315988d..5735cd2 100644
--- a/ql/src/test/queries/clientnegative/load_part_authfail.q
+++ b/ql/src/test/queries/clientnegative/load_part_authfail.q
@@ -1,3 +1,4 @@
+set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider;
 create table hive_test_src ( col1 string ) partitioned by (pcol1 string) stored as textfile;
 set hive.security.authorization.enabled=true;
 load data local inpath '../../data/files/test.dat' overwrite into table hive_test_src partition (pcol1 = 'test_part');

http://git-wip-us.apache.org/repos/asf/hive/blob/b9d65f15/ql/src/test/queries/clientpositive/alter_rename_partition_authorization.q
----------------------------------------------------------------------
diff --git a/ql/src/test/queries/clientpositive/alter_rename_partition_authorization.q b/ql/src/test/queries/clientpositive/alter_rename_partition_authorization.q
index cdefc2d..70f2bb4 100644
--- a/ql/src/test/queries/clientpositive/alter_rename_partition_authorization.q
+++ b/ql/src/test/queries/clientpositive/alter_rename_partition_authorization.q
@@ -1,3 +1,4 @@
+set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider;
 -- SORT_BEFORE_DIFF
 
 create table src_auth_tmp as select * from src;

http://git-wip-us.apache.org/repos/asf/hive/blob/b9d65f15/ql/src/test/queries/clientpositive/authorization_1.q
----------------------------------------------------------------------
diff --git a/ql/src/test/queries/clientpositive/authorization_1.q b/ql/src/test/queries/clientpositive/authorization_1.q
index d5fd2ec..184acc7 100644
--- a/ql/src/test/queries/clientpositive/authorization_1.q
+++ b/ql/src/test/queries/clientpositive/authorization_1.q
@@ -1,3 +1,5 @@
+set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider;
+
 -- SORT_BEFORE_DIFF
 
 create table src_autho_test as select * from src;
@@ -86,4 +88,4 @@ revoke select on table src_autho_test from role sRc_roLE;
 drop role sRc_roLE;
 
 set hive.security.authorization.enabled=false;
-drop table src_autho_test;
\ No newline at end of file
+drop table src_autho_test;

http://git-wip-us.apache.org/repos/asf/hive/blob/b9d65f15/ql/src/test/queries/clientpositive/authorization_2.q
----------------------------------------------------------------------
diff --git a/ql/src/test/queries/clientpositive/authorization_2.q b/ql/src/test/queries/clientpositive/authorization_2.q
index 3353c53..efb42f7 100644
--- a/ql/src/test/queries/clientpositive/authorization_2.q
+++ b/ql/src/test/queries/clientpositive/authorization_2.q
@@ -1,3 +1,5 @@
+set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider;
+
 -- SORT_BEFORE_DIFF
 
 create table authorization_part (key int, value string) partitioned by (ds string);
@@ -108,4 +110,4 @@ show grant group hive_test_group1 on table authorization_part partition (ds='201
 
 revoke select on table src_auth_tmp from user hive_test_user;
 set hive.security.authorization.enabled=false;
-drop table authorization_part;
\ No newline at end of file
+drop table authorization_part;

http://git-wip-us.apache.org/repos/asf/hive/blob/b9d65f15/ql/src/test/queries/clientpositive/authorization_3.q
----------------------------------------------------------------------
diff --git a/ql/src/test/queries/clientpositive/authorization_3.q b/ql/src/test/queries/clientpositive/authorization_3.q
index ba76b00..09c6494 100644
--- a/ql/src/test/queries/clientpositive/authorization_3.q
+++ b/ql/src/test/queries/clientpositive/authorization_3.q
@@ -1,3 +1,5 @@
+set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider;
+
 -- SORT_BEFORE_DIFF
 
 create table src_autho_test as select * from src;

http://git-wip-us.apache.org/repos/asf/hive/blob/b9d65f15/ql/src/test/queries/clientpositive/authorization_4.q
----------------------------------------------------------------------
diff --git a/ql/src/test/queries/clientpositive/authorization_4.q b/ql/src/test/queries/clientpositive/authorization_4.q
index 152c8e5..c1848a7 100644
--- a/ql/src/test/queries/clientpositive/authorization_4.q
+++ b/ql/src/test/queries/clientpositive/authorization_4.q
@@ -1,3 +1,5 @@
+set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider;
+
 -- SORT_BEFORE_DIFF
 
 create table src_autho_test as select * from src;
@@ -10,4 +12,4 @@ show grant user hive_test_user on table src_autho_test;
 
 select key from src_autho_test order by key limit 20;
 
-drop table src_autho_test;
\ No newline at end of file
+drop table src_autho_test;

http://git-wip-us.apache.org/repos/asf/hive/blob/b9d65f15/ql/src/test/queries/clientpositive/authorization_5.q
----------------------------------------------------------------------
diff --git a/ql/src/test/queries/clientpositive/authorization_5.q b/ql/src/test/queries/clientpositive/authorization_5.q
index fec27b4..fb9b262 100644
--- a/ql/src/test/queries/clientpositive/authorization_5.q
+++ b/ql/src/test/queries/clientpositive/authorization_5.q
@@ -1,3 +1,5 @@
+set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider;
+
 -- SORT_BEFORE_DIFF
 
 CREATE DATABASE IF NOT EXISTS test_db COMMENT 'Hive test database';

http://git-wip-us.apache.org/repos/asf/hive/blob/b9d65f15/ql/src/test/queries/clientpositive/authorization_6.q
----------------------------------------------------------------------
diff --git a/ql/src/test/queries/clientpositive/authorization_6.q b/ql/src/test/queries/clientpositive/authorization_6.q
index 258ada4..5f9bde7 100644
--- a/ql/src/test/queries/clientpositive/authorization_6.q
+++ b/ql/src/test/queries/clientpositive/authorization_6.q
@@ -1,3 +1,5 @@
+set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider;
+
 -- SORT_BEFORE_DIFF
 
 create table src_auth_tmp as select * from src;

http://git-wip-us.apache.org/repos/asf/hive/blob/b9d65f15/ql/src/test/queries/clientpositive/authorization_7.q
----------------------------------------------------------------------
diff --git a/ql/src/test/queries/clientpositive/authorization_7.q b/ql/src/test/queries/clientpositive/authorization_7.q
index ae49000..216951e 100644
--- a/ql/src/test/queries/clientpositive/authorization_7.q
+++ b/ql/src/test/queries/clientpositive/authorization_7.q
@@ -1,3 +1,5 @@
+set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider;
+
 GRANT ALL TO USER hive_test_user;
 SET hive.security.authorization.enabled=true;
 CREATE TABLE src_authorization_7 (key int, value string);
@@ -12,4 +14,4 @@ SET hive.security.authorization.enabled=true;
 CREATE TABLE src_authorization_7 (key int, value string);
 DESCRIBE src_authorization_7;
 DROP TABLE  src_authorization_7;
-REVOKE ALL FROM GROUP hive_test_group1;
\ No newline at end of file
+REVOKE ALL FROM GROUP hive_test_group1;

http://git-wip-us.apache.org/repos/asf/hive/blob/b9d65f15/ql/src/test/queries/clientpositive/authorization_8.q
----------------------------------------------------------------------
diff --git a/ql/src/test/queries/clientpositive/authorization_8.q b/ql/src/test/queries/clientpositive/authorization_8.q
index 67fcf31..b8571aa 100644
--- a/ql/src/test/queries/clientpositive/authorization_8.q
+++ b/ql/src/test/queries/clientpositive/authorization_8.q
@@ -1,3 +1,4 @@
+set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider;
 set hive.security.authorization.enabled=true;
 GRANT ALL TO USER hive_test_user;
 CREATE TABLE tbl_j5jbymsx8e (key INT, value STRING) PARTITIONED BY (ds STRING);

http://git-wip-us.apache.org/repos/asf/hive/blob/b9d65f15/ql/src/test/queries/clientpositive/authorization_9.q
----------------------------------------------------------------------
diff --git a/ql/src/test/queries/clientpositive/authorization_9.q b/ql/src/test/queries/clientpositive/authorization_9.q
index ed62c45..5f72665 100644
--- a/ql/src/test/queries/clientpositive/authorization_9.q
+++ b/ql/src/test/queries/clientpositive/authorization_9.q
@@ -1,3 +1,4 @@
+set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider;
 -- SORT_BEFORE_DIFF
 
 create table dummy (key string, value string);

http://git-wip-us.apache.org/repos/asf/hive/blob/b9d65f15/ql/src/test/queries/clientpositive/authorization_default_create_table_owner_privs.q
----------------------------------------------------------------------
diff --git a/ql/src/test/queries/clientpositive/authorization_default_create_table_owner_privs.q b/ql/src/test/queries/clientpositive/authorization_default_create_table_owner_privs.q
index c265733..e533ee7 100644
--- a/ql/src/test/queries/clientpositive/authorization_default_create_table_owner_privs.q
+++ b/ql/src/test/queries/clientpositive/authorization_default_create_table_owner_privs.q
@@ -1,3 +1,4 @@
+set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider;
 set hive.security.authorization.createtable.owner.grants=ALL;
 
 create table default_auth_table_creator_priv_test(i int);

http://git-wip-us.apache.org/repos/asf/hive/blob/b9d65f15/ql/src/test/queries/clientpositive/authorization_explain.q
----------------------------------------------------------------------
diff --git a/ql/src/test/queries/clientpositive/authorization_explain.q b/ql/src/test/queries/clientpositive/authorization_explain.q
index fe376bf..6a9475c 100644
--- a/ql/src/test/queries/clientpositive/authorization_explain.q
+++ b/ql/src/test/queries/clientpositive/authorization_explain.q
@@ -1,3 +1,4 @@
+set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider;
 set hive.mapred.mode=nonstrict;
 set hive.security.authorization.enabled=true;
 

http://git-wip-us.apache.org/repos/asf/hive/blob/b9d65f15/ql/src/test/queries/clientpositive/authorization_show_role_principals_v1.q
----------------------------------------------------------------------
diff --git a/ql/src/test/queries/clientpositive/authorization_show_role_principals_v1.q b/ql/src/test/queries/clientpositive/authorization_show_role_principals_v1.q
index 50e9dc2..45e89c5 100644
--- a/ql/src/test/queries/clientpositive/authorization_show_role_principals_v1.q
+++ b/ql/src/test/queries/clientpositive/authorization_show_role_principals_v1.q
@@ -1,3 +1,4 @@
+set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider;
 create role role1;
 grant role1 to user user1 with admin option;
 grant role1 to user user2 with admin option;

http://git-wip-us.apache.org/repos/asf/hive/blob/b9d65f15/ql/src/test/queries/clientpositive/exim_21_export_authsuccess.q
----------------------------------------------------------------------
diff --git a/ql/src/test/queries/clientpositive/exim_21_export_authsuccess.q b/ql/src/test/queries/clientpositive/exim_21_export_authsuccess.q
index 293a011..1e3eaee 100644
--- a/ql/src/test/queries/clientpositive/exim_21_export_authsuccess.q
+++ b/ql/src/test/queries/clientpositive/exim_21_export_authsuccess.q
@@ -1,3 +1,4 @@
+set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider;
 set hive.test.mode=true;
 set hive.test.mode.prefix=;
 

http://git-wip-us.apache.org/repos/asf/hive/blob/b9d65f15/ql/src/test/queries/clientpositive/exim_22_import_exist_authsuccess.q
----------------------------------------------------------------------
diff --git a/ql/src/test/queries/clientpositive/exim_22_import_exist_authsuccess.q b/ql/src/test/queries/clientpositive/exim_22_import_exist_authsuccess.q
index 03714ab..606f9af 100644
--- a/ql/src/test/queries/clientpositive/exim_22_import_exist_authsuccess.q
+++ b/ql/src/test/queries/clientpositive/exim_22_import_exist_authsuccess.q
@@ -1,6 +1,7 @@
 set hive.test.mode=true;
 set hive.test.mode.prefix=;
 set hive.test.mode.nosamplelist=exim_department,exim_employee;
+set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider;
 
 create table exim_department ( dep_id int) stored as textfile;
 load data local inpath "../../data/files/test.dat" into table exim_department;

http://git-wip-us.apache.org/repos/asf/hive/blob/b9d65f15/ql/src/test/queries/clientpositive/exim_23_import_part_authsuccess.q
----------------------------------------------------------------------
diff --git a/ql/src/test/queries/clientpositive/exim_23_import_part_authsuccess.q b/ql/src/test/queries/clientpositive/exim_23_import_part_authsuccess.q
index 9012b0e..316f2e0 100644
--- a/ql/src/test/queries/clientpositive/exim_23_import_part_authsuccess.q
+++ b/ql/src/test/queries/clientpositive/exim_23_import_part_authsuccess.q
@@ -2,6 +2,7 @@ set hive.mapred.mode=nonstrict;
 set hive.test.mode=true;
 set hive.test.mode.prefix=;
 set hive.test.mode.nosamplelist=exim_department,exim_employee;
+set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider;
 
 create table exim_employee ( emp_id int comment "employee id") 	
 	comment "employee table"

http://git-wip-us.apache.org/repos/asf/hive/blob/b9d65f15/ql/src/test/queries/clientpositive/exim_24_import_nonexist_authsuccess.q
----------------------------------------------------------------------
diff --git a/ql/src/test/queries/clientpositive/exim_24_import_nonexist_authsuccess.q b/ql/src/test/queries/clientpositive/exim_24_import_nonexist_authsuccess.q
index 8934c47..8ded70b 100644
--- a/ql/src/test/queries/clientpositive/exim_24_import_nonexist_authsuccess.q
+++ b/ql/src/test/queries/clientpositive/exim_24_import_nonexist_authsuccess.q
@@ -1,6 +1,7 @@
 set hive.test.mode=true;
 set hive.test.mode.prefix=;
 set hive.test.mode.nosamplelist=exim_department,exim_employee;
+set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider;
 
 create table exim_department ( dep_id int) stored as textfile;
 load data local inpath "../../data/files/test.dat" into table exim_department;

http://git-wip-us.apache.org/repos/asf/hive/blob/b9d65f15/ql/src/test/queries/clientpositive/explainuser_3.q
----------------------------------------------------------------------
diff --git a/ql/src/test/queries/clientpositive/explainuser_3.q b/ql/src/test/queries/clientpositive/explainuser_3.q
index 4f1fdab..57029f1 100644
--- a/ql/src/test/queries/clientpositive/explainuser_3.q
+++ b/ql/src/test/queries/clientpositive/explainuser_3.q
@@ -1,3 +1,5 @@
+set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider;
+set hive.metastore.filter.hook=org.apache.hadoop.hive.metastore.DefaultMetaStoreFilterHookImpl;
 set hive.mapred.mode=nonstrict;
 set hive.explain.user=true;
 

http://git-wip-us.apache.org/repos/asf/hive/blob/b9d65f15/ql/src/test/queries/clientpositive/index_auth.q
----------------------------------------------------------------------
diff --git a/ql/src/test/queries/clientpositive/index_auth.q b/ql/src/test/queries/clientpositive/index_auth.q
index 03d77f1..b12b742 100644
--- a/ql/src/test/queries/clientpositive/index_auth.q
+++ b/ql/src/test/queries/clientpositive/index_auth.q
@@ -1,5 +1,7 @@
 set hive.stats.dbclass=fs;
 SET hive.input.format=org.apache.hadoop.hive.ql.io.HiveInputFormat;
+set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider;
+
 create table foobar(key int, value string) PARTITIONED BY (ds string, hr string);
 alter table foobar add partition (ds='2008-04-08',hr='12');
 

http://git-wip-us.apache.org/repos/asf/hive/blob/b9d65f15/ql/src/test/queries/clientpositive/keyword_1.q
----------------------------------------------------------------------
diff --git a/ql/src/test/queries/clientpositive/keyword_1.q b/ql/src/test/queries/clientpositive/keyword_1.q
index d274515..9277725 100644
--- a/ql/src/test/queries/clientpositive/keyword_1.q
+++ b/ql/src/test/queries/clientpositive/keyword_1.q
@@ -1,3 +1,5 @@
+set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider;
+
 -- SORT_BEFORE_DIFF
 
 create table test_user (`user` string, `group` string);
@@ -16,4 +18,4 @@ explain select role from test_user;
 
 show grant user hive_test on table test_user;
 
-drop table test_user;
\ No newline at end of file
+drop table test_user;

http://git-wip-us.apache.org/repos/asf/hive/blob/b9d65f15/ql/src/test/queries/clientpositive/load_exist_part_authsuccess.q
----------------------------------------------------------------------
diff --git a/ql/src/test/queries/clientpositive/load_exist_part_authsuccess.q b/ql/src/test/queries/clientpositive/load_exist_part_authsuccess.q
index 35eb219..1ce4824 100644
--- a/ql/src/test/queries/clientpositive/load_exist_part_authsuccess.q
+++ b/ql/src/test/queries/clientpositive/load_exist_part_authsuccess.q
@@ -1,3 +1,4 @@
+set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider;
 create table hive_test_src ( col1 string ) partitioned by (pcol1 string) stored as textfile;
 alter table hive_test_src add partition (pcol1 = 'test_part');
 set hive.security.authorization.enabled=true;

http://git-wip-us.apache.org/repos/asf/hive/blob/b9d65f15/ql/src/test/queries/clientpositive/load_nonpart_authsuccess.q
----------------------------------------------------------------------
diff --git a/ql/src/test/queries/clientpositive/load_nonpart_authsuccess.q b/ql/src/test/queries/clientpositive/load_nonpart_authsuccess.q
index fdee451..29d4e80 100644
--- a/ql/src/test/queries/clientpositive/load_nonpart_authsuccess.q
+++ b/ql/src/test/queries/clientpositive/load_nonpart_authsuccess.q
@@ -1,3 +1,4 @@
+set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider;
 create table hive_test_src ( col1 string ) stored as textfile;
 set hive.security.authorization.enabled=true;
 grant Update on table hive_test_src to user hive_test_user;

http://git-wip-us.apache.org/repos/asf/hive/blob/b9d65f15/ql/src/test/queries/clientpositive/load_part_authsuccess.q
----------------------------------------------------------------------
diff --git a/ql/src/test/queries/clientpositive/load_part_authsuccess.q b/ql/src/test/queries/clientpositive/load_part_authsuccess.q
index cee5873..868fd6c 100644
--- a/ql/src/test/queries/clientpositive/load_part_authsuccess.q
+++ b/ql/src/test/queries/clientpositive/load_part_authsuccess.q
@@ -1,3 +1,4 @@
+set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider;
 create table hive_test_src ( col1 string ) partitioned by (pcol1 string) stored as textfile;
 set hive.security.authorization.enabled=true;
 grant Update on table hive_test_src to user hive_test_user;

http://git-wip-us.apache.org/repos/asf/hive/blob/b9d65f15/ql/src/test/queries/clientpositive/show_roles.q
----------------------------------------------------------------------
diff --git a/ql/src/test/queries/clientpositive/show_roles.q b/ql/src/test/queries/clientpositive/show_roles.q
index d8ce96a..9e5a6c3 100644
--- a/ql/src/test/queries/clientpositive/show_roles.q
+++ b/ql/src/test/queries/clientpositive/show_roles.q
@@ -1,3 +1,5 @@
+set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider;
+
 create role role1;
 create role role2;
 

http://git-wip-us.apache.org/repos/asf/hive/blob/b9d65f15/ql/src/test/queries/clientpositive/stats5.q
----------------------------------------------------------------------
diff --git a/ql/src/test/queries/clientpositive/stats5.q b/ql/src/test/queries/clientpositive/stats5.q
index 6b5d138..911bbff 100644
--- a/ql/src/test/queries/clientpositive/stats5.q
+++ b/ql/src/test/queries/clientpositive/stats5.q
@@ -1,5 +1,5 @@
+set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider;
 set datanucleus.cache.collections=false;
-set hive.stats.autogather=false;
 
 create table analyze_src as select * from src;
 

http://git-wip-us.apache.org/repos/asf/hive/blob/b9d65f15/ql/src/test/results/clientnegative/authorization_cli_auth_enable.q.out
----------------------------------------------------------------------
diff --git a/ql/src/test/results/clientnegative/authorization_cli_auth_enable.q.out b/ql/src/test/results/clientnegative/authorization_cli_auth_enable.q.out
deleted file mode 100644
index 252eb66..0000000
--- a/ql/src/test/results/clientnegative/authorization_cli_auth_enable.q.out
+++ /dev/null
@@ -1 +0,0 @@
-FAILED: RuntimeException org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException: SQL standards based authorization should not be enabled from hive cliInstead the use of storage based authorization in hive metastore is reccomended. Set hive.security.authorization.enabled=false to disable authz within cli

http://git-wip-us.apache.org/repos/asf/hive/blob/b9d65f15/ql/src/test/results/clientnegative/join_nonexistent_part.q.out
----------------------------------------------------------------------
diff --git a/ql/src/test/results/clientnegative/join_nonexistent_part.q.out b/ql/src/test/results/clientnegative/join_nonexistent_part.q.out
deleted file mode 100644
index a924895..0000000
--- a/ql/src/test/results/clientnegative/join_nonexistent_part.q.out
+++ /dev/null
@@ -1 +0,0 @@
-Authorization failed:No privilege 'Select' found for inputs { database:default, table:srcpart, columnName:key}. Use SHOW GRANT to get more details.

http://git-wip-us.apache.org/repos/asf/hive/blob/b9d65f15/ql/src/test/results/clientpositive/authorization_9.q.out
----------------------------------------------------------------------
diff --git a/ql/src/test/results/clientpositive/authorization_9.q.out b/ql/src/test/results/clientpositive/authorization_9.q.out
index 7f95f5e..6bb8ecb 100644
--- a/ql/src/test/results/clientpositive/authorization_9.q.out
+++ b/ql/src/test/results/clientpositive/authorization_9.q.out
@@ -46,7 +46,67 @@ POSTHOOK: query: show grant user hive_test_user on all
 POSTHOOK: type: SHOW_GRANT
 				hive_test_user	USER	SELECT	false	-1	hive_test_user
 default				hive_test_user	USER	SELECT	false	-1	hive_test_user
+default	alltypesorc			hive_test_user	USER	DELETE	true	-1	hive_test_user
+default	alltypesorc			hive_test_user	USER	INSERT	true	-1	hive_test_user
+default	alltypesorc			hive_test_user	USER	SELECT	true	-1	hive_test_user
+default	alltypesorc			hive_test_user	USER	UPDATE	true	-1	hive_test_user
+default	cbo_t1			hive_test_user	USER	DELETE	true	-1	hive_test_user
+default	cbo_t1			hive_test_user	USER	INSERT	true	-1	hive_test_user
+default	cbo_t1			hive_test_user	USER	SELECT	true	-1	hive_test_user
+default	cbo_t1			hive_test_user	USER	UPDATE	true	-1	hive_test_user
+default	cbo_t2			hive_test_user	USER	DELETE	true	-1	hive_test_user
+default	cbo_t2			hive_test_user	USER	INSERT	true	-1	hive_test_user
+default	cbo_t2			hive_test_user	USER	SELECT	true	-1	hive_test_user
+default	cbo_t2			hive_test_user	USER	UPDATE	true	-1	hive_test_user
+default	cbo_t3			hive_test_user	USER	DELETE	true	-1	hive_test_user
+default	cbo_t3			hive_test_user	USER	INSERT	true	-1	hive_test_user
+default	cbo_t3			hive_test_user	USER	SELECT	true	-1	hive_test_user
+default	cbo_t3			hive_test_user	USER	UPDATE	true	-1	hive_test_user
 default	dummy			hive_test_user	USER	SELECT	false	-1	hive_test_user
+default	lineitem			hive_test_user	USER	DELETE	true	-1	hive_test_user
+default	lineitem			hive_test_user	USER	INSERT	true	-1	hive_test_user
+default	lineitem			hive_test_user	USER	SELECT	true	-1	hive_test_user
+default	lineitem			hive_test_user	USER	UPDATE	true	-1	hive_test_user
+default	part			hive_test_user	USER	DELETE	true	-1	hive_test_user
+default	part			hive_test_user	USER	INSERT	true	-1	hive_test_user
+default	part			hive_test_user	USER	SELECT	true	-1	hive_test_user
+default	part			hive_test_user	USER	UPDATE	true	-1	hive_test_user
+default	src			hive_test_user	USER	DELETE	true	-1	hive_test_user
+default	src			hive_test_user	USER	INSERT	true	-1	hive_test_user
+default	src			hive_test_user	USER	SELECT	true	-1	hive_test_user
+default	src			hive_test_user	USER	UPDATE	true	-1	hive_test_user
+default	src1			hive_test_user	USER	DELETE	true	-1	hive_test_user
+default	src1			hive_test_user	USER	INSERT	true	-1	hive_test_user
+default	src1			hive_test_user	USER	SELECT	true	-1	hive_test_user
+default	src1			hive_test_user	USER	UPDATE	true	-1	hive_test_user
+default	src_cbo			hive_test_user	USER	DELETE	true	-1	hive_test_user
+default	src_cbo			hive_test_user	USER	INSERT	true	-1	hive_test_user
+default	src_cbo			hive_test_user	USER	SELECT	true	-1	hive_test_user
+default	src_cbo			hive_test_user	USER	UPDATE	true	-1	hive_test_user
+default	src_json			hive_test_user	USER	DELETE	true	-1	hive_test_user
+default	src_json			hive_test_user	USER	INSERT	true	-1	hive_test_user
+default	src_json			hive_test_user	USER	SELECT	true	-1	hive_test_user
+default	src_json			hive_test_user	USER	UPDATE	true	-1	hive_test_user
+default	src_sequencefile			hive_test_user	USER	DELETE	true	-1	hive_test_user
+default	src_sequencefile			hive_test_user	USER	INSERT	true	-1	hive_test_user
+default	src_sequencefile			hive_test_user	USER	SELECT	true	-1	hive_test_user
+default	src_sequencefile			hive_test_user	USER	UPDATE	true	-1	hive_test_user
+default	src_thrift			hive_test_user	USER	DELETE	true	-1	hive_test_user
+default	src_thrift			hive_test_user	USER	INSERT	true	-1	hive_test_user
+default	src_thrift			hive_test_user	USER	SELECT	true	-1	hive_test_user
+default	src_thrift			hive_test_user	USER	UPDATE	true	-1	hive_test_user
+default	srcbucket			hive_test_user	USER	DELETE	true	-1	hive_test_user
+default	srcbucket			hive_test_user	USER	INSERT	true	-1	hive_test_user
+default	srcbucket			hive_test_user	USER	SELECT	true	-1	hive_test_user
+default	srcbucket			hive_test_user	USER	UPDATE	true	-1	hive_test_user
+default	srcbucket2			hive_test_user	USER	DELETE	true	-1	hive_test_user
+default	srcbucket2			hive_test_user	USER	INSERT	true	-1	hive_test_user
+default	srcbucket2			hive_test_user	USER	SELECT	true	-1	hive_test_user
+default	srcbucket2			hive_test_user	USER	UPDATE	true	-1	hive_test_user
+default	srcpart			hive_test_user	USER	DELETE	true	-1	hive_test_user
+default	srcpart			hive_test_user	USER	INSERT	true	-1	hive_test_user
+default	srcpart			hive_test_user	USER	SELECT	true	-1	hive_test_user
+default	srcpart			hive_test_user	USER	UPDATE	true	-1	hive_test_user
 default	dummy		[key]	hive_test_user	USER	SELECT	false	-1	hive_test_user
 default	dummy		[value]	hive_test_user	USER	SELECT	false	-1	hive_test_user
 PREHOOK: query: grant select to user hive_test_user2
@@ -78,8 +138,68 @@ POSTHOOK: type: SHOW_GRANT
 				hive_test_user2	USER	SELECT	false	-1	hive_test_user
 default				hive_test_user	USER	SELECT	false	-1	hive_test_user
 default				hive_test_user2	USER	SELECT	false	-1	hive_test_user
+default	alltypesorc			hive_test_user	USER	DELETE	true	-1	hive_test_user
+default	alltypesorc			hive_test_user	USER	INSERT	true	-1	hive_test_user
+default	alltypesorc			hive_test_user	USER	SELECT	true	-1	hive_test_user
+default	alltypesorc			hive_test_user	USER	UPDATE	true	-1	hive_test_user
+default	cbo_t1			hive_test_user	USER	DELETE	true	-1	hive_test_user
+default	cbo_t1			hive_test_user	USER	INSERT	true	-1	hive_test_user
+default	cbo_t1			hive_test_user	USER	SELECT	true	-1	hive_test_user
+default	cbo_t1			hive_test_user	USER	UPDATE	true	-1	hive_test_user
+default	cbo_t2			hive_test_user	USER	DELETE	true	-1	hive_test_user
+default	cbo_t2			hive_test_user	USER	INSERT	true	-1	hive_test_user
+default	cbo_t2			hive_test_user	USER	SELECT	true	-1	hive_test_user
+default	cbo_t2			hive_test_user	USER	UPDATE	true	-1	hive_test_user
+default	cbo_t3			hive_test_user	USER	DELETE	true	-1	hive_test_user
+default	cbo_t3			hive_test_user	USER	INSERT	true	-1	hive_test_user
+default	cbo_t3			hive_test_user	USER	SELECT	true	-1	hive_test_user
+default	cbo_t3			hive_test_user	USER	UPDATE	true	-1	hive_test_user
 default	dummy			hive_test_user	USER	SELECT	false	-1	hive_test_user
 default	dummy			hive_test_user2	USER	SELECT	false	-1	hive_test_user
+default	lineitem			hive_test_user	USER	DELETE	true	-1	hive_test_user
+default	lineitem			hive_test_user	USER	INSERT	true	-1	hive_test_user
+default	lineitem			hive_test_user	USER	SELECT	true	-1	hive_test_user
+default	lineitem			hive_test_user	USER	UPDATE	true	-1	hive_test_user
+default	part			hive_test_user	USER	DELETE	true	-1	hive_test_user
+default	part			hive_test_user	USER	INSERT	true	-1	hive_test_user
+default	part			hive_test_user	USER	SELECT	true	-1	hive_test_user
+default	part			hive_test_user	USER	UPDATE	true	-1	hive_test_user
+default	src			hive_test_user	USER	DELETE	true	-1	hive_test_user
+default	src			hive_test_user	USER	INSERT	true	-1	hive_test_user
+default	src			hive_test_user	USER	SELECT	true	-1	hive_test_user
+default	src			hive_test_user	USER	UPDATE	true	-1	hive_test_user
+default	src1			hive_test_user	USER	DELETE	true	-1	hive_test_user
+default	src1			hive_test_user	USER	INSERT	true	-1	hive_test_user
+default	src1			hive_test_user	USER	SELECT	true	-1	hive_test_user
+default	src1			hive_test_user	USER	UPDATE	true	-1	hive_test_user
+default	src_cbo			hive_test_user	USER	DELETE	true	-1	hive_test_user
+default	src_cbo			hive_test_user	USER	INSERT	true	-1	hive_test_user
+default	src_cbo			hive_test_user	USER	SELECT	true	-1	hive_test_user
+default	src_cbo			hive_test_user	USER	UPDATE	true	-1	hive_test_user
+default	src_json			hive_test_user	USER	DELETE	true	-1	hive_test_user
+default	src_json			hive_test_user	USER	INSERT	true	-1	hive_test_user
+default	src_json			hive_test_user	USER	SELECT	true	-1	hive_test_user
+default	src_json			hive_test_user	USER	UPDATE	true	-1	hive_test_user
+default	src_sequencefile			hive_test_user	USER	DELETE	true	-1	hive_test_user
+default	src_sequencefile			hive_test_user	USER	INSERT	true	-1	hive_test_user
+default	src_sequencefile			hive_test_user	USER	SELECT	true	-1	hive_test_user
+default	src_sequencefile			hive_test_user	USER	UPDATE	true	-1	hive_test_user
+default	src_thrift			hive_test_user	USER	DELETE	true	-1	hive_test_user
+default	src_thrift			hive_test_user	USER	INSERT	true	-1	hive_test_user
+default	src_thrift			hive_test_user	USER	SELECT	true	-1	hive_test_user
+default	src_thrift			hive_test_user	USER	UPDATE	true	-1	hive_test_user
+default	srcbucket			hive_test_user	USER	DELETE	true	-1	hive_test_user
+default	srcbucket			hive_test_user	USER	INSERT	true	-1	hive_test_user
+default	srcbucket			hive_test_user	USER	SELECT	true	-1	hive_test_user
+default	srcbucket			hive_test_user	USER	UPDATE	true	-1	hive_test_user
+default	srcbucket2			hive_test_user	USER	DELETE	true	-1	hive_test_user
+default	srcbucket2			hive_test_user	USER	INSERT	true	-1	hive_test_user
+default	srcbucket2			hive_test_user	USER	SELECT	true	-1	hive_test_user
+default	srcbucket2			hive_test_user	USER	UPDATE	true	-1	hive_test_user
+default	srcpart			hive_test_user	USER	DELETE	true	-1	hive_test_user
+default	srcpart			hive_test_user	USER	INSERT	true	-1	hive_test_user
+default	srcpart			hive_test_user	USER	SELECT	true	-1	hive_test_user
+default	srcpart			hive_test_user	USER	UPDATE	true	-1	hive_test_user
 default	dummy		[key]	hive_test_user	USER	SELECT	false	-1	hive_test_user
 default	dummy		[key]	hive_test_user2	USER	SELECT	false	-1	hive_test_user
 default	dummy		[value]	hive_test_user	USER	SELECT	false	-1	hive_test_user
@@ -90,7 +210,67 @@ POSTHOOK: query: show grant user hive_test_user on all
 POSTHOOK: type: SHOW_GRANT
 				hive_test_user	USER	SELECT	false	-1	hive_test_user
 default				hive_test_user	USER	SELECT	false	-1	hive_test_user
+default	alltypesorc			hive_test_user	USER	DELETE	true	-1	hive_test_user
+default	alltypesorc			hive_test_user	USER	INSERT	true	-1	hive_test_user
+default	alltypesorc			hive_test_user	USER	SELECT	true	-1	hive_test_user
+default	alltypesorc			hive_test_user	USER	UPDATE	true	-1	hive_test_user
+default	cbo_t1			hive_test_user	USER	DELETE	true	-1	hive_test_user
+default	cbo_t1			hive_test_user	USER	INSERT	true	-1	hive_test_user
+default	cbo_t1			hive_test_user	USER	SELECT	true	-1	hive_test_user
+default	cbo_t1			hive_test_user	USER	UPDATE	true	-1	hive_test_user
+default	cbo_t2			hive_test_user	USER	DELETE	true	-1	hive_test_user
+default	cbo_t2			hive_test_user	USER	INSERT	true	-1	hive_test_user
+default	cbo_t2			hive_test_user	USER	SELECT	true	-1	hive_test_user
+default	cbo_t2			hive_test_user	USER	UPDATE	true	-1	hive_test_user
+default	cbo_t3			hive_test_user	USER	DELETE	true	-1	hive_test_user
+default	cbo_t3			hive_test_user	USER	INSERT	true	-1	hive_test_user
+default	cbo_t3			hive_test_user	USER	SELECT	true	-1	hive_test_user
+default	cbo_t3			hive_test_user	USER	UPDATE	true	-1	hive_test_user
 default	dummy			hive_test_user	USER	SELECT	false	-1	hive_test_user
+default	lineitem			hive_test_user	USER	DELETE	true	-1	hive_test_user
+default	lineitem			hive_test_user	USER	INSERT	true	-1	hive_test_user
+default	lineitem			hive_test_user	USER	SELECT	true	-1	hive_test_user
+default	lineitem			hive_test_user	USER	UPDATE	true	-1	hive_test_user
+default	part			hive_test_user	USER	DELETE	true	-1	hive_test_user
+default	part			hive_test_user	USER	INSERT	true	-1	hive_test_user
+default	part			hive_test_user	USER	SELECT	true	-1	hive_test_user
+default	part			hive_test_user	USER	UPDATE	true	-1	hive_test_user
+default	src			hive_test_user	USER	DELETE	true	-1	hive_test_user
+default	src			hive_test_user	USER	INSERT	true	-1	hive_test_user
+default	src			hive_test_user	USER	SELECT	true	-1	hive_test_user
+default	src			hive_test_user	USER	UPDATE	true	-1	hive_test_user
+default	src1			hive_test_user	USER	DELETE	true	-1	hive_test_user
+default	src1			hive_test_user	USER	INSERT	true	-1	hive_test_user
+default	src1			hive_test_user	USER	SELECT	true	-1	hive_test_user
+default	src1			hive_test_user	USER	UPDATE	true	-1	hive_test_user
+default	src_cbo			hive_test_user	USER	DELETE	true	-1	hive_test_user
+default	src_cbo			hive_test_user	USER	INSERT	true	-1	hive_test_user
+default	src_cbo			hive_test_user	USER	SELECT	true	-1	hive_test_user
+default	src_cbo			hive_test_user	USER	UPDATE	true	-1	hive_test_user
+default	src_json			hive_test_user	USER	DELETE	true	-1	hive_test_user
+default	src_json			hive_test_user	USER	INSERT	true	-1	hive_test_user
+default	src_json			hive_test_user	USER	SELECT	true	-1	hive_test_user
+default	src_json			hive_test_user	USER	UPDATE	true	-1	hive_test_user
+default	src_sequencefile			hive_test_user	USER	DELETE	true	-1	hive_test_user
+default	src_sequencefile			hive_test_user	USER	INSERT	true	-1	hive_test_user
+default	src_sequencefile			hive_test_user	USER	SELECT	true	-1	hive_test_user
+default	src_sequencefile			hive_test_user	USER	UPDATE	true	-1	hive_test_user
+default	src_thrift			hive_test_user	USER	DELETE	true	-1	hive_test_user
+default	src_thrift			hive_test_user	USER	INSERT	true	-1	hive_test_user
+default	src_thrift			hive_test_user	USER	SELECT	true	-1	hive_test_user
+default	src_thrift			hive_test_user	USER	UPDATE	true	-1	hive_test_user
+default	srcbucket			hive_test_user	USER	DELETE	true	-1	hive_test_user
+default	srcbucket			hive_test_user	USER	INSERT	true	-1	hive_test_user
+default	srcbucket			hive_test_user	USER	SELECT	true	-1	hive_test_user
+default	srcbucket			hive_test_user	USER	UPDATE	true	-1	hive_test_user
+default	srcbucket2			hive_test_user	USER	DELETE	true	-1	hive_test_user
+default	srcbucket2			hive_test_user	USER	INSERT	true	-1	hive_test_user
+default	srcbucket2			hive_test_user	USER	SELECT	true	-1	hive_test_user
+default	srcbucket2			hive_test_user	USER	UPDATE	true	-1	hive_test_user
+default	srcpart			hive_test_user	USER	DELETE	true	-1	hive_test_user
+default	srcpart			hive_test_user	USER	INSERT	true	-1	hive_test_user
+default	srcpart			hive_test_user	USER	SELECT	true	-1	hive_test_user
+default	srcpart			hive_test_user	USER	UPDATE	true	-1	hive_test_user
 default	dummy		[key]	hive_test_user	USER	SELECT	false	-1	hive_test_user
 default	dummy		[value]	hive_test_user	USER	SELECT	false	-1	hive_test_user
 PREHOOK: query: show grant user hive_test_user2 on all

http://git-wip-us.apache.org/repos/asf/hive/blob/b9d65f15/ql/src/test/results/clientpositive/authorization_explain.q.java1.7.out
----------------------------------------------------------------------
diff --git a/ql/src/test/results/clientpositive/authorization_explain.q.java1.7.out b/ql/src/test/results/clientpositive/authorization_explain.q.java1.7.out
index b7ec209..a9ed049 100644
--- a/ql/src/test/results/clientpositive/authorization_explain.q.java1.7.out
+++ b/ql/src/test/results/clientpositive/authorization_explain.q.java1.7.out
@@ -20,9 +20,6 @@ CURRENT_USER:
   hive_test_user
 OPERATION: 
   QUERY
-AUTHORIZATION_FAILURES: 
-  No privilege 'Select' found for inputs { database:default, table:src, columnName:key}
-  No privilege 'Select' found for inputs { database:default, table:srcpart, columnName:key}
 Warning: Shuffle Join JOIN[7][tables = [$hdt$_0, $hdt$_1]] in Stage 'Stage-1:MAPRED' is a cross product
 PREHOOK: query: explain formatted authorization select * from src join srcpart
 PREHOOK: type: QUERY

http://git-wip-us.apache.org/repos/asf/hive/blob/b9d65f15/ql/src/test/results/clientpositive/authorization_show_grant.q.out
----------------------------------------------------------------------
diff --git a/ql/src/test/results/clientpositive/authorization_show_grant.q.out b/ql/src/test/results/clientpositive/authorization_show_grant.q.out
index 2e7d7f6..7fa0b1c 100644
--- a/ql/src/test/results/clientpositive/authorization_show_grant.q.out
+++ b/ql/src/test/results/clientpositive/authorization_show_grant.q.out
@@ -111,6 +111,66 @@ PREHOOK: query: show grant
 PREHOOK: type: SHOW_GRANT
 POSTHOOK: query: show grant
 POSTHOOK: type: SHOW_GRANT
+default	alltypesorc			hive_test_user	USER	DELETE	true	-1	hive_test_user
+default	alltypesorc			hive_test_user	USER	INSERT	true	-1	hive_test_user
+default	alltypesorc			hive_test_user	USER	SELECT	true	-1	hive_test_user
+default	alltypesorc			hive_test_user	USER	UPDATE	true	-1	hive_test_user
+default	cbo_t1			hive_test_user	USER	DELETE	true	-1	hive_test_user
+default	cbo_t1			hive_test_user	USER	INSERT	true	-1	hive_test_user
+default	cbo_t1			hive_test_user	USER	SELECT	true	-1	hive_test_user
+default	cbo_t1			hive_test_user	USER	UPDATE	true	-1	hive_test_user
+default	cbo_t2			hive_test_user	USER	DELETE	true	-1	hive_test_user
+default	cbo_t2			hive_test_user	USER	INSERT	true	-1	hive_test_user
+default	cbo_t2			hive_test_user	USER	SELECT	true	-1	hive_test_user
+default	cbo_t2			hive_test_user	USER	UPDATE	true	-1	hive_test_user
+default	cbo_t3			hive_test_user	USER	DELETE	true	-1	hive_test_user
+default	cbo_t3			hive_test_user	USER	INSERT	true	-1	hive_test_user
+default	cbo_t3			hive_test_user	USER	SELECT	true	-1	hive_test_user
+default	cbo_t3			hive_test_user	USER	UPDATE	true	-1	hive_test_user
+default	lineitem			hive_test_user	USER	DELETE	true	-1	hive_test_user
+default	lineitem			hive_test_user	USER	INSERT	true	-1	hive_test_user
+default	lineitem			hive_test_user	USER	SELECT	true	-1	hive_test_user
+default	lineitem			hive_test_user	USER	UPDATE	true	-1	hive_test_user
+default	part			hive_test_user	USER	DELETE	true	-1	hive_test_user
+default	part			hive_test_user	USER	INSERT	true	-1	hive_test_user
+default	part			hive_test_user	USER	SELECT	true	-1	hive_test_user
+default	part			hive_test_user	USER	UPDATE	true	-1	hive_test_user
+default	src			hive_test_user	USER	DELETE	true	-1	hive_test_user
+default	src			hive_test_user	USER	INSERT	true	-1	hive_test_user
+default	src			hive_test_user	USER	SELECT	true	-1	hive_test_user
+default	src			hive_test_user	USER	UPDATE	true	-1	hive_test_user
+default	src1			hive_test_user	USER	DELETE	true	-1	hive_test_user
+default	src1			hive_test_user	USER	INSERT	true	-1	hive_test_user
+default	src1			hive_test_user	USER	SELECT	true	-1	hive_test_user
+default	src1			hive_test_user	USER	UPDATE	true	-1	hive_test_user
+default	src_cbo			hive_test_user	USER	DELETE	true	-1	hive_test_user
+default	src_cbo			hive_test_user	USER	INSERT	true	-1	hive_test_user
+default	src_cbo			hive_test_user	USER	SELECT	true	-1	hive_test_user
+default	src_cbo			hive_test_user	USER	UPDATE	true	-1	hive_test_user
+default	src_json			hive_test_user	USER	DELETE	true	-1	hive_test_user
+default	src_json			hive_test_user	USER	INSERT	true	-1	hive_test_user
+default	src_json			hive_test_user	USER	SELECT	true	-1	hive_test_user
+default	src_json			hive_test_user	USER	UPDATE	true	-1	hive_test_user
+default	src_sequencefile			hive_test_user	USER	DELETE	true	-1	hive_test_user
+default	src_sequencefile			hive_test_user	USER	INSERT	true	-1	hive_test_user
+default	src_sequencefile			hive_test_user	USER	SELECT	true	-1	hive_test_user
+default	src_sequencefile			hive_test_user	USER	UPDATE	true	-1	hive_test_user
+default	src_thrift			hive_test_user	USER	DELETE	true	-1	hive_test_user
+default	src_thrift			hive_test_user	USER	INSERT	true	-1	hive_test_user
+default	src_thrift			hive_test_user	USER	SELECT	true	-1	hive_test_user
+default	src_thrift			hive_test_user	USER	UPDATE	true	-1	hive_test_user
+default	srcbucket			hive_test_user	USER	DELETE	true	-1	hive_test_user
+default	srcbucket			hive_test_user	USER	INSERT	true	-1	hive_test_user
+default	srcbucket			hive_test_user	USER	SELECT	true	-1	hive_test_user
+default	srcbucket			hive_test_user	USER	UPDATE	true	-1	hive_test_user
+default	srcbucket2			hive_test_user	USER	DELETE	true	-1	hive_test_user
+default	srcbucket2			hive_test_user	USER	INSERT	true	-1	hive_test_user
+default	srcbucket2			hive_test_user	USER	SELECT	true	-1	hive_test_user
+default	srcbucket2			hive_test_user	USER	UPDATE	true	-1	hive_test_user
+default	srcpart			hive_test_user	USER	DELETE	true	-1	hive_test_user
+default	srcpart			hive_test_user	USER	INSERT	true	-1	hive_test_user
+default	srcpart			hive_test_user	USER	SELECT	true	-1	hive_test_user
+default	srcpart			hive_test_user	USER	UPDATE	true	-1	hive_test_user
 default	t1			rolea	ROLE	SELECT	false	-1	user1
 default	t1			user1	USER	DELETE	true	-1	hive_admin_user
 default	t1			user1	USER	INSERT	true	-1	hive_admin_user

http://git-wip-us.apache.org/repos/asf/hive/blob/b9d65f15/ql/src/test/results/clientpositive/spark/stats5.q.out
----------------------------------------------------------------------
diff --git a/ql/src/test/results/clientpositive/spark/stats5.q.out b/ql/src/test/results/clientpositive/spark/stats5.q.out
index 2edbd07..51bf6e4 100644
--- a/ql/src/test/results/clientpositive/spark/stats5.q.out
+++ b/ql/src/test/results/clientpositive/spark/stats5.q.out
@@ -25,7 +25,7 @@ STAGE PLANS:
             Map Operator Tree:
                 TableScan
                   alias: analyze_src
-                  Statistics: Num rows: 1 Data size: 5812 Basic stats: COMPLETE Column stats: COMPLETE
+                  Statistics: Num rows: 500 Data size: 5312 Basic stats: COMPLETE Column stats: COMPLETE
 
   Stage: Stage-1
     Stats-Aggr Operator

http://git-wip-us.apache.org/repos/asf/hive/blob/b9d65f15/ql/src/test/results/clientpositive/stats5.q.out
----------------------------------------------------------------------
diff --git a/ql/src/test/results/clientpositive/stats5.q.out b/ql/src/test/results/clientpositive/stats5.q.out
index 866dbaf..93cff91 100644
--- a/ql/src/test/results/clientpositive/stats5.q.out
+++ b/ql/src/test/results/clientpositive/stats5.q.out
@@ -22,7 +22,7 @@ STAGE PLANS:
       Map Operator Tree:
           TableScan
             alias: analyze_src
-            Statistics: Num rows: 1 Data size: 5812 Basic stats: COMPLETE Column stats: COMPLETE
+            Statistics: Num rows: 500 Data size: 5312 Basic stats: COMPLETE Column stats: COMPLETE
 
   Stage: Stage-1
     Stats-Aggr Operator

http://git-wip-us.apache.org/repos/asf/hive/blob/b9d65f15/ql/src/test/results/clientpositive/tez/unionDistinct_2.q.out
----------------------------------------------------------------------
diff --git a/ql/src/test/results/clientpositive/tez/unionDistinct_2.q.out b/ql/src/test/results/clientpositive/tez/unionDistinct_2.q.out
index 6d59369..f4cdd86 100644
--- a/ql/src/test/results/clientpositive/tez/unionDistinct_2.q.out
+++ b/ql/src/test/results/clientpositive/tez/unionDistinct_2.q.out
@@ -359,7 +359,7 @@ union
 select `u2`.`key`, `u2`.`value` from `default`.`u2`	 	 
 union all	 	 
 select `u3`.`key` as `key`, `u3`.`value` from `default`.`u3`	 	 
-) `tab`, tableType:VIRTUAL_VIEW)		 
+) `tab`, tableType:VIRTUAL_VIEW, privileges:PrincipalPrivilegeSet(userPrivileges:{hive_test_user=[PrivilegeGrantInfo(privilege:INSERT, createTime:-1, grantor:hive_test_user, grantorType:USER, grantOption:true), PrivilegeGrantInfo(privilege:SELECT, createTime:-1, grantor:hive_test_user, grantorType:USER, grantOption:true), PrivilegeGrantInfo(privilege:UPDATE, createTime:-1, grantor:hive_test_user, grantorType:USER, grantOption:true), PrivilegeGrantInfo(privilege:DELETE, createTime:-1, grantor:hive_test_user, grantorType:USER, grantOption:true)]}, groupPrivileges:null, rolePrivileges:null))		 
 PREHOOK: query: select * from v
 PREHOOK: type: QUERY
 PREHOOK: Input: default@u1
@@ -429,7 +429,7 @@ select distinct * from u2
 select distinct `u1`.`key`, `u1`.`value` from `default`.`u1`	 	 
 union  	 	 
 select distinct `u2`.`key`, `u2`.`value` from `default`.`u2`	 	 
-) `tab`, tableType:VIRTUAL_VIEW)		 
+) `tab`, tableType:VIRTUAL_VIEW, privileges:PrincipalPrivilegeSet(userPrivileges:{hive_test_user=[PrivilegeGrantInfo(privilege:INSERT, createTime:-1, grantor:hive_test_user, grantorType:USER, grantOption:true), PrivilegeGrantInfo(privilege:SELECT, createTime:-1, grantor:hive_test_user, grantorType:USER, grantOption:true), PrivilegeGrantInfo(privilege:UPDATE, createTime:-1, grantor:hive_test_user, grantorType:USER, grantOption:true), PrivilegeGrantInfo(privilege:DELETE, createTime:-1, grantor:hive_test_user, grantorType:USER, grantOption:true)]}, groupPrivileges:null, rolePrivileges:null))		 
 PREHOOK: query: select * from v
 PREHOOK: type: QUERY
 PREHOOK: Input: default@u1
@@ -494,7 +494,7 @@ select distinct * from u2
 select distinct `u1`.`key`, `u1`.`value` from `default`.`u1`	 	 
 union all 	 	 
 select distinct `u2`.`key`, `u2`.`value` from `default`.`u2`	 	 
-) `tab`, tableType:VIRTUAL_VIEW)		 
+) `tab`, tableType:VIRTUAL_VIEW, privileges:PrincipalPrivilegeSet(userPrivileges:{hive_test_user=[PrivilegeGrantInfo(privilege:INSERT, createTime:-1, grantor:hive_test_user, grantorType:USER, grantOption:true), PrivilegeGrantInfo(privilege:SELECT, createTime:-1, grantor:hive_test_user, grantorType:USER, grantOption:true), PrivilegeGrantInfo(privilege:UPDATE, createTime:-1, grantor:hive_test_user, grantorType:USER, grantOption:true), PrivilegeGrantInfo(privilege:DELETE, createTime:-1, grantor:hive_test_user, grantorType:USER, grantOption:true)]}, groupPrivileges:null, rolePrivileges:null))		 
 PREHOOK: query: select * from v
 PREHOOK: type: QUERY
 PREHOOK: Input: default@u1


Mime
View raw message