hive-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jd...@apache.org
Subject [33/51] [abbrv] hive git commit: HIVE-13198: Authorization issues with cascading views (Pengcheng Xiong, reviewed by Ashutosh Chauhan)
Date Thu, 17 Mar 2016 22:47:37 GMT
HIVE-13198: Authorization issues with cascading views (Pengcheng Xiong, reviewed by Ashutosh Chauhan)


Project: http://git-wip-us.apache.org/repos/asf/hive/repo
Commit: http://git-wip-us.apache.org/repos/asf/hive/commit/ca165db8
Tree: http://git-wip-us.apache.org/repos/asf/hive/tree/ca165db8
Diff: http://git-wip-us.apache.org/repos/asf/hive/diff/ca165db8

Branch: refs/heads/llap
Commit: ca165db8dd7846cc88e0903d061a9713551c3a72
Parents: 114e9f1
Author: Pengcheng Xiong <pxiong@apache.org>
Authored: Sun Mar 13 12:04:29 2016 -0700
Committer: Pengcheng Xiong <pxiong@apache.org>
Committed: Sun Mar 13 12:04:29 2016 -0700

----------------------------------------------------------------------
 .../java/org/apache/hadoop/hive/ql/Driver.java  | 73 ++++++++++----------
 .../hadoop/hive/ql/exec/TableScanOperator.java  | 10 +++
 .../calcite/reloperators/HiveTableScan.java     | 23 ++++--
 .../calcite/translator/ASTBuilder.java          |  8 +++
 .../hadoop/hive/ql/parse/CalcitePlanner.java    |  3 +-
 .../org/apache/hadoop/hive/ql/parse/QB.java     | 16 +++++
 .../hadoop/hive/ql/parse/SemanticAnalyzer.java  | 32 +++++++--
 .../clientnegative/authorization_view_5.q       | 16 +++++
 .../clientnegative/authorization_view_6.q       | 18 +++++
 .../clientnegative/authorization_view_7.q       | 18 +++++
 .../authorization_view_disable_cbo_5.q          | 17 +++++
 .../authorization_view_disable_cbo_6.q          | 19 +++++
 .../authorization_view_disable_cbo_7.q          | 19 +++++
 .../clientpositive/authorization_view_2.q       | 16 +++++
 .../clientpositive/authorization_view_3.q       | 18 +++++
 .../clientpositive/authorization_view_4.q       | 18 +++++
 .../authorization_view_disable_cbo_2.q          | 17 +++++
 .../authorization_view_disable_cbo_3.q          | 19 +++++
 .../authorization_view_disable_cbo_4.q          | 19 +++++
 .../clientnegative/authorization_view_5.q.out   | 35 ++++++++++
 .../clientnegative/authorization_view_6.q.out   | 45 ++++++++++++
 .../clientnegative/authorization_view_7.q.out   | 45 ++++++++++++
 .../authorization_view_disable_cbo_5.q.out      | 35 ++++++++++
 .../authorization_view_disable_cbo_6.q.out      | 45 ++++++++++++
 .../authorization_view_disable_cbo_7.q.out      | 45 ++++++++++++
 .../clientpositive/authorization_view_2.q.out   | 66 ++++++++++++++++++
 .../clientpositive/authorization_view_3.q.out   | 62 +++++++++++++++++
 .../clientpositive/authorization_view_4.q.out   | 64 +++++++++++++++++
 .../authorization_view_disable_cbo_2.q.out      | 66 ++++++++++++++++++
 .../authorization_view_disable_cbo_3.q.out      | 62 +++++++++++++++++
 .../authorization_view_disable_cbo_4.q.out      | 64 +++++++++++++++++
 .../results/clientpositive/subquery_views.q.out |  8 +--
 .../clientpositive/tez/explainuser_1.q.out      |  2 +-
 33 files changed, 971 insertions(+), 52 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/hive/blob/ca165db8/ql/src/java/org/apache/hadoop/hive/ql/Driver.java
----------------------------------------------------------------------
diff --git a/ql/src/java/org/apache/hadoop/hive/ql/Driver.java b/ql/src/java/org/apache/hadoop/hive/ql/Driver.java
index b50c5a2..f0fda05 100644
--- a/ql/src/java/org/apache/hadoop/hive/ql/Driver.java
+++ b/ql/src/java/org/apache/hadoop/hive/ql/Driver.java
@@ -733,14 +733,14 @@ public class Driver implements CommandProcessor {
         }
       }
 
+      // column authorization is checked through table scan operators.
       getTablePartitionUsedColumns(op, sem, tab2Cols, part2Cols, tableUsePartLevelAuth);
 
-
-
       // cache the results for table authorization
       Set<String> tableAuthChecked = new HashSet<String>();
       for (ReadEntity read : inputs) {
-        if (read.isDummy() || read.isPathType()) {
+        // if read is not direct, we do not need to check its autho.
+        if (read.isDummy() || read.isPathType() || !read.isDirect()) {
           continue;
         }
         if (read.getType() == Entity.Type.DATABASE) {
@@ -796,46 +796,49 @@ public class Driver implements CommandProcessor {
     // for a select or create-as-select query, populate the partition to column
     // (par2Cols) or
     // table to columns mapping (tab2Cols)
-    if (op.equals(HiveOperation.CREATETABLE_AS_SELECT)
-        || op.equals(HiveOperation.QUERY)) {
+    if (op.equals(HiveOperation.CREATETABLE_AS_SELECT) || op.equals(HiveOperation.QUERY)) {
       SemanticAnalyzer querySem = (SemanticAnalyzer) sem;
       ParseContext parseCtx = querySem.getParseContext();
 
-      for (Map.Entry<String, TableScanOperator> topOpMap : querySem.getParseContext().getTopOps().entrySet()) {
-        TableScanOperator topOp = topOpMap.getValue();
-        TableScanOperator tableScanOp = topOp;
-        Table tbl = tableScanOp.getConf().getTableMetadata();
-        List<Integer> neededColumnIds = tableScanOp.getNeededColumnIDs();
-        List<FieldSchema> columns = tbl.getCols();
-        List<String> cols = new ArrayList<String>();
-        for (int i = 0; i < neededColumnIds.size(); i++) {
-          cols.add(columns.get(neededColumnIds.get(i)).getName());
-        }
-        //map may not contain all sources, since input list may have been optimized out
-        //or non-existent tho such sources may still be referenced by the TableScanOperator
-        //if it's null then the partition probably doesn't exist so let's use table permission
-        if (tbl.isPartitioned() &&
-            Boolean.TRUE.equals(tableUsePartLevelAuth.get(tbl.getTableName()))) {
-          String alias_id = topOpMap.getKey();
-
-          PrunedPartitionList partsList = PartitionPruner.prune(tableScanOp,
-              parseCtx, alias_id);
-          Set<Partition> parts = partsList.getPartitions();
-          for (Partition part : parts) {
-            List<String> existingCols = part2Cols.get(part);
+      for (Map.Entry<String, TableScanOperator> topOpMap : querySem.getParseContext().getTopOps()
+          .entrySet()) {
+        TableScanOperator tableScanOp = topOpMap.getValue();
+        if (!tableScanOp.isInsideView()) {
+          Table tbl = tableScanOp.getConf().getTableMetadata();
+          List<Integer> neededColumnIds = tableScanOp.getNeededColumnIDs();
+          List<FieldSchema> columns = tbl.getCols();
+          List<String> cols = new ArrayList<String>();
+          for (int i = 0; i < neededColumnIds.size(); i++) {
+            cols.add(columns.get(neededColumnIds.get(i)).getName());
+          }
+          // map may not contain all sources, since input list may have been
+          // optimized out
+          // or non-existent tho such sources may still be referenced by the
+          // TableScanOperator
+          // if it's null then the partition probably doesn't exist so let's use
+          // table permission
+          if (tbl.isPartitioned()
+              && Boolean.TRUE.equals(tableUsePartLevelAuth.get(tbl.getTableName()))) {
+            String alias_id = topOpMap.getKey();
+
+            PrunedPartitionList partsList = PartitionPruner.prune(tableScanOp, parseCtx, alias_id);
+            Set<Partition> parts = partsList.getPartitions();
+            for (Partition part : parts) {
+              List<String> existingCols = part2Cols.get(part);
+              if (existingCols == null) {
+                existingCols = new ArrayList<String>();
+              }
+              existingCols.addAll(cols);
+              part2Cols.put(part, existingCols);
+            }
+          } else {
+            List<String> existingCols = tab2Cols.get(tbl);
             if (existingCols == null) {
               existingCols = new ArrayList<String>();
             }
             existingCols.addAll(cols);
-            part2Cols.put(part, existingCols);
-          }
-        } else {
-          List<String> existingCols = tab2Cols.get(tbl);
-          if (existingCols == null) {
-            existingCols = new ArrayList<String>();
+            tab2Cols.put(tbl, existingCols);
           }
-          existingCols.addAll(cols);
-          tab2Cols.put(tbl, existingCols);
         }
       }
     }

http://git-wip-us.apache.org/repos/asf/hive/blob/ca165db8/ql/src/java/org/apache/hadoop/hive/ql/exec/TableScanOperator.java
----------------------------------------------------------------------
diff --git a/ql/src/java/org/apache/hadoop/hive/ql/exec/TableScanOperator.java b/ql/src/java/org/apache/hadoop/hive/ql/exec/TableScanOperator.java
index 5253521..1b3cc82 100644
--- a/ql/src/java/org/apache/hadoop/hive/ql/exec/TableScanOperator.java
+++ b/ql/src/java/org/apache/hadoop/hive/ql/exec/TableScanOperator.java
@@ -65,6 +65,8 @@ public class TableScanOperator extends Operator<TableScanDesc> implements
 
   private transient int rowLimit = -1;
   private transient int currCount = 0;
+  // insiderView will tell this TableScan is inside a view or not.
+  private transient boolean insideView;
 
   private String defaultPartitionName;
 
@@ -362,4 +364,12 @@ public class TableScanOperator extends Operator<TableScanDesc> implements
     return ts;
   }
 
+  public boolean isInsideView() {
+    return insideView;
+  }
+
+  public void setInsideView(boolean insiderView) {
+    this.insideView = insiderView;
+  }
+
 }

http://git-wip-us.apache.org/repos/asf/hive/blob/ca165db8/ql/src/java/org/apache/hadoop/hive/ql/optimizer/calcite/reloperators/HiveTableScan.java
----------------------------------------------------------------------
diff --git a/ql/src/java/org/apache/hadoop/hive/ql/optimizer/calcite/reloperators/HiveTableScan.java b/ql/src/java/org/apache/hadoop/hive/ql/optimizer/calcite/reloperators/HiveTableScan.java
index e9e9d0b..c9505e4 100644
--- a/ql/src/java/org/apache/hadoop/hive/ql/optimizer/calcite/reloperators/HiveTableScan.java
+++ b/ql/src/java/org/apache/hadoop/hive/ql/optimizer/calcite/reloperators/HiveTableScan.java
@@ -64,6 +64,8 @@ public class HiveTableScan extends TableScan implements HiveRelNode {
   private final String concatQbIDAlias;
   private final boolean useQBIdInDigest;
   private final ImmutableSet<Integer> viurtualOrPartColIndxsInTS;
+  // insiderView will tell this TableScan is inside a view or not.
+  private final boolean insideView;
 
   public String getTableAlias() {
     return tblAlias;
@@ -86,12 +88,12 @@ public class HiveTableScan extends TableScan implements HiveRelNode {
    *          HiveDB table
    */
   public HiveTableScan(RelOptCluster cluster, RelTraitSet traitSet, RelOptHiveTable table,
-      String alias, String concatQbIDAlias, boolean useQBIdInDigest) {
-    this(cluster, traitSet, table, alias, concatQbIDAlias, table.getRowType(), useQBIdInDigest);
+      String alias, String concatQbIDAlias, boolean useQBIdInDigest, boolean insideView) {
+    this(cluster, traitSet, table, alias, concatQbIDAlias, table.getRowType(), useQBIdInDigest, insideView);
   }
 
   private HiveTableScan(RelOptCluster cluster, RelTraitSet traitSet, RelOptHiveTable table,
-      String alias, String concatQbIDAlias, RelDataType newRowtype, boolean useQBIdInDigest) {
+      String alias, String concatQbIDAlias, RelDataType newRowtype, boolean useQBIdInDigest, boolean insideView) {
     super(cluster, TraitsUtil.getDefaultTraitSet(cluster), table);
     assert getConvention() == HiveRelNode.CONVENTION;
     this.tblAlias = alias;
@@ -101,6 +103,7 @@ public class HiveTableScan extends TableScan implements HiveRelNode {
     this.neededColIndxsFrmReloptHT = colIndxPair.getKey();
     this.viurtualOrPartColIndxsInTS = colIndxPair.getValue();
     this.useQBIdInDigest = useQBIdInDigest;
+    this.insideView = insideView;
   }
 
   @Override
@@ -118,7 +121,7 @@ public class HiveTableScan extends TableScan implements HiveRelNode {
    */
   public HiveTableScan copy(RelDataType newRowtype) {
     return new HiveTableScan(getCluster(), getTraitSet(), ((RelOptHiveTable) table), this.tblAlias, this.concatQbIDAlias,
-            newRowtype, this.useQBIdInDigest);
+            newRowtype, this.useQBIdInDigest, this.insideView);
   }
 
   @Override
@@ -237,4 +240,16 @@ public class HiveTableScan extends TableScan implements HiveRelNode {
     return new Pair<ImmutableList<Integer>, ImmutableSet<Integer>>(neededColIndxsFrmReloptHT,
         viurtualOrPartColIndxsInTS);
   }
+
+  public boolean isInsideView() {
+    return insideView;
+  }
+
+  // We need to include isInsideView inside digest to differentiate direct
+  // tables and tables inside view. Otherwise, Calcite will treat them as the same.
+  public String computeDigest() {
+    String digest = super.computeDigest();
+    return digest + "[" + this.isInsideView() + "]";
+  }
+
 }

http://git-wip-us.apache.org/repos/asf/hive/blob/ca165db8/ql/src/java/org/apache/hadoop/hive/ql/optimizer/calcite/translator/ASTBuilder.java
----------------------------------------------------------------------
diff --git a/ql/src/java/org/apache/hadoop/hive/ql/optimizer/calcite/translator/ASTBuilder.java b/ql/src/java/org/apache/hadoop/hive/ql/optimizer/calcite/translator/ASTBuilder.java
index d39744b..682d0cb 100644
--- a/ql/src/java/org/apache/hadoop/hive/ql/optimizer/calcite/translator/ASTBuilder.java
+++ b/ql/src/java/org/apache/hadoop/hive/ql/optimizer/calcite/translator/ASTBuilder.java
@@ -62,6 +62,14 @@ class ASTBuilder {
         ASTBuilder.construct(HiveParser.TOK_TABNAME, "TOK_TABNAME")
             .add(HiveParser.Identifier, hTbl.getHiveTableMD().getDbName())
             .add(HiveParser.Identifier, hTbl.getHiveTableMD().getTableName()));
+    // we need to carry the insideView information from calcite into the ast.
+    if (((HiveTableScan) scan).isInsideView()) {
+      b.add(ASTBuilder.construct(HiveParser.TOK_TABLEPROPERTIES, "TOK_TABLEPROPERTIES").add(
+          ASTBuilder.construct(HiveParser.TOK_TABLEPROPLIST, "TOK_TABLEPROPLIST").add(
+              ASTBuilder.construct(HiveParser.TOK_TABLEPROPERTY, "TOK_TABLEPROPERTY")
+                  .add(HiveParser.StringLiteral, "\"insideView\"")
+                  .add(HiveParser.StringLiteral, "\"TRUE\""))));
+    }
 
     // NOTE: Calcite considers tbls to be equal if their names are the same. Hence
     // we need to provide Calcite the fully qualified table name (dbname.tblname)

http://git-wip-us.apache.org/repos/asf/hive/blob/ca165db8/ql/src/java/org/apache/hadoop/hive/ql/parse/CalcitePlanner.java
----------------------------------------------------------------------
diff --git a/ql/src/java/org/apache/hadoop/hive/ql/parse/CalcitePlanner.java b/ql/src/java/org/apache/hadoop/hive/ql/parse/CalcitePlanner.java
index c36aa9d..f8860b7 100644
--- a/ql/src/java/org/apache/hadoop/hive/ql/parse/CalcitePlanner.java
+++ b/ql/src/java/org/apache/hadoop/hive/ql/parse/CalcitePlanner.java
@@ -1706,7 +1706,8 @@ public class CalcitePlanner extends SemanticAnalyzer {
         tableRel = new HiveTableScan(cluster, cluster.traitSetOf(HiveRelNode.CONVENTION), optTable,
             null == tableAlias ? tabMetaData.getTableName() : tableAlias,
             getAliasId(tableAlias, qb), HiveConf.getBoolVar(conf,
-                HiveConf.ConfVars.HIVE_CBO_RETPATH_HIVEOP));
+                HiveConf.ConfVars.HIVE_CBO_RETPATH_HIVEOP), qb.isInsideView()
+                || qb.getAliasInsideView().contains(tableAlias.toLowerCase()));
 
         // 6. Add Schema(RR) to RelNode-Schema map
         ImmutableMap<String, Integer> hiveToCalciteColMap = buildHiveToCalciteColumnMap(rr,

http://git-wip-us.apache.org/repos/asf/hive/blob/ca165db8/ql/src/java/org/apache/hadoop/hive/ql/parse/QB.java
----------------------------------------------------------------------
diff --git a/ql/src/java/org/apache/hadoop/hive/ql/parse/QB.java b/ql/src/java/org/apache/hadoop/hive/ql/parse/QB.java
index 91352b2..cf3bbf0 100644
--- a/ql/src/java/org/apache/hadoop/hive/ql/parse/QB.java
+++ b/ql/src/java/org/apache/hadoop/hive/ql/parse/QB.java
@@ -21,6 +21,7 @@ package org.apache.hadoop.hive.ql.parse;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.HashMap;
+import java.util.HashSet;
 import java.util.LinkedHashMap;
 import java.util.List;
 import java.util.Map;
@@ -59,6 +60,8 @@ public class QB {
   private CreateTableDesc tblDesc = null; // table descriptor of the final
   private CreateTableDesc directoryDesc = null ;
   private List<Path> encryptedTargetTablePaths;
+  private boolean insideView;
+  private Set<String> aliasInsideView;
 
   // used by PTFs
   /*
@@ -123,6 +126,7 @@ public class QB {
     ptfNodeToSpec = new LinkedHashMap<ASTNode, PTFInvocationSpec>();
     destToWindowingSpec = new LinkedHashMap<String, WindowingSpec>();
     id = getAppendedAliasFromId(outer_id, alias);
+    aliasInsideView = new HashSet<>();
   }
 
   // For sub-queries, the id. and alias should be appended since same aliases can be re-used
@@ -416,4 +420,16 @@ public class QB {
     return viewAliasToViewSchema;
   }
 
+  public boolean isInsideView() {
+    return insideView;
+  }
+
+  public void setInsideView(boolean insideView) {
+    this.insideView = insideView;
+  }
+
+  public Set<String> getAliasInsideView() {
+    return aliasInsideView;
+  }
+
 }

http://git-wip-us.apache.org/repos/asf/hive/blob/ca165db8/ql/src/java/org/apache/hadoop/hive/ql/parse/SemanticAnalyzer.java
----------------------------------------------------------------------
diff --git a/ql/src/java/org/apache/hadoop/hive/ql/parse/SemanticAnalyzer.java b/ql/src/java/org/apache/hadoop/hive/ql/parse/SemanticAnalyzer.java
index 633c212..2dcb6d6 100644
--- a/ql/src/java/org/apache/hadoop/hive/ql/parse/SemanticAnalyzer.java
+++ b/ql/src/java/org/apache/hadoop/hive/ql/parse/SemanticAnalyzer.java
@@ -435,14 +435,19 @@ public class SemanticAnalyzer extends BaseSemanticAnalyzer {
     return ctx.getOpContext();
   }
 
-  @SuppressWarnings("nls")
   public void doPhase1QBExpr(ASTNode ast, QBExpr qbexpr, String id, String alias)
       throws SemanticException {
+    doPhase1QBExpr(ast, qbexpr, id, alias, false);
+  }
+  @SuppressWarnings("nls")
+  public void doPhase1QBExpr(ASTNode ast, QBExpr qbexpr, String id, String alias, boolean insideView)
+      throws SemanticException {
 
     assert (ast.getToken() != null);
     switch (ast.getToken().getType()) {
     case HiveParser.TOK_QUERY: {
       QB qb = new QB(id, alias, true);
+      qb.setInsideView(insideView);
       Phase1Ctx ctx_1 = initPhase1Ctx();
       doPhase1(ast, qb, ctx_1, null);
 
@@ -456,14 +461,14 @@ public class SemanticAnalyzer extends BaseSemanticAnalyzer {
       assert (ast.getChild(0) != null);
       QBExpr qbexpr1 = new QBExpr(alias + SUBQUERY_TAG_1);
       doPhase1QBExpr((ASTNode) ast.getChild(0), qbexpr1, id + SUBQUERY_TAG_1,
-          alias + SUBQUERY_TAG_1);
+          alias + SUBQUERY_TAG_1, insideView);
       qbexpr.setQBExpr1(qbexpr1);
 
       // query 2
       assert (ast.getChild(1) != null);
       QBExpr qbexpr2 = new QBExpr(alias + SUBQUERY_TAG_2);
       doPhase1QBExpr((ASTNode) ast.getChild(1), qbexpr2, id + SUBQUERY_TAG_2,
-          alias + SUBQUERY_TAG_2);
+          alias + SUBQUERY_TAG_2, insideView);
       qbexpr.setQBExpr2(qbexpr2);
     }
       break;
@@ -656,6 +661,10 @@ public class SemanticAnalyzer extends BaseSemanticAnalyzer {
     if (propsIndex >= 0) {
       Tree propsAST = tabref.getChild(propsIndex);
       Map<String, String> props = DDLSemanticAnalyzer.getProps((ASTNode) propsAST.getChild(0));
+      // We get the information from Calcite.
+      if ("TRUE".equals(props.get("insideView"))) {
+        qb.getAliasInsideView().add(alias.toLowerCase());
+      }
       qb.setTabProps(alias, props);
     }
 
@@ -730,6 +739,9 @@ public class SemanticAnalyzer extends BaseSemanticAnalyzer {
     }
     // Insert this map into the stats
     qb.setTabAlias(alias, tabIdName);
+    if (qb.isInsideView()) {
+      qb.getAliasInsideView().add(alias.toLowerCase());
+    }
     qb.addAlias(alias);
 
     qb.getParseInfo().setSrcForAlias(alias, tableTree);
@@ -1895,8 +1907,8 @@ public class SemanticAnalyzer extends BaseSemanticAnalyzer {
         }
         replaceViewReferenceWithDefinition(qb, tab, tabName, alias);
         // This is the last time we'll see the Table objects for views, so add it to the inputs
-        // now
-        ReadEntity viewInput = new ReadEntity(tab, parentInput);
+        // now. isInsideView will tell if this view is embedded in another view.
+        ReadEntity viewInput = new ReadEntity(tab, parentInput, !qb.isInsideView());
         viewInput = PlanUtils.addInput(inputs, viewInput);
         aliasToViewInfo.put(alias, new ObjectPair<String, ReadEntity>(fullViewName, viewInput));
         viewAliasToInput.put(getAliasId(alias, qb), viewInput);
@@ -2303,8 +2315,11 @@ public class SemanticAnalyzer extends BaseSemanticAnalyzer {
       throw new SemanticException(sb.toString(), e);
     }
     QBExpr qbexpr = new QBExpr(alias);
-    doPhase1QBExpr(viewTree, qbexpr, qb.getId(), alias);
-    if (!this.skipAuthorization()
+    doPhase1QBExpr(viewTree, qbexpr, qb.getId(), alias, true);
+    // if skip authorization, skip checking;
+    // if it is inside a view, skip checking;
+    // if authorization flag is not enabled, skip checking.
+    if (!this.skipAuthorization() && !qb.isInsideView()
         && HiveConf.getBoolVar(conf, HiveConf.ConfVars.HIVE_AUTHORIZATION_ENABLED)) {
       qb.rewriteViewToSubq(alias, tab_name, qbexpr, tab);
     }
@@ -9630,6 +9645,9 @@ public class SemanticAnalyzer extends BaseSemanticAnalyzer {
       top = (TableScanOperator) putOpInsertMap(OperatorFactory.get(getOpContext(), tsDesc,
           new RowSchema(rwsch.getColumnInfos())), rwsch);
 
+      // Set insiderView so that we can skip the column authorization for this.
+      top.setInsideView(qb.isInsideView() || qb.getAliasInsideView().contains(alias.toLowerCase()));
+
       // Add this to the list of top operators - we always start from a table
       // scan
       topOps.put(alias_id, top);

http://git-wip-us.apache.org/repos/asf/hive/blob/ca165db8/ql/src/test/queries/clientnegative/authorization_view_5.q
----------------------------------------------------------------------
diff --git a/ql/src/test/queries/clientnegative/authorization_view_5.q b/ql/src/test/queries/clientnegative/authorization_view_5.q
new file mode 100644
index 0000000..3b042c3
--- /dev/null
+++ b/ql/src/test/queries/clientnegative/authorization_view_5.q
@@ -0,0 +1,16 @@
+set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider;
+
+create table src_autho_test as select * from src;
+
+create view v1 as select * from src_autho_test;
+
+create view v2 as select * from v1;
+
+set hive.security.authorization.enabled=true;
+
+--table not grant to user
+
+--grant select on table v2 to user hive_test_user;
+
+select * from v2 order by key limit 10;
+

http://git-wip-us.apache.org/repos/asf/hive/blob/ca165db8/ql/src/test/queries/clientnegative/authorization_view_6.q
----------------------------------------------------------------------
diff --git a/ql/src/test/queries/clientnegative/authorization_view_6.q b/ql/src/test/queries/clientnegative/authorization_view_6.q
new file mode 100644
index 0000000..38873a7
--- /dev/null
+++ b/ql/src/test/queries/clientnegative/authorization_view_6.q
@@ -0,0 +1,18 @@
+set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider;
+
+create table src_autho_test as select * from src;
+
+create view v1 as select * from src_autho_test;
+
+create view v2 as select * from v1;
+
+set hive.security.authorization.enabled=true;
+
+--table grant to user
+
+grant select on table v2 to user hive_test_user;
+
+--grant select(key) on table src_autho_test to user hive_test_user;
+
+select v2.key from v2 join (select key from src_autho_test)subq on v2.value=subq.key order by key limit 10;
+

http://git-wip-us.apache.org/repos/asf/hive/blob/ca165db8/ql/src/test/queries/clientnegative/authorization_view_7.q
----------------------------------------------------------------------
diff --git a/ql/src/test/queries/clientnegative/authorization_view_7.q b/ql/src/test/queries/clientnegative/authorization_view_7.q
new file mode 100644
index 0000000..3740bf9
--- /dev/null
+++ b/ql/src/test/queries/clientnegative/authorization_view_7.q
@@ -0,0 +1,18 @@
+set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider;
+
+create table src_autho_test as select * from src;
+
+create view v1 as select * from src;
+
+create view v2 as select * from v1;
+
+set hive.security.authorization.enabled=true;
+
+--table grant to user
+
+grant select on table v2 to user hive_test_user;
+
+--grant select(key) on table src_autho_test to user hive_test_user;
+
+select v2.key from v2 join (select key from src_autho_test)subq on v2.value=subq.key order by key limit 10;
+

http://git-wip-us.apache.org/repos/asf/hive/blob/ca165db8/ql/src/test/queries/clientnegative/authorization_view_disable_cbo_5.q
----------------------------------------------------------------------
diff --git a/ql/src/test/queries/clientnegative/authorization_view_disable_cbo_5.q b/ql/src/test/queries/clientnegative/authorization_view_disable_cbo_5.q
new file mode 100644
index 0000000..a0070c2
--- /dev/null
+++ b/ql/src/test/queries/clientnegative/authorization_view_disable_cbo_5.q
@@ -0,0 +1,17 @@
+set hive.cbo.enable=false;
+set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider;
+
+create table src_autho_test as select * from src;
+
+create view v1 as select * from src_autho_test;
+
+create view v2 as select * from v1;
+
+set hive.security.authorization.enabled=true;
+
+--table not grant to user
+
+--grant select on table v2 to user hive_test_user;
+
+select * from v2 order by key limit 10;
+

http://git-wip-us.apache.org/repos/asf/hive/blob/ca165db8/ql/src/test/queries/clientnegative/authorization_view_disable_cbo_6.q
----------------------------------------------------------------------
diff --git a/ql/src/test/queries/clientnegative/authorization_view_disable_cbo_6.q b/ql/src/test/queries/clientnegative/authorization_view_disable_cbo_6.q
new file mode 100644
index 0000000..bc0d547
--- /dev/null
+++ b/ql/src/test/queries/clientnegative/authorization_view_disable_cbo_6.q
@@ -0,0 +1,19 @@
+set hive.cbo.enable=false;
+set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider;
+
+create table src_autho_test as select * from src;
+
+create view v1 as select * from src_autho_test;
+
+create view v2 as select * from v1;
+
+set hive.security.authorization.enabled=true;
+
+--table grant to user
+
+grant select on table v2 to user hive_test_user;
+
+--grant select(key) on table src_autho_test to user hive_test_user;
+
+select v2.key from v2 join (select key from src_autho_test)subq on v2.value=subq.key order by key limit 10;
+

http://git-wip-us.apache.org/repos/asf/hive/blob/ca165db8/ql/src/test/queries/clientnegative/authorization_view_disable_cbo_7.q
----------------------------------------------------------------------
diff --git a/ql/src/test/queries/clientnegative/authorization_view_disable_cbo_7.q b/ql/src/test/queries/clientnegative/authorization_view_disable_cbo_7.q
new file mode 100644
index 0000000..51b453d
--- /dev/null
+++ b/ql/src/test/queries/clientnegative/authorization_view_disable_cbo_7.q
@@ -0,0 +1,19 @@
+set hive.cbo.enable=false;
+set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider;
+
+create table src_autho_test as select * from src;
+
+create view v1 as select * from src;
+
+create view v2 as select * from v1;
+
+set hive.security.authorization.enabled=true;
+
+--table grant to user
+
+grant select on table v2 to user hive_test_user;
+
+--grant select(key) on table src_autho_test to user hive_test_user;
+
+select v2.key from v2 join (select key from src_autho_test)subq on v2.value=subq.key order by key limit 10;
+

http://git-wip-us.apache.org/repos/asf/hive/blob/ca165db8/ql/src/test/queries/clientpositive/authorization_view_2.q
----------------------------------------------------------------------
diff --git a/ql/src/test/queries/clientpositive/authorization_view_2.q b/ql/src/test/queries/clientpositive/authorization_view_2.q
new file mode 100644
index 0000000..8e6138d
--- /dev/null
+++ b/ql/src/test/queries/clientpositive/authorization_view_2.q
@@ -0,0 +1,16 @@
+set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider;
+
+create table src_autho_test as select * from src;
+
+create view v1 as select * from src_autho_test;
+
+create view v2 as select * from v1;
+
+set hive.security.authorization.enabled=true;
+
+--table grant to user
+
+grant select on table v2 to user hive_test_user;
+
+select * from v2 order by key limit 10;
+

http://git-wip-us.apache.org/repos/asf/hive/blob/ca165db8/ql/src/test/queries/clientpositive/authorization_view_3.q
----------------------------------------------------------------------
diff --git a/ql/src/test/queries/clientpositive/authorization_view_3.q b/ql/src/test/queries/clientpositive/authorization_view_3.q
new file mode 100644
index 0000000..aaf971e
--- /dev/null
+++ b/ql/src/test/queries/clientpositive/authorization_view_3.q
@@ -0,0 +1,18 @@
+set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider;
+
+create table src_autho_test as select * from src;
+
+create view v1 as select * from src_autho_test;
+
+create view v2 as select * from v1;
+
+set hive.security.authorization.enabled=true;
+
+--table grant to user
+
+grant select on table v2 to user hive_test_user;
+
+grant select(key) on table src_autho_test to user hive_test_user;
+
+select v2.key from v2 join (select key from src_autho_test)subq on v2.value=subq.key order by key limit 10;
+

http://git-wip-us.apache.org/repos/asf/hive/blob/ca165db8/ql/src/test/queries/clientpositive/authorization_view_4.q
----------------------------------------------------------------------
diff --git a/ql/src/test/queries/clientpositive/authorization_view_4.q b/ql/src/test/queries/clientpositive/authorization_view_4.q
new file mode 100644
index 0000000..53ce350
--- /dev/null
+++ b/ql/src/test/queries/clientpositive/authorization_view_4.q
@@ -0,0 +1,18 @@
+set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider;
+
+create table src_autho_test as select * from src;
+
+create view v1 as select * from src;
+
+create view v2 as select * from v1;
+
+set hive.security.authorization.enabled=true;
+
+--table grant to user
+
+grant select on table v2 to user hive_test_user;
+
+grant select(key) on table src_autho_test to user hive_test_user;
+
+select v2.key from v2 join (select key from src_autho_test)subq on v2.value=subq.key order by key limit 10;
+

http://git-wip-us.apache.org/repos/asf/hive/blob/ca165db8/ql/src/test/queries/clientpositive/authorization_view_disable_cbo_2.q
----------------------------------------------------------------------
diff --git a/ql/src/test/queries/clientpositive/authorization_view_disable_cbo_2.q b/ql/src/test/queries/clientpositive/authorization_view_disable_cbo_2.q
new file mode 100644
index 0000000..03d4387
--- /dev/null
+++ b/ql/src/test/queries/clientpositive/authorization_view_disable_cbo_2.q
@@ -0,0 +1,17 @@
+set hive.cbo.enable=false;
+set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider;
+
+create table src_autho_test as select * from src;
+
+create view v1 as select * from src_autho_test;
+
+create view v2 as select * from v1;
+
+set hive.security.authorization.enabled=true;
+
+--table grant to user
+
+grant select on table v2 to user hive_test_user;
+
+select * from v2 order by key limit 10;
+

http://git-wip-us.apache.org/repos/asf/hive/blob/ca165db8/ql/src/test/queries/clientpositive/authorization_view_disable_cbo_3.q
----------------------------------------------------------------------
diff --git a/ql/src/test/queries/clientpositive/authorization_view_disable_cbo_3.q b/ql/src/test/queries/clientpositive/authorization_view_disable_cbo_3.q
new file mode 100644
index 0000000..44f9503
--- /dev/null
+++ b/ql/src/test/queries/clientpositive/authorization_view_disable_cbo_3.q
@@ -0,0 +1,19 @@
+set hive.cbo.enable=false;
+set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider;
+
+create table src_autho_test as select * from src;
+
+create view v1 as select * from src_autho_test;
+
+create view v2 as select * from v1;
+
+set hive.security.authorization.enabled=true;
+
+--table grant to user
+
+grant select on table v2 to user hive_test_user;
+
+grant select(key) on table src_autho_test to user hive_test_user;
+
+select v2.key from v2 join (select key from src_autho_test)subq on v2.value=subq.key order by key limit 10;
+

http://git-wip-us.apache.org/repos/asf/hive/blob/ca165db8/ql/src/test/queries/clientpositive/authorization_view_disable_cbo_4.q
----------------------------------------------------------------------
diff --git a/ql/src/test/queries/clientpositive/authorization_view_disable_cbo_4.q b/ql/src/test/queries/clientpositive/authorization_view_disable_cbo_4.q
new file mode 100644
index 0000000..40424c4
--- /dev/null
+++ b/ql/src/test/queries/clientpositive/authorization_view_disable_cbo_4.q
@@ -0,0 +1,19 @@
+set hive.cbo.enable=false;
+set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider;
+
+create table src_autho_test as select * from src;
+
+create view v1 as select * from src;
+
+create view v2 as select * from v1;
+
+set hive.security.authorization.enabled=true;
+
+--table grant to user
+
+grant select on table v2 to user hive_test_user;
+
+grant select(key) on table src_autho_test to user hive_test_user;
+
+select v2.key from v2 join (select key from src_autho_test)subq on v2.value=subq.key order by key limit 10;
+

http://git-wip-us.apache.org/repos/asf/hive/blob/ca165db8/ql/src/test/results/clientnegative/authorization_view_5.q.out
----------------------------------------------------------------------
diff --git a/ql/src/test/results/clientnegative/authorization_view_5.q.out b/ql/src/test/results/clientnegative/authorization_view_5.q.out
new file mode 100644
index 0000000..a185146
--- /dev/null
+++ b/ql/src/test/results/clientnegative/authorization_view_5.q.out
@@ -0,0 +1,35 @@
+PREHOOK: query: create table src_autho_test as select * from src
+PREHOOK: type: CREATETABLE_AS_SELECT
+PREHOOK: Input: default@src
+PREHOOK: Output: database:default
+PREHOOK: Output: default@src_autho_test
+POSTHOOK: query: create table src_autho_test as select * from src
+POSTHOOK: type: CREATETABLE_AS_SELECT
+POSTHOOK: Input: default@src
+POSTHOOK: Output: database:default
+POSTHOOK: Output: default@src_autho_test
+POSTHOOK: Lineage: src_autho_test.key SIMPLE [(src)src.FieldSchema(name:key, type:string, comment:default), ]
+POSTHOOK: Lineage: src_autho_test.value SIMPLE [(src)src.FieldSchema(name:value, type:string, comment:default), ]
+PREHOOK: query: create view v1 as select * from src_autho_test
+PREHOOK: type: CREATEVIEW
+PREHOOK: Input: default@src_autho_test
+PREHOOK: Output: database:default
+PREHOOK: Output: default@v1
+POSTHOOK: query: create view v1 as select * from src_autho_test
+POSTHOOK: type: CREATEVIEW
+POSTHOOK: Input: default@src_autho_test
+POSTHOOK: Output: database:default
+POSTHOOK: Output: default@v1
+PREHOOK: query: create view v2 as select * from v1
+PREHOOK: type: CREATEVIEW
+PREHOOK: Input: default@src_autho_test
+PREHOOK: Input: default@v1
+PREHOOK: Output: database:default
+PREHOOK: Output: default@v2
+POSTHOOK: query: create view v2 as select * from v1
+POSTHOOK: type: CREATEVIEW
+POSTHOOK: Input: default@src_autho_test
+POSTHOOK: Input: default@v1
+POSTHOOK: Output: database:default
+POSTHOOK: Output: default@v2
+Authorization failed:No privilege 'Select' found for inputs { database:default, table:v2, columnName:key}. Use SHOW GRANT to get more details.

http://git-wip-us.apache.org/repos/asf/hive/blob/ca165db8/ql/src/test/results/clientnegative/authorization_view_6.q.out
----------------------------------------------------------------------
diff --git a/ql/src/test/results/clientnegative/authorization_view_6.q.out b/ql/src/test/results/clientnegative/authorization_view_6.q.out
new file mode 100644
index 0000000..6584497
--- /dev/null
+++ b/ql/src/test/results/clientnegative/authorization_view_6.q.out
@@ -0,0 +1,45 @@
+PREHOOK: query: create table src_autho_test as select * from src
+PREHOOK: type: CREATETABLE_AS_SELECT
+PREHOOK: Input: default@src
+PREHOOK: Output: database:default
+PREHOOK: Output: default@src_autho_test
+POSTHOOK: query: create table src_autho_test as select * from src
+POSTHOOK: type: CREATETABLE_AS_SELECT
+POSTHOOK: Input: default@src
+POSTHOOK: Output: database:default
+POSTHOOK: Output: default@src_autho_test
+POSTHOOK: Lineage: src_autho_test.key SIMPLE [(src)src.FieldSchema(name:key, type:string, comment:default), ]
+POSTHOOK: Lineage: src_autho_test.value SIMPLE [(src)src.FieldSchema(name:value, type:string, comment:default), ]
+PREHOOK: query: create view v1 as select * from src_autho_test
+PREHOOK: type: CREATEVIEW
+PREHOOK: Input: default@src_autho_test
+PREHOOK: Output: database:default
+PREHOOK: Output: default@v1
+POSTHOOK: query: create view v1 as select * from src_autho_test
+POSTHOOK: type: CREATEVIEW
+POSTHOOK: Input: default@src_autho_test
+POSTHOOK: Output: database:default
+POSTHOOK: Output: default@v1
+PREHOOK: query: create view v2 as select * from v1
+PREHOOK: type: CREATEVIEW
+PREHOOK: Input: default@src_autho_test
+PREHOOK: Input: default@v1
+PREHOOK: Output: database:default
+PREHOOK: Output: default@v2
+POSTHOOK: query: create view v2 as select * from v1
+POSTHOOK: type: CREATEVIEW
+POSTHOOK: Input: default@src_autho_test
+POSTHOOK: Input: default@v1
+POSTHOOK: Output: database:default
+POSTHOOK: Output: default@v2
+PREHOOK: query: --table grant to user
+
+grant select on table v2 to user hive_test_user
+PREHOOK: type: GRANT_PRIVILEGE
+PREHOOK: Output: default@v2
+POSTHOOK: query: --table grant to user
+
+grant select on table v2 to user hive_test_user
+POSTHOOK: type: GRANT_PRIVILEGE
+POSTHOOK: Output: default@v2
+Authorization failed:No privilege 'Select' found for inputs { database:default, table:src_autho_test, columnName:key}. Use SHOW GRANT to get more details.

http://git-wip-us.apache.org/repos/asf/hive/blob/ca165db8/ql/src/test/results/clientnegative/authorization_view_7.q.out
----------------------------------------------------------------------
diff --git a/ql/src/test/results/clientnegative/authorization_view_7.q.out b/ql/src/test/results/clientnegative/authorization_view_7.q.out
new file mode 100644
index 0000000..e7c93f7
--- /dev/null
+++ b/ql/src/test/results/clientnegative/authorization_view_7.q.out
@@ -0,0 +1,45 @@
+PREHOOK: query: create table src_autho_test as select * from src
+PREHOOK: type: CREATETABLE_AS_SELECT
+PREHOOK: Input: default@src
+PREHOOK: Output: database:default
+PREHOOK: Output: default@src_autho_test
+POSTHOOK: query: create table src_autho_test as select * from src
+POSTHOOK: type: CREATETABLE_AS_SELECT
+POSTHOOK: Input: default@src
+POSTHOOK: Output: database:default
+POSTHOOK: Output: default@src_autho_test
+POSTHOOK: Lineage: src_autho_test.key SIMPLE [(src)src.FieldSchema(name:key, type:string, comment:default), ]
+POSTHOOK: Lineage: src_autho_test.value SIMPLE [(src)src.FieldSchema(name:value, type:string, comment:default), ]
+PREHOOK: query: create view v1 as select * from src
+PREHOOK: type: CREATEVIEW
+PREHOOK: Input: default@src
+PREHOOK: Output: database:default
+PREHOOK: Output: default@v1
+POSTHOOK: query: create view v1 as select * from src
+POSTHOOK: type: CREATEVIEW
+POSTHOOK: Input: default@src
+POSTHOOK: Output: database:default
+POSTHOOK: Output: default@v1
+PREHOOK: query: create view v2 as select * from v1
+PREHOOK: type: CREATEVIEW
+PREHOOK: Input: default@src
+PREHOOK: Input: default@v1
+PREHOOK: Output: database:default
+PREHOOK: Output: default@v2
+POSTHOOK: query: create view v2 as select * from v1
+POSTHOOK: type: CREATEVIEW
+POSTHOOK: Input: default@src
+POSTHOOK: Input: default@v1
+POSTHOOK: Output: database:default
+POSTHOOK: Output: default@v2
+PREHOOK: query: --table grant to user
+
+grant select on table v2 to user hive_test_user
+PREHOOK: type: GRANT_PRIVILEGE
+PREHOOK: Output: default@v2
+POSTHOOK: query: --table grant to user
+
+grant select on table v2 to user hive_test_user
+POSTHOOK: type: GRANT_PRIVILEGE
+POSTHOOK: Output: default@v2
+Authorization failed:No privilege 'Select' found for inputs { database:default, table:src_autho_test, columnName:key}. Use SHOW GRANT to get more details.

http://git-wip-us.apache.org/repos/asf/hive/blob/ca165db8/ql/src/test/results/clientnegative/authorization_view_disable_cbo_5.q.out
----------------------------------------------------------------------
diff --git a/ql/src/test/results/clientnegative/authorization_view_disable_cbo_5.q.out b/ql/src/test/results/clientnegative/authorization_view_disable_cbo_5.q.out
new file mode 100644
index 0000000..a185146
--- /dev/null
+++ b/ql/src/test/results/clientnegative/authorization_view_disable_cbo_5.q.out
@@ -0,0 +1,35 @@
+PREHOOK: query: create table src_autho_test as select * from src
+PREHOOK: type: CREATETABLE_AS_SELECT
+PREHOOK: Input: default@src
+PREHOOK: Output: database:default
+PREHOOK: Output: default@src_autho_test
+POSTHOOK: query: create table src_autho_test as select * from src
+POSTHOOK: type: CREATETABLE_AS_SELECT
+POSTHOOK: Input: default@src
+POSTHOOK: Output: database:default
+POSTHOOK: Output: default@src_autho_test
+POSTHOOK: Lineage: src_autho_test.key SIMPLE [(src)src.FieldSchema(name:key, type:string, comment:default), ]
+POSTHOOK: Lineage: src_autho_test.value SIMPLE [(src)src.FieldSchema(name:value, type:string, comment:default), ]
+PREHOOK: query: create view v1 as select * from src_autho_test
+PREHOOK: type: CREATEVIEW
+PREHOOK: Input: default@src_autho_test
+PREHOOK: Output: database:default
+PREHOOK: Output: default@v1
+POSTHOOK: query: create view v1 as select * from src_autho_test
+POSTHOOK: type: CREATEVIEW
+POSTHOOK: Input: default@src_autho_test
+POSTHOOK: Output: database:default
+POSTHOOK: Output: default@v1
+PREHOOK: query: create view v2 as select * from v1
+PREHOOK: type: CREATEVIEW
+PREHOOK: Input: default@src_autho_test
+PREHOOK: Input: default@v1
+PREHOOK: Output: database:default
+PREHOOK: Output: default@v2
+POSTHOOK: query: create view v2 as select * from v1
+POSTHOOK: type: CREATEVIEW
+POSTHOOK: Input: default@src_autho_test
+POSTHOOK: Input: default@v1
+POSTHOOK: Output: database:default
+POSTHOOK: Output: default@v2
+Authorization failed:No privilege 'Select' found for inputs { database:default, table:v2, columnName:key}. Use SHOW GRANT to get more details.

http://git-wip-us.apache.org/repos/asf/hive/blob/ca165db8/ql/src/test/results/clientnegative/authorization_view_disable_cbo_6.q.out
----------------------------------------------------------------------
diff --git a/ql/src/test/results/clientnegative/authorization_view_disable_cbo_6.q.out b/ql/src/test/results/clientnegative/authorization_view_disable_cbo_6.q.out
new file mode 100644
index 0000000..6584497
--- /dev/null
+++ b/ql/src/test/results/clientnegative/authorization_view_disable_cbo_6.q.out
@@ -0,0 +1,45 @@
+PREHOOK: query: create table src_autho_test as select * from src
+PREHOOK: type: CREATETABLE_AS_SELECT
+PREHOOK: Input: default@src
+PREHOOK: Output: database:default
+PREHOOK: Output: default@src_autho_test
+POSTHOOK: query: create table src_autho_test as select * from src
+POSTHOOK: type: CREATETABLE_AS_SELECT
+POSTHOOK: Input: default@src
+POSTHOOK: Output: database:default
+POSTHOOK: Output: default@src_autho_test
+POSTHOOK: Lineage: src_autho_test.key SIMPLE [(src)src.FieldSchema(name:key, type:string, comment:default), ]
+POSTHOOK: Lineage: src_autho_test.value SIMPLE [(src)src.FieldSchema(name:value, type:string, comment:default), ]
+PREHOOK: query: create view v1 as select * from src_autho_test
+PREHOOK: type: CREATEVIEW
+PREHOOK: Input: default@src_autho_test
+PREHOOK: Output: database:default
+PREHOOK: Output: default@v1
+POSTHOOK: query: create view v1 as select * from src_autho_test
+POSTHOOK: type: CREATEVIEW
+POSTHOOK: Input: default@src_autho_test
+POSTHOOK: Output: database:default
+POSTHOOK: Output: default@v1
+PREHOOK: query: create view v2 as select * from v1
+PREHOOK: type: CREATEVIEW
+PREHOOK: Input: default@src_autho_test
+PREHOOK: Input: default@v1
+PREHOOK: Output: database:default
+PREHOOK: Output: default@v2
+POSTHOOK: query: create view v2 as select * from v1
+POSTHOOK: type: CREATEVIEW
+POSTHOOK: Input: default@src_autho_test
+POSTHOOK: Input: default@v1
+POSTHOOK: Output: database:default
+POSTHOOK: Output: default@v2
+PREHOOK: query: --table grant to user
+
+grant select on table v2 to user hive_test_user
+PREHOOK: type: GRANT_PRIVILEGE
+PREHOOK: Output: default@v2
+POSTHOOK: query: --table grant to user
+
+grant select on table v2 to user hive_test_user
+POSTHOOK: type: GRANT_PRIVILEGE
+POSTHOOK: Output: default@v2
+Authorization failed:No privilege 'Select' found for inputs { database:default, table:src_autho_test, columnName:key}. Use SHOW GRANT to get more details.

http://git-wip-us.apache.org/repos/asf/hive/blob/ca165db8/ql/src/test/results/clientnegative/authorization_view_disable_cbo_7.q.out
----------------------------------------------------------------------
diff --git a/ql/src/test/results/clientnegative/authorization_view_disable_cbo_7.q.out b/ql/src/test/results/clientnegative/authorization_view_disable_cbo_7.q.out
new file mode 100644
index 0000000..e7c93f7
--- /dev/null
+++ b/ql/src/test/results/clientnegative/authorization_view_disable_cbo_7.q.out
@@ -0,0 +1,45 @@
+PREHOOK: query: create table src_autho_test as select * from src
+PREHOOK: type: CREATETABLE_AS_SELECT
+PREHOOK: Input: default@src
+PREHOOK: Output: database:default
+PREHOOK: Output: default@src_autho_test
+POSTHOOK: query: create table src_autho_test as select * from src
+POSTHOOK: type: CREATETABLE_AS_SELECT
+POSTHOOK: Input: default@src
+POSTHOOK: Output: database:default
+POSTHOOK: Output: default@src_autho_test
+POSTHOOK: Lineage: src_autho_test.key SIMPLE [(src)src.FieldSchema(name:key, type:string, comment:default), ]
+POSTHOOK: Lineage: src_autho_test.value SIMPLE [(src)src.FieldSchema(name:value, type:string, comment:default), ]
+PREHOOK: query: create view v1 as select * from src
+PREHOOK: type: CREATEVIEW
+PREHOOK: Input: default@src
+PREHOOK: Output: database:default
+PREHOOK: Output: default@v1
+POSTHOOK: query: create view v1 as select * from src
+POSTHOOK: type: CREATEVIEW
+POSTHOOK: Input: default@src
+POSTHOOK: Output: database:default
+POSTHOOK: Output: default@v1
+PREHOOK: query: create view v2 as select * from v1
+PREHOOK: type: CREATEVIEW
+PREHOOK: Input: default@src
+PREHOOK: Input: default@v1
+PREHOOK: Output: database:default
+PREHOOK: Output: default@v2
+POSTHOOK: query: create view v2 as select * from v1
+POSTHOOK: type: CREATEVIEW
+POSTHOOK: Input: default@src
+POSTHOOK: Input: default@v1
+POSTHOOK: Output: database:default
+POSTHOOK: Output: default@v2
+PREHOOK: query: --table grant to user
+
+grant select on table v2 to user hive_test_user
+PREHOOK: type: GRANT_PRIVILEGE
+PREHOOK: Output: default@v2
+POSTHOOK: query: --table grant to user
+
+grant select on table v2 to user hive_test_user
+POSTHOOK: type: GRANT_PRIVILEGE
+POSTHOOK: Output: default@v2
+Authorization failed:No privilege 'Select' found for inputs { database:default, table:src_autho_test, columnName:key}. Use SHOW GRANT to get more details.

http://git-wip-us.apache.org/repos/asf/hive/blob/ca165db8/ql/src/test/results/clientpositive/authorization_view_2.q.out
----------------------------------------------------------------------
diff --git a/ql/src/test/results/clientpositive/authorization_view_2.q.out b/ql/src/test/results/clientpositive/authorization_view_2.q.out
new file mode 100644
index 0000000..0b61663
--- /dev/null
+++ b/ql/src/test/results/clientpositive/authorization_view_2.q.out
@@ -0,0 +1,66 @@
+PREHOOK: query: create table src_autho_test as select * from src
+PREHOOK: type: CREATETABLE_AS_SELECT
+PREHOOK: Input: default@src
+PREHOOK: Output: database:default
+PREHOOK: Output: default@src_autho_test
+POSTHOOK: query: create table src_autho_test as select * from src
+POSTHOOK: type: CREATETABLE_AS_SELECT
+POSTHOOK: Input: default@src
+POSTHOOK: Output: database:default
+POSTHOOK: Output: default@src_autho_test
+POSTHOOK: Lineage: src_autho_test.key SIMPLE [(src)src.FieldSchema(name:key, type:string, comment:default), ]
+POSTHOOK: Lineage: src_autho_test.value SIMPLE [(src)src.FieldSchema(name:value, type:string, comment:default), ]
+PREHOOK: query: create view v1 as select * from src_autho_test
+PREHOOK: type: CREATEVIEW
+PREHOOK: Input: default@src_autho_test
+PREHOOK: Output: database:default
+PREHOOK: Output: default@v1
+POSTHOOK: query: create view v1 as select * from src_autho_test
+POSTHOOK: type: CREATEVIEW
+POSTHOOK: Input: default@src_autho_test
+POSTHOOK: Output: database:default
+POSTHOOK: Output: default@v1
+PREHOOK: query: create view v2 as select * from v1
+PREHOOK: type: CREATEVIEW
+PREHOOK: Input: default@src_autho_test
+PREHOOK: Input: default@v1
+PREHOOK: Output: database:default
+PREHOOK: Output: default@v2
+POSTHOOK: query: create view v2 as select * from v1
+POSTHOOK: type: CREATEVIEW
+POSTHOOK: Input: default@src_autho_test
+POSTHOOK: Input: default@v1
+POSTHOOK: Output: database:default
+POSTHOOK: Output: default@v2
+PREHOOK: query: --table grant to user
+
+grant select on table v2 to user hive_test_user
+PREHOOK: type: GRANT_PRIVILEGE
+PREHOOK: Output: default@v2
+POSTHOOK: query: --table grant to user
+
+grant select on table v2 to user hive_test_user
+POSTHOOK: type: GRANT_PRIVILEGE
+POSTHOOK: Output: default@v2
+PREHOOK: query: select * from v2 order by key limit 10
+PREHOOK: type: QUERY
+PREHOOK: Input: default@src_autho_test
+PREHOOK: Input: default@v1
+PREHOOK: Input: default@v2
+#### A masked pattern was here ####
+POSTHOOK: query: select * from v2 order by key limit 10
+POSTHOOK: type: QUERY
+POSTHOOK: Input: default@src_autho_test
+POSTHOOK: Input: default@v1
+POSTHOOK: Input: default@v2
+#### A masked pattern was here ####
+0	val_0
+0	val_0
+0	val_0
+10	val_10
+100	val_100
+100	val_100
+103	val_103
+103	val_103
+104	val_104
+104	val_104

http://git-wip-us.apache.org/repos/asf/hive/blob/ca165db8/ql/src/test/results/clientpositive/authorization_view_3.q.out
----------------------------------------------------------------------
diff --git a/ql/src/test/results/clientpositive/authorization_view_3.q.out b/ql/src/test/results/clientpositive/authorization_view_3.q.out
new file mode 100644
index 0000000..cbc40b5
--- /dev/null
+++ b/ql/src/test/results/clientpositive/authorization_view_3.q.out
@@ -0,0 +1,62 @@
+PREHOOK: query: create table src_autho_test as select * from src
+PREHOOK: type: CREATETABLE_AS_SELECT
+PREHOOK: Input: default@src
+PREHOOK: Output: database:default
+PREHOOK: Output: default@src_autho_test
+POSTHOOK: query: create table src_autho_test as select * from src
+POSTHOOK: type: CREATETABLE_AS_SELECT
+POSTHOOK: Input: default@src
+POSTHOOK: Output: database:default
+POSTHOOK: Output: default@src_autho_test
+POSTHOOK: Lineage: src_autho_test.key SIMPLE [(src)src.FieldSchema(name:key, type:string, comment:default), ]
+POSTHOOK: Lineage: src_autho_test.value SIMPLE [(src)src.FieldSchema(name:value, type:string, comment:default), ]
+PREHOOK: query: create view v1 as select * from src_autho_test
+PREHOOK: type: CREATEVIEW
+PREHOOK: Input: default@src_autho_test
+PREHOOK: Output: database:default
+PREHOOK: Output: default@v1
+POSTHOOK: query: create view v1 as select * from src_autho_test
+POSTHOOK: type: CREATEVIEW
+POSTHOOK: Input: default@src_autho_test
+POSTHOOK: Output: database:default
+POSTHOOK: Output: default@v1
+PREHOOK: query: create view v2 as select * from v1
+PREHOOK: type: CREATEVIEW
+PREHOOK: Input: default@src_autho_test
+PREHOOK: Input: default@v1
+PREHOOK: Output: database:default
+PREHOOK: Output: default@v2
+POSTHOOK: query: create view v2 as select * from v1
+POSTHOOK: type: CREATEVIEW
+POSTHOOK: Input: default@src_autho_test
+POSTHOOK: Input: default@v1
+POSTHOOK: Output: database:default
+POSTHOOK: Output: default@v2
+PREHOOK: query: --table grant to user
+
+grant select on table v2 to user hive_test_user
+PREHOOK: type: GRANT_PRIVILEGE
+PREHOOK: Output: default@v2
+POSTHOOK: query: --table grant to user
+
+grant select on table v2 to user hive_test_user
+POSTHOOK: type: GRANT_PRIVILEGE
+POSTHOOK: Output: default@v2
+PREHOOK: query: grant select(key) on table src_autho_test to user hive_test_user
+PREHOOK: type: GRANT_PRIVILEGE
+PREHOOK: Output: default@src_autho_test
+POSTHOOK: query: grant select(key) on table src_autho_test to user hive_test_user
+POSTHOOK: type: GRANT_PRIVILEGE
+POSTHOOK: Output: default@src_autho_test
+PREHOOK: query: select v2.key from v2 join (select key from src_autho_test)subq on v2.value=subq.key order by key limit 10
+PREHOOK: type: QUERY
+PREHOOK: Input: default@src_autho_test
+PREHOOK: Input: default@v1
+PREHOOK: Input: default@v2
+#### A masked pattern was here ####
+POSTHOOK: query: select v2.key from v2 join (select key from src_autho_test)subq on v2.value=subq.key order by key limit 10
+POSTHOOK: type: QUERY
+POSTHOOK: Input: default@src_autho_test
+POSTHOOK: Input: default@v1
+POSTHOOK: Input: default@v2
+#### A masked pattern was here ####

http://git-wip-us.apache.org/repos/asf/hive/blob/ca165db8/ql/src/test/results/clientpositive/authorization_view_4.q.out
----------------------------------------------------------------------
diff --git a/ql/src/test/results/clientpositive/authorization_view_4.q.out b/ql/src/test/results/clientpositive/authorization_view_4.q.out
new file mode 100644
index 0000000..f859923
--- /dev/null
+++ b/ql/src/test/results/clientpositive/authorization_view_4.q.out
@@ -0,0 +1,64 @@
+PREHOOK: query: create table src_autho_test as select * from src
+PREHOOK: type: CREATETABLE_AS_SELECT
+PREHOOK: Input: default@src
+PREHOOK: Output: database:default
+PREHOOK: Output: default@src_autho_test
+POSTHOOK: query: create table src_autho_test as select * from src
+POSTHOOK: type: CREATETABLE_AS_SELECT
+POSTHOOK: Input: default@src
+POSTHOOK: Output: database:default
+POSTHOOK: Output: default@src_autho_test
+POSTHOOK: Lineage: src_autho_test.key SIMPLE [(src)src.FieldSchema(name:key, type:string, comment:default), ]
+POSTHOOK: Lineage: src_autho_test.value SIMPLE [(src)src.FieldSchema(name:value, type:string, comment:default), ]
+PREHOOK: query: create view v1 as select * from src
+PREHOOK: type: CREATEVIEW
+PREHOOK: Input: default@src
+PREHOOK: Output: database:default
+PREHOOK: Output: default@v1
+POSTHOOK: query: create view v1 as select * from src
+POSTHOOK: type: CREATEVIEW
+POSTHOOK: Input: default@src
+POSTHOOK: Output: database:default
+POSTHOOK: Output: default@v1
+PREHOOK: query: create view v2 as select * from v1
+PREHOOK: type: CREATEVIEW
+PREHOOK: Input: default@src
+PREHOOK: Input: default@v1
+PREHOOK: Output: database:default
+PREHOOK: Output: default@v2
+POSTHOOK: query: create view v2 as select * from v1
+POSTHOOK: type: CREATEVIEW
+POSTHOOK: Input: default@src
+POSTHOOK: Input: default@v1
+POSTHOOK: Output: database:default
+POSTHOOK: Output: default@v2
+PREHOOK: query: --table grant to user
+
+grant select on table v2 to user hive_test_user
+PREHOOK: type: GRANT_PRIVILEGE
+PREHOOK: Output: default@v2
+POSTHOOK: query: --table grant to user
+
+grant select on table v2 to user hive_test_user
+POSTHOOK: type: GRANT_PRIVILEGE
+POSTHOOK: Output: default@v2
+PREHOOK: query: grant select(key) on table src_autho_test to user hive_test_user
+PREHOOK: type: GRANT_PRIVILEGE
+PREHOOK: Output: default@src_autho_test
+POSTHOOK: query: grant select(key) on table src_autho_test to user hive_test_user
+POSTHOOK: type: GRANT_PRIVILEGE
+POSTHOOK: Output: default@src_autho_test
+PREHOOK: query: select v2.key from v2 join (select key from src_autho_test)subq on v2.value=subq.key order by key limit 10
+PREHOOK: type: QUERY
+PREHOOK: Input: default@src
+PREHOOK: Input: default@src_autho_test
+PREHOOK: Input: default@v1
+PREHOOK: Input: default@v2
+#### A masked pattern was here ####
+POSTHOOK: query: select v2.key from v2 join (select key from src_autho_test)subq on v2.value=subq.key order by key limit 10
+POSTHOOK: type: QUERY
+POSTHOOK: Input: default@src
+POSTHOOK: Input: default@src_autho_test
+POSTHOOK: Input: default@v1
+POSTHOOK: Input: default@v2
+#### A masked pattern was here ####

http://git-wip-us.apache.org/repos/asf/hive/blob/ca165db8/ql/src/test/results/clientpositive/authorization_view_disable_cbo_2.q.out
----------------------------------------------------------------------
diff --git a/ql/src/test/results/clientpositive/authorization_view_disable_cbo_2.q.out b/ql/src/test/results/clientpositive/authorization_view_disable_cbo_2.q.out
new file mode 100644
index 0000000..0b61663
--- /dev/null
+++ b/ql/src/test/results/clientpositive/authorization_view_disable_cbo_2.q.out
@@ -0,0 +1,66 @@
+PREHOOK: query: create table src_autho_test as select * from src
+PREHOOK: type: CREATETABLE_AS_SELECT
+PREHOOK: Input: default@src
+PREHOOK: Output: database:default
+PREHOOK: Output: default@src_autho_test
+POSTHOOK: query: create table src_autho_test as select * from src
+POSTHOOK: type: CREATETABLE_AS_SELECT
+POSTHOOK: Input: default@src
+POSTHOOK: Output: database:default
+POSTHOOK: Output: default@src_autho_test
+POSTHOOK: Lineage: src_autho_test.key SIMPLE [(src)src.FieldSchema(name:key, type:string, comment:default), ]
+POSTHOOK: Lineage: src_autho_test.value SIMPLE [(src)src.FieldSchema(name:value, type:string, comment:default), ]
+PREHOOK: query: create view v1 as select * from src_autho_test
+PREHOOK: type: CREATEVIEW
+PREHOOK: Input: default@src_autho_test
+PREHOOK: Output: database:default
+PREHOOK: Output: default@v1
+POSTHOOK: query: create view v1 as select * from src_autho_test
+POSTHOOK: type: CREATEVIEW
+POSTHOOK: Input: default@src_autho_test
+POSTHOOK: Output: database:default
+POSTHOOK: Output: default@v1
+PREHOOK: query: create view v2 as select * from v1
+PREHOOK: type: CREATEVIEW
+PREHOOK: Input: default@src_autho_test
+PREHOOK: Input: default@v1
+PREHOOK: Output: database:default
+PREHOOK: Output: default@v2
+POSTHOOK: query: create view v2 as select * from v1
+POSTHOOK: type: CREATEVIEW
+POSTHOOK: Input: default@src_autho_test
+POSTHOOK: Input: default@v1
+POSTHOOK: Output: database:default
+POSTHOOK: Output: default@v2
+PREHOOK: query: --table grant to user
+
+grant select on table v2 to user hive_test_user
+PREHOOK: type: GRANT_PRIVILEGE
+PREHOOK: Output: default@v2
+POSTHOOK: query: --table grant to user
+
+grant select on table v2 to user hive_test_user
+POSTHOOK: type: GRANT_PRIVILEGE
+POSTHOOK: Output: default@v2
+PREHOOK: query: select * from v2 order by key limit 10
+PREHOOK: type: QUERY
+PREHOOK: Input: default@src_autho_test
+PREHOOK: Input: default@v1
+PREHOOK: Input: default@v2
+#### A masked pattern was here ####
+POSTHOOK: query: select * from v2 order by key limit 10
+POSTHOOK: type: QUERY
+POSTHOOK: Input: default@src_autho_test
+POSTHOOK: Input: default@v1
+POSTHOOK: Input: default@v2
+#### A masked pattern was here ####
+0	val_0
+0	val_0
+0	val_0
+10	val_10
+100	val_100
+100	val_100
+103	val_103
+103	val_103
+104	val_104
+104	val_104

http://git-wip-us.apache.org/repos/asf/hive/blob/ca165db8/ql/src/test/results/clientpositive/authorization_view_disable_cbo_3.q.out
----------------------------------------------------------------------
diff --git a/ql/src/test/results/clientpositive/authorization_view_disable_cbo_3.q.out b/ql/src/test/results/clientpositive/authorization_view_disable_cbo_3.q.out
new file mode 100644
index 0000000..cbc40b5
--- /dev/null
+++ b/ql/src/test/results/clientpositive/authorization_view_disable_cbo_3.q.out
@@ -0,0 +1,62 @@
+PREHOOK: query: create table src_autho_test as select * from src
+PREHOOK: type: CREATETABLE_AS_SELECT
+PREHOOK: Input: default@src
+PREHOOK: Output: database:default
+PREHOOK: Output: default@src_autho_test
+POSTHOOK: query: create table src_autho_test as select * from src
+POSTHOOK: type: CREATETABLE_AS_SELECT
+POSTHOOK: Input: default@src
+POSTHOOK: Output: database:default
+POSTHOOK: Output: default@src_autho_test
+POSTHOOK: Lineage: src_autho_test.key SIMPLE [(src)src.FieldSchema(name:key, type:string, comment:default), ]
+POSTHOOK: Lineage: src_autho_test.value SIMPLE [(src)src.FieldSchema(name:value, type:string, comment:default), ]
+PREHOOK: query: create view v1 as select * from src_autho_test
+PREHOOK: type: CREATEVIEW
+PREHOOK: Input: default@src_autho_test
+PREHOOK: Output: database:default
+PREHOOK: Output: default@v1
+POSTHOOK: query: create view v1 as select * from src_autho_test
+POSTHOOK: type: CREATEVIEW
+POSTHOOK: Input: default@src_autho_test
+POSTHOOK: Output: database:default
+POSTHOOK: Output: default@v1
+PREHOOK: query: create view v2 as select * from v1
+PREHOOK: type: CREATEVIEW
+PREHOOK: Input: default@src_autho_test
+PREHOOK: Input: default@v1
+PREHOOK: Output: database:default
+PREHOOK: Output: default@v2
+POSTHOOK: query: create view v2 as select * from v1
+POSTHOOK: type: CREATEVIEW
+POSTHOOK: Input: default@src_autho_test
+POSTHOOK: Input: default@v1
+POSTHOOK: Output: database:default
+POSTHOOK: Output: default@v2
+PREHOOK: query: --table grant to user
+
+grant select on table v2 to user hive_test_user
+PREHOOK: type: GRANT_PRIVILEGE
+PREHOOK: Output: default@v2
+POSTHOOK: query: --table grant to user
+
+grant select on table v2 to user hive_test_user
+POSTHOOK: type: GRANT_PRIVILEGE
+POSTHOOK: Output: default@v2
+PREHOOK: query: grant select(key) on table src_autho_test to user hive_test_user
+PREHOOK: type: GRANT_PRIVILEGE
+PREHOOK: Output: default@src_autho_test
+POSTHOOK: query: grant select(key) on table src_autho_test to user hive_test_user
+POSTHOOK: type: GRANT_PRIVILEGE
+POSTHOOK: Output: default@src_autho_test
+PREHOOK: query: select v2.key from v2 join (select key from src_autho_test)subq on v2.value=subq.key order by key limit 10
+PREHOOK: type: QUERY
+PREHOOK: Input: default@src_autho_test
+PREHOOK: Input: default@v1
+PREHOOK: Input: default@v2
+#### A masked pattern was here ####
+POSTHOOK: query: select v2.key from v2 join (select key from src_autho_test)subq on v2.value=subq.key order by key limit 10
+POSTHOOK: type: QUERY
+POSTHOOK: Input: default@src_autho_test
+POSTHOOK: Input: default@v1
+POSTHOOK: Input: default@v2
+#### A masked pattern was here ####

http://git-wip-us.apache.org/repos/asf/hive/blob/ca165db8/ql/src/test/results/clientpositive/authorization_view_disable_cbo_4.q.out
----------------------------------------------------------------------
diff --git a/ql/src/test/results/clientpositive/authorization_view_disable_cbo_4.q.out b/ql/src/test/results/clientpositive/authorization_view_disable_cbo_4.q.out
new file mode 100644
index 0000000..f859923
--- /dev/null
+++ b/ql/src/test/results/clientpositive/authorization_view_disable_cbo_4.q.out
@@ -0,0 +1,64 @@
+PREHOOK: query: create table src_autho_test as select * from src
+PREHOOK: type: CREATETABLE_AS_SELECT
+PREHOOK: Input: default@src
+PREHOOK: Output: database:default
+PREHOOK: Output: default@src_autho_test
+POSTHOOK: query: create table src_autho_test as select * from src
+POSTHOOK: type: CREATETABLE_AS_SELECT
+POSTHOOK: Input: default@src
+POSTHOOK: Output: database:default
+POSTHOOK: Output: default@src_autho_test
+POSTHOOK: Lineage: src_autho_test.key SIMPLE [(src)src.FieldSchema(name:key, type:string, comment:default), ]
+POSTHOOK: Lineage: src_autho_test.value SIMPLE [(src)src.FieldSchema(name:value, type:string, comment:default), ]
+PREHOOK: query: create view v1 as select * from src
+PREHOOK: type: CREATEVIEW
+PREHOOK: Input: default@src
+PREHOOK: Output: database:default
+PREHOOK: Output: default@v1
+POSTHOOK: query: create view v1 as select * from src
+POSTHOOK: type: CREATEVIEW
+POSTHOOK: Input: default@src
+POSTHOOK: Output: database:default
+POSTHOOK: Output: default@v1
+PREHOOK: query: create view v2 as select * from v1
+PREHOOK: type: CREATEVIEW
+PREHOOK: Input: default@src
+PREHOOK: Input: default@v1
+PREHOOK: Output: database:default
+PREHOOK: Output: default@v2
+POSTHOOK: query: create view v2 as select * from v1
+POSTHOOK: type: CREATEVIEW
+POSTHOOK: Input: default@src
+POSTHOOK: Input: default@v1
+POSTHOOK: Output: database:default
+POSTHOOK: Output: default@v2
+PREHOOK: query: --table grant to user
+
+grant select on table v2 to user hive_test_user
+PREHOOK: type: GRANT_PRIVILEGE
+PREHOOK: Output: default@v2
+POSTHOOK: query: --table grant to user
+
+grant select on table v2 to user hive_test_user
+POSTHOOK: type: GRANT_PRIVILEGE
+POSTHOOK: Output: default@v2
+PREHOOK: query: grant select(key) on table src_autho_test to user hive_test_user
+PREHOOK: type: GRANT_PRIVILEGE
+PREHOOK: Output: default@src_autho_test
+POSTHOOK: query: grant select(key) on table src_autho_test to user hive_test_user
+POSTHOOK: type: GRANT_PRIVILEGE
+POSTHOOK: Output: default@src_autho_test
+PREHOOK: query: select v2.key from v2 join (select key from src_autho_test)subq on v2.value=subq.key order by key limit 10
+PREHOOK: type: QUERY
+PREHOOK: Input: default@src
+PREHOOK: Input: default@src_autho_test
+PREHOOK: Input: default@v1
+PREHOOK: Input: default@v2
+#### A masked pattern was here ####
+POSTHOOK: query: select v2.key from v2 join (select key from src_autho_test)subq on v2.value=subq.key order by key limit 10
+POSTHOOK: type: QUERY
+POSTHOOK: Input: default@src
+POSTHOOK: Input: default@src_autho_test
+POSTHOOK: Input: default@v1
+POSTHOOK: Input: default@v2
+#### A masked pattern was here ####

http://git-wip-us.apache.org/repos/asf/hive/blob/ca165db8/ql/src/test/results/clientpositive/subquery_views.q.out
----------------------------------------------------------------------
diff --git a/ql/src/test/results/clientpositive/subquery_views.q.out b/ql/src/test/results/clientpositive/subquery_views.q.out
index 6ab2ad0..fab919d 100644
--- a/ql/src/test/results/clientpositive/subquery_views.q.out
+++ b/ql/src/test/results/clientpositive/subquery_views.q.out
@@ -136,7 +136,7 @@ STAGE PLANS:
     Map Reduce
       Map Operator Tree:
           TableScan
-            alias: b
+            alias: a
             Statistics: Num rows: 500 Data size: 5312 Basic stats: COMPLETE Column stats: NONE
             Filter Operator
               predicate: ((value > 'val_11') and (key is null or value is null)) (type: boolean)
@@ -217,7 +217,7 @@ STAGE PLANS:
               Map-reduce partition columns: _col0 (type: string), _col1 (type: string), _col0 (type: string)
               Statistics: Num rows: 182 Data size: 1939 Basic stats: COMPLETE Column stats: NONE
           TableScan
-            alias: b
+            alias: a
             Statistics: Num rows: 500 Data size: 5312 Basic stats: COMPLETE Column stats: NONE
             Filter Operator
               predicate: ((value > 'val_11') and (key < '11')) (type: boolean)
@@ -291,7 +291,7 @@ STAGE PLANS:
     Map Reduce
       Map Operator Tree:
           TableScan
-            alias: b
+            alias: a
             Statistics: Num rows: 500 Data size: 5312 Basic stats: COMPLETE Column stats: NONE
             Filter Operator
               predicate: ((value > 'val_11') and (key is null or value is null)) (type: boolean)
@@ -372,7 +372,7 @@ STAGE PLANS:
               Map-reduce partition columns: _col0 (type: string), _col1 (type: string), _col0 (type: string)
               Statistics: Num rows: 182 Data size: 1939 Basic stats: COMPLETE Column stats: NONE
           TableScan
-            alias: b
+            alias: a
             Statistics: Num rows: 500 Data size: 5312 Basic stats: COMPLETE Column stats: NONE
             Filter Operator
               predicate: ((value > 'val_11') and (key < '11')) (type: boolean)

http://git-wip-us.apache.org/repos/asf/hive/blob/ca165db8/ql/src/test/results/clientpositive/tez/explainuser_1.q.out
----------------------------------------------------------------------
diff --git a/ql/src/test/results/clientpositive/tez/explainuser_1.q.out b/ql/src/test/results/clientpositive/tez/explainuser_1.q.out
index a3ff85c..b7a8174 100644
--- a/ql/src/test/results/clientpositive/tez/explainuser_1.q.out
+++ b/ql/src/test/results/clientpositive/tez/explainuser_1.q.out
@@ -2001,7 +2001,7 @@ Stage-0
                 Filter Operator [FIL_16] (rows=166 width=178)
                   predicate:((value > 'val_9') and key is not null)
                   TableScan [TS_3] (rows=500 width=178)
-                    default@src_cbo,b,Tbl:COMPLETE,Col:COMPLETE,Output:["key","value"]
+                    default@src_cbo,a,Tbl:COMPLETE,Col:COMPLETE,Output:["key","value"]
 
 PREHOOK: query: explain select * 
 from (select * 


Mime
View raw message