Return-Path: X-Original-To: apmail-hive-dev-archive@www.apache.org Delivered-To: apmail-hive-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 0844A1008A for ; Sun, 16 Feb 2014 12:42:19 +0000 (UTC) Received: (qmail 42523 invoked by uid 500); 16 Feb 2014 12:42:17 -0000 Delivered-To: apmail-hive-dev-archive@hive.apache.org Received: (qmail 42474 invoked by uid 500); 16 Feb 2014 12:42:16 -0000 Mailing-List: contact dev-help@hive.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@hive.apache.org Delivered-To: mailing list dev@hive.apache.org Received: (qmail 42460 invoked by uid 99); 16 Feb 2014 12:42:15 -0000 Received: from reviews-vm.apache.org (HELO reviews.apache.org) (140.211.11.40) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 16 Feb 2014 12:42:15 +0000 Received: from reviews.apache.org (localhost [127.0.0.1]) by reviews.apache.org (Postfix) with ESMTP id E70861C02AD; Sun, 16 Feb 2014 12:42:14 +0000 (UTC) Content-Type: multipart/alternative; boundary="===============2116043798331459087==" MIME-Version: 1.0 Subject: Review Request 18168: SQL std auth - authorize statements that work with paths From: "Thejas Nair" To: "Ashutosh Chauhan" Cc: "Thejas Nair" , "hive" Date: Sun, 16 Feb 2014 12:42:14 -0000 Message-ID: <20140216124214.18781.63685@reviews.apache.org> X-ReviewBoard-URL: https://reviews.apache.org Auto-Submitted: auto-generated Sender: "Thejas Nair" X-ReviewGroup: hive X-ReviewRequest-URL: https://reviews.apache.org/r/18168/ X-Sender: "Thejas Nair" Reply-To: "Thejas Nair" X-ReviewRequest-Repository: hive-git --===============2116043798331459087== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/18168/ ----------------------------------------------------------- Review request for hive and Ashutosh Chauhan. Bugs: HIVE-5958 https://issues.apache.org/jira/browse/HIVE-5958 Repository: hive-git Description ------- Statement such as create table, alter table that specify an path uri should be allowed under the new authorization scheme only if URI(Path) specified has permissions including read/write and ownership of the file/dir and its children. Also, fix issue of database not getting set as output for create-table. Diffs ----- common/src/java/org/apache/hadoop/hive/common/FileUtils.java c1f8842 ql/src/java/org/apache/hadoop/hive/ql/Driver.java 83d5bfc ql/src/java/org/apache/hadoop/hive/ql/hooks/ReadEntity.java 1111c9a ql/src/java/org/apache/hadoop/hive/ql/hooks/WriteEntity.java 0493302 ql/src/java/org/apache/hadoop/hive/ql/metadata/Hive.java 0b7c128 ql/src/java/org/apache/hadoop/hive/ql/parse/DDLSemanticAnalyzer.java 1f539ef ql/src/java/org/apache/hadoop/hive/ql/parse/LoadSemanticAnalyzer.java a22a15f ql/src/java/org/apache/hadoop/hive/ql/parse/SemanticAnalyzer.java 77388dd ql/src/java/org/apache/hadoop/hive/ql/plan/HiveOperation.java 93c89de ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/Operation2Privilege.java fae6844 ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/RequiredPrivileges.java 10a582b ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLAuthorizationUtils.java 4a9149f ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAuthorizationValidator.java 40461f7 ql/src/test/queries/clientnegative/authorization_uri_add_partition.q PRE-CREATION ql/src/test/queries/clientnegative/authorization_uri_create_table1.q PRE-CREATION ql/src/test/queries/clientnegative/authorization_uri_create_table_ext.q PRE-CREATION ql/src/test/queries/clientnegative/authorization_uri_load_data.q PRE-CREATION ql/src/test/results/clientnegative/authorization_addpartition.q.out f4d3b4f ql/src/test/results/clientnegative/authorization_createview.q.out cb81b83 ql/src/test/results/clientnegative/authorization_ctas.q.out 1070468 ql/src/test/results/clientnegative/authorization_droppartition.q.out 7de553b ql/src/test/results/clientnegative/authorization_fail_1.q.out ab1abe2 ql/src/test/results/clientnegative/authorization_fail_2.q.out 2c03b65 ql/src/test/results/clientnegative/authorization_fail_3.q.out bfba08a ql/src/test/results/clientnegative/authorization_fail_4.q.out 34ad4ef ql/src/test/results/clientnegative/authorization_fail_5.q.out a0289fb ql/src/test/results/clientnegative/authorization_fail_6.q.out 47f8bd1 ql/src/test/results/clientnegative/authorization_fail_7.q.out a9bf0cc ql/src/test/results/clientnegative/authorization_grant_table_allpriv.q.out 0e17c94 ql/src/test/results/clientnegative/authorization_grant_table_fail1.q.out 0c83849 ql/src/test/results/clientnegative/authorization_grant_table_fail_nogrant.q.out 129b5fa ql/src/test/results/clientnegative/authorization_insert_noinspriv.q.out 6d510f1 ql/src/test/results/clientnegative/authorization_insert_noselectpriv.q.out 5b9b93a ql/src/test/results/clientnegative/authorization_invalid_priv_v1.q.out 10d1ca8 ql/src/test/results/clientnegative/authorization_invalid_priv_v2.q.out 62aa8da ql/src/test/results/clientnegative/authorization_not_owner_alter_tab_rename.q.out e41702a ql/src/test/results/clientnegative/authorization_not_owner_alter_tab_serdeprop.q.out e41702a ql/src/test/results/clientnegative/authorization_not_owner_drop_tab.q.out b456aca ql/src/test/results/clientnegative/authorization_not_owner_drop_view.q.out 2433846 ql/src/test/results/clientnegative/authorization_part.q.out 31dfda9 ql/src/test/results/clientnegative/authorization_priv_current_role_neg.q.out f932a3d ql/src/test/results/clientnegative/authorization_revoke_table_fail1.q.out 0f4c966 ql/src/test/results/clientnegative/authorization_revoke_table_fail2.q.out c671c8a ql/src/test/results/clientnegative/authorization_select.q.out 1070468 ql/src/test/results/clientnegative/authorization_select_view.q.out e70a79c ql/src/test/results/clientnegative/authorization_truncate.q.out c188831 ql/src/test/results/clientnegative/authorization_uri_add_partition.q.out PRE-CREATION ql/src/test/results/clientnegative/authorization_uri_create_table1.q.out PRE-CREATION ql/src/test/results/clientnegative/authorization_uri_create_table_ext.q.out PRE-CREATION ql/src/test/results/clientnegative/authorization_uri_load_data.q.out PRE-CREATION ql/src/test/results/clientnegative/exim_22_export_authfail.q.out 1339bbc ql/src/test/results/clientnegative/exim_23_import_exist_authfail.q.out 22eaac7 ql/src/test/results/clientnegative/exim_24_import_part_authfail.q.out 6eee71e ql/src/test/results/clientnegative/exim_25_import_nonexist_authfail.q.out fb4224c ql/src/test/results/clientnegative/load_exist_part_authfail.q.out fbbdd1c ql/src/test/results/clientnegative/load_nonpart_authfail.q.out 1c364a5 ql/src/test/results/clientnegative/load_part_authfail.q.out afc0aa4 ql/src/test/results/clientpositive/alter_rename_partition_authorization.q.out 8a528a1 ql/src/test/results/clientpositive/authorization_1_sql_std.q.out a219478 ql/src/test/results/clientpositive/authorization_2.q.out e21d5f5 ql/src/test/results/clientpositive/exim_21_export_authsuccess.q.out 5b9b81c ql/src/test/results/clientpositive/exim_22_import_exist_authsuccess.q.out 6746a44 ql/src/test/results/clientpositive/exim_23_import_part_authsuccess.q.out 4e0dfb0 ql/src/test/results/clientpositive/exim_24_import_nonexist_authsuccess.q.out 70e9385 ql/src/test/results/clientpositive/index_auth.q.out 2973eb3 Diff: https://reviews.apache.org/r/18168/diff/ Testing ------- new tests Thanks, Thejas Nair --===============2116043798331459087==--