hive-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brett Randall <javabr...@gmail.com>
Subject Re: DDL wiki GRANT
Date Tue, 14 Oct 2014 11:57:47 GMT
I agree that the use of priv_level is confusing when it is actually
referring to object_name (of type TABLE or DATABASE).  I don't mind
the rolling-up of tbl_name or db_name into object_type, although it
then makes object_type: somewhat misleading.  "[ON object_type
object_name]" reads well for me.

Anything to correct the incorrect syntax on the wiki page (it is not
open for edits).

Thanks
Brett

On 13 October 2014 18:18, Suhas Gogate <vgogate@pivotal.io> wrote:
> Hmm.. looking at the syntax priv_level does not seem to be a keyword but
> rather actual name of a table or database.. so why it appears like a keyword
> Also priv_level is confusing and rather clear syntax would should look like
> below...
>
> Again answer to original question from Brett, yes GRANT syntax should be
> similar to REVOKE but rather priv_level should be removed from REVOKE as
> well.. :)
>
> GRANT
>     priv_type [(column_list)]
>       [, priv_type [(column_list)]] ...
>     [ON object_type]
>     TO principal_specification [, principal_specification] ...
>     [WITH GRANT OPTION]
>
> REVOKE [GRANT OPTION FOR]
>     priv_type [(column_list)]
>       [, priv_type [(column_list)]] ...
>     [ON object_type]
>     FROM principal_specification [, principal_specification] ...
>
> REVOKE ALL PRIVILEGES, GRANT OPTION
>     FROM user [, user] ...
>
> priv_type:
>     ALL | ALTER | UPDATE | CREATE | DROP
>   | INDEX | LOCK | SELECT | SHOW_DATABASE
>
> object_type:
>     TABLE tbl_name
>   | DATABASE db_name
>
> principal_specification:
>     USER user
>   | GROUP group
>   | ROLE role
>
>
> On Sat, Oct 11, 2014 at 7:55 PM, Lefty Leverenz <leftyleverenz@gmail.com>
> wrote:
>>
>> Good catch, Brett.  Can we have confirmation from an expert?
>>
>> Also, is object_type optional?
>>
>> It isn't clear to me why priv_level isn't called object_name.
>>
>> -- Lefty
>>
>> On Thu, Oct 9, 2014 at 8:23 AM, Brett Randall <javabrett@gmail.com> wrote:
>>>
>>> Hi,
>>>
>>> On
>>> https://cwiki.apache.org/confluence/display/Hive/Hive+Default+Authorization+-+Legacy+Mode#HiveDefaultAuthorization-LegacyMode-Grant/RevokePrivileges
>>> , GRANT shows as:
>>>
>>> GRANT
>>>     priv_type [(column_list)]
>>>       [, priv_type [(column_list)]] ...
>>>     [ON object_type]
>>>     TO principal_specification [, principal_specification] ...
>>>     [WITH GRANT OPTION]
>>>
>>> Should that not be [ON object_type priv_level], same as REVOKE, where:
>>>
>>> object_type:
>>>     TABLE
>>>   | DATABASE
>>>
>>> priv_level:
>>>     db_name
>>>   | tbl_name
>>>
>>> Thanks
>>> Brett
>>
>>
>

Mime
View raw message