hive-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Suhas Gogate <vgog...@pivotal.io>
Subject Re: DDL wiki GRANT
Date Mon, 13 Oct 2014 07:18:56 GMT
Hmm.. looking at the syntax priv_level does not seem to be a keyword but
rather actual name of a table or database.. so why it appears like a
keyword Also priv_level is confusing and rather clear syntax would should
look like below...

Again answer to original question from Brett, yes GRANT syntax should be
similar to REVOKE but rather priv_level should be removed from REVOKE as
well.. :)

GRANT
    priv_type [(column_list)]
      [, priv_type [(column_list)]] ...
    [ON object_type]
    TO principal_specification [, principal_specification] ...
    [WITH GRANT OPTION]

REVOKE [GRANT OPTION FOR]
    priv_type [(column_list)]
      [, priv_type [(column_list)]] ...
    [ON object_type]
    FROM principal_specification [, principal_specification] ...

REVOKE ALL PRIVILEGES, GRANT OPTION
    FROM user [, user] ...

priv_type:
    ALL | ALTER | UPDATE | CREATE | DROP
  | INDEX | LOCK | SELECT | SHOW_DATABASE

object_type:
    TABLE tbl_name
  | DATABASE db_name

principal_specification:
    USER user
  | GROUP group
  | ROLE role


On Sat, Oct 11, 2014 at 7:55 PM, Lefty Leverenz <leftyleverenz@gmail.com>
wrote:

> Good catch, Brett.  Can we have confirmation from an expert?
>
> Also, is object_type optional?
>
> It isn't clear to me why priv_level isn't called object_name.
>
> -- Lefty
>
> On Thu, Oct 9, 2014 at 8:23 AM, Brett Randall <javabrett@gmail.com> wrote:
>
>> Hi,
>>
>> On
>> https://cwiki.apache.org/confluence/display/Hive/Hive+Default+Authorization+-+Legacy+Mode#HiveDefaultAuthorization-LegacyMode-Grant/RevokePrivileges
>> , GRANT shows as:
>>
>> GRANT
>>     priv_type [(column_list)]
>>       [, priv_type [(column_list)]] ...
>>     [ON object_type]
>>     TO principal_specification [, principal_specification] ...
>>     [WITH GRANT OPTION]
>>
>> Should that not be [ON object_type priv_level], same as REVOKE, where:
>>
>> object_type:
>>     TABLE
>>   | DATABASE
>>
>> priv_level:
>>     db_name
>>   | tbl_name
>>
>> Thanks
>> Brett
>>
>
>

Mime
View raw message