Return-Path: X-Original-To: apmail-hive-user-archive@www.apache.org Delivered-To: apmail-hive-user-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 7AACE17760 for ; Mon, 13 Oct 2014 07:19:25 +0000 (UTC) Received: (qmail 37370 invoked by uid 500); 13 Oct 2014 07:19:23 -0000 Delivered-To: apmail-hive-user-archive@hive.apache.org Received: (qmail 37302 invoked by uid 500); 13 Oct 2014 07:19:23 -0000 Mailing-List: contact user-help@hive.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@hive.apache.org Delivered-To: mailing list user@hive.apache.org Received: (qmail 37291 invoked by uid 99); 13 Oct 2014 07:19:23 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 13 Oct 2014 07:19:23 +0000 X-ASF-Spam-Status: No, hits=1.5 required=5.0 tests=HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of vgogate@pivotal.io designates 209.85.218.44 as permitted sender) Received: from [209.85.218.44] (HELO mail-oi0-f44.google.com) (209.85.218.44) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 13 Oct 2014 07:19:17 +0000 Received: by mail-oi0-f44.google.com with SMTP id x69so12220846oia.3 for ; Mon, 13 Oct 2014 00:18:57 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:content-type; bh=nukbwlmlISiW6+urfq6wLTVjaMAJ932l3sc3rkWLmdc=; b=GnJNBeBV2bS56AOca0tXmp128GD5d19iGAHLhLQiPMqdDsim8w84NtLj4b8a7D20ap syWHbPqgoufO1PQ3r0Tp9hmmiCH20zbNtGd21863zpQzmCqpVtRL7WLJskhlI1IilrBQ P+1K2QqXq0MuPCJ+5aEOzB8MXD2M6w55/v+r+Fn5Pvexk5yQUukbNyzFEyP5dEBVuErD WRQeU6X2oNHCW1P9pxW/Y3zMxll8Ig5hDbAsVgDcHYcnvBHgKdduggTp6MvsxsJZbJuY Hv9taUJvRTFdNlgmKTqFz2rutK7tsuDMXfzHgw3adCeskfXIZvMu9RbC03v+LrcF2hWX 9g7g== X-Gm-Message-State: ALoCoQkYHwCMOcLqC+UdaEFnY4FaDMmK9KJCq0FuHw5tl0vpxsk2IX8yWfS0Huo15UxIBiqVouvO MIME-Version: 1.0 X-Received: by 10.202.104.139 with SMTP id o11mr19090379oik.29.1413184736903; Mon, 13 Oct 2014 00:18:56 -0700 (PDT) Received: by 10.76.3.97 with HTTP; Mon, 13 Oct 2014 00:18:56 -0700 (PDT) In-Reply-To: References: Date: Mon, 13 Oct 2014 00:18:56 -0700 Message-ID: Subject: Re: DDL wiki GRANT From: Suhas Gogate To: user@hive.apache.org Content-Type: multipart/alternative; boundary=001a11409d6c3edc17050548b6e1 X-Virus-Checked: Checked by ClamAV on apache.org --001a11409d6c3edc17050548b6e1 Content-Type: text/plain; charset=UTF-8 Hmm.. looking at the syntax priv_level does not seem to be a keyword but rather actual name of a table or database.. so why it appears like a keyword Also priv_level is confusing and rather clear syntax would should look like below... Again answer to original question from Brett, yes GRANT syntax should be similar to REVOKE but rather priv_level should be removed from REVOKE as well.. :) GRANT priv_type [(column_list)] [, priv_type [(column_list)]] ... [ON object_type] TO principal_specification [, principal_specification] ... [WITH GRANT OPTION] REVOKE [GRANT OPTION FOR] priv_type [(column_list)] [, priv_type [(column_list)]] ... [ON object_type] FROM principal_specification [, principal_specification] ... REVOKE ALL PRIVILEGES, GRANT OPTION FROM user [, user] ... priv_type: ALL | ALTER | UPDATE | CREATE | DROP | INDEX | LOCK | SELECT | SHOW_DATABASE object_type: TABLE tbl_name | DATABASE db_name principal_specification: USER user | GROUP group | ROLE role On Sat, Oct 11, 2014 at 7:55 PM, Lefty Leverenz wrote: > Good catch, Brett. Can we have confirmation from an expert? > > Also, is object_type optional? > > It isn't clear to me why priv_level isn't called object_name. > > -- Lefty > > On Thu, Oct 9, 2014 at 8:23 AM, Brett Randall wrote: > >> Hi, >> >> On >> https://cwiki.apache.org/confluence/display/Hive/Hive+Default+Authorization+-+Legacy+Mode#HiveDefaultAuthorization-LegacyMode-Grant/RevokePrivileges >> , GRANT shows as: >> >> GRANT >> priv_type [(column_list)] >> [, priv_type [(column_list)]] ... >> [ON object_type] >> TO principal_specification [, principal_specification] ... >> [WITH GRANT OPTION] >> >> Should that not be [ON object_type priv_level], same as REVOKE, where: >> >> object_type: >> TABLE >> | DATABASE >> >> priv_level: >> db_name >> | tbl_name >> >> Thanks >> Brett >> > > --001a11409d6c3edc17050548b6e1 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Hmm.. looking at the syntax priv_level does not seem to be= a keyword but rather actual name of a table or database.. so why it appear= s like a keyword Also priv_level is confusing and rather clear syntax would= should look like below...

Again answer t= o original question from Brett, yes GRANT syntax should be similar to REVOK= E but rather priv_level should be removed from REVOKE as well.. :) =C2=A0

GRANT
    priv_type [(column_list)]
      [, priv_type [(column_list)]] ...
    [ON object_type]
    TO principal_specification [, principal_specification] ...
    [WITH GRANT OPTION]

REVOKE [GRANT OPTION FOR]
    priv_type [(column_list)]
      [, priv_type [(column_list)]] ...
    [ON object_type]
    FROM principal_specification [, principal_specification] ...

REVOKE ALL PRIVILEGES, GRANT OPTION
    FROM user [, user] ...

priv_type:
    ALL | ALTER | UPDATE | CREATE | DROP
  | INDEX | LOCK | SELECT | SHOW_DATABASE=20
=C2=A0
object_type:
    TABLE tbl_name
  | DATABASE db_name
=C2=A0
principal_specification:
    USER user
  | GROUP group
  | ROLE role

On Sat, Oct 11, 2014 at 7:55 PM, Lefty Leverenz <lefty= leverenz@gmail.com> wrote:
=
Good catch, Brett.=C2=A0 Can we have confirmation from an = expert?

Also, is object_type optional?

It isn't clear to me why priv_level isn't called object_nam= e.

-- Lefty

On Thu, Oct 9, 2014 at 8:23 AM, Brett Randal= l <javabrett@gmail.com> wrote:
Hi,

On https://cwiki.apache.org/confluence/display= /Hive/Hive+Default+Authorization+-+Legacy+Mode#HiveDefaultAuthorization-Leg= acyMode-Grant/RevokePrivileges
, GRANT shows as:

GRANT
=C2=A0 =C2=A0 priv_type [(column_list)]
=C2=A0 =C2=A0 =C2=A0 [, priv_type [(column_list)]] ...
=C2=A0 =C2=A0 [ON object_type]
=C2=A0 =C2=A0 TO principal_specification [, principal_specification] ... =C2=A0 =C2=A0 [WITH GRANT OPTION]

Should that not be [ON object_type priv_level], same as REVOKE, where:

object_type:
=C2=A0 =C2=A0 TABLE
=C2=A0 | DATABASE

priv_level:
=C2=A0 =C2=A0 db_name
=C2=A0 | tbl_name

Thanks
Brett


--001a11409d6c3edc17050548b6e1--