Permalink
Browse files

HIVE-1935 set hive.security.authorization.createtable.owner.grants to…

… null

by default (He Yongqiang via namit)



git-svn-id: https://svn.apache.org/repos/asf/hive/trunk@1065458 13f79535-47bb-0310-9956-ffa450edef68
  • Loading branch information...
Namit Jain
Namit Jain committed Jan 31, 2011
1 parent 374f83b commit 2cbbccc5fa9fe3bd9b0569021831f745fa1d4a06
Showing with 116 additions and 171 deletions.
  1. +3 −0 CHANGES.txt
  2. +1 −1 common/src/java/org/apache/hadoop/hive/conf/HiveConf.java
  3. +1 −1 conf/hive-default.xml
  4. +0 −2 ql/src/test/queries/clientnegative/authorization_fail_1.q
  5. +0 −2 ql/src/test/queries/clientnegative/authorization_fail_2.q
  6. +0 −2 ql/src/test/queries/clientnegative/authorization_fail_3.q
  7. +0 −2 ql/src/test/queries/clientnegative/authorization_fail_4.q
  8. +0 −2 ql/src/test/queries/clientnegative/authorization_fail_5.q
  9. +0 −1 ql/src/test/queries/clientnegative/authorization_fail_6.q
  10. +0 −1 ql/src/test/queries/clientnegative/authorization_fail_7.q
  11. +0 −2 ql/src/test/queries/clientnegative/authorization_part.q
  12. +0 −2 ql/src/test/queries/clientpositive/authorization_1.q
  13. +0 −2 ql/src/test/queries/clientpositive/authorization_2.q
  14. +0 −2 ql/src/test/queries/clientpositive/authorization_3.q
  15. +2 −0 ql/src/test/queries/clientpositive/authorization_4.q
  16. +0 −4 ql/src/test/results/clientnegative/authorization_fail_1.q.out
  17. +0 −4 ql/src/test/results/clientnegative/authorization_fail_2.q.out
  18. +1 −5 ql/src/test/results/clientnegative/authorization_fail_3.q.out
  19. +4 −8 ql/src/test/results/clientnegative/authorization_fail_4.q.out
  20. +8 −12 ql/src/test/results/clientnegative/authorization_fail_5.q.out
  21. +0 −4 ql/src/test/results/clientnegative/authorization_fail_6.q.out
  22. +1 −5 ql/src/test/results/clientnegative/authorization_fail_7.q.out
  23. +11 −15 ql/src/test/results/clientnegative/authorization_part.q.out
  24. +18 −22 ql/src/test/results/clientpositive/authorization_1.q.out
  25. +55 −59 ql/src/test/results/clientpositive/authorization_2.q.out
  26. +4 −8 ql/src/test/results/clientpositive/authorization_3.q.out
  27. +7 −3 ql/src/test/results/clientpositive/authorization_4.q.out
View
@@ -163,6 +163,9 @@ Trunk - Unreleased
HIVE-1929 A way to disable owner grants
(He Yongqiang via namit)
+ HIVE-1935 set hive.security.authorization.createtable.owner.grants to null
+ by default (He Yongqiang via namit)
+
IMPROVEMENTS
HIVE-1692. FetchOperator.getInputFormatFromCache hides causal exception (Philip Zeyliger via cws)
@@ -362,7 +362,7 @@
HIVE_AUTHORIZATION_TABLE_USER_GRANTS("hive.security.authorization.createtable.user.grants", null),
HIVE_AUTHORIZATION_TABLE_GROUP_GRANTS("hive.security.authorization.createtable.group.grants", null),
HIVE_AUTHORIZATION_TABLE_ROLE_GRANTS("hive.security.authorization.createtable.role.grants", null),
- HIVE_AUTHORIZATION_TABLE_OWNER_GRANTS("hive.security.authorization.createtable.owner.grants", "All"),
+ HIVE_AUTHORIZATION_TABLE_OWNER_GRANTS("hive.security.authorization.createtable.owner.grants", null),
// Print column names in output
HIVE_CLI_PRINT_HEADER("hive.cli.print.header", false),
View
@@ -913,7 +913,7 @@
<property>
<name>hive.security.authorization.createtable.owner.grants</name>
- <value>All</value>
+ <value></value>
<description>the privileges automatically granted to the owner whenever a table gets created.
An example like "select,drop" will grant select and drop privilege to the owner of the table</description>
</property>
@@ -1,8 +1,6 @@
create table authorization_fail_1 (key int, value string);
set hive.security.authorization.enabled=true;
-revoke `ALL` on table authorization_fail_1 from user hive_test_user;
-
grant `Create` on table authorization_fail_1 to user hive_test_user;
grant `Create` on table authorization_fail_1 to user hive_test_user;
@@ -1,7 +1,5 @@
create table authorization_fail_2 (key int, value string) partitioned by (ds string);
-revoke `ALL` on table authorization_fail_2 from user hive_test_user;
-
set hive.security.authorization.enabled=true;
alter table authorization_fail_2 add partition (ds='2010');
@@ -1,8 +1,6 @@
create table authorization_fail_3 (key int, value string) partitioned by (ds string);
set hive.security.authorization.enabled=true;
-revoke `ALL` on table authorization_fail_3 from user hive_test_user;
-
grant `Create` on table authorization_fail_3 to user hive_test_user;
alter table authorization_fail_3 add partition (ds='2010');
@@ -1,7 +1,5 @@
create table authorization_fail_4 (key int, value string) partitioned by (ds string);
-revoke `ALL` on table authorization_fail_4 from user hive_test_user;
-
set hive.security.authorization.enabled=true;
grant `Alter` on table authorization_fail_4 to user hive_test_user;
ALTER TABLE authorization_fail_4 SET TBLPROPERTIES ("PARTITION_LEVEL_PRIVILEGE"="TRUE");
@@ -1,8 +1,6 @@
create table authorization_fail (key int, value string) partitioned by (ds string);
set hive.security.authorization.enabled=true;
-revoke `ALL` on table authorization_fail from user hive_test_user;
-
grant `Alter` on table authorization_fail to user hive_test_user;
ALTER TABLE authorization_fail SET TBLPROPERTIES ("PARTITION_LEVEL_PRIVILEGE"="TRUE");
@@ -1,5 +1,4 @@
create table authorization_part_fail (key int, value string) partitioned by (ds string);
-revoke `ALL` on table authorization_part_fail from user hive_test_user;
set hive.security.authorization.enabled=true;
ALTER TABLE authorization_part_fail SET TBLPROPERTIES ("PARTITION_LEVEL_PRIVILEGE"="TRUE");
@@ -1,5 +1,4 @@
create table authorization_fail (key int, value string);
-revoke `ALL` on table authorization_fail from user hive_test_user;
set hive.security.authorization.enabled=true;
@@ -2,8 +2,6 @@ create table authorization_part_fail (key int, value string) partitioned by (ds
ALTER TABLE authorization_part_fail SET TBLPROPERTIES ("PARTITION_LEVEL_PRIVILEGE"="TRUE");
set hive.security.authorization.enabled=true;
-revoke `ALL` on table authorization_part_fail from user hive_test_user;
-
grant `Create` on table authorization_part_fail to user hive_test_user;
grant `Update` on table authorization_part_fail to user hive_test_user;
grant `Drop` on table authorization_part_fail to user hive_test_user;
@@ -1,7 +1,5 @@
create table src_autho_test as select * from src;
-revoke `ALL` on table src_autho_test from user hive_test_user;
-
set hive.security.authorization.enabled=true;
--table grant to user
@@ -1,7 +1,5 @@
create table authorization_part (key int, value string) partitioned by (ds string);
-revoke `ALL` on table authorization_part from user hive_test_user;
-
ALTER TABLE authorization_part SET TBLPROPERTIES ("PARTITION_LEVEL_PRIVILEGE"="TRUE");
set hive.security.authorization.enabled=true;
@@ -1,7 +1,5 @@
create table src_autho_test as select * from src;
-revoke `ALL` on table src_autho_test from user hive_test_user;
-
grant `drop` on table src_autho_test to user hive_test_user;
grant `select` on table src_autho_test to user hive_test_user;
@@ -1,5 +1,7 @@
create table src_autho_test as select * from src;
+grant `All` on table src_autho_test to user hive_test_user;
+
set hive.security.authorization.enabled=true;
show grant user hive_test_user on table src_autho_test;
@@ -3,10 +3,6 @@ PREHOOK: type: CREATETABLE
POSTHOOK: query: create table authorization_fail_1 (key int, value string)
POSTHOOK: type: CREATETABLE
POSTHOOK: Output: default@authorization_fail_1
-PREHOOK: query: revoke `ALL` on table authorization_fail_1 from user hive_test_user
-PREHOOK: type: REVOKE_PRIVILEGE
-POSTHOOK: query: revoke `ALL` on table authorization_fail_1 from user hive_test_user
-POSTHOOK: type: REVOKE_PRIVILEGE
PREHOOK: query: grant `Create` on table authorization_fail_1 to user hive_test_user
PREHOOK: type: GRANT_PRIVILEGE
POSTHOOK: query: grant `Create` on table authorization_fail_1 to user hive_test_user
@@ -3,8 +3,4 @@ PREHOOK: type: CREATETABLE
POSTHOOK: query: create table authorization_fail_2 (key int, value string) partitioned by (ds string)
POSTHOOK: type: CREATETABLE
POSTHOOK: Output: default@authorization_fail_2
-PREHOOK: query: revoke `ALL` on table authorization_fail_2 from user hive_test_user
-PREHOOK: type: REVOKE_PRIVILEGE
-POSTHOOK: query: revoke `ALL` on table authorization_fail_2 from user hive_test_user
-POSTHOOK: type: REVOKE_PRIVILEGE
Authorization failed:No privilege 'Create' found for inputs { database:default, table:authorization_fail_2}. Use show grant to get more details.
@@ -3,10 +3,6 @@ PREHOOK: type: CREATETABLE
POSTHOOK: query: create table authorization_fail_3 (key int, value string) partitioned by (ds string)
POSTHOOK: type: CREATETABLE
POSTHOOK: Output: default@authorization_fail_3
-PREHOOK: query: revoke `ALL` on table authorization_fail_3 from user hive_test_user
-PREHOOK: type: REVOKE_PRIVILEGE
-POSTHOOK: query: revoke `ALL` on table authorization_fail_3 from user hive_test_user
-POSTHOOK: type: REVOKE_PRIVILEGE
PREHOOK: query: grant `Create` on table authorization_fail_3 to user hive_test_user
PREHOOK: type: GRANT_PRIVILEGE
POSTHOOK: query: grant `Create` on table authorization_fail_3 to user hive_test_user
@@ -28,7 +24,7 @@ table authorization_fail_3
principalName hive_test_user
principalType USER
privilege Create
-grantTime 1292569774
+grantTime 1296259808
grantor hive_test_user
PREHOOK: query: show grant user hive_test_user on table authorization_fail_3 partition (ds='2010')
PREHOOK: type: SHOW_GRANT
@@ -3,10 +3,6 @@ PREHOOK: type: CREATETABLE
POSTHOOK: query: create table authorization_fail_4 (key int, value string) partitioned by (ds string)
POSTHOOK: type: CREATETABLE
POSTHOOK: Output: default@authorization_fail_4
-PREHOOK: query: revoke `ALL` on table authorization_fail_4 from user hive_test_user
-PREHOOK: type: REVOKE_PRIVILEGE
-POSTHOOK: query: revoke `ALL` on table authorization_fail_4 from user hive_test_user
-POSTHOOK: type: REVOKE_PRIVILEGE
PREHOOK: query: grant `Alter` on table authorization_fail_4 to user hive_test_user
PREHOOK: type: GRANT_PRIVILEGE
POSTHOOK: query: grant `Alter` on table authorization_fail_4 to user hive_test_user
@@ -40,15 +36,15 @@ table authorization_fail_4
principalName hive_test_user
principalType USER
privilege Alter
-grantTime 1292569775
+grantTime 1296259809
grantor hive_test_user
database default
table authorization_fail_4
principalName hive_test_user
principalType USER
privilege Create
-grantTime 1292569776
+grantTime 1296259810
grantor hive_test_user
PREHOOK: query: show grant user hive_test_user on table authorization_fail_4 partition (ds='2010')
PREHOOK: type: SHOW_GRANT
@@ -61,7 +57,7 @@ partition ds=2010
principalName hive_test_user
principalType USER
privilege Alter
-grantTime 1292569776
+grantTime 1296259810
grantor hive_test_user
database default
@@ -70,6 +66,6 @@ partition ds=2010
principalName hive_test_user
principalType USER
privilege Create
-grantTime 1292569776
+grantTime 1296259810
grantor hive_test_user
Authorization failed:No privilege 'Select' found for inputs { database:default, table:authorization_fail_4, partitionName:ds=2010, columnName:key}. Use show grant to get more details.
@@ -3,10 +3,6 @@ PREHOOK: type: CREATETABLE
POSTHOOK: query: create table authorization_fail (key int, value string) partitioned by (ds string)
POSTHOOK: type: CREATETABLE
POSTHOOK: Output: default@authorization_fail
-PREHOOK: query: revoke `ALL` on table authorization_fail from user hive_test_user
-PREHOOK: type: REVOKE_PRIVILEGE
-POSTHOOK: query: revoke `ALL` on table authorization_fail from user hive_test_user
-POSTHOOK: type: REVOKE_PRIVILEGE
PREHOOK: query: grant `Alter` on table authorization_fail to user hive_test_user
PREHOOK: type: GRANT_PRIVILEGE
POSTHOOK: query: grant `Alter` on table authorization_fail to user hive_test_user
@@ -44,23 +40,23 @@ table authorization_fail
principalName hive_test_user
principalType USER
privilege Alter
-grantTime 1292570198
+grantTime 1296259811
grantor hive_test_user
database default
table authorization_fail
principalName hive_test_user
principalType USER
privilege Create
-grantTime 1292570198
+grantTime 1296259811
grantor hive_test_user
database default
table authorization_fail
principalName hive_test_user
principalType USER
privilege Select
-grantTime 1292570198
+grantTime 1296259811
grantor hive_test_user
PREHOOK: query: show grant user hive_test_user on table authorization_fail partition (ds='2010')
PREHOOK: type: SHOW_GRANT
@@ -73,7 +69,7 @@ partition ds=2010
principalName hive_test_user
principalType USER
privilege Alter
-grantTime 1292570198
+grantTime 1296259811
grantor hive_test_user
database default
@@ -82,7 +78,7 @@ partition ds=2010
principalName hive_test_user
principalType USER
privilege Create
-grantTime 1292570198
+grantTime 1296259811
grantor hive_test_user
database default
@@ -91,7 +87,7 @@ partition ds=2010
principalName hive_test_user
principalType USER
privilege Select
-grantTime 1292570198
+grantTime 1296259811
grantor hive_test_user
PREHOOK: query: revoke `Select` on table authorization_fail partition (ds='2010') from user hive_test_user
PREHOOK: type: REVOKE_PRIVILEGE
@@ -108,7 +104,7 @@ partition ds=2010
principalName hive_test_user
principalType USER
privilege Alter
-grantTime 1292570198
+grantTime 1296259811
grantor hive_test_user
database default
@@ -117,6 +113,6 @@ partition ds=2010
principalName hive_test_user
principalType USER
privilege Create
-grantTime 1292570198
+grantTime 1296259811
grantor hive_test_user
Authorization failed:No privilege 'Select' found for inputs { database:default, table:authorization_fail, partitionName:ds=2010, columnName:key}. Use show grant to get more details.
@@ -3,8 +3,4 @@ PREHOOK: type: CREATETABLE
POSTHOOK: query: create table authorization_part_fail (key int, value string) partitioned by (ds string)
POSTHOOK: type: CREATETABLE
POSTHOOK: Output: default@authorization_part_fail
-PREHOOK: query: revoke `ALL` on table authorization_part_fail from user hive_test_user
-PREHOOK: type: REVOKE_PRIVILEGE
-POSTHOOK: query: revoke `ALL` on table authorization_part_fail from user hive_test_user
-POSTHOOK: type: REVOKE_PRIVILEGE
Authorization failed:No privilege 'Alter' found for inputs { database:default, table:authorization_part_fail}. Use show grant to get more details.
@@ -3,10 +3,6 @@ PREHOOK: type: CREATETABLE
POSTHOOK: query: create table authorization_fail (key int, value string)
POSTHOOK: type: CREATETABLE
POSTHOOK: Output: default@authorization_fail
-PREHOOK: query: revoke `ALL` on table authorization_fail from user hive_test_user
-PREHOOK: type: REVOKE_PRIVILEGE
-POSTHOOK: query: revoke `ALL` on table authorization_fail from user hive_test_user
-POSTHOOK: type: REVOKE_PRIVILEGE
PREHOOK: query: create role hive_test_role_fail
PREHOOK: type: CREATEROLE
POSTHOOK: query: create role hive_test_role_fail
@@ -35,7 +31,7 @@ table authorization_fail
principalName hive_test_role_fail
principalType ROLE
privilege Select
-grantTime 1292570201
+grantTime 1296259812
grantor hive_test_user
PREHOOK: query: drop role hive_test_role_fail
PREHOOK: type: DROPROLE
Oops, something went wrong.

0 comments on commit 2cbbccc

Please sign in to comment.