Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
HIVE-20420: Provide a fallback authorizer when no other authorizer is…
… in use (Daniel Dai, reviewed by Laszlo Pinter, Thejas Nair) Signed-off-by: Thejas M Nair <thejas@hortonworks.com>
- Loading branch information
Showing
20 changed files
with
397 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
253 changes: 253 additions & 0 deletions
253
.../apache/hadoop/hive/ql/security/authorization/plugin/fallback/FallbackHiveAuthorizer.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,253 @@ | ||
/* | ||
* Licensed to the Apache Software Foundation (ASF) under one | ||
* or more contributor license agreements. See the NOTICE file | ||
* distributed with this work for additional information | ||
* regarding copyright ownership. The ASF licenses this file | ||
* to you under the Apache License, Version 2.0 (the | ||
* "License"); you may not use this file except in compliance | ||
* with the License. You may obtain a copy of the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, software | ||
* distributed under the License is distributed on an "AS IS" BASIS, | ||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
* See the License for the specific language governing permissions and | ||
* limitations under the License. | ||
*/ | ||
|
||
package org.apache.hadoop.hive.ql.security.authorization.plugin.fallback; | ||
|
||
import org.apache.commons.logging.Log; | ||
import org.apache.commons.logging.LogFactory; | ||
import org.apache.hadoop.hive.conf.HiveConf; | ||
import org.apache.hadoop.hive.ql.parse.SemanticException; | ||
import org.apache.hadoop.hive.ql.security.HiveAuthenticationProvider; | ||
import org.apache.hadoop.hive.ql.security.authorization.plugin.AbstractHiveAuthorizer; | ||
import org.apache.hadoop.hive.ql.security.authorization.plugin.DisallowTransformHook; | ||
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAccessControlException; | ||
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzContext; | ||
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException; | ||
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzSessionContext; | ||
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveOperationType; | ||
import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal; | ||
import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilege; | ||
import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeInfo; | ||
import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject; | ||
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveRoleGrant; | ||
import org.apache.hadoop.hive.ql.security.authorization.plugin.SettableConfigUpdater; | ||
import org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.Operation2Privilege; | ||
import org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLAuthorizationUtils; | ||
import org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLPrivTypeGrant; | ||
|
||
import java.util.ArrayList; | ||
import java.util.Arrays; | ||
import java.util.List; | ||
|
||
public class FallbackHiveAuthorizer extends AbstractHiveAuthorizer { | ||
private static final Log LOG = LogFactory.getLog(FallbackHiveAuthorizer.class); | ||
|
||
private final HiveAuthzSessionContext sessionCtx; | ||
private final HiveAuthenticationProvider authenticator; | ||
private String[] admins = null; | ||
|
||
FallbackHiveAuthorizer(HiveConf hiveConf, HiveAuthenticationProvider hiveAuthenticator, | ||
HiveAuthzSessionContext ctx) { | ||
this.authenticator = hiveAuthenticator; | ||
this.sessionCtx = applyTestSettings(ctx, hiveConf); | ||
String adminString = hiveConf.getVar(HiveConf.ConfVars.USERS_IN_ADMIN_ROLE); | ||
if (adminString != null) { | ||
admins = hiveConf.getVar(HiveConf.ConfVars.USERS_IN_ADMIN_ROLE).split(","); | ||
} | ||
} | ||
|
||
/** | ||
* Change the session context based on configuration to aid in testing of sql | ||
* std auth | ||
* | ||
* @param ctx | ||
* @param conf | ||
* @return | ||
*/ | ||
static HiveAuthzSessionContext applyTestSettings(HiveAuthzSessionContext ctx, HiveConf conf) { | ||
if (conf.getBoolVar(HiveConf.ConfVars.HIVE_TEST_AUTHORIZATION_SQLSTD_HS2_MODE) | ||
&& ctx.getClientType() == HiveAuthzSessionContext.CLIENT_TYPE.HIVECLI) { | ||
// create new session ctx object with HS2 as client type | ||
HiveAuthzSessionContext.Builder ctxBuilder = new HiveAuthzSessionContext.Builder(ctx); | ||
ctxBuilder.setClientType(HiveAuthzSessionContext.CLIENT_TYPE.HIVESERVER2); | ||
return ctxBuilder.build(); | ||
} | ||
return ctx; | ||
} | ||
|
||
@Override | ||
public VERSION getVersion() { | ||
return VERSION.V1; | ||
} | ||
|
||
@Override | ||
public void grantPrivileges(List<HivePrincipal> hivePrincipals, List<HivePrivilege> hivePrivileges, | ||
HivePrivilegeObject hivePrivObject, HivePrincipal grantorPrincipal, boolean | ||
grantOption) throws HiveAuthzPluginException { | ||
throw new HiveAuthzPluginException("grantPrivileges not implemented in FallbackHiveAuthorizer"); | ||
} | ||
|
||
@Override | ||
public void revokePrivileges(List<HivePrincipal> hivePrincipals, List<HivePrivilege> hivePrivileges, | ||
HivePrivilegeObject hivePrivObject, HivePrincipal grantorPrincipal, boolean | ||
grantOption) throws HiveAuthzPluginException { | ||
throw new HiveAuthzPluginException("revokePrivileges not implemented in FallbackHiveAuthorizer"); | ||
} | ||
|
||
@Override | ||
public void createRole(String roleName, HivePrincipal adminGrantor) throws HiveAuthzPluginException { | ||
throw new HiveAuthzPluginException("createRole not implemented in FallbackHiveAuthorizer"); | ||
} | ||
|
||
@Override | ||
public void dropRole(String roleName) throws HiveAuthzPluginException, HiveAccessControlException { | ||
throw new HiveAuthzPluginException("dropRole not implemented in FallbackHiveAuthorizer"); | ||
} | ||
|
||
@Override | ||
public List<HiveRoleGrant> getPrincipalGrantInfoForRole(String roleName) throws HiveAuthzPluginException, | ||
HiveAccessControlException { | ||
throw new HiveAuthzPluginException("getPrincipalGrantInfoForRole not implemented in FallbackHiveAuthorizer"); | ||
} | ||
|
||
@Override | ||
public List<HiveRoleGrant> getRoleGrantInfoForPrincipal(HivePrincipal principal) throws HiveAuthzPluginException, | ||
HiveAccessControlException { | ||
throw new HiveAuthzPluginException("getRoleGrantInfoForPrincipal not implemented in FallbackHiveAuthorizer"); | ||
} | ||
|
||
@Override | ||
public void grantRole(List<HivePrincipal> hivePrincipals, List<String> roles, boolean grantOption, HivePrincipal | ||
grantorPrinc) throws HiveAuthzPluginException, HiveAccessControlException { | ||
throw new HiveAuthzPluginException("grantRole not implemented in FallbackHiveAuthorizer"); | ||
} | ||
|
||
@Override | ||
public void revokeRole(List<HivePrincipal> hivePrincipals, List<String> roles, boolean grantOption, HivePrincipal | ||
grantorPrinc) throws HiveAuthzPluginException, HiveAccessControlException { | ||
throw new HiveAuthzPluginException("revokeRole not implemented in FallbackHiveAuthorizer"); | ||
} | ||
|
||
@Override | ||
public void checkPrivileges(HiveOperationType hiveOpType, List<HivePrivilegeObject> inputHObjs, | ||
List<HivePrivilegeObject> outputHObjs, HiveAuthzContext context) throws | ||
HiveAuthzPluginException, HiveAccessControlException { | ||
String userName = authenticator.getUserName(); | ||
// check privileges on input and output objects | ||
List<String> deniedMessages = new ArrayList<>(); | ||
checkPrivileges(hiveOpType, inputHObjs, userName, Operation2Privilege.IOType.INPUT, deniedMessages); | ||
checkPrivileges(hiveOpType, outputHObjs, userName, Operation2Privilege.IOType.OUTPUT, deniedMessages); | ||
|
||
SQLAuthorizationUtils.assertNoDeniedPermissions(new HivePrincipal(userName, | ||
HivePrincipal.HivePrincipalType.USER), hiveOpType, deniedMessages); | ||
} | ||
|
||
// Adapted from SQLStdHiveAuthorizationValidator, only check privileges for LOAD/ADD/DFS/COMPILE and admin privileges | ||
private void checkPrivileges(HiveOperationType hiveOpType, List<HivePrivilegeObject> hiveObjects, | ||
String userName, Operation2Privilege.IOType ioType, List<String> deniedMessages) { | ||
|
||
if (hiveObjects == null) { | ||
return; | ||
} | ||
if (admins != null && Arrays.stream(admins).parallel().anyMatch(n -> n.equals(userName))) { | ||
return; // Skip rest of checks if user is admin | ||
} | ||
|
||
// Special-casing for ADMIN-level operations that do not require object checking. | ||
if (Operation2Privilege.isAdminPrivOperation(hiveOpType)) { | ||
// Require ADMIN privilege | ||
deniedMessages.add(SQLPrivTypeGrant.ADMIN_PRIV.toString() + " on " + ioType); | ||
return; // Ignore object, fail if not admin, succeed if admin. | ||
} | ||
|
||
boolean needAdmin = false; | ||
for (HivePrivilegeObject hiveObj : hiveObjects) { | ||
// If involving local file system | ||
if (hiveObj.getType() == HivePrivilegeObject.HivePrivilegeObjectType.LOCAL_URI) { | ||
needAdmin = true; | ||
break; | ||
} | ||
} | ||
if (!needAdmin) { | ||
switch (hiveOpType) { | ||
case ADD: | ||
case DFS: | ||
case COMPILE: | ||
needAdmin = true; | ||
break; | ||
default: | ||
break; | ||
} | ||
} | ||
if (needAdmin) { | ||
deniedMessages.add("ADMIN"); | ||
} | ||
} | ||
|
||
@Override | ||
public List<HivePrivilegeObject> filterListCmdObjects(List<HivePrivilegeObject> listObjs, HiveAuthzContext context) { | ||
return listObjs; | ||
} | ||
|
||
@Override | ||
public List<String> getAllRoles() throws HiveAuthzPluginException { | ||
throw new HiveAuthzPluginException("getAllRoles not implemented in FallbackHiveAuthorizer"); | ||
} | ||
|
||
@Override | ||
public List<HivePrivilegeInfo> showPrivileges(HivePrincipal principal, HivePrivilegeObject privObj) throws | ||
HiveAuthzPluginException { | ||
throw new HiveAuthzPluginException("showPrivileges not implemented in FallbackHiveAuthorizer"); | ||
} | ||
|
||
@Override | ||
public void setCurrentRole(String roleName) throws HiveAuthzPluginException { | ||
throw new HiveAuthzPluginException("setCurrentRole not implemented in FallbackHiveAuthorizer"); | ||
} | ||
|
||
@Override | ||
public List<String> getCurrentRoleNames() throws HiveAuthzPluginException { | ||
throw new HiveAuthzPluginException("getCurrentRoleNames not implemented in FallbackHiveAuthorizer"); | ||
} | ||
|
||
@Override | ||
public void applyAuthorizationConfigPolicy(HiveConf hiveConf) throws HiveAuthzPluginException { | ||
// from SQLStdHiveAccessController.applyAuthorizationConfigPolicy() | ||
if (sessionCtx.getClientType() == HiveAuthzSessionContext.CLIENT_TYPE.HIVESERVER2 | ||
&& hiveConf.getBoolVar(HiveConf.ConfVars.HIVE_AUTHORIZATION_ENABLED)) { | ||
|
||
// Configure PREEXECHOOKS with DisallowTransformHook to disallow transform queries | ||
String hooks = hiveConf.getVar(HiveConf.ConfVars.PREEXECHOOKS).trim(); | ||
if (hooks.isEmpty()) { | ||
hooks = DisallowTransformHook.class.getName(); | ||
} else { | ||
hooks = hooks + "," + DisallowTransformHook.class.getName(); | ||
} | ||
LOG.debug("Configuring hooks : " + hooks); | ||
hiveConf.setVar(HiveConf.ConfVars.PREEXECHOOKS, hooks); | ||
|
||
SettableConfigUpdater.setHiveConfWhiteList(hiveConf); | ||
String curBlackList = hiveConf.getVar(HiveConf.ConfVars.HIVE_SERVER2_BUILTIN_UDF_BLACKLIST); | ||
if (curBlackList != null && curBlackList.trim().equals("reflect,reflect2,java_method")) { | ||
hiveConf.setVar(HiveConf.ConfVars.HIVE_SERVER2_BUILTIN_UDF_BLACKLIST, "reflect,reflect2,java_method,in_file"); | ||
} | ||
|
||
} | ||
} | ||
|
||
@Override | ||
public List<HivePrivilegeObject> applyRowFilterAndColumnMasking(HiveAuthzContext context, List<HivePrivilegeObject> | ||
privObjs) throws SemanticException { | ||
return privObjs; | ||
} | ||
|
||
@Override | ||
public boolean needTransform() { | ||
return false; | ||
} | ||
} |
36 changes: 36 additions & 0 deletions
36
.../hadoop/hive/ql/security/authorization/plugin/fallback/FallbackHiveAuthorizerFactory.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
/* | ||
* Licensed to the Apache Software Foundation (ASF) under one | ||
* or more contributor license agreements. See the NOTICE file | ||
* distributed with this work for additional information | ||
* regarding copyright ownership. The ASF licenses this file | ||
* to you under the Apache License, Version 2.0 (the | ||
* "License"); you may not use this file except in compliance | ||
* with the License. You may obtain a copy of the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, software | ||
* distributed under the License is distributed on an "AS IS" BASIS, | ||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
* See the License for the specific language governing permissions and | ||
* limitations under the License. | ||
*/ | ||
|
||
package org.apache.hadoop.hive.ql.security.authorization.plugin.fallback; | ||
|
||
import org.apache.hadoop.hive.conf.HiveConf; | ||
import org.apache.hadoop.hive.ql.security.HiveAuthenticationProvider; | ||
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer; | ||
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizerFactory; | ||
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException; | ||
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzSessionContext; | ||
import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveMetastoreClientFactory; | ||
|
||
public class FallbackHiveAuthorizerFactory implements HiveAuthorizerFactory { | ||
@Override | ||
public HiveAuthorizer createHiveAuthorizer(HiveMetastoreClientFactory metastoreClientFactory, | ||
HiveConf conf, HiveAuthenticationProvider authenticator, | ||
HiveAuthzSessionContext ctx) { | ||
return new FallbackHiveAuthorizer(conf, authenticator, ctx); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
set hive.security.authorization.enabled=true; | ||
set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.fallback.FallbackHiveAuthorizerFactory; | ||
|
||
add jar dummy.jar |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
set hive.security.authorization.enabled=true; | ||
set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.fallback.FallbackHiveAuthorizerFactory; | ||
|
||
compile `import org.apache.hadoop.hive.ql.exec.UDF \; | ||
public class Pyth extends UDF { | ||
public double evaluate(double a, double b){ | ||
return Math.sqrt((a*a) + (b*b)) \; | ||
} | ||
} ` AS GROOVY NAMED Pyth.groovy; |
5 changes: 5 additions & 0 deletions
5
ql/src/test/queries/clientnegative/fallbackauth_create_func1.q
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
set hive.security.authorization.enabled=true; | ||
set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.fallback.FallbackHiveAuthorizerFactory; | ||
|
||
-- permanent function creation should fail for non-admin roles | ||
create function perm_fn as 'org.apache.hadoop.hive.ql.udf.UDFAscii'; |
6 changes: 6 additions & 0 deletions
6
ql/src/test/queries/clientnegative/fallbackauth_create_func2.q
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
set hive.security.authorization.enabled=true; | ||
set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.fallback.FallbackHiveAuthorizerFactory; | ||
|
||
-- temp function creation should fail for non-admin roles | ||
create temporary function temp_fn as 'org.apache.hadoop.hive.ql.udf.UDFAscii'; | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
set hive.security.authorization.enabled=true; | ||
set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.fallback.FallbackHiveAuthorizerFactory; | ||
|
||
dfs -ls; |
6 changes: 6 additions & 0 deletions
6
ql/src/test/queries/clientnegative/fallbackauth_disallow_transform.q
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
set hive.test.authz.sstd.hs2.mode=true; | ||
set hive.security.authorization.enabled=true; | ||
set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.fallback.FallbackHiveAuthorizerFactory; | ||
|
||
create table t1(i int); | ||
SELECT TRANSFORM (*) USING 'cat' AS (key, value) FROM t1; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
set hive.security.authorization.enabled=true; | ||
set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.fallback.FallbackHiveAuthorizerFactory; | ||
|
||
!cp ../../data/files/kv1.txt .; | ||
|
||
create table fallbackauthload(c1 string, c2 string); | ||
|
||
!chmod 777 kv1.txt; | ||
load data local inpath 'kv1.txt' into table fallbackauthload; | ||
|
||
!chmod 755 kv1.txt; | ||
load data local inpath 'kv1.txt' into table fallbackauthload; | ||
|
||
!rm kv1.txt; | ||
drop table fallbackauthload; |
8 changes: 8 additions & 0 deletions
8
ql/src/test/queries/clientnegative/fallbackauth_set_invalidconf.q
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
set hive.test.authz.sstd.hs2.mode=true; | ||
set hive.security.authorization.enabled=true; | ||
set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.fallback.FallbackHiveAuthorizerFactory; | ||
|
||
-- run a sql query to initialize authorization, then try setting a allowed config and then a disallowed config param | ||
use default; | ||
set hive.optimize.listbucketing=true; | ||
set hive.security.authorization.enabled=true; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
Query returned non-zero code: 1, cause: Permission denied: Principal [name=hive_test_user, type=USER] does not have following privileges for operation ADD [ADMIN] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
Query returned non-zero code: 1, cause: Permission denied: Principal [name=hive_test_user, type=USER] does not have following privileges for operation COMPILE [ADMIN] |
1 change: 1 addition & 0 deletions
1
ql/src/test/results/clientnegative/fallbackauth_create_func1.q.out
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
FAILED: HiveAccessControlException Permission denied: Principal [name=hive_test_user, type=USER] does not have following privileges for operation CREATEFUNCTION [ADMIN PRIVILEGE on INPUT, ADMIN PRIVILEGE on OUTPUT] |
1 change: 1 addition & 0 deletions
1
ql/src/test/results/clientnegative/fallbackauth_create_func2.q.out
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
FAILED: HiveAccessControlException Permission denied: Principal [name=hive_test_user, type=USER] does not have following privileges for operation CREATEFUNCTION [ADMIN PRIVILEGE on INPUT, ADMIN PRIVILEGE on OUTPUT] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
Query returned non-zero code: 1, cause: Permission denied: Principal [name=hive_test_user, type=USER] does not have following privileges for operation DFS [ADMIN] |
Oops, something went wrong.