diff --git a/presto-hive/src/main/java/io/prestosql/plugin/hive/HiveMetadata.java b/presto-hive/src/main/java/io/prestosql/plugin/hive/HiveMetadata.java index 9d66a62cb3621..e9c051ebaa884 100644 --- a/presto-hive/src/main/java/io/prestosql/plugin/hive/HiveMetadata.java +++ b/presto-hive/src/main/java/io/prestosql/plugin/hive/HiveMetadata.java @@ -184,6 +184,7 @@ import static io.prestosql.plugin.hive.metastore.StorageFormat.VIEW_STORAGE_FORMAT; import static io.prestosql.plugin.hive.metastore.StorageFormat.fromHiveStorageFormat; import static io.prestosql.plugin.hive.metastore.thrift.ThriftMetastoreUtil.listEnabledPrincipals; +import static io.prestosql.plugin.hive.security.SqlStandardAccessControl.ADMIN_ROLE_NAME; import static io.prestosql.plugin.hive.util.ConfigurationUtils.toJobConf; import static io.prestosql.plugin.hive.util.Statistics.ReduceOperator.ADD; import static io.prestosql.plugin.hive.util.Statistics.createComputedStatisticsToPartitionMap; @@ -837,13 +838,13 @@ private static Table buildTableObject( private static PrincipalPrivileges buildInitialPrivilegeSet(String tableOwner) { - PrestoPrincipal grantor = new PrestoPrincipal(USER, tableOwner); + PrestoPrincipal owner = new PrestoPrincipal(USER, tableOwner); return new PrincipalPrivileges( ImmutableMultimap.builder() - .put(tableOwner, new HivePrivilegeInfo(HivePrivilege.SELECT, true, grantor)) - .put(tableOwner, new HivePrivilegeInfo(HivePrivilege.INSERT, true, grantor)) - .put(tableOwner, new HivePrivilegeInfo(HivePrivilege.UPDATE, true, grantor)) - .put(tableOwner, new HivePrivilegeInfo(HivePrivilege.DELETE, true, grantor)) + .put(tableOwner, new HivePrivilegeInfo(HivePrivilege.SELECT, true, owner, owner)) + .put(tableOwner, new HivePrivilegeInfo(HivePrivilege.INSERT, true, owner, owner)) + .put(tableOwner, new HivePrivilegeInfo(HivePrivilege.UPDATE, true, owner, owner)) + .put(tableOwner, new HivePrivilegeInfo(HivePrivilege.DELETE, true, owner, owner)) .build(), ImmutableMultimap.of()); } @@ -1823,7 +1824,7 @@ public void grantTablePrivileges(ConnectorSession session, SchemaTableName schem String tableName = schemaTableName.getTableName(); Set hivePrivilegeInfos = privileges.stream() - .map(privilege -> new HivePrivilegeInfo(toHivePrivilege(privilege), grantOption, new PrestoPrincipal(USER, session.getUser()))) + .map(privilege -> new HivePrivilegeInfo(toHivePrivilege(privilege), grantOption, new PrestoPrincipal(USER, session.getUser()), new PrestoPrincipal(USER, session.getUser()))) .collect(toSet()); metastore.grantTablePrivileges(schemaName, tableName, grantee, hivePrivilegeInfos); @@ -1836,7 +1837,7 @@ public void revokeTablePrivileges(ConnectorSession session, SchemaTableName sche String tableName = schemaTableName.getTableName(); Set hivePrivilegeInfos = privileges.stream() - .map(privilege -> new HivePrivilegeInfo(toHivePrivilege(privilege), grantOption, new PrestoPrincipal(USER, session.getUser()))) + .map(privilege -> new HivePrivilegeInfo(toHivePrivilege(privilege), grantOption, new PrestoPrincipal(USER, session.getUser()), new PrestoPrincipal(USER, session.getUser()))) .collect(toSet()); metastore.revokeTablePrivileges(schemaName, tableName, grantee, hivePrivilegeInfos); @@ -1847,27 +1848,45 @@ public List listTablePrivileges(ConnectorSession session, SchemaTable { Set principals = listEnabledPrincipals(metastore, session.getIdentity()) .collect(toImmutableSet()); + boolean isAdminRoleSet = hasAdminRole(principals); ImmutableList.Builder result = ImmutableList.builder(); for (SchemaTableName tableName : listTables(session, schemaTablePrefix)) { - for (PrestoPrincipal grantee : principals) { - Set hivePrivileges = metastore.listTablePrivileges(tableName.getSchemaName(), tableName.getTableName(), grantee); - for (HivePrivilegeInfo hivePrivilege : hivePrivileges) { - Set prestoPrivileges = hivePrivilege.toPrivilegeInfo(); - for (PrivilegeInfo prestoPrivilege : prestoPrivileges) { - GrantInfo grant = new GrantInfo( - prestoPrivilege, - grantee, - tableName, - Optional.of(hivePrivilege.getGrantor()), - Optional.empty()); - result.add(grant); - } + if (isAdminRoleSet) { + result.addAll(buildGrants(tableName, null)); + } + else { + for (PrestoPrincipal grantee : principals) { + result.addAll(buildGrants(tableName, grantee)); } } } return result.build(); } + private List buildGrants(SchemaTableName tableName, PrestoPrincipal principal) + { + ImmutableList.Builder result = ImmutableList.builder(); + Set hivePrivileges = metastore.listTablePrivileges(tableName.getSchemaName(), tableName.getTableName(), principal); + for (HivePrivilegeInfo hivePrivilege : hivePrivileges) { + Set prestoPrivileges = hivePrivilege.toPrivilegeInfo(); + for (PrivilegeInfo prestoPrivilege : prestoPrivileges) { + GrantInfo grant = new GrantInfo( + prestoPrivilege, + hivePrivilege.getGrantee(), + tableName, + Optional.of(hivePrivilege.getGrantor()), + Optional.empty()); + result.add(grant); + } + } + return result.build(); + } + + private static boolean hasAdminRole(Set roles) + { + return roles.stream().anyMatch(principal -> principal.getName().equalsIgnoreCase(ADMIN_ROLE_NAME)); + } + private void verifyJvmTimeZone() { if (!allowCorruptWritesForTesting && !timeZone.equals(DateTimeZone.getDefault())) { diff --git a/presto-hive/src/main/java/io/prestosql/plugin/hive/metastore/HivePrivilegeInfo.java b/presto-hive/src/main/java/io/prestosql/plugin/hive/metastore/HivePrivilegeInfo.java index 91c1c5fe53ee0..cfd4beb12f6aa 100644 --- a/presto-hive/src/main/java/io/prestosql/plugin/hive/metastore/HivePrivilegeInfo.java +++ b/presto-hive/src/main/java/io/prestosql/plugin/hive/metastore/HivePrivilegeInfo.java @@ -22,10 +22,8 @@ import javax.annotation.concurrent.Immutable; -import java.util.Arrays; import java.util.Objects; import java.util.Set; -import java.util.stream.Collectors; import static com.google.common.base.MoreObjects.toStringHelper; import static io.prestosql.plugin.hive.metastore.HivePrivilegeInfo.HivePrivilege.DELETE; @@ -45,16 +43,19 @@ public enum HivePrivilege private final HivePrivilege hivePrivilege; private final boolean grantOption; private final PrestoPrincipal grantor; + private final PrestoPrincipal grantee; @JsonCreator public HivePrivilegeInfo( @JsonProperty("hivePrivilege") HivePrivilege hivePrivilege, @JsonProperty("grantOption") boolean grantOption, - @JsonProperty("grantor") PrestoPrincipal grantor) + @JsonProperty("grantor") PrestoPrincipal grantor, + @JsonProperty("grantee") PrestoPrincipal grantee) { this.hivePrivilege = requireNonNull(hivePrivilege, "hivePrivilege is null"); this.grantOption = grantOption; this.grantor = requireNonNull(grantor, "grantor is null"); + this.grantee = requireNonNull(grantee, "grantee is null"); } @JsonProperty @@ -75,6 +76,12 @@ public PrestoPrincipal getGrantor() return grantor; } + @JsonProperty + public PrestoPrincipal getGrantee() + { + return grantee; + } + public static HivePrivilege toHivePrivilege(Privilege privilege) { switch (privilege) { @@ -119,7 +126,7 @@ public Set toPrivilegeInfo() @Override public int hashCode() { - return Objects.hash(hivePrivilege, grantOption); + return Objects.hash(hivePrivilege, grantOption, grantor, grantee); } @Override @@ -133,7 +140,9 @@ public boolean equals(Object o) } HivePrivilegeInfo hivePrivilegeInfo = (HivePrivilegeInfo) o; return Objects.equals(hivePrivilege, hivePrivilegeInfo.hivePrivilege) && - Objects.equals(grantOption, hivePrivilegeInfo.grantOption); + Objects.equals(grantOption, hivePrivilegeInfo.grantOption) && + Objects.equals(grantor, hivePrivilegeInfo.grantor) && + Objects.equals(grantee, hivePrivilegeInfo.grantee); } @Override @@ -142,6 +151,8 @@ public String toString() return toStringHelper(this) .add("privilege", hivePrivilege) .add("grantOption", grantOption) + .add("grantor", grantor) + .add("grantee", grantee) .toString(); } } diff --git a/presto-hive/src/main/java/io/prestosql/plugin/hive/metastore/SemiTransactionalHiveMetastore.java b/presto-hive/src/main/java/io/prestosql/plugin/hive/metastore/SemiTransactionalHiveMetastore.java index 2661f1b6e7c3d..c71842d6e92ae 100644 --- a/presto-hive/src/main/java/io/prestosql/plugin/hive/metastore/SemiTransactionalHiveMetastore.java +++ b/presto-hive/src/main/java/io/prestosql/plugin/hive/metastore/SemiTransactionalHiveMetastore.java @@ -789,7 +789,7 @@ public synchronized Set listTablePrivileges(String databaseNa Collection privileges = tableAction.getData().getPrincipalPrivileges().getUserPrivileges().get(principal.getName()); return ImmutableSet.builder() .addAll(privileges) - .add(new HivePrivilegeInfo(OWNERSHIP, true, new PrestoPrincipal(USER, principal.getName()))) + .add(new HivePrivilegeInfo(OWNERSHIP, true, new PrestoPrincipal(USER, principal.getName()), new PrestoPrincipal(USER, principal.getName()))) .build(); } case INSERT_EXISTING: diff --git a/presto-hive/src/main/java/io/prestosql/plugin/hive/metastore/UserTableKey.java b/presto-hive/src/main/java/io/prestosql/plugin/hive/metastore/UserTableKey.java index 990c20aefadda..b8b53375c1515 100644 --- a/presto-hive/src/main/java/io/prestosql/plugin/hive/metastore/UserTableKey.java +++ b/presto-hive/src/main/java/io/prestosql/plugin/hive/metastore/UserTableKey.java @@ -34,7 +34,8 @@ public class UserTableKey @JsonCreator public UserTableKey(@JsonProperty("principal") PrestoPrincipal principal, @JsonProperty("database") String database, @JsonProperty("table") String table) { - this.principal = requireNonNull(principal, "user is null"); + // principal can be null when we want to list all privileges for admins + this.principal = principal; this.database = requireNonNull(database, "database is null"); this.table = requireNonNull(table, "table is null"); } diff --git a/presto-hive/src/main/java/io/prestosql/plugin/hive/metastore/file/FileHiveMetastore.java b/presto-hive/src/main/java/io/prestosql/plugin/hive/metastore/file/FileHiveMetastore.java index 4a21daac7c747..4295ef65e26fd 100644 --- a/presto-hive/src/main/java/io/prestosql/plugin/hive/metastore/file/FileHiveMetastore.java +++ b/presto-hive/src/main/java/io/prestosql/plugin/hive/metastore/file/FileHiveMetastore.java @@ -944,7 +944,7 @@ public synchronized Set listTablePrivileges(String databaseNa ImmutableSet.Builder result = ImmutableSet.builder(); Table table = getRequiredTable(databaseName, tableName); if (principal.getType() == USER && table.getOwner().equals(principal.getName())) { - result.add(new HivePrivilegeInfo(OWNERSHIP, true, principal)); + result.add(new HivePrivilegeInfo(OWNERSHIP, true, principal, principal)); } Path permissionFilePath = getPermissionsPath(getPermissionsDirectory(table), principal); result.addAll(readFile("permissions", permissionFilePath, permissionsCodec).orElse(ImmutableList.of()).stream() diff --git a/presto-hive/src/main/java/io/prestosql/plugin/hive/metastore/file/PermissionMetadata.java b/presto-hive/src/main/java/io/prestosql/plugin/hive/metastore/file/PermissionMetadata.java index 82cefe26ceada..5d69dc7991f9b 100644 --- a/presto-hive/src/main/java/io/prestosql/plugin/hive/metastore/file/PermissionMetadata.java +++ b/presto-hive/src/main/java/io/prestosql/plugin/hive/metastore/file/PermissionMetadata.java @@ -56,6 +56,6 @@ public boolean isGrantOption() public HivePrivilegeInfo toHivePrivilegeInfo() { - return new HivePrivilegeInfo(permission, grantOption, new PrestoPrincipal(USER, "admin")); + return new HivePrivilegeInfo(permission, grantOption, new PrestoPrincipal(USER, "admin"), new PrestoPrincipal(USER, "admin")); } } diff --git a/presto-hive/src/main/java/io/prestosql/plugin/hive/metastore/thrift/ThriftHiveMetastore.java b/presto-hive/src/main/java/io/prestosql/plugin/hive/metastore/thrift/ThriftHiveMetastore.java index bc0e5849f40ba..58a0c72c6e2dc 100644 --- a/presto-hive/src/main/java/io/prestosql/plugin/hive/metastore/thrift/ThriftHiveMetastore.java +++ b/presto-hive/src/main/java/io/prestosql/plugin/hive/metastore/thrift/ThriftHiveMetastore.java @@ -86,6 +86,7 @@ import static io.prestosql.plugin.hive.metastore.HivePrivilegeInfo.HivePrivilege; import static io.prestosql.plugin.hive.metastore.HivePrivilegeInfo.HivePrivilege.OWNERSHIP; import static io.prestosql.plugin.hive.metastore.thrift.ThriftMetastoreUtil.createMetastoreColumnStatistics; +import static io.prestosql.plugin.hive.metastore.thrift.ThriftMetastoreUtil.fromMetastoreApiPrincipalType; import static io.prestosql.plugin.hive.metastore.thrift.ThriftMetastoreUtil.fromMetastoreApiTable; import static io.prestosql.plugin.hive.metastore.thrift.ThriftMetastoreUtil.fromPrestoPrincipalType; import static io.prestosql.plugin.hive.metastore.thrift.ThriftMetastoreUtil.fromRolePrincipalGrants; @@ -1168,7 +1169,7 @@ public void grantTablePrivileges(String databaseName, String tableName, PrestoPr Set privilegesToGrant = new HashSet<>(requestedPrivileges); Iterator iterator = privilegesToGrant.iterator(); while (iterator.hasNext()) { - HivePrivilegeInfo requestedPrivilege = getOnlyElement(parsePrivilege(iterator.next())); + HivePrivilegeInfo requestedPrivilege = getOnlyElement(parsePrivilege(iterator.next(), Optional.empty())); for (HivePrivilegeInfo existingPrivilege : existingPrivileges) { if ((requestedPrivilege.isContainedIn(existingPrivilege))) { @@ -1219,7 +1220,7 @@ public void revokeTablePrivileges(String databaseName, String tableName, PrestoP .collect(toSet()); Set privilegesToRevoke = requestedPrivileges.stream() - .filter(privilegeGrantInfo -> existingHivePrivileges.contains(getOnlyElement(parsePrivilege(privilegeGrantInfo)).getHivePrivilege())) + .filter(privilegeGrantInfo -> existingHivePrivileges.contains(getOnlyElement(parsePrivilege(privilegeGrantInfo, Optional.empty())).getHivePrivilege())) .collect(toSet()); if (privilegesToRevoke.isEmpty()) { @@ -1249,15 +1250,26 @@ public Set listTablePrivileges(String databaseName, String ta try (HiveMetastoreClient client = clientProvider.createMetastoreClient()) { Table table = client.getTable(databaseName, tableName); ImmutableSet.Builder privileges = ImmutableSet.builder(); - if (principal.getType() == USER && table.getOwner().equals(principal.getName())) { - privileges.add(new HivePrivilegeInfo(OWNERSHIP, true, principal)); + List hiveObjectPrivilegeList; + // principal can be null when we want to list all privileges for admins + if (principal == null) { + hiveObjectPrivilegeList = client.listPrivileges( + null, + null, + new HiveObjectRef(TABLE, databaseName, tableName, null, null)); + } + else { + if (principal.getType() == USER && table.getOwner().equals(principal.getName())) { + privileges.add(new HivePrivilegeInfo(OWNERSHIP, true, principal, principal)); + } + hiveObjectPrivilegeList = client.listPrivileges( + principal.getName(), + fromPrestoPrincipalType(principal.getType()), + new HiveObjectRef(TABLE, databaseName, tableName, null, null)); } - List hiveObjectPrivilegeList = client.listPrivileges( - principal.getName(), - fromPrestoPrincipalType(principal.getType()), - new HiveObjectRef(TABLE, databaseName, tableName, null, null)); for (HiveObjectPrivilege hiveObjectPrivilege : hiveObjectPrivilegeList) { - privileges.addAll(parsePrivilege(hiveObjectPrivilege.getGrantInfo())); + PrestoPrincipal grantee = new PrestoPrincipal(fromMetastoreApiPrincipalType(hiveObjectPrivilege.getPrincipalType()), hiveObjectPrivilege.getPrincipalName()); + privileges.addAll(parsePrivilege(hiveObjectPrivilege.getGrantInfo(), Optional.of(grantee))); } return privileges.build(); } diff --git a/presto-hive/src/main/java/io/prestosql/plugin/hive/metastore/thrift/ThriftMetastoreUtil.java b/presto-hive/src/main/java/io/prestosql/plugin/hive/metastore/thrift/ThriftMetastoreUtil.java index 12f2a805f2d4f..87d464d064684 100644 --- a/presto-hive/src/main/java/io/prestosql/plugin/hive/metastore/thrift/ThriftMetastoreUtil.java +++ b/presto-hive/src/main/java/io/prestosql/plugin/hive/metastore/thrift/ThriftMetastoreUtil.java @@ -715,26 +715,26 @@ private static StorageDescriptor makeStorageDescriptor(String tableName, List parsePrivilege(PrivilegeGrantInfo userGrant) + public static Set parsePrivilege(PrivilegeGrantInfo userGrant, Optional grantee) { boolean withGrantOption = userGrant.isGrantOption(); String name = userGrant.getPrivilege().toUpperCase(ENGLISH); - PrestoPrincipal grantor = new PrestoPrincipal(ThriftMetastoreUtil.fromMetastoreApiPrincipalType(userGrant.getGrantorType()), userGrant.getGrantor()); + PrestoPrincipal grantor = new PrestoPrincipal(fromMetastoreApiPrincipalType(userGrant.getGrantorType()), userGrant.getGrantor()); switch (name) { case "ALL": return Arrays.stream(HivePrivilegeInfo.HivePrivilege.values()) - .map(hivePrivilege -> new HivePrivilegeInfo(hivePrivilege, withGrantOption, grantor)) + .map(hivePrivilege -> new HivePrivilegeInfo(hivePrivilege, withGrantOption, grantor, grantee.orElse(grantor))) .collect(toImmutableSet()); case "SELECT": - return ImmutableSet.of(new HivePrivilegeInfo(SELECT, withGrantOption, grantor)); + return ImmutableSet.of(new HivePrivilegeInfo(SELECT, withGrantOption, grantor, grantee.orElse(grantor))); case "INSERT": - return ImmutableSet.of(new HivePrivilegeInfo(INSERT, withGrantOption, grantor)); + return ImmutableSet.of(new HivePrivilegeInfo(INSERT, withGrantOption, grantor, grantee.orElse(grantor))); case "UPDATE": - return ImmutableSet.of(new HivePrivilegeInfo(UPDATE, withGrantOption, grantor)); + return ImmutableSet.of(new HivePrivilegeInfo(UPDATE, withGrantOption, grantor, grantee.orElse(grantor))); case "DELETE": - return ImmutableSet.of(new HivePrivilegeInfo(DELETE, withGrantOption, grantor)); + return ImmutableSet.of(new HivePrivilegeInfo(DELETE, withGrantOption, grantor, grantee.orElse(grantor))); case "OWNERSHIP": - return ImmutableSet.of(new HivePrivilegeInfo(OWNERSHIP, withGrantOption, grantor)); + return ImmutableSet.of(new HivePrivilegeInfo(OWNERSHIP, withGrantOption, grantor, grantee.orElse(grantor))); default: throw new IllegalArgumentException("Unsupported privilege name: " + name); } diff --git a/presto-hive/src/test/java/io/prestosql/plugin/hive/AbstractTestHiveClient.java b/presto-hive/src/test/java/io/prestosql/plugin/hive/AbstractTestHiveClient.java index 1bd6ac7c69038..784113bb58659 100644 --- a/presto-hive/src/test/java/io/prestosql/plugin/hive/AbstractTestHiveClient.java +++ b/presto-hive/src/test/java/io/prestosql/plugin/hive/AbstractTestHiveClient.java @@ -4331,10 +4331,10 @@ private PrincipalPrivileges testingPrincipalPrivilege(String tableOwner, String { return new PrincipalPrivileges( ImmutableMultimap.builder() - .put(tableOwner, new HivePrivilegeInfo(HivePrivilege.SELECT, true, new PrestoPrincipal(USER, grantor))) - .put(tableOwner, new HivePrivilegeInfo(HivePrivilege.INSERT, true, new PrestoPrincipal(USER, grantor))) - .put(tableOwner, new HivePrivilegeInfo(HivePrivilege.UPDATE, true, new PrestoPrincipal(USER, grantor))) - .put(tableOwner, new HivePrivilegeInfo(HivePrivilege.DELETE, true, new PrestoPrincipal(USER, grantor))) + .put(tableOwner, new HivePrivilegeInfo(HivePrivilege.SELECT, true, new PrestoPrincipal(USER, grantor), new PrestoPrincipal(USER, grantor))) + .put(tableOwner, new HivePrivilegeInfo(HivePrivilege.INSERT, true, new PrestoPrincipal(USER, grantor), new PrestoPrincipal(USER, grantor))) + .put(tableOwner, new HivePrivilegeInfo(HivePrivilege.UPDATE, true, new PrestoPrincipal(USER, grantor), new PrestoPrincipal(USER, grantor))) + .put(tableOwner, new HivePrivilegeInfo(HivePrivilege.DELETE, true, new PrestoPrincipal(USER, grantor), new PrestoPrincipal(USER, grantor))) .build(), ImmutableMultimap.of()); } diff --git a/presto-hive/src/test/java/io/prestosql/plugin/hive/metastore/TestRecordingHiveMetastore.java b/presto-hive/src/test/java/io/prestosql/plugin/hive/metastore/TestRecordingHiveMetastore.java index ff0cf7adf28b4..46d6712cddd52 100644 --- a/presto-hive/src/test/java/io/prestosql/plugin/hive/metastore/TestRecordingHiveMetastore.java +++ b/presto-hive/src/test/java/io/prestosql/plugin/hive/metastore/TestRecordingHiveMetastore.java @@ -98,7 +98,7 @@ public class TestRecordingHiveMetastore OptionalLong.of(1235), OptionalLong.of(1), OptionalLong.of(8)))); - private static final HivePrivilegeInfo PRIVILEGE_INFO = new HivePrivilegeInfo(HivePrivilege.SELECT, true, new PrestoPrincipal(PrincipalType.USER, "grantor")); + private static final HivePrivilegeInfo PRIVILEGE_INFO = new HivePrivilegeInfo(HivePrivilege.SELECT, true, new PrestoPrincipal(PrincipalType.USER, "grantor"), new PrestoPrincipal(PrincipalType.USER, "grantee")); private static final RoleGrant ROLE_GRANT = new RoleGrant(new PrestoPrincipal(USER, "grantee"), "role", true); @Test diff --git a/presto-product-tests/src/main/java/io/prestosql/tests/hive/TestRoles.java b/presto-product-tests/src/main/java/io/prestosql/tests/hive/TestRoles.java index 36557e7c09806..ad9976cdbbe85 100644 --- a/presto-product-tests/src/main/java/io/prestosql/tests/hive/TestRoles.java +++ b/presto-product-tests/src/main/java/io/prestosql/tests/hive/TestRoles.java @@ -628,6 +628,48 @@ public void testAdminCanRenameColumnInAnyTable() onPrestoAlice().executeQuery("DROP TABLE hive.default.test_table"); } + @Test(groups = {ROLES, AUTHORIZATION, PROFILE_SPECIFIC_TESTS}) + public void testAdminCanShowAllGrants() + { + try { + onPrestoBob().executeQuery("CREATE TABLE hive.default.test_table_bob (foo BIGINT)"); + onPrestoAlice().executeQuery("CREATE TABLE hive.default.test_table_alice (foo BIGINT)"); + onPresto().executeQuery("GRANT admin TO alice"); + onPrestoAlice().executeQuery("SET ROLE ADMIN"); + + QueryAssert.assertThat(onPrestoAlice().executeQuery("SHOW GRANTS ON hive.default.test_table_alice")) + .containsOnly(ImmutableList.of( + row("alice", "USER", "alice", "USER", "hive", "default", "test_table_alice", "SELECT", "YES", null), + row("alice", "USER", "alice", "USER", "hive", "default", "test_table_alice", "DELETE", "YES", null), + row("alice", "USER", "alice", "USER", "hive", "default", "test_table_alice", "UPDATE", "YES", null), + row("alice", "USER", "alice", "USER", "hive", "default", "test_table_alice", "INSERT", "YES", null))); + + QueryAssert.assertThat(onPrestoAlice().executeQuery("SHOW GRANTS ON hive.default.test_table_bob")) + .containsOnly(ImmutableList.of( + row("bob", "USER", "bob", "USER", "hive", "default", "test_table_bob", "SELECT", "YES", null), + row("bob", "USER", "bob", "USER", "hive", "default", "test_table_bob", "DELETE", "YES", null), + row("bob", "USER", "bob", "USER", "hive", "default", "test_table_bob", "UPDATE", "YES", null), + row("bob", "USER", "bob", "USER", "hive", "default", "test_table_bob", "INSERT", "YES", null))); + + onPrestoAlice().executeQuery("GRANT SELECT ON hive.default.test_table_alice TO bob WITH GRANT OPTION"); + onPrestoAlice().executeQuery("GRANT INSERT ON hive.default.test_table_alice TO bob"); + + QueryAssert.assertThat(onPrestoAlice().executeQuery("SHOW GRANTS ON hive.default.test_table_alice")) + .containsOnly(ImmutableList.of( + row("alice", "USER", "alice", "USER", "hive", "default", "test_table_alice", "SELECT", "YES", null), + row("alice", "USER", "alice", "USER", "hive", "default", "test_table_alice", "DELETE", "YES", null), + row("alice", "USER", "alice", "USER", "hive", "default", "test_table_alice", "UPDATE", "YES", null), + row("alice", "USER", "alice", "USER", "hive", "default", "test_table_alice", "INSERT", "YES", null), + row("alice", "USER", "bob", "USER", "hive", "default", "test_table_alice", "SELECT", "YES", null), + row("alice", "USER", "bob", "USER", "hive", "default", "test_table_alice", "INSERT", "NO", null))); + } + finally { + onPrestoAlice().executeQuery("DROP TABLE hive.default.test_table_alice"); + onPrestoAlice().executeQuery("DROP TABLE hive.default.test_table_bob"); + onPresto().executeQuery("REVOKE admin FROM alice"); + } + } + @Test(groups = {ROLES, AUTHORIZATION, PROFILE_SPECIFIC_TESTS}) public void testSetRoleTablePermissions() {