Details
-
Bug
-
Status: Open
-
Major
-
Resolution: Unresolved
-
3.0.0
-
None
-
None
-
None
Description
While checking negative qtests I've found some strange behavior according to CT and CTAS statements.
ct_noperm_loc.q
ctas_noperm_loc.q
The common part these tests are initialization:
set hive.test.authz.sstd.hs2.mode=true; set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest; set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; set hive.security.authorization.enabled=true; set user.name=user1;
But while simple 'create table' works to a nonexisting dir...
create table foo0(id int) location 'hdfs:///tmp/ct_noperm_loc_foo0';
...'create table as select' doesn't work:
create table foo0 location 'hdfs:///tmp/ctas_noperm_loc_foo0' as select 1 as c1;
expected result in a negative test is:
FAILED: HiveAccessControlException Permission denied: Principal [name=user1, type=USER] does not have following privileges for operation CREATETABLE_AS_SELECT [[INSERT, DELETE] on Object [type=DFS_URI, name=hdfs://### HDFS PATH ###]]
So it passes, however it should work same as simple CT, isn't it?
Is it by design, or am I missing something here?
mvn test -Dtest=TestNegativeMinimrCliDriver -Dqfile=ct_noperm_loc.q -Pitests,hadoop-2 -pl itests/qtest mvn test -Dtest=TestNegativeMinimrCliDriver -Dqfile=ctas_noperm_loc.q -Pitests,hadoop-2 -pl itests/qtest