Details

      Description

      SHOW GRANTS statement -
      It will give a list of objects, privileges, and who granted the grantee rights on that object

      • When used by a user who does not participate in the SUPERUSER role, it can be
        used in three ways
        • SHOW GRANTS; This will show all grants effective for the current user or
          roles, whichever is currently determining the user’s privileges.
        • SHOW GRANTS FOR role; This will show grants effective for a given
          role. The user must participate in that role, otherwise permission will be
          denied.
        • SHOW GRANTS FOR user; where user is the username of the current
          user. This will show grants effective for the user. Attempts to list grants
          effective for other users will be denied.
      • When used by a user who does participate in the SUPERUSER role, it can be
        used in three ways:
        • SHOW GRANTS; As in the previous section.
        • SHOW GRANTS FOR role; This will show grants effective for a given
          role. Any role, regardless of whether the current user participates in it,
          can be shown.
        • SHOW GRANTS FOR user; where user is a valid username. This will
          show grants effective for that user. Any user, regardless of whether it is
          the current user, can be shown

      Task includes authorization of the statement.

        Issue Links

          Activity

          Transition Time In Source Status Execution Times Last Executer Last Execution Date
          Open Open Resolved Resolved
          285d 14h 37m 1 Thejas M Nair 15/Sep/14 18:24
          Thejas M Nair made changes -
          Status Open [ 1 ] Resolved [ 5 ]
          Resolution Done [ 11 ]
          Hide
          Thejas M Nair added a comment -

          The functionality has been implemented through HIVE-6122 and HIVE-7294

          Show
          Thejas M Nair added a comment - The functionality has been implemented through HIVE-6122 and HIVE-7294
          Thejas M Nair made changes -
          Link This issue relates to HIVE-7294 [ HIVE-7294 ]
          Thejas M Nair made changes -
          Link This issue is related to HIVE-6122 [ HIVE-6122 ]
          Thejas M Nair made changes -
          Component/s SQLStandardAuthorization [ 12322653 ]
          Thejas M Nair made changes -
          Summary SQL std auth - support new 'show grant..' statements SQL std auth - support,authorize new 'show grant..' statements
          Thejas M Nair made changes -
          Link This issue is blocked by HIVE-5923 [ HIVE-5923 ]
          Thejas M Nair made changes -
          Original Estimate 24h [ 86400 ] 36h [ 129600 ]
          Remaining Estimate 24h [ 86400 ] 36h [ 129600 ]
          Thejas M Nair made changes -
          Description SHOW GRANTS statement -
          It will give a list of objects, privileges, and who granted the grantee rights on that object
          - When used by a user who does not participate in the SUPERUSER role, it can be
          used in three ways
          -- SHOW GRANTS; This will show all grants effective for the current user or
          roles, whichever is currently determining the user’s privileges.
          -- SHOW GRANTS FOR role; This will show grants effective for a given
          role. The user must participate in that role, otherwise permission will be
          denied.
          -- SHOW GRANTS FOR user; where user is the username of the current
          user. This will show grants effective for the user. Attempts to list grants
          effective for other users will be denied.
          - When used by a user who does participate in the SUPERUSER role, it can be
          used in three ways:
          -- SHOW GRANTS; As in the previous section.
          -- SHOW GRANTS FOR role; This will show grants effective for a given
          role. Any role, regardless of whether the current user participates in it,
          can be shown.
          -- SHOW GRANTS FOR user; where user is a valid username. This will
          show grants effective for that user. Any user, regardless of whether it is
          the current user, can be shown
          SHOW GRANTS statement -
          It will give a list of objects, privileges, and who granted the grantee rights on that object
          - When used by a user who does not participate in the SUPERUSER role, it can be
          used in three ways
          -- SHOW GRANTS; This will show all grants effective for the current user or
          roles, whichever is currently determining the user’s privileges.
          -- SHOW GRANTS FOR role; This will show grants effective for a given
          role. The user must participate in that role, otherwise permission will be
          denied.
          -- SHOW GRANTS FOR user; where user is the username of the current
          user. This will show grants effective for the user. Attempts to list grants
          effective for other users will be denied.
          - When used by a user who does participate in the SUPERUSER role, it can be
          used in three ways:
          -- SHOW GRANTS; As in the previous section.
          -- SHOW GRANTS FOR role; This will show grants effective for a given
          role. Any role, regardless of whether the current user participates in it,
          can be shown.
          -- SHOW GRANTS FOR user; where user is a valid username. This will
          show grants effective for that user. Any user, regardless of whether it is
          the current user, can be shown

          Task includes authorization of the statement.
          Thejas M Nair made changes -
          Description list of objects, privileges, and who granted the grantee rights on that object
          a. When used by a user who does not participate in the SUPERUSER role, it can be
          used in three ways
          i. SHOW GRANTS; This will show all grants effective for the current user or
          roles, whichever is currently determining the user’s privileges.
          ii. SHOW GRANTS FOR role; This will show grants effective for a given
          role. The user must participate in that role, otherwise permission will be
          denied.
          iii. SHOW GRANTS FOR user; where user is the username of the current
          user. This will show grants effective for the user. Attempts to list grants
          effective for other users will be denied.
          b. When used by a user who does participate in the SUPERUSER role, it can be
          used in three ways:
          i. SHOW GRANTS; As in the previous section.
          ii. SHOW GRANTS FOR role; This will show grants effective for a given
          role. Any role, regardless of whether the current user participates in it,
          can be shown.
          iii. SHOW GRANTS FOR user; where user is a valid username. This will
          show grants effective for that user. Any user, regardless of whether it is
          the current user, can be shown
          SHOW GRANTS statement -
          It will give a list of objects, privileges, and who granted the grantee rights on that object
          - When used by a user who does not participate in the SUPERUSER role, it can be
          used in three ways
          -- SHOW GRANTS; This will show all grants effective for the current user or
          roles, whichever is currently determining the user’s privileges.
          -- SHOW GRANTS FOR role; This will show grants effective for a given
          role. The user must participate in that role, otherwise permission will be
          denied.
          -- SHOW GRANTS FOR user; where user is the username of the current
          user. This will show grants effective for the user. Attempts to list grants
          effective for other users will be denied.
          - When used by a user who does participate in the SUPERUSER role, it can be
          used in three ways:
          -- SHOW GRANTS; As in the previous section.
          -- SHOW GRANTS FOR role; This will show grants effective for a given
          role. Any role, regardless of whether the current user participates in it,
          can be shown.
          -- SHOW GRANTS FOR user; where user is a valid username. This will
          show grants effective for that user. Any user, regardless of whether it is
          the current user, can be shown
          Thejas M Nair made changes -
          Description list of objects, privileges, and who granted the grantee rights on that object
          a. When used by a user who does not participate in the SUPERUSER role, it can be
          used in three ways
          i. SHOW GRANTS; This will show all grants effective for the current user or
          roles, whichever is currently determining the user’s privileges.
          ii. SHOW GRANTS FOR role; This will show grants effective for a given
          role. The user must participate in that role, otherwise permission will be
          denied.
          iii. SHOW GRANTS FOR user; where user is the username of the current
          user. This will show grants effective for the user. Attempts to list grants
          effective for other users will be denied.
          b. When used by a user who does participate in the SUPERUSER role, it can be
          used in three ways:
          i. SHOW GRANTS; As in the previous section.
          ii. SHOW GRANTS FOR role; This will show grants effective for a given
          role. Any role, regardless of whether the current user participates in it,
          can be shown.
          iii. SHOW GRANTS FOR user; where user is a valid username. This will
          show grants effective for that user. Any user, regardless of whether it is
          the current user, can be shown
          Hide
          Thejas M Nair added a comment -

          As this is not a SQL standard statement, I propose that we make the keyword USER/ROLE compulsory in this statement.

          Show
          Thejas M Nair added a comment - As this is not a SQL standard statement, I propose that we make the keyword USER/ROLE compulsory in this statement.
          Hide
          Thejas M Nair added a comment -

          Comments/questions -
          1. I think we should support an optional keyword - USER/ROLE . In case
          there is both user and role that matches the identifier.
          2. Should the show-grant statement show grants the user/role gets
          through the roles it belongs to ?

          Show
          Thejas M Nair added a comment - Comments/questions - 1. I think we should support an optional keyword - USER/ROLE . In case there is both user and role that matches the identifier. 2. Should the show-grant statement show grants the user/role gets through the roles it belongs to ?
          Thejas M Nair made changes -
          Link This issue is blocked by HIVE-5933 [ HIVE-5933 ]
          Thejas M Nair made changes -
          Field Original Value New Value
          Component/s Authorization [ 12317300 ]
          Thejas M Nair created issue -

            People

            • Assignee:
              Unassigned
              Reporter:
              Thejas M Nair
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Time Tracking

                Estimated:
                Original Estimate - 36h
                36h
                Remaining:
                Remaining Estimate - 36h
                36h
                Logged:
                Time Spent - Not Specified
                Not Specified

                  Development