Index: metastore/src/java/org/apache/hadoop/hive/metastore/ObjectStore.java =================================================================== --- metastore/src/java/org/apache/hadoop/hive/metastore/ObjectStore.java (revision 1058328) +++ metastore/src/java/org/apache/hadoop/hive/metastore/ObjectStore.java (working copy) @@ -426,8 +426,13 @@ MDatabase db = getMDatabase(dbname); pm.retrieve(db); if (db != null) { + List dbGrants = this.listDatabaseGrants(dbname); + if (dbGrants != null && dbGrants.size() > 0) { + pm.deletePersistentAll(dbGrants); + } pm.deletePersistent(db); } + success = commitTransaction(); } finally { if (!success) { @@ -2888,6 +2893,31 @@ return mSecurityColList; } + @SuppressWarnings("unchecked") + private List listDatabaseGrants(String dbName) { + dbName = dbName.toLowerCase().trim(); + + boolean success = false; + List mSecurityDBList = null; + try { + openTransaction(); + LOG.debug("Executing listDatabaseGrants"); + Query query = pm.newQuery(MDBPrivilege.class, + "database.name == t1"); + query.declareParameters("java.lang.String t1"); + mSecurityDBList = (List) query + .executeWithArray(dbName); + LOG.debug("Done executing query for listDatabaseGrants"); + pm.retrieveAll(mSecurityDBList); + success = commitTransaction(); + LOG.debug("Done retrieving all objects for listDatabaseGrants"); + } finally { + if (!success) { + rollbackTransaction(); + } + } + return mSecurityDBList; + } @SuppressWarnings("unchecked") private List listPartitionGrants(String dbName, String tableName, @@ -2917,7 +2947,7 @@ } return mSecurityTabPartList; } - + @SuppressWarnings("unchecked") public List listAllTableGrants( String principalName, PrincipalType principalType, String dbName, Index: ql/src/java/org/apache/hadoop/hive/ql/exec/DDLTask.java =================================================================== --- ql/src/java/org/apache/hadoop/hive/ql/exec/DDLTask.java (revision 1058876) +++ ql/src/java/org/apache/hadoop/hive/ql/exec/DDLTask.java (working copy) @@ -616,20 +616,20 @@ } } else { org.apache.hadoop.hive.metastore.api.Partition partObj = null; - - if ((!tableObj.isPartitioned()) - && privSubjectDesc.getPartSpec() != null) { - throw new HiveException( - "Table is not partitioned, but partition name is present: partSpec=" - + privSubjectDesc.getPartSpec().toString()); - } - - List partValues = null; - if (privSubjectDesc.getPartSpec() != null) { - partObj = db.getPartition(tableObj, privSubjectDesc.getPartSpec(), - false).getTPartition(); - partValues = partObj.getValues(); + if (tableObj != null) { + if ((!tableObj.isPartitioned()) + && privSubjectDesc.getPartSpec() != null) { + throw new HiveException( + "Table is not partitioned, but partition name is present: partSpec=" + + privSubjectDesc.getPartSpec().toString()); + } + + if (privSubjectDesc.getPartSpec() != null) { + partObj = db.getPartition(tableObj, privSubjectDesc.getPartSpec(), + false).getTPartition(); + partValues = partObj.getValues(); + } } for (PrivilegeDesc privDesc : privileges) { Index: ql/src/test/queries/clientpositive/authorization_5.q =================================================================== --- ql/src/test/queries/clientpositive/authorization_5.q (revision 0) +++ ql/src/test/queries/clientpositive/authorization_5.q (revision 0) @@ -0,0 +1,21 @@ +CREATE DATABASE IF NOT EXISTS test_db COMMENT 'Hive test database'; +SHOW DATABASES; + +grant `drop` on DATABASE test_db to user hive_test_user; +grant `select` on DATABASE test_db to user hive_test_user; + +show grant user hive_test_user on DATABASE test_db; + + +create role db_test_role; +grant role db_test_role to user hive_test_user; +show role grant user hive_test_user; + +grant `drop` on DATABASE test_db to role db_test_role; +grant `select` on DATABASE test_db to role db_test_role; + +show grant role db_test_role on DATABASE test_db; + + +DROP DATABASE IF EXISTS test_db; + Index: ql/src/test/results/clientpositive/authorization_5.q.out =================================================================== --- ql/src/test/results/clientpositive/authorization_5.q.out (revision 0) +++ ql/src/test/results/clientpositive/authorization_5.q.out (revision 0) @@ -0,0 +1,80 @@ +PREHOOK: query: CREATE DATABASE IF NOT EXISTS test_db COMMENT 'Hive test database' +PREHOOK: type: CREATEDATABASE +POSTHOOK: query: CREATE DATABASE IF NOT EXISTS test_db COMMENT 'Hive test database' +POSTHOOK: type: CREATEDATABASE +PREHOOK: query: SHOW DATABASES +PREHOOK: type: SHOWDATABASES +POSTHOOK: query: SHOW DATABASES +POSTHOOK: type: SHOWDATABASES +default +test_db +PREHOOK: query: grant `drop` on DATABASE test_db to user hive_test_user +PREHOOK: type: GRANT_PRIVILEGE +POSTHOOK: query: grant `drop` on DATABASE test_db to user hive_test_user +POSTHOOK: type: GRANT_PRIVILEGE +PREHOOK: query: grant `select` on DATABASE test_db to user hive_test_user +PREHOOK: type: GRANT_PRIVILEGE +POSTHOOK: query: grant `select` on DATABASE test_db to user hive_test_user +POSTHOOK: type: GRANT_PRIVILEGE +PREHOOK: query: show grant user hive_test_user on DATABASE test_db +PREHOOK: type: SHOW_GRANT +POSTHOOK: query: show grant user hive_test_user on DATABASE test_db +POSTHOOK: type: SHOW_GRANT + +database test_db +principalName hive_test_user +principalType USER +privilege Drop +grantTime 1295047122 +grantor hive_test_user + +database test_db +principalName hive_test_user +principalType USER +privilege Select +grantTime 1295047123 +grantor hive_test_user +PREHOOK: query: create role db_test_role +PREHOOK: type: CREATEROLE +POSTHOOK: query: create role db_test_role +POSTHOOK: type: CREATEROLE +PREHOOK: query: grant role db_test_role to user hive_test_user +PREHOOK: type: GRANT_ROLE +POSTHOOK: query: grant role db_test_role to user hive_test_user +POSTHOOK: type: GRANT_ROLE +PREHOOK: query: show role grant user hive_test_user +PREHOOK: type: SHOW_ROLE_GRANT +POSTHOOK: query: show role grant user hive_test_user +POSTHOOK: type: SHOW_ROLE_GRANT +role name:db_test_role +role name:db_test_role +PREHOOK: query: grant `drop` on DATABASE test_db to role db_test_role +PREHOOK: type: GRANT_PRIVILEGE +POSTHOOK: query: grant `drop` on DATABASE test_db to role db_test_role +POSTHOOK: type: GRANT_PRIVILEGE +PREHOOK: query: grant `select` on DATABASE test_db to role db_test_role +PREHOOK: type: GRANT_PRIVILEGE +POSTHOOK: query: grant `select` on DATABASE test_db to role db_test_role +POSTHOOK: type: GRANT_PRIVILEGE +PREHOOK: query: show grant role db_test_role on DATABASE test_db +PREHOOK: type: SHOW_GRANT +POSTHOOK: query: show grant role db_test_role on DATABASE test_db +POSTHOOK: type: SHOW_GRANT + +database test_db +principalName db_test_role +principalType ROLE +privilege Drop +grantTime 1295047123 +grantor hive_test_user + +database test_db +principalName db_test_role +principalType ROLE +privilege Select +grantTime 1295047123 +grantor hive_test_user +PREHOOK: query: DROP DATABASE IF EXISTS test_db +PREHOOK: type: DROPDATABASE +POSTHOOK: query: DROP DATABASE IF EXISTS test_db +POSTHOOK: type: DROPDATABASE