Index: common/src/java/org/apache/hadoop/hive/conf/HiveConf.java =================================================================== --- common/src/java/org/apache/hadoop/hive/conf/HiveConf.java (revision 1063819) +++ common/src/java/org/apache/hadoop/hive/conf/HiveConf.java (working copy) @@ -362,12 +362,13 @@ HIVE_AUTHORIZATION_TABLE_USER_GRANTS("hive.security.authorization.createtable.user.grants", null), HIVE_AUTHORIZATION_TABLE_GROUP_GRANTS("hive.security.authorization.createtable.group.grants", null), HIVE_AUTHORIZATION_TABLE_ROLE_GRANTS("hive.security.authorization.createtable.role.grants", null), + HIVE_AUTHORIZATION_TABLE_OWNER_GRANTS("hive.security.authorization.createtable.owner.grants", "All"), // Print column names in output HIVE_CLI_PRINT_HEADER("hive.cli.print.header", false), HIVE_ERROR_ON_EMPTY_PARTITION("hive.error.on.empty.partition", false), - HIVE_INDEX_IGNORE_HDFS_LOC("hive.index.compact.file.ignore.hdfs", false), + HIVE_INDEX_IGNORE_HDFS_LOC("hive.index.compact.file.ignore.hdfs", false), ; Index: conf/hive-default.xml =================================================================== --- conf/hive-default.xml (revision 1063819) +++ conf/hive-default.xml (working copy) @@ -912,6 +912,13 @@ + hive.security.authorization.createtable.owner.grants + All + the privileges automatically granted to the owner whenever a table gets created. + An example like "select,drop" will grant select and drop privilege to the owner of the table + + + hive.error.on.empty.partition false Whether to throw an excpetion if dynamic partition insert generates empty results. Index: ql/src/java/org/apache/hadoop/hive/ql/session/CreateTableAutomaticGrant.java =================================================================== --- ql/src/java/org/apache/hadoop/hive/ql/session/CreateTableAutomaticGrant.java (revision 1063819) +++ ql/src/java/org/apache/hadoop/hive/ql/session/CreateTableAutomaticGrant.java (working copy) @@ -45,17 +45,18 @@ grants.roleGrants = getGrantMap(HiveConf.getVar(conf, HiveConf.ConfVars.HIVE_AUTHORIZATION_TABLE_ROLE_GRANTS)); - List ownerGrantInfoList = new ArrayList(); String grantor = null; if (SessionState.get() != null && SessionState.get().getAuthenticator() != null) { grantor = SessionState.get().getAuthenticator().getUserName(); - ownerGrantInfoList.add(new PrivilegeGrantInfo(Privilege.ALL.getPriv(), -1, grantor, - PrincipalType.USER, true)); - if (grants.userGrants == null) { - grants.userGrants = new HashMap>(); + List ownerGrant = getGrantorInfoList(HiveConf.getVar(conf, + HiveConf.ConfVars.HIVE_AUTHORIZATION_TABLE_OWNER_GRANTS)); + if(ownerGrant != null) { + if (grants.userGrants == null) { + grants.userGrants = new HashMap>(); + } + grants.userGrants.put(grantor, ownerGrant); } - grants.userGrants.put(grantor, ownerGrantInfoList); } return grants; } @@ -75,22 +76,12 @@ } String userList = principalListAndPrivList[0]; String privList = principalListAndPrivList[1]; - checkPrivilege(privList); - - String[] grantArray = privList.split(","); - List grantInfoList = new ArrayList(); - String grantor = null; - if (SessionState.get().getAuthenticator() != null) { - grantor = SessionState.get().getAuthenticator().getUserName(); - } - for (String grant : grantArray) { - grantInfoList.add(new PrivilegeGrantInfo(grant, -1, grantor, - PrincipalType.USER, true)); - } - - String[] users = userList.split(","); - for (String user : users) { - grantsMap.put(user, grantInfoList); + List grantInfoList = getGrantorInfoList(privList); + if(grantInfoList != null) { + String[] users = userList.split(","); + for (String user : users) { + grantsMap.put(user, grantInfoList); + } } } return grantsMap; @@ -98,6 +89,25 @@ return null; } + private static List getGrantorInfoList(String privList) + throws HiveException { + if (privList == null || privList.trim().equals("")) { + return null; + } + checkPrivilege(privList); + String[] grantArray = privList.split(","); + List grantInfoList = new ArrayList(); + String grantor = null; + if (SessionState.get().getAuthenticator() != null) { + grantor = SessionState.get().getAuthenticator().getUserName(); + } + for (String grant : grantArray) { + grantInfoList.add(new PrivilegeGrantInfo(grant, -1, grantor, + PrincipalType.USER, true)); + } + return grantInfoList; + } + private static void checkPrivilege(String ownerGrantsInConfig) throws HiveException { String[] ownerGrantArray = ownerGrantsInConfig.split(",");