Index: common/src/java/org/apache/hadoop/hive/conf/HiveConf.java
===================================================================
--- common/src/java/org/apache/hadoop/hive/conf/HiveConf.java (revision 1063819)
+++ common/src/java/org/apache/hadoop/hive/conf/HiveConf.java (working copy)
@@ -362,12 +362,13 @@
HIVE_AUTHORIZATION_TABLE_USER_GRANTS("hive.security.authorization.createtable.user.grants", null),
HIVE_AUTHORIZATION_TABLE_GROUP_GRANTS("hive.security.authorization.createtable.group.grants", null),
HIVE_AUTHORIZATION_TABLE_ROLE_GRANTS("hive.security.authorization.createtable.role.grants", null),
+ HIVE_AUTHORIZATION_TABLE_OWNER_GRANTS("hive.security.authorization.createtable.owner.grants", "All"),
// Print column names in output
HIVE_CLI_PRINT_HEADER("hive.cli.print.header", false),
HIVE_ERROR_ON_EMPTY_PARTITION("hive.error.on.empty.partition", false),
- HIVE_INDEX_IGNORE_HDFS_LOC("hive.index.compact.file.ignore.hdfs", false),
+ HIVE_INDEX_IGNORE_HDFS_LOC("hive.index.compact.file.ignore.hdfs", false),
;
Index: conf/hive-default.xml
===================================================================
--- conf/hive-default.xml (revision 1063819)
+++ conf/hive-default.xml (working copy)
@@ -912,6 +912,13 @@
+ hive.security.authorization.createtable.owner.grants
+ All
+ the privileges automatically granted to the owner whenever a table gets created.
+ An example like "select,drop" will grant select and drop privilege to the owner of the table
+
+
+
hive.error.on.empty.partition
false
Whether to throw an excpetion if dynamic partition insert generates empty results.
Index: ql/src/java/org/apache/hadoop/hive/ql/session/CreateTableAutomaticGrant.java
===================================================================
--- ql/src/java/org/apache/hadoop/hive/ql/session/CreateTableAutomaticGrant.java (revision 1063819)
+++ ql/src/java/org/apache/hadoop/hive/ql/session/CreateTableAutomaticGrant.java (working copy)
@@ -45,17 +45,18 @@
grants.roleGrants = getGrantMap(HiveConf.getVar(conf,
HiveConf.ConfVars.HIVE_AUTHORIZATION_TABLE_ROLE_GRANTS));
- List ownerGrantInfoList = new ArrayList();
String grantor = null;
if (SessionState.get() != null
&& SessionState.get().getAuthenticator() != null) {
grantor = SessionState.get().getAuthenticator().getUserName();
- ownerGrantInfoList.add(new PrivilegeGrantInfo(Privilege.ALL.getPriv(), -1, grantor,
- PrincipalType.USER, true));
- if (grants.userGrants == null) {
- grants.userGrants = new HashMap>();
+ List ownerGrant = getGrantorInfoList(HiveConf.getVar(conf,
+ HiveConf.ConfVars.HIVE_AUTHORIZATION_TABLE_OWNER_GRANTS));
+ if(ownerGrant != null) {
+ if (grants.userGrants == null) {
+ grants.userGrants = new HashMap>();
+ }
+ grants.userGrants.put(grantor, ownerGrant);
}
- grants.userGrants.put(grantor, ownerGrantInfoList);
}
return grants;
}
@@ -75,22 +76,12 @@
}
String userList = principalListAndPrivList[0];
String privList = principalListAndPrivList[1];
- checkPrivilege(privList);
-
- String[] grantArray = privList.split(",");
- List grantInfoList = new ArrayList();
- String grantor = null;
- if (SessionState.get().getAuthenticator() != null) {
- grantor = SessionState.get().getAuthenticator().getUserName();
- }
- for (String grant : grantArray) {
- grantInfoList.add(new PrivilegeGrantInfo(grant, -1, grantor,
- PrincipalType.USER, true));
- }
-
- String[] users = userList.split(",");
- for (String user : users) {
- grantsMap.put(user, grantInfoList);
+ List grantInfoList = getGrantorInfoList(privList);
+ if(grantInfoList != null) {
+ String[] users = userList.split(",");
+ for (String user : users) {
+ grantsMap.put(user, grantInfoList);
+ }
}
}
return grantsMap;
@@ -98,6 +89,25 @@
return null;
}
+ private static List getGrantorInfoList(String privList)
+ throws HiveException {
+ if (privList == null || privList.trim().equals("")) {
+ return null;
+ }
+ checkPrivilege(privList);
+ String[] grantArray = privList.split(",");
+ List grantInfoList = new ArrayList();
+ String grantor = null;
+ if (SessionState.get().getAuthenticator() != null) {
+ grantor = SessionState.get().getAuthenticator().getUserName();
+ }
+ for (String grant : grantArray) {
+ grantInfoList.add(new PrivilegeGrantInfo(grant, -1, grantor,
+ PrincipalType.USER, true));
+ }
+ return grantInfoList;
+ }
+
private static void checkPrivilege(String ownerGrantsInConfig)
throws HiveException {
String[] ownerGrantArray = ownerGrantsInConfig.split(",");