diff --git a/ql/src/java/org/apache/hadoop/hive/ql/exec/DDLTask.java b/ql/src/java/org/apache/hadoop/hive/ql/exec/DDLTask.java index 8d0b7a8..328c14b 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/exec/DDLTask.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/exec/DDLTask.java @@ -637,7 +637,7 @@ private int grantOrRevokePrivileges(List principals, throw new HiveException("Grant does not support partition level."); } String obj = privSubjectDesc.getObject(); - boolean notFound = true; + if (privSubjectDesc.getTable()) { String[] dbTab = obj.split("\\."); if (dbTab.length == 2) { @@ -648,15 +648,19 @@ private int grantOrRevokePrivileges(List principals, tableName = obj; } dbObj = db.getDatabase(dbName); + if (dbObj == null) { + throwNotFound("Database", dbName); + } tableObj = db.getTable(dbName, tableName); - notFound = (dbObj == null || tableObj == null); + if (tableObj == null) { + throwNotFound("Table", obj); + } } else { dbName = privSubjectDesc.getObject(); dbObj = db.getDatabase(dbName); - notFound = (dbObj == null); - } - if (notFound) { - throw new HiveException(obj + " can not be found"); + if (dbObj == null) { + throwNotFound("Database", dbName); + } } } @@ -753,6 +757,10 @@ private int grantOrRevokePrivileges(List principals, return 0; } + private void throwNotFound(String objType, String objName) throws HiveException { + throw new HiveException(objType + " " + objName + " not found"); + } + private int roleDDL(RoleDDLDesc roleDDLDesc) { RoleDDLDesc.RoleOperation operation = roleDDLDesc.getOperation(); DataOutput outStream = null; diff --git a/ql/src/java/org/apache/hadoop/hive/ql/parse/DDLSemanticAnalyzer.java b/ql/src/java/org/apache/hadoop/hive/ql/parse/DDLSemanticAnalyzer.java index a1b19a6..8bd0927 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/parse/DDLSemanticAnalyzer.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/parse/DDLSemanticAnalyzer.java @@ -456,8 +456,17 @@ public void analyzeInternal(ASTNode ast) throws SemanticException { private void analyzeGrantRevokeRole(boolean grant, ASTNode ast) { List principalDesc = analyzePrincipalListDef( (ASTNode) ast.getChild(0)); + + //check if admin option has been specified + int rolesStartPos = 1; + ASTNode wAdminOption = (ASTNode) ast.getChild(1); + if(wAdminOption.getToken().getType() == HiveParser.TOK_GRANT_WITH_ADMIN_OPTION){ + rolesStartPos = 2; //start reading role names from next postion + //TODO: use the admin option + } + List roles = new ArrayList(); - for (int i = 1; i < ast.getChildCount(); i++) { + for (int i = rolesStartPos; i < ast.getChildCount(); i++) { roles.add(unescapeIdentifier(ast.getChild(i).getText())); } String roleOwnerName = ""; @@ -489,21 +498,26 @@ private void analyzeShowGrant(ASTNode ast) throws SemanticException { } String principalName = unescapeIdentifier(principal.getChild(0).getText()); PrincipalDesc principalDesc = new PrincipalDesc(principalName, type); + List cols = null; if (ast.getChildCount() > 1) { ASTNode child = (ASTNode) ast.getChild(1); if (child.getToken().getType() == HiveParser.TOK_PRIV_OBJECT_COL) { privHiveObj = new PrivilegeObjectDesc(); + //set object name privHiveObj.setObject(unescapeIdentifier(child.getChild(0).getText())); - if (child.getChildCount() > 1) { - for (int i = 1; i < child.getChildCount(); i++) { + //set object type + ASTNode objTypeNode = (ASTNode) child.getChild(1); + privHiveObj.setTable(objTypeNode.getToken().getType() == HiveParser.TOK_TABLE_TYPE); + + //set col and partition spec if specified + if (child.getChildCount() > 2) { + for (int i = 2; i < child.getChildCount(); i++) { ASTNode grandChild = (ASTNode) child.getChild(i); if (grandChild.getToken().getType() == HiveParser.TOK_PARTSPEC) { privHiveObj.setPartSpec(DDLSemanticAnalyzer.getPartSpec(grandChild)); } else if (grandChild.getToken().getType() == HiveParser.TOK_TABCOLNAME) { cols = getColumnNames((ASTNode) grandChild); - } else { - privHiveObj.setTable(child.getChild(i) != null); } } } @@ -574,16 +588,15 @@ private PrivilegeObjectDesc analyzePrivilegeObject(ASTNode ast, HashSet outputs) throws SemanticException { PrivilegeObjectDesc subject = new PrivilegeObjectDesc(); + //set object identifier subject.setObject(unescapeIdentifier(ast.getChild(0).getText())); - if (ast.getChildCount() > 1) { - for (int i = 0; i < ast.getChildCount(); i++) { - ASTNode astChild = (ASTNode) ast.getChild(i); - if (astChild.getToken().getType() == HiveParser.TOK_PARTSPEC) { - subject.setPartSpec(DDLSemanticAnalyzer.getPartSpec(astChild)); - } else { - subject.setTable(ast.getChild(0) != null); - } - } + //set object type + ASTNode objTypeNode = (ASTNode) ast.getChild(1); + subject.setTable(objTypeNode.getToken().getType() == HiveParser.TOK_TABLE_TYPE); + if (ast.getChildCount() == 3) { + //if partition spec node is present, set partition spec + ASTNode partSpecNode = (ASTNode) ast.getChild(2); + subject.setPartSpec(DDLSemanticAnalyzer.getPartSpec(partSpecNode)); } if (subject.getTable()) { diff --git a/ql/src/java/org/apache/hadoop/hive/ql/parse/HiveLexer.g b/ql/src/java/org/apache/hadoop/hive/ql/parse/HiveLexer.g index 9354637..da745d7 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/parse/HiveLexer.g +++ b/ql/src/java/org/apache/hadoop/hive/ql/parse/HiveLexer.g @@ -282,6 +282,7 @@ KW_USER: 'USER'; KW_ROLE: 'ROLE'; KW_INNER: 'INNER'; KW_EXCHANGE: 'EXCHANGE'; +KW_ADMIN: 'ADMIN'; // Operators // NOTE: if you add a new function/operator, add it to sysFuncNames so that describe function _FUNC_ will work. diff --git a/ql/src/java/org/apache/hadoop/hive/ql/parse/HiveParser.g b/ql/src/java/org/apache/hadoop/hive/ql/parse/HiveParser.g index b34f53b..5dff3fe 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/parse/HiveParser.g +++ b/ql/src/java/org/apache/hadoop/hive/ql/parse/HiveParser.g @@ -261,6 +261,7 @@ TOK_USER; TOK_GROUP; TOK_ROLE; TOK_GRANT_WITH_OPTION; +TOK_GRANT_WITH_ADMIN_OPTION; TOK_PRIV_ALL; TOK_PRIV_ALTER_METADATA; TOK_PRIV_ALTER_DATA; @@ -310,6 +311,8 @@ TOK_SUBQUERY_EXPR; TOK_SUBQUERY_OP; TOK_SUBQUERY_OP_NOTIN; TOK_SUBQUERY_OP_NOTEXISTS; +TOK_DB_TYPE; +TOK_TABLE_TYPE; } @@ -1299,8 +1302,8 @@ grantPrivileges : KW_GRANT privList=privilegeList privilegeObject? KW_TO principalSpecification - (KW_WITH withOption)? - -> ^(TOK_GRANT $privList principalSpecification privilegeObject? withOption?) + withGrantOption? + -> ^(TOK_GRANT $privList principalSpecification privilegeObject? withGrantOption?) ; revokePrivileges @@ -1313,15 +1316,15 @@ revokePrivileges grantRole @init {msgs.push("grant role");} @after {msgs.pop();} - : KW_GRANT KW_ROLE identifier (COMMA identifier)* KW_TO principalSpecification - -> ^(TOK_GRANT_ROLE principalSpecification identifier+) + : KW_GRANT KW_ROLE? identifier (COMMA identifier)* KW_TO principalSpecification withAdminOption? + -> ^(TOK_GRANT_ROLE principalSpecification withAdminOption? identifier+) ; revokeRole @init {msgs.push("revoke role");} @after {msgs.pop();} - : KW_REVOKE KW_ROLE identifier (COMMA identifier)* KW_FROM principalSpecification - -> ^(TOK_REVOKE_ROLE principalSpecification identifier+) + : KW_REVOKE KW_ROLE? identifier (COMMA identifier)* KW_FROM principalSpecification withAdminOption? + -> ^(TOK_REVOKE_ROLE principalSpecification withAdminOption? identifier+) ; showRoleGrants @@ -1341,17 +1344,27 @@ showGrants privilegeIncludeColObject @init {msgs.push("privilege object including columns");} @after {msgs.pop();} - : KW_ON (table=KW_TABLE|KW_DATABASE) identifier (LPAREN cols=columnNameList RPAREN)? partitionSpec? - -> ^(TOK_PRIV_OBJECT_COL identifier $table? $cols? partitionSpec?) + : KW_ON privObjectType identifier (LPAREN cols=columnNameList RPAREN)? partitionSpec? + -> ^(TOK_PRIV_OBJECT_COL identifier privObjectType $cols? partitionSpec?) ; privilegeObject @init {msgs.push("privilege subject");} @after {msgs.pop();} - : KW_ON (table=KW_TABLE|KW_DATABASE) identifier partitionSpec? - -> ^(TOK_PRIV_OBJECT identifier $table? partitionSpec?) + : KW_ON privObjectType identifier partitionSpec? + -> ^(TOK_PRIV_OBJECT identifier privObjectType partitionSpec?) ; + +// database or table type. Type is optional, default type is table +privObjectType +@init {msgs.push("privilege object type type");} +@after {msgs.pop();} + : KW_DATABASE -> ^(TOK_DB_TYPE) + | KW_TABLE? -> ^(TOK_TABLE_TYPE) + ; + + privilegeList @init {msgs.push("grant privilege list");} @after {msgs.pop();} @@ -1394,13 +1407,20 @@ principalName | KW_ROLE identifier -> ^(TOK_ROLE identifier) ; -withOption -@init {msgs.push("grant with option");} +withGrantOption +@init {msgs.push("with grant option");} @after {msgs.pop();} - : KW_GRANT KW_OPTION + : KW_WITH KW_GRANT KW_OPTION -> ^(TOK_GRANT_WITH_OPTION) ; +withAdminOption +@init {msgs.push("with admin option");} +@after {msgs.pop();} + : KW_WITH KW_ADMIN KW_OPTION + -> ^(TOK_GRANT_WITH_ADMIN_OPTION) + ; + metastoreCheck @init { msgs.push("metastore check statement"); } @after { msgs.pop(); } diff --git a/ql/src/java/org/apache/hadoop/hive/ql/parse/IdentifiersParser.g b/ql/src/java/org/apache/hadoop/hive/ql/parse/IdentifiersParser.g index 39d53d3..9b6fc3b 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/parse/IdentifiersParser.g +++ b/ql/src/java/org/apache/hadoop/hive/ql/parse/IdentifiersParser.g @@ -532,8 +532,8 @@ identifier Identifier | nonReserved -> Identifier[$nonReserved.text] ; - + nonReserved : - KW_TRUE | KW_FALSE | KW_LIKE | KW_EXISTS | KW_ASC | KW_DESC | KW_ORDER | KW_GROUP | KW_BY | KW_AS | KW_INSERT | KW_OVERWRITE | KW_OUTER | KW_LEFT | KW_RIGHT | KW_FULL | KW_PARTITION | KW_PARTITIONS | KW_TABLE | KW_TABLES | KW_COLUMNS | KW_INDEX | KW_INDEXES | KW_REBUILD | KW_FUNCTIONS | KW_SHOW | KW_MSCK | KW_REPAIR | KW_DIRECTORY | KW_LOCAL | KW_USING | KW_CLUSTER | KW_DISTRIBUTE | KW_SORT | KW_UNION | KW_LOAD | KW_EXPORT | KW_IMPORT | KW_DATA | KW_INPATH | KW_IS | KW_NULL | KW_CREATE | KW_EXTERNAL | KW_ALTER | KW_CHANGE | KW_FIRST | KW_AFTER | KW_DESCRIBE | KW_DROP | KW_RENAME | KW_IGNORE | KW_PROTECTION | KW_TO | KW_COMMENT | KW_BOOLEAN | KW_TINYINT | KW_SMALLINT | KW_INT | KW_BIGINT | KW_FLOAT | KW_DOUBLE | KW_DATE | KW_DATETIME | KW_TIMESTAMP | KW_DECIMAL | KW_STRING | KW_ARRAY | KW_STRUCT | KW_UNIONTYPE | KW_PARTITIONED | KW_CLUSTERED | KW_SORTED | KW_INTO | KW_BUCKETS | KW_ROW | KW_ROWS | KW_FORMAT | KW_DELIMITED | KW_FIELDS | KW_TERMINATED | KW_ESCAPED | KW_COLLECTION | KW_ITEMS | KW_KEYS | KW_KEY_TYPE | KW_LINES | KW_STORED | KW_FILEFORMAT | KW_SEQUENCEFILE | KW_TEXTFILE | KW_RCFILE | KW_ORCFILE | KW_INPUTFORMAT | KW_OUTPUTFORMAT | KW_INPUTDRIVER | KW_OUTPUTDRIVER | KW_OFFLINE | KW_ENABLE | KW_DISABLE | KW_READONLY | KW_NO_DROP | KW_LOCATION | KW_BUCKET | KW_OUT | KW_OF | KW_PERCENT | KW_ADD | KW_REPLACE | KW_RLIKE | KW_REGEXP | KW_TEMPORARY | KW_EXPLAIN | KW_FORMATTED | KW_PRETTY | KW_DEPENDENCY | KW_LOGICAL | KW_SERDE | KW_WITH | KW_DEFERRED | KW_SERDEPROPERTIES | KW_DBPROPERTIES | KW_LIMIT | KW_SET | KW_UNSET | KW_TBLPROPERTIES | KW_IDXPROPERTIES | KW_VALUE_TYPE | KW_ELEM_TYPE | KW_MAPJOIN | KW_STREAMTABLE | KW_HOLD_DDLTIME | KW_CLUSTERSTATUS | KW_UTC | KW_UTCTIMESTAMP | KW_LONG | KW_DELETE | KW_PLUS | KW_MINUS | KW_FETCH | KW_INTERSECT | KW_VIEW | KW_IN | KW_DATABASES | KW_MATERIALIZED | KW_SCHEMA | KW_SCHEMAS | KW_GRANT | KW_REVOKE | KW_SSL | KW_UNDO | KW_LOCK | KW_LOCKS | KW_UNLOCK | KW_SHARED | KW_EXCLUSIVE | KW_PROCEDURE | KW_UNSIGNED | KW_WHILE | KW_READ | KW_READS | KW_PURGE | KW_RANGE | KW_ANALYZE | KW_BEFORE | KW_BETWEEN | KW_BOTH | KW_BINARY | KW_CONTINUE | KW_CURSOR | KW_TRIGGER | KW_RECORDREADER | KW_RECORDWRITER | KW_SEMI | KW_LATERAL | KW_TOUCH | KW_ARCHIVE | KW_UNARCHIVE | KW_COMPUTE | KW_STATISTICS | KW_USE | KW_OPTION | KW_CONCATENATE | KW_SHOW_DATABASE | KW_UPDATE | KW_RESTRICT | KW_CASCADE | KW_SKEWED | KW_ROLLUP | KW_CUBE | KW_DIRECTORIES | KW_FOR | KW_GROUPING | KW_SETS | KW_TRUNCATE | KW_NOSCAN | KW_USER | KW_ROLE | KW_INNER | KW_DEFINED + KW_TRUE | KW_FALSE | KW_LIKE | KW_EXISTS | KW_ASC | KW_DESC | KW_ORDER | KW_GROUP | KW_BY | KW_AS | KW_INSERT | KW_OVERWRITE | KW_OUTER | KW_LEFT | KW_RIGHT | KW_FULL | KW_PARTITION | KW_PARTITIONS | KW_TABLE | KW_TABLES | KW_COLUMNS | KW_INDEX | KW_INDEXES | KW_REBUILD | KW_FUNCTIONS | KW_SHOW | KW_MSCK | KW_REPAIR | KW_DIRECTORY | KW_LOCAL | KW_USING | KW_CLUSTER | KW_DISTRIBUTE | KW_SORT | KW_UNION | KW_LOAD | KW_EXPORT | KW_IMPORT | KW_DATA | KW_INPATH | KW_IS | KW_NULL | KW_CREATE | KW_EXTERNAL | KW_ALTER | KW_CHANGE | KW_FIRST | KW_AFTER | KW_DESCRIBE | KW_DROP | KW_RENAME | KW_IGNORE | KW_PROTECTION | KW_TO | KW_COMMENT | KW_BOOLEAN | KW_TINYINT | KW_SMALLINT | KW_INT | KW_BIGINT | KW_FLOAT | KW_DOUBLE | KW_DATE | KW_DATETIME | KW_TIMESTAMP | KW_DECIMAL | KW_STRING | KW_ARRAY | KW_STRUCT | KW_UNIONTYPE | KW_PARTITIONED | KW_CLUSTERED | KW_SORTED | KW_INTO | KW_BUCKETS | KW_ROW | KW_ROWS | KW_FORMAT | KW_DELIMITED | KW_FIELDS | KW_TERMINATED | KW_ESCAPED | KW_COLLECTION | KW_ITEMS | KW_KEYS | KW_KEY_TYPE | KW_LINES | KW_STORED | KW_FILEFORMAT | KW_SEQUENCEFILE | KW_TEXTFILE | KW_RCFILE | KW_ORCFILE | KW_INPUTFORMAT | KW_OUTPUTFORMAT | KW_INPUTDRIVER | KW_OUTPUTDRIVER | KW_OFFLINE | KW_ENABLE | KW_DISABLE | KW_READONLY | KW_NO_DROP | KW_LOCATION | KW_BUCKET | KW_OUT | KW_OF | KW_PERCENT | KW_ADD | KW_REPLACE | KW_RLIKE | KW_REGEXP | KW_TEMPORARY | KW_EXPLAIN | KW_FORMATTED | KW_PRETTY | KW_DEPENDENCY | KW_LOGICAL | KW_SERDE | KW_WITH | KW_DEFERRED | KW_SERDEPROPERTIES | KW_DBPROPERTIES | KW_LIMIT | KW_SET | KW_UNSET | KW_TBLPROPERTIES | KW_IDXPROPERTIES | KW_VALUE_TYPE | KW_ELEM_TYPE | KW_MAPJOIN | KW_STREAMTABLE | KW_HOLD_DDLTIME | KW_CLUSTERSTATUS | KW_UTC | KW_UTCTIMESTAMP | KW_LONG | KW_DELETE | KW_PLUS | KW_MINUS | KW_FETCH | KW_INTERSECT | KW_VIEW | KW_IN | KW_DATABASES | KW_MATERIALIZED | KW_SCHEMA | KW_SCHEMAS | KW_GRANT | KW_REVOKE | KW_SSL | KW_UNDO | KW_LOCK | KW_LOCKS | KW_UNLOCK | KW_SHARED | KW_EXCLUSIVE | KW_PROCEDURE | KW_UNSIGNED | KW_WHILE | KW_READ | KW_READS | KW_PURGE | KW_RANGE | KW_ANALYZE | KW_BEFORE | KW_BETWEEN | KW_BOTH | KW_BINARY | KW_CONTINUE | KW_CURSOR | KW_TRIGGER | KW_RECORDREADER | KW_RECORDWRITER | KW_SEMI | KW_LATERAL | KW_TOUCH | KW_ARCHIVE | KW_UNARCHIVE | KW_COMPUTE | KW_STATISTICS | KW_USE | KW_OPTION | KW_CONCATENATE | KW_SHOW_DATABASE | KW_UPDATE | KW_RESTRICT | KW_CASCADE | KW_SKEWED | KW_ROLLUP | KW_CUBE | KW_DIRECTORIES | KW_FOR | KW_GROUPING | KW_SETS | KW_TRUNCATE | KW_NOSCAN | KW_USER | KW_ROLE | KW_INNER | KW_DEFINED | KW_ADMIN ; diff --git a/ql/src/java/org/apache/hadoop/hive/ql/plan/PrivilegeObjectDesc.java b/ql/src/java/org/apache/hadoop/hive/ql/plan/PrivilegeObjectDesc.java index f0acb16..9417220 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/plan/PrivilegeObjectDesc.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/plan/PrivilegeObjectDesc.java @@ -23,7 +23,8 @@ @Explain(displayName="privilege subject") public class PrivilegeObjectDesc { - private boolean table; + //default type is table + private boolean table = true; private String object; diff --git a/ql/src/test/queries/clientpositive/authorization_2.q b/ql/src/test/queries/clientpositive/authorization_2.q index 4fc79b9..3353c53 100644 --- a/ql/src/test/queries/clientpositive/authorization_2.q +++ b/ql/src/test/queries/clientpositive/authorization_2.q @@ -6,7 +6,7 @@ ALTER TABLE authorization_part SET TBLPROPERTIES ("PARTITION_LEVEL_PRIVILEGE"="T set hive.security.authorization.enabled=true; -- column grant to user -grant Create on table authorization_part to user hive_test_user; +grant Create on authorization_part to user hive_test_user; grant Update on table authorization_part to user hive_test_user; grant Drop on table authorization_part to user hive_test_user; grant select on table src_auth_tmp to user hive_test_user; diff --git a/ql/src/test/queries/clientpositive/authorization_role_grant1.q b/ql/src/test/queries/clientpositive/authorization_role_grant1.q new file mode 100644 index 0000000..1a375a5 --- /dev/null +++ b/ql/src/test/queries/clientpositive/authorization_role_grant1.q @@ -0,0 +1,20 @@ +-- role granting without role keyword +create role src_role2; +grant src_role2 to user user2 ; +show role grant user user2; + +-- revoke role without role keyword +revoke src_role2 from user user2; +show role grant user user2; + +---------------------------------------- +-- role granting without role keyword, with admin option (syntax check) +---------------------------------------- + +create role src_role_wadmin; +grant src_role_wadmin to user user2 with admin option; +show role grant user user2; + +-- revoke role without role keyword +revoke src_role_wadmin from user user2 with admin option; +show role grant user user2; diff --git a/ql/src/test/results/clientpositive/authorization_2.q.out b/ql/src/test/results/clientpositive/authorization_2.q.out index 460240b..ec122bb 100644 --- a/ql/src/test/results/clientpositive/authorization_2.q.out +++ b/ql/src/test/results/clientpositive/authorization_2.q.out @@ -23,11 +23,11 @@ POSTHOOK: type: ALTERTABLE_PROPERTIES POSTHOOK: Input: default@authorization_part POSTHOOK: Output: default@authorization_part PREHOOK: query: -- column grant to user -grant Create on table authorization_part to user hive_test_user +grant Create on authorization_part to user hive_test_user PREHOOK: type: GRANT_PRIVILEGE PREHOOK: Output: default@authorization_part POSTHOOK: query: -- column grant to user -grant Create on table authorization_part to user hive_test_user +grant Create on authorization_part to user hive_test_user POSTHOOK: type: GRANT_PRIVILEGE POSTHOOK: Output: default@authorization_part PREHOOK: query: grant Update on table authorization_part to user hive_test_user diff --git a/ql/src/test/results/clientpositive/authorization_role_grant1.q.out b/ql/src/test/results/clientpositive/authorization_role_grant1.q.out new file mode 100644 index 0000000..179b4f2 --- /dev/null +++ b/ql/src/test/results/clientpositive/authorization_role_grant1.q.out @@ -0,0 +1,56 @@ +PREHOOK: query: -- role granting without role keyword +create role src_role2 +PREHOOK: type: CREATEROLE +POSTHOOK: query: -- role granting without role keyword +create role src_role2 +POSTHOOK: type: CREATEROLE +PREHOOK: query: grant src_role2 to user user2 +PREHOOK: type: GRANT_ROLE +POSTHOOK: query: grant src_role2 to user user2 +POSTHOOK: type: GRANT_ROLE +PREHOOK: query: show role grant user user2 +PREHOOK: type: SHOW_ROLE_GRANT +POSTHOOK: query: show role grant user user2 +POSTHOOK: type: SHOW_ROLE_GRANT +role name:src_role2 +PREHOOK: query: -- revoke role without role keyword +revoke src_role2 from user user2 +PREHOOK: type: REVOKE_ROLE +POSTHOOK: query: -- revoke role without role keyword +revoke src_role2 from user user2 +POSTHOOK: type: REVOKE_ROLE +PREHOOK: query: show role grant user user2 +PREHOOK: type: SHOW_ROLE_GRANT +POSTHOOK: query: show role grant user user2 +POSTHOOK: type: SHOW_ROLE_GRANT +PREHOOK: query: ---------------------------------------- +-- role granting without role keyword, with admin option (syntax check) +---------------------------------------- + +create role src_role_wadmin +PREHOOK: type: CREATEROLE +POSTHOOK: query: ---------------------------------------- +-- role granting without role keyword, with admin option (syntax check) +---------------------------------------- + +create role src_role_wadmin +POSTHOOK: type: CREATEROLE +PREHOOK: query: grant src_role_wadmin to user user2 with admin option +PREHOOK: type: GRANT_ROLE +POSTHOOK: query: grant src_role_wadmin to user user2 with admin option +POSTHOOK: type: GRANT_ROLE +PREHOOK: query: show role grant user user2 +PREHOOK: type: SHOW_ROLE_GRANT +POSTHOOK: query: show role grant user user2 +POSTHOOK: type: SHOW_ROLE_GRANT +role name:src_role_wadmin +PREHOOK: query: -- revoke role without role keyword +revoke src_role_wadmin from user user2 with admin option +PREHOOK: type: REVOKE_ROLE +POSTHOOK: query: -- revoke role without role keyword +revoke src_role_wadmin from user user2 with admin option +POSTHOOK: type: REVOKE_ROLE +PREHOOK: query: show role grant user user2 +PREHOOK: type: SHOW_ROLE_GRANT +POSTHOOK: query: show role grant user user2 +POSTHOOK: type: SHOW_ROLE_GRANT