diff --git itests/hive-unit/src/test/java/org/apache/hadoop/hive/jdbc/TestJdbcDriver.java itests/hive-unit/src/test/java/org/apache/hadoop/hive/jdbc/TestJdbcDriver.java index 6fcdd29..11db3fd 100644 --- itests/hive-unit/src/test/java/org/apache/hadoop/hive/jdbc/TestJdbcDriver.java +++ itests/hive-unit/src/test/java/org/apache/hadoop/hive/jdbc/TestJdbcDriver.java @@ -1178,7 +1178,8 @@ public void testShowRoleGrant() throws SQLException { ResultSet res = stmt.getResultSet(); assertTrue(res.next()); assertEquals("role1", res.getString(1)); - assertFalse(res.next()); + assertTrue(res.next()); + assertEquals("PUBLIC", res.getString(1)); res.close(); } } diff --git itests/util/src/main/java/org/apache/hadoop/hive/ql/QTestUtil.java itests/util/src/main/java/org/apache/hadoop/hive/ql/QTestUtil.java index 9ad5986..9b2e219 100644 --- itests/util/src/main/java/org/apache/hadoop/hive/ql/QTestUtil.java +++ itests/util/src/main/java/org/apache/hadoop/hive/ql/QTestUtil.java @@ -589,7 +589,9 @@ public void clearTestSideEffects() throws Exception { List roleNames = db.getAllRoleNames(); for (String roleName : roleNames) { - db.dropRole(roleName); + if (!"PUBLIC".equals(roleName)) { + db.dropRole(roleName); + } } // allocate and initialize a new conf since a test can // modify conf by using 'set' commands diff --git metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java index 2d8e483..ddc6aed 100644 --- metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java +++ metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java @@ -171,6 +171,7 @@ */ private static final int DEFAULT_HIVE_METASTORE_PORT = 9083; public static final String ADMIN = "ADMIN"; + public static final String PUBLIC = "PUBLIC"; private static HadoopThriftAuthBridge.Server saslServer; private static boolean useSasl; @@ -196,7 +197,7 @@ public TTransport getTransport(TTransport trans) { IHMSHandler { public static final Log LOG = HiveMetaStore.LOG; private static boolean createDefaultDB = false; - private static boolean adminCreated = false; + private static boolean defaultRolesCreated = false; private String rawStoreClassName; private final HiveConf hiveConf; // stores datastore (jpox) properties, // right now they come from jpox.properties @@ -351,7 +352,7 @@ private boolean init() throws MetaException { synchronized (HMSHandler.class) { createDefaultDB(); - createAdminRoleNAddUsers(); + createDefaultRolesNAddUsers(); } if (hiveConf.getBoolean("hive.metastore.metrics.enabled", false)) { @@ -394,6 +395,7 @@ private String addPrefix(String s) { return threadLocalId.get() + ": " + s; } + @Override public void setConf(Configuration conf) { threadLocalConf.set(conf); RawStore ms = threadLocalMS.get(); @@ -474,10 +476,10 @@ private void createDefaultDB() throws MetaException { } } - private void createAdminRoleNAddUsers() throws MetaException { + private void createDefaultRolesNAddUsers() throws MetaException { - if(adminCreated) { - LOG.debug("Admin role already created previously."); + if(defaultRolesCreated) { + LOG.debug("Admin role already created previously."); return; } Class authCls; @@ -498,12 +500,21 @@ private void createAdminRoleNAddUsers() throws MetaException { try { ms.addRole(ADMIN, ADMIN); } catch (InvalidObjectException e) { - LOG.debug("admin role already exists",e); + LOG.debug(ADMIN +" role already exists",e); } catch (NoSuchObjectException e) { // This should never be thrown. - LOG.warn("Unexpected exception while adding ADMIN role" , e); + LOG.warn("Unexpected exception while adding " +ADMIN+" roles" , e); } - LOG.info("Added admin role in metastore"); + LOG.info("Added "+ ADMIN+ " role in metastore"); + try { + ms.addRole(PUBLIC, PUBLIC); + } catch (InvalidObjectException e) { + LOG.debug(PUBLIC + " role already exists",e); + } catch (NoSuchObjectException e) { + // This should never be thrown. + LOG.warn("Unexpected exception while adding "+PUBLIC +" roles" , e); + } + LOG.info("Added "+PUBLIC+ " role in metastore"); // now grant all privs to admin PrivilegeBag privs = new PrivilegeBag(); privs.addToPrivileges(new HiveObjectPrivilege( new HiveObjectRef(HiveObjectType.GLOBAL, null, @@ -553,7 +564,7 @@ private void createAdminRoleNAddUsers() throws MetaException { LOG.debug(userName + " already in admin role", e); } } - adminCreated = true; + defaultRolesCreated = true; } private void logInfo(String m) { @@ -690,6 +701,7 @@ private void create_database_core(RawStore ms, final Database db) } } + @Override public void create_database(final Database db) throws AlreadyExistsException, InvalidObjectException, MetaException { startFunction("create_database", ": " + db.toString()); @@ -722,6 +734,7 @@ public void create_database(final Database db) } } + @Override public Database get_database(final String name) throws NoSuchObjectException, MetaException { startFunction("get_database", ": " + name); @@ -745,6 +758,7 @@ public Database get_database(final String name) throws NoSuchObjectException, return db; } + @Override public void alter_database(final String dbName, final Database db) throws NoSuchObjectException, TException, MetaException { startFunction("alter_database" + dbName); @@ -881,6 +895,7 @@ private boolean isSubdirectory(Path parent, Path other) { parent.toString() : parent.toString() + Path.SEPARATOR); } + @Override public void drop_database(final String dbName, final boolean deleteData, final boolean cascade) throws NoSuchObjectException, InvalidOperationException, MetaException { @@ -914,6 +929,7 @@ public void drop_database(final String dbName, final boolean deleteData, final b } } + @Override public List get_databases(final String pattern) throws MetaException { startFunction("get_databases", ": " + pattern); @@ -934,6 +950,7 @@ public void drop_database(final String dbName, final boolean deleteData, final b return ret; } + @Override public List get_all_databases() throws MetaException { startFunction("get_all_databases"); @@ -975,6 +992,7 @@ private void create_type_core(final RawStore ms, final Type type) } } + @Override public boolean create_type(final Type type) throws AlreadyExistsException, MetaException, InvalidObjectException { startFunction("create_type", ": " + type.toString()); @@ -1001,6 +1019,7 @@ public boolean create_type(final Type type) throws AlreadyExistsException, return success; } + @Override public Type get_type(final String name) throws MetaException, NoSuchObjectException { startFunction("get_type", ": " + name); @@ -1051,6 +1070,7 @@ private void drop_type_core(final RawStore ms, String typeName) } } + @Override public boolean drop_type(final String name) throws MetaException, NoSuchObjectException { startFunction("drop_type", ": " + name); @@ -1074,6 +1094,7 @@ public boolean drop_type(final String name) throws MetaException, NoSuchObjectEx return success; } + @Override public Map get_type_all(String name) throws MetaException { // TODO Auto-generated method stub startFunction("get_type_all", ": " + name); @@ -1458,6 +1479,7 @@ private boolean isIndexTable(Table table) { return MetaStoreUtils.isIndexTable(table); } + @Override public Table get_table(final String dbname, final String name) throws MetaException, NoSuchObjectException { Table t = null; @@ -1500,6 +1522,7 @@ public Table get_table(final String dbname, final String name) throws MetaExcept * @throws InvalidOperationException * @throws UnknownDBException */ + @Override public List get_table_objects_by_name(final String dbname, final List names) throws MetaException, InvalidOperationException, UnknownDBException { List
tables = null; @@ -1829,6 +1852,7 @@ public AddPartitionsResult add_partitions_req(AddPartitionsRequest request) return result; } + @Override public int add_partitions(final List parts) throws MetaException, InvalidObjectException, AlreadyExistsException { startFunction("add_partition"); @@ -2212,6 +2236,7 @@ public boolean drop_partition_with_environment_context(final String db_name, } + @Override public Partition get_partition(final String db_name, final String tbl_name, final List part_vals) throws MetaException, NoSuchObjectException { startPartitionFunction("get_partition", db_name, tbl_name, part_vals); @@ -2260,6 +2285,7 @@ public Partition get_partition_with_auth(final String db_name, return ret; } + @Override public List get_partitions(final String db_name, final String tbl_name, final short max_parts) throws NoSuchObjectException, MetaException { startTableFunction("get_partitions", db_name, tbl_name); @@ -2309,6 +2335,7 @@ public Partition get_partition_with_auth(final String db_name, } + @Override public List get_partition_names(final String db_name, final String tbl_name, final short max_parts) throws MetaException { startTableFunction("get_partition_names", db_name, tbl_name); @@ -2485,6 +2512,7 @@ public boolean create_index(Index index_def) throw new MetaException("Not yet implemented"); } + @Override public void alter_index(final String dbname, final String base_table_name, final String index_name, final Index newIndex) throws InvalidOperationException, MetaException { @@ -2516,6 +2544,7 @@ public void alter_index(final String dbname, final String base_table_name, return; } + @Override public String getVersion() throws TException { endFunction(startFunction("getVersion"), true, null); return "3.0"; @@ -2575,6 +2604,7 @@ public void alter_table_with_environment_context(final String dbname, } } + @Override public List get_tables(final String dbname, final String pattern) throws MetaException { startFunction("get_tables", ": db=" + dbname + " pat=" + pattern); @@ -2596,6 +2626,7 @@ public void alter_table_with_environment_context(final String dbname, return ret; } + @Override public List get_all_tables(final String dbname) throws MetaException { startFunction("get_all_tables", ": db=" + dbname); @@ -2616,6 +2647,7 @@ public void alter_table_with_environment_context(final String dbname, return ret; } + @Override public List get_fields(String db, String tableName) throws MetaException, UnknownTableException, UnknownDBException { startFunction("get_fields", ": db=" + db + "tbl=" + tableName); @@ -2675,6 +2707,7 @@ public void alter_table_with_environment_context(final String dbname, * @throws UnknownTableException * @throws UnknownDBException */ + @Override public List get_schema(String db, String tableName) throws MetaException, UnknownTableException, UnknownDBException { startFunction("get_schema", ": db=" + db + "tbl=" + tableName); @@ -2721,6 +2754,7 @@ public void alter_table_with_environment_context(final String dbname, } } + @Override public String getCpuProfile(int profileDurationInSec) throws TException { return ""; } @@ -2731,6 +2765,7 @@ public String getCpuProfile(int profileDurationInSec) throws TException { * were an exception thrown while retrieving the variable, or if name is * null, defaultValue is returned. */ + @Override public String get_config_value(String name, String defaultValue) throws TException, ConfigValSecurityException { startFunction("get_config_value", ": name=" + name + " defaultValue=" @@ -2818,6 +2853,7 @@ private Partition get_partition_by_name_core(final RawStore ms, final String db_ return p; } + @Override public Partition get_partition_by_name(final String db_name, final String tbl_name, final String part_name) throws MetaException, NoSuchObjectException, TException { @@ -3272,6 +3308,7 @@ private String lowerCaseConvertPartName(String partName) throws MetaException { return convertedPartName; } + @Override public ColumnStatistics get_table_column_statistics(String dbName, String tableName, String colName) throws NoSuchObjectException, MetaException, TException, InvalidInputException, InvalidObjectException @@ -3292,6 +3329,7 @@ public ColumnStatistics get_table_column_statistics(String dbName, String tableN } } + @Override public TableStatsResult get_table_statistics_req(TableStatsRequest request) throws MetaException, NoSuchObjectException, TException { String dbName = request.getDbName(), tblName = request.getTblName(); @@ -3308,6 +3346,7 @@ public TableStatsResult get_table_statistics_req(TableStatsRequest request) return result; } + @Override public ColumnStatistics get_partition_column_statistics(String dbName, String tableName, String partName, String colName) throws NoSuchObjectException, MetaException, InvalidInputException, TException, InvalidObjectException { @@ -3333,6 +3372,7 @@ public ColumnStatistics get_partition_column_statistics(String dbName, String ta return statsObj; } + @Override public PartitionsStatsResult get_partitions_statistics_req(PartitionsStatsRequest request) throws MetaException, NoSuchObjectException, TException { String dbName = request.getDbName(), tblName = request.getTblName(); @@ -3354,6 +3394,7 @@ public PartitionsStatsResult get_partitions_statistics_req(PartitionsStatsReques return result; } + @Override public boolean update_table_column_statistics(ColumnStatistics colStats) throws NoSuchObjectException,InvalidObjectException,MetaException,TException, InvalidInputException @@ -3392,6 +3433,7 @@ public boolean update_table_column_statistics(ColumnStatistics colStats) } } + @Override public boolean update_partition_column_statistics(ColumnStatistics colStats) throws NoSuchObjectException,InvalidObjectException,MetaException,TException, InvalidInputException @@ -3438,6 +3480,7 @@ public boolean update_partition_column_statistics(ColumnStatistics colStats) } } + @Override public boolean delete_partition_column_statistics(String dbName, String tableName, String partName, String colName) throws NoSuchObjectException, MetaException, InvalidObjectException, TException, InvalidInputException @@ -3462,6 +3505,7 @@ public boolean delete_partition_column_statistics(String dbName, String tableNam return ret; } + @Override public boolean delete_table_column_statistics(String dbName, String tableName, String colName) throws NoSuchObjectException, MetaException, InvalidObjectException, TException, InvalidInputException @@ -3674,7 +3718,10 @@ public boolean grant_role(final String roleName, final String grantor, final PrincipalType grantorType, final boolean grantOption) throws MetaException, TException { incrementCounter("add_role_member"); - + if (PUBLIC.equals(roleName)) { + throw new MetaException("No user can be added to " + PUBLIC +". Since all users implictly" + + " belong to " + PUBLIC + " role."); + } Boolean ret = null; try { RawStore ms = getMS(); @@ -3719,14 +3766,13 @@ private boolean isNewRoleAParent(String newRole, String curRole) throws MetaExce return false; } + @Override public List list_roles(final String principalName, final PrincipalType principalType) throws MetaException, TException { incrementCounter("list_roles"); - List ret = null; + List result = new ArrayList(); try { - - List result = new ArrayList(); List roleMap = getMS().listRoles(principalName, principalType); if (roleMap != null) { for (MRoleMap role : roleMap) { @@ -3735,14 +3781,14 @@ private boolean isNewRoleAParent(String newRole, String curRole) throws MetaExce .getCreateTime(), r.getOwnerName())); } } - ret = result; + // all users by default belongs to public role + result.add(new Role(PUBLIC,0,PUBLIC)); + return result; } catch (MetaException e) { throw e; } catch (Exception e) { throw new RuntimeException(e); } - - return ret; } @Override @@ -3750,6 +3796,9 @@ public boolean create_role(final Role role) throws MetaException, TException { incrementCounter("create_role"); + if (PUBLIC.equals(role.getRoleName())) { + throw new MetaException(PUBLIC + " role implictly exists. It can't be created."); + } Boolean ret = null; try { ret = getMS().addRole(role.getRoleName(), role.getOwnerName()); @@ -3765,7 +3814,9 @@ public boolean create_role(final Role role) public boolean drop_role(final String roleName) throws MetaException, TException { incrementCounter("drop_role"); - + if (ADMIN.equals(roleName) || PUBLIC.equals(roleName)) { + throw new MetaException(PUBLIC + "/" + ADMIN +" role can't be dropped."); + } Boolean ret = null; try { ret = getMS().removeRole(roleName); @@ -3784,19 +3835,18 @@ public boolean drop_role(final String roleName) List ret = null; try { ret = getMS().listRoleNames(); + return ret; } catch (MetaException e) { throw e; } catch (Exception e) { throw new RuntimeException(e); } - return ret; } @Override public boolean grant_privileges(final PrivilegeBag privileges) throws MetaException, TException { incrementCounter("grant_privileges"); - Boolean ret = null; try { ret = getMS().grantPrivileges(privileges); @@ -3813,6 +3863,9 @@ public boolean revoke_role(final String roleName, final String userName, final PrincipalType principalType) throws MetaException, TException { incrementCounter("remove_role_member"); + if (PUBLIC.equals(roleName)) { + throw new MetaException(PUBLIC + " role can't be revoked."); + } Boolean ret = null; try { RawStore ms = getMS(); @@ -3830,7 +3883,6 @@ public boolean revoke_role(final String roleName, final String userName, public boolean revoke_privileges(final PrivilegeBag privileges) throws MetaException, TException { incrementCounter("revoke_privileges"); - Boolean ret = null; try { ret = getMS().revokePrivileges(privileges); diff --git ql/src/test/queries/clientnegative/authorization_public_create.q ql/src/test/queries/clientnegative/authorization_public_create.q new file mode 100644 index 0000000..002389f --- /dev/null +++ ql/src/test/queries/clientnegative/authorization_public_create.q @@ -0,0 +1 @@ +create role PUBLIC; diff --git ql/src/test/queries/clientnegative/authorization_public_drop.q ql/src/test/queries/clientnegative/authorization_public_drop.q new file mode 100644 index 0000000..69c5a8d --- /dev/null +++ ql/src/test/queries/clientnegative/authorization_public_drop.q @@ -0,0 +1 @@ +drop role PUBLIC; diff --git ql/src/test/queries/clientnegative/authorize_grant_public.q ql/src/test/queries/clientnegative/authorize_grant_public.q new file mode 100644 index 0000000..bfd3165 --- /dev/null +++ ql/src/test/queries/clientnegative/authorize_grant_public.q @@ -0,0 +1 @@ +grant role PUBLIC to user hive_test_user; diff --git ql/src/test/queries/clientnegative/authorize_revoke_public.q ql/src/test/queries/clientnegative/authorize_revoke_public.q new file mode 100644 index 0000000..2b29822 --- /dev/null +++ ql/src/test/queries/clientnegative/authorize_revoke_public.q @@ -0,0 +1 @@ +revoke role PUBLIC from user hive_test_user; diff --git ql/src/test/results/clientnegative/authorization_fail_7.q.out ql/src/test/results/clientnegative/authorization_fail_7.q.out index 7bfb6e6..1f72cff 100644 --- ql/src/test/results/clientnegative/authorization_fail_7.q.out +++ ql/src/test/results/clientnegative/authorization_fail_7.q.out @@ -26,6 +26,7 @@ PREHOOK: type: SHOW_ROLE_GRANT POSTHOOK: query: show role grant user hive_test_user POSTHOOK: type: SHOW_ROLE_GRANT hive_test_role_fail +PUBLIC PREHOOK: query: show grant role hive_test_role_fail on table authorization_fail PREHOOK: type: SHOW_GRANT POSTHOOK: query: show grant role hive_test_role_fail on table authorization_fail diff --git ql/src/test/results/clientnegative/authorization_public_create.q.out ql/src/test/results/clientnegative/authorization_public_create.q.out new file mode 100644 index 0000000..bccdc53 --- /dev/null +++ ql/src/test/results/clientnegative/authorization_public_create.q.out @@ -0,0 +1,4 @@ +PREHOOK: query: create role PUBLIC +PREHOOK: type: CREATEROLE +Error in role operation create_role on role name PUBLIC, error message MetaException(message:PUBLIC role implictly exists. It can't be created.) +FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask diff --git ql/src/test/results/clientnegative/authorization_public_drop.q.out ql/src/test/results/clientnegative/authorization_public_drop.q.out new file mode 100644 index 0000000..14f6b3a --- /dev/null +++ ql/src/test/results/clientnegative/authorization_public_drop.q.out @@ -0,0 +1,4 @@ +PREHOOK: query: drop role PUBLIC +PREHOOK: type: DROPROLE +Error in role operation drop_role on role name PUBLIC, error message MetaException(message:PUBLIC/ADMIN role can't be dropped.) +FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask diff --git ql/src/test/results/clientnegative/authorize_grant_public.q.out ql/src/test/results/clientnegative/authorize_grant_public.q.out new file mode 100644 index 0000000..dae4331 --- /dev/null +++ ql/src/test/results/clientnegative/authorize_grant_public.q.out @@ -0,0 +1,3 @@ +PREHOOK: query: grant role PUBLIC to user hive_test_user +PREHOOK: type: GRANT_ROLE +FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. org.apache.hadoop.hive.ql.metadata.HiveException: MetaException(message:No user can be added to PUBLIC. Since all users implictly belong to PUBLIC role.) diff --git ql/src/test/results/clientnegative/authorize_revoke_public.q.out ql/src/test/results/clientnegative/authorize_revoke_public.q.out new file mode 100644 index 0000000..cff88ca --- /dev/null +++ ql/src/test/results/clientnegative/authorize_revoke_public.q.out @@ -0,0 +1,3 @@ +PREHOOK: query: revoke role PUBLIC from user hive_test_user +PREHOOK: type: REVOKE_ROLE +FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. org.apache.hadoop.hive.ql.metadata.HiveException: MetaException(message:PUBLIC role can't be revoked.) diff --git ql/src/test/results/clientpositive/authorization_1.q.out ql/src/test/results/clientpositive/authorization_1.q.out index 3391bcd..58ec8ec 100644 --- ql/src/test/results/clientpositive/authorization_1.q.out +++ ql/src/test/results/clientpositive/authorization_1.q.out @@ -294,6 +294,7 @@ PREHOOK: type: SHOW_ROLE_GRANT POSTHOOK: query: show role grant user hive_test_user POSTHOOK: type: SHOW_ROLE_GRANT src_role +PUBLIC PREHOOK: query: --column grant to role grant select(key) on table src_autho_test to role src_role diff --git ql/src/test/results/clientpositive/authorization_1_sql_std.q.out ql/src/test/results/clientpositive/authorization_1_sql_std.q.out index a0b1ce0..e7d4b90 100644 --- ql/src/test/results/clientpositive/authorization_1_sql_std.q.out +++ ql/src/test/results/clientpositive/authorization_1_sql_std.q.out @@ -49,6 +49,7 @@ PREHOOK: type: SHOW_ROLE_GRANT POSTHOOK: query: show role grant user hive_test_user POSTHOOK: type: SHOW_ROLE_GRANT src_role +PUBLIC PREHOOK: query: --table grant to role diff --git ql/src/test/results/clientpositive/authorization_5.q.out ql/src/test/results/clientpositive/authorization_5.q.out index 3aeaeca..e4914c9 100644 --- ql/src/test/results/clientpositive/authorization_5.q.out +++ ql/src/test/results/clientpositive/authorization_5.q.out @@ -49,6 +49,7 @@ PREHOOK: type: SHOW_ROLE_GRANT POSTHOOK: query: SHOW ROLE GRANT USER hive_test_user POSTHOOK: type: SHOW_ROLE_GRANT db_test_role +PUBLIC PREHOOK: query: GRANT drop ON DATABASE test_db TO ROLE db_test_role PREHOOK: type: GRANT_PRIVILEGE POSTHOOK: query: GRANT drop ON DATABASE test_db TO ROLE db_test_role diff --git ql/src/test/results/clientpositive/authorization_role_grant1.q.out ql/src/test/results/clientpositive/authorization_role_grant1.q.out index 981060f..cd53ca3 100644 --- ql/src/test/results/clientpositive/authorization_role_grant1.q.out +++ ql/src/test/results/clientpositive/authorization_role_grant1.q.out @@ -17,6 +17,7 @@ PREHOOK: type: SHOW_ROLE_GRANT POSTHOOK: query: show role grant user user2 POSTHOOK: type: SHOW_ROLE_GRANT src_role2 +PUBLIC PREHOOK: query: show roles PREHOOK: type: SHOW_ROLES @@ -34,6 +35,8 @@ PREHOOK: query: show role grant user user2 PREHOOK: type: SHOW_ROLE_GRANT POSTHOOK: query: show role grant user user2 POSTHOOK: type: SHOW_ROLE_GRANT +PUBLIC + PREHOOK: query: show roles PREHOOK: type: SHOW_ROLES POSTHOOK: query: show roles @@ -61,6 +64,7 @@ PREHOOK: type: SHOW_ROLE_GRANT POSTHOOK: query: show role grant user user2 POSTHOOK: type: SHOW_ROLE_GRANT src_role_wadmin +PUBLIC PREHOOK: query: -- revoke role without role keyword revoke src_role_wadmin from user user2 with admin option @@ -72,6 +76,8 @@ PREHOOK: query: show role grant user user2 PREHOOK: type: SHOW_ROLE_GRANT POSTHOOK: query: show role grant user user2 POSTHOOK: type: SHOW_ROLE_GRANT +PUBLIC + PREHOOK: query: -- drop roles show roles PREHOOK: type: SHOW_ROLES diff --git ql/src/test/results/clientpositive/authorization_view.q.out ql/src/test/results/clientpositive/authorization_view.q.out index 23a1c0b..a872ce8 100644 --- ql/src/test/results/clientpositive/authorization_view.q.out +++ ql/src/test/results/clientpositive/authorization_view.q.out @@ -182,6 +182,7 @@ PREHOOK: type: SHOW_ROLE_GRANT POSTHOOK: query: show role grant user hive_test_user POSTHOOK: type: SHOW_ROLE_GRANT src_role +PUBLIC PREHOOK: query: --column grant to role grant select(key) on view src_autho_test to role src_role