diff --git ql/src/java/org/apache/hadoop/hive/ql/parse/authorization/HiveAuthorizationTaskFactoryImpl.java ql/src/java/org/apache/hadoop/hive/ql/parse/authorization/HiveAuthorizationTaskFactoryImpl.java index dcee8d8..20402d9 100644 --- ql/src/java/org/apache/hadoop/hive/ql/parse/authorization/HiveAuthorizationTaskFactoryImpl.java +++ ql/src/java/org/apache/hadoop/hive/ql/parse/authorization/HiveAuthorizationTaskFactoryImpl.java @@ -236,9 +236,10 @@ private PrincipalType getPrincipalType(ASTNode principal) { //check if admin option has been specified int rolesStartPos = 1; ASTNode wAdminOption = (ASTNode) ast.getChild(1); + boolean isAdmin = false; if(wAdminOption.getToken().getType() == HiveParser.TOK_GRANT_WITH_ADMIN_OPTION){ rolesStartPos = 2; //start reading role names from next postion - //TODO: use the admin option + isAdmin = true; } List roles = new ArrayList(); @@ -253,7 +254,7 @@ private PrincipalType getPrincipalType(ASTNode principal) { } //until change is made to use the admin option. Default to false with V2 authorization - boolean isAdmin = SessionState.get().isAuthorizationModeV2() ? false : true; + GrantRevokeRoleDDL grantRevokeRoleDDL = new GrantRevokeRoleDDL(isGrant, roles, principalDesc, roleOwnerName, PrincipalType.USER, isAdmin); diff --git ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessController.java ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessController.java index c4e8801..e4c6203 100644 --- ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessController.java +++ ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessController.java @@ -56,7 +56,6 @@ public class SQLStdHiveAccessController implements HiveAccessController { private final HiveMetastoreClientFactory metastoreClientFactory; - private final HiveConf conf; private final HiveAuthenticationProvider authenticator; private String currentUserName; private List currentRoles; @@ -65,7 +64,6 @@ SQLStdHiveAccessController(HiveMetastoreClientFactory metastoreClientFactory, HiveConf conf, HiveAuthenticationProvider authenticator) throws HiveAuthzPluginException { this.metastoreClientFactory = metastoreClientFactory; - this.conf = conf; this.authenticator = authenticator; initUserRoles(); } diff --git ql/src/test/queries/clientpositive/authorization_role_grant1.q ql/src/test/queries/clientpositive/authorization_role_grant1.q index ca5ef46..d86950a 100644 --- ql/src/test/queries/clientpositive/authorization_role_grant1.q +++ ql/src/test/queries/clientpositive/authorization_role_grant1.q @@ -21,7 +21,7 @@ grant src_role_wadmin to user user2 with admin option; show role grant user user2; -- revoke role without role keyword -revoke src_role_wadmin from user user2 with admin option; +revoke src_role_wadmin from user user2; show role grant user user2; diff --git ql/src/test/results/clientpositive/authorization_role_grant1.q.out ql/src/test/results/clientpositive/authorization_role_grant1.q.out index e11b7e1..2a48d6b 100644 --- ql/src/test/results/clientpositive/authorization_role_grant1.q.out +++ ql/src/test/results/clientpositive/authorization_role_grant1.q.out @@ -61,13 +61,13 @@ PREHOOK: query: show role grant user user2 PREHOOK: type: SHOW_ROLE_GRANT POSTHOOK: query: show role grant user user2 POSTHOOK: type: SHOW_ROLE_GRANT -src_role_wadmin -1 user2 USER false -1 hive_test_user +src_role_wadmin -1 user2 USER true -1 hive_test_user PUBLIC -1 false -1 PREHOOK: query: -- revoke role without role keyword -revoke src_role_wadmin from user user2 with admin option +revoke src_role_wadmin from user user2 PREHOOK: type: REVOKE_ROLE POSTHOOK: query: -- revoke role without role keyword -revoke src_role_wadmin from user user2 with admin option +revoke src_role_wadmin from user user2 POSTHOOK: type: REVOKE_ROLE PREHOOK: query: show role grant user user2 PREHOOK: type: SHOW_ROLE_GRANT