diff --git a/ql/src/java/org/apache/hadoop/hive/ql/parse/HiveLexer.g b/ql/src/java/org/apache/hadoop/hive/ql/parse/HiveLexer.g index cdfa300..b8de58c 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/parse/HiveLexer.g +++ b/ql/src/java/org/apache/hadoop/hive/ql/parse/HiveLexer.g @@ -41,6 +41,8 @@ import org.apache.hadoop.hive.conf.HiveConf; KW_TRUE : 'TRUE'; KW_FALSE : 'FALSE'; KW_ALL : 'ALL'; +KW_NONE: 'NONE'; +KW_DEFAULT : 'DEFAULT'; KW_AND : 'AND'; KW_OR : 'OR'; KW_NOT : 'NOT' | '!'; diff --git a/ql/src/java/org/apache/hadoop/hive/ql/parse/HiveParser.g b/ql/src/java/org/apache/hadoop/hive/ql/parse/HiveParser.g index a74da0e..18066bc 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/parse/HiveParser.g +++ b/ql/src/java/org/apache/hadoop/hive/ql/parse/HiveParser.g @@ -352,6 +352,8 @@ import java.util.HashMap; xlateMap.put("KW_TRUE", "TRUE"); xlateMap.put("KW_FALSE", "FALSE"); xlateMap.put("KW_ALL", "ALL"); + xlateMap.put("KW_NONE", "NONE"); + xlateMap.put("KW_DEFAULT", "DEFAULT"); xlateMap.put("KW_AND", "AND"); xlateMap.put("KW_OR", "OR"); xlateMap.put("KW_NOT", "NOT"); @@ -1409,8 +1411,8 @@ showCurrentRole setRole @init {pushMsg("set role", state);} @after {popMsg(state);} - : KW_SET KW_ROLE roleName=identifier - -> ^(TOK_SHOW_SET_ROLE $roleName) + : KW_SET KW_ROLE roleName=identifier -> ^(TOK_SHOW_SET_ROLE $roleName) + | KW_SET KW_ROLE KW_ALL -> ^(TOK_SHOW_SET_ROLE KW_ALL) ; showGrants diff --git a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessController.java b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessController.java index f69e41b..50c7103 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessController.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessController.java @@ -462,8 +462,8 @@ public void setCurrentRole(String roleName) throws HiveAccessControlException, HiveAuthzPluginException { initUserRoles(); - if ("NONE".equalsIgnoreCase(roleName)) { - // for set role NONE, reset roles to default roles. + if ("ALL".equalsIgnoreCase(roleName)) { + // for set role ALL, reset roles to default roles. currentRoles.clear(); currentRoles.addAll(getRolesFromMS()); return; diff --git a/ql/src/test/queries/clientnegative/authorization_disallow_transform.q b/ql/src/test/queries/clientnegative/authorization_disallow_transform.q index bae8dc0..da5f0c68 100644 --- a/ql/src/test/queries/clientnegative/authorization_disallow_transform.q +++ b/ql/src/test/queries/clientnegative/authorization_disallow_transform.q @@ -1,3 +1,3 @@ set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory; -set role NONE; +set role ALL; SELECT TRANSFORM (*) USING 'cat' AS (key, value) FROM src; diff --git a/ql/src/test/queries/clientnegative/authorization_drop_role_no_admin.q b/ql/src/test/queries/clientnegative/authorization_drop_role_no_admin.q index 80346d4..f7263a2 100644 --- a/ql/src/test/queries/clientnegative/authorization_drop_role_no_admin.q +++ b/ql/src/test/queries/clientnegative/authorization_drop_role_no_admin.q @@ -5,6 +5,6 @@ set user.name=hive_admin_user; set role ADMIN; show current roles; create role r1; -set role NONE; +set role ALL; show current roles; drop role r1; diff --git a/ql/src/test/queries/clientpositive/authorization_set_show_current_role.q b/ql/src/test/queries/clientpositive/authorization_set_show_current_role.q index 7fe8e29..016378d 100644 --- a/ql/src/test/queries/clientpositive/authorization_set_show_current_role.q +++ b/ql/src/test/queries/clientpositive/authorization_set_show_current_role.q @@ -13,7 +13,7 @@ show current roles; set role PUBLIC; show current roles; -set role NONE; +set role ALL; show current roles; set role ADMIN; diff --git a/ql/src/test/results/clientnegative/authorization_disallow_transform.q.out b/ql/src/test/results/clientnegative/authorization_disallow_transform.q.out index 044b19e..39819b6 100644 --- a/ql/src/test/results/clientnegative/authorization_disallow_transform.q.out +++ b/ql/src/test/results/clientnegative/authorization_disallow_transform.q.out @@ -1,6 +1,6 @@ -PREHOOK: query: set role NONE +PREHOOK: query: set role ALL PREHOOK: type: SHOW_ROLES -POSTHOOK: query: set role NONE +POSTHOOK: query: set role ALL POSTHOOK: type: SHOW_ROLES PREHOOK: query: SELECT TRANSFORM (*) USING 'cat' AS (key, value) FROM src PREHOOK: type: QUERY diff --git a/ql/src/test/results/clientnegative/authorization_drop_role_no_admin.q.out b/ql/src/test/results/clientnegative/authorization_drop_role_no_admin.q.out index d2cc1dd..c03876d 100644 --- a/ql/src/test/results/clientnegative/authorization_drop_role_no_admin.q.out +++ b/ql/src/test/results/clientnegative/authorization_drop_role_no_admin.q.out @@ -12,9 +12,9 @@ PREHOOK: query: create role r1 PREHOOK: type: CREATEROLE POSTHOOK: query: create role r1 POSTHOOK: type: CREATEROLE -PREHOOK: query: set role NONE +PREHOOK: query: set role ALL PREHOOK: type: SHOW_ROLES -POSTHOOK: query: set role NONE +POSTHOOK: query: set role ALL POSTHOOK: type: SHOW_ROLES PREHOOK: query: show current roles PREHOOK: type: SHOW_ROLES diff --git a/ql/src/test/results/clientpositive/authorization_set_show_current_role.q.out b/ql/src/test/results/clientpositive/authorization_set_show_current_role.q.out index 5c39a06..d5fbc48 100644 --- a/ql/src/test/results/clientpositive/authorization_set_show_current_role.q.out +++ b/ql/src/test/results/clientpositive/authorization_set_show_current_role.q.out @@ -36,9 +36,9 @@ POSTHOOK: query: show current roles POSTHOOK: type: SHOW_ROLES PUBLIC -PREHOOK: query: set role NONE +PREHOOK: query: set role ALL PREHOOK: type: SHOW_ROLES -POSTHOOK: query: set role NONE +POSTHOOK: query: set role ALL POSTHOOK: type: SHOW_ROLES PREHOOK: query: show current roles PREHOOK: type: SHOW_ROLES