diff --git metastore/src/java/org/apache/hadoop/hive/metastore/ObjectStore.java metastore/src/java/org/apache/hadoop/hive/metastore/ObjectStore.java index 0c243ae..7ae41e5 100644 --- metastore/src/java/org/apache/hadoop/hive/metastore/ObjectStore.java +++ metastore/src/java/org/apache/hadoop/hive/metastore/ObjectStore.java @@ -4146,11 +4146,11 @@ public boolean revokePrivileges(PrivilegeBag privileges) try { openTransaction(); LOG.debug("Executing listPrincipalDBGrants"); - Query query = pm.newQuery(MDBPrivilege.class, - "principalName == t1 && principalType == t2 && database.name == t3"); - query - .declareParameters("java.lang.String t1, java.lang.String t2, java.lang.String t3"); - mSecurityDBList = (List) query.executeWithArray(principalName, principalType.toString(), dbName); + Query query = pm.newQuery(MDBPrivilege.class, + "principalName == t1 && principalType == t2 && database.name == t3"); + query + .declareParameters("java.lang.String t1, java.lang.String t2, java.lang.String t3"); + mSecurityDBList = (List) query.executeWithArray(principalName, principalType.toString(), dbName); LOG.debug("Done executing query for listPrincipalDBGrants"); pm.retrieveAll(mSecurityDBList); success = commitTransaction(); @@ -4199,11 +4199,16 @@ public boolean revokePrivileges(PrivilegeBag privileges) try { openTransaction(); LOG.debug("Executing listPrincipalAllDBGrant"); - Query query = pm.newQuery(MDBPrivilege.class, - "principalName == t1 && principalType == t2"); - query - .declareParameters("java.lang.String t1, java.lang.String t2"); - mSecurityDBList = (List) query.execute(principalName, principalType.toString()); + if (principalName != null && principalType != null) { + Query query = pm.newQuery(MDBPrivilege.class, + "principalName == t1 && principalType == t2"); + query + .declareParameters("java.lang.String t1, java.lang.String t2"); + mSecurityDBList = (List) query.execute(principalName, principalType.toString()); + } else { + Query query = pm.newQuery(MDBPrivilege.class); + mSecurityDBList = (List) query.execute(); + } LOG.debug("Done executing query for listPrincipalAllDBGrant"); pm.retrieveAll(mSecurityDBList); success = commitTransaction(); @@ -4604,11 +4609,17 @@ private void dropPartitionGrantsNoTxn(String dbName, String tableName, List mSecurityTabPartList = (List) - query.executeWithArray(principalName, principalType.toString()); + List mSecurityTabPartList; + if (principalName != null && principalType != null) { + Query query = pm.newQuery(MPartitionColumnPrivilege.class, + "principalName == t1 && principalType == t2"); + query.declareParameters("java.lang.String t1, java.lang.String t2"); + mSecurityTabPartList = (List) + query.executeWithArray(principalName, principalType.toString()); + } else { + Query query = pm.newQuery(MPartitionColumnPrivilege.class); + mSecurityTabPartList = (List) query.execute(); + } LOG.debug("Done executing query for listPrincipalPartitionColumnGrantsAll"); pm.retrieveAll(mSecurityTabPartList); List result = convertPartCols(mSecurityTabPartList); @@ -4703,11 +4714,17 @@ private void dropPartitionGrantsNoTxn(String dbName, String tableName, List mSecurityTabPartList = (List) query.execute( - principalName, principalType.toString()); + List mSecurityTabPartList; + if (principalName != null && principalType != null) { + Query query = pm.newQuery(MTablePrivilege.class, + "principalName == t1 && principalType == t2"); + query.declareParameters("java.lang.String t1, java.lang.String t2"); + mSecurityTabPartList = (List) query.execute( + principalName, principalType.toString()); + } else { + Query query = pm.newQuery(MTablePrivilege.class); + mSecurityTabPartList = (List) query.execute(); + } LOG.debug("Done executing query for listPrincipalAllTableGrants"); pm.retrieveAll(mSecurityTabPartList); List result = convertTable(mSecurityTabPartList); @@ -4798,11 +4815,17 @@ private void dropPartitionGrantsNoTxn(String dbName, String tableName, List mSecurityTabPartList = (List) - query.execute(principalName, principalType.toString()); + List mSecurityTabPartList; + if (principalName != null && principalType != null) { + Query query = pm.newQuery(MPartitionPrivilege.class, + "principalName == t1 && principalType == t2"); + query.declareParameters("java.lang.String t1, java.lang.String t2"); + mSecurityTabPartList = (List) + query.execute(principalName, principalType.toString()); + } else { + Query query = pm.newQuery(MPartitionPrivilege.class); + mSecurityTabPartList = (List) query.execute(); + } LOG.debug("Done executing query for listPrincipalPartitionGrantsAll"); pm.retrieveAll(mSecurityTabPartList); List result = convertPartition(mSecurityTabPartList); @@ -4895,11 +4918,18 @@ private void dropPartitionGrantsNoTxn(String dbName, String tableName, List mSecurityTabPartList = (List) - query.execute(principalName, principalType.toString()); + + List mSecurityTabPartList; + if (principalName != null && principalType != null) { + Query query = pm.newQuery(MTableColumnPrivilege.class, + "principalName == t1 && principalType == t2"); + query.declareParameters("java.lang.String t1, java.lang.String t2"); + mSecurityTabPartList = (List) + query.execute(principalName, principalType.toString()); + } else { + Query query = pm.newQuery(MTableColumnPrivilege.class); + mSecurityTabPartList = (List) query.execute(); + } LOG.debug("Done executing query for listPrincipalTableColumnGrantsAll"); pm.retrieveAll(mSecurityTabPartList); List result = convertTableCols(mSecurityTabPartList); diff --git ql/src/test/queries/clientpositive/authorization_9.q ql/src/test/queries/clientpositive/authorization_9.q index adfb3d5..1abe659 100644 --- ql/src/test/queries/clientpositive/authorization_9.q +++ ql/src/test/queries/clientpositive/authorization_9.q @@ -9,3 +9,9 @@ grant select (key, value) on table dummy to user hive_test_user; show grant user hive_test_user on database default; show grant user hive_test_user on table dummy; show grant user hive_test_user on all; + +grant select on database default to user hive_test_user2; +grant select on table dummy to user hive_test_user2; +grant select (key, value) on table dummy to user hive_test_user2; + +show grant on all; diff --git ql/src/test/results/clientpositive/authorization_9.q.out ql/src/test/results/clientpositive/authorization_9.q.out index ad00276..12631d8 100644 --- ql/src/test/results/clientpositive/authorization_9.q.out +++ ql/src/test/results/clientpositive/authorization_9.q.out @@ -43,3 +43,31 @@ default hive_test_user USER Select false -1 hive_test_user default dummy hive_test_user USER Select false -1 hive_test_user default dummy key hive_test_user USER Select false -1 hive_test_user default dummy value hive_test_user USER Select false -1 hive_test_user +PREHOOK: query: grant select on database default to user hive_test_user2 +PREHOOK: type: GRANT_PRIVILEGE +POSTHOOK: query: grant select on database default to user hive_test_user2 +POSTHOOK: type: GRANT_PRIVILEGE +PREHOOK: query: grant select on table dummy to user hive_test_user2 +PREHOOK: type: GRANT_PRIVILEGE +PREHOOK: Output: default@dummy +POSTHOOK: query: grant select on table dummy to user hive_test_user2 +POSTHOOK: type: GRANT_PRIVILEGE +POSTHOOK: Output: default@dummy +PREHOOK: query: grant select (key, value) on table dummy to user hive_test_user2 +PREHOOK: type: GRANT_PRIVILEGE +PREHOOK: Output: default@dummy +POSTHOOK: query: grant select (key, value) on table dummy to user hive_test_user2 +POSTHOOK: type: GRANT_PRIVILEGE +POSTHOOK: Output: default@dummy +PREHOOK: query: show grant on all +PREHOOK: type: SHOW_GRANT +POSTHOOK: query: show grant on all +POSTHOOK: type: SHOW_GRANT +default hive_test_user USER Select false -1 hive_test_user +default hive_test_user2 USER Select false -1 hive_test_user +default dummy hive_test_user USER Select false -1 hive_test_user +default dummy hive_test_user2 USER Select false -1 hive_test_user +default dummy key hive_test_user USER Select false -1 hive_test_user +default dummy key hive_test_user2 USER Select false -1 hive_test_user +default dummy value hive_test_user USER Select false -1 hive_test_user +default dummy value hive_test_user2 USER Select false -1 hive_test_user