diff --git ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HivePrivilegeObject.java ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HivePrivilegeObject.java index 912be6b..cca1a82 100644 --- ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HivePrivilegeObject.java +++ ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HivePrivilegeObject.java @@ -63,7 +63,9 @@ public String toString() { public int compareTo(HivePrivilegeObject o) { int compare = type.compareTo(o.type); if (compare == 0) { - compare = dbname.compareTo(o.dbname); + compare = dbname != null ? + (o.dbname != null ? dbname.compareTo(o.dbname) : 1) : + (o.dbname != null ? -1 : 0); } if (compare == 0) { compare = tableviewname != null ? diff --git ql/src/test/queries/clientpositive/authorization_9.q ql/src/test/queries/clientpositive/authorization_9.q index 0b0ad7b..ed62c45 100644 --- ql/src/test/queries/clientpositive/authorization_9.q +++ ql/src/test/queries/clientpositive/authorization_9.q @@ -2,6 +2,7 @@ create table dummy (key string, value string); +grant select to user hive_test_user; grant select on database default to user hive_test_user; grant select on table dummy to user hive_test_user; grant select (key, value) on table dummy to user hive_test_user; @@ -10,16 +11,21 @@ show grant user hive_test_user on database default; show grant user hive_test_user on table dummy; show grant user hive_test_user on all; +grant select to user hive_test_user2; grant select on database default to user hive_test_user2; grant select on table dummy to user hive_test_user2; grant select (key, value) on table dummy to user hive_test_user2; show grant on all; +show grant user hive_test_user on all; +show grant user hive_test_user2 on all; +revoke select from user hive_test_user; revoke select on database default from user hive_test_user; revoke select on table dummy from user hive_test_user; revoke select (key, value) on table dummy from user hive_test_user; +revoke select from user hive_test_user2; revoke select on database default from user hive_test_user2; revoke select on table dummy from user hive_test_user2; revoke select (key, value) on table dummy from user hive_test_user2; diff --git ql/src/test/results/clientpositive/authorization_9.q.out ql/src/test/results/clientpositive/authorization_9.q.out index b3eb7a0..2f7282c 100644 --- ql/src/test/results/clientpositive/authorization_9.q.out +++ ql/src/test/results/clientpositive/authorization_9.q.out @@ -9,6 +9,10 @@ create table dummy (key string, value string) POSTHOOK: type: CREATETABLE POSTHOOK: Output: database:default POSTHOOK: Output: default@dummy +PREHOOK: query: grant select to user hive_test_user +PREHOOK: type: GRANT_PRIVILEGE +POSTHOOK: query: grant select to user hive_test_user +POSTHOOK: type: GRANT_PRIVILEGE PREHOOK: query: grant select on database default to user hive_test_user PREHOOK: type: GRANT_PRIVILEGE POSTHOOK: query: grant select on database default to user hive_test_user @@ -39,10 +43,15 @@ PREHOOK: query: show grant user hive_test_user on all PREHOOK: type: SHOW_GRANT POSTHOOK: query: show grant user hive_test_user on all POSTHOOK: type: SHOW_GRANT + hive_test_user USER SELECT false -1 hive_test_user default hive_test_user USER SELECT false -1 hive_test_user default dummy hive_test_user USER SELECT false -1 hive_test_user default dummy [key] hive_test_user USER SELECT false -1 hive_test_user default dummy [value] hive_test_user USER SELECT false -1 hive_test_user +PREHOOK: query: grant select to user hive_test_user2 +PREHOOK: type: GRANT_PRIVILEGE +POSTHOOK: query: grant select to user hive_test_user2 +POSTHOOK: type: GRANT_PRIVILEGE PREHOOK: query: grant select on database default to user hive_test_user2 PREHOOK: type: GRANT_PRIVILEGE POSTHOOK: query: grant select on database default to user hive_test_user2 @@ -64,6 +73,8 @@ PREHOOK: type: SHOW_GRANT POSTHOOK: query: show grant on all POSTHOOK: type: SHOW_GRANT admin ROLE ALL true -1 admin + hive_test_user USER SELECT false -1 hive_test_user + hive_test_user2 USER SELECT false -1 hive_test_user default hive_test_user USER SELECT false -1 hive_test_user default hive_test_user2 USER SELECT false -1 hive_test_user default dummy hive_test_user USER SELECT false -1 hive_test_user @@ -72,6 +83,28 @@ default dummy [key] hive_test_user USER SELECT false -1 hive_test_user default dummy [key] hive_test_user2 USER SELECT false -1 hive_test_user default dummy [value] hive_test_user USER SELECT false -1 hive_test_user default dummy [value] hive_test_user2 USER SELECT false -1 hive_test_user +PREHOOK: query: show grant user hive_test_user on all +PREHOOK: type: SHOW_GRANT +POSTHOOK: query: show grant user hive_test_user on all +POSTHOOK: type: SHOW_GRANT + hive_test_user USER SELECT false -1 hive_test_user +default hive_test_user USER SELECT false -1 hive_test_user +default dummy hive_test_user USER SELECT false -1 hive_test_user +default dummy [key] hive_test_user USER SELECT false -1 hive_test_user +default dummy [value] hive_test_user USER SELECT false -1 hive_test_user +PREHOOK: query: show grant user hive_test_user2 on all +PREHOOK: type: SHOW_GRANT +POSTHOOK: query: show grant user hive_test_user2 on all +POSTHOOK: type: SHOW_GRANT + hive_test_user2 USER SELECT false -1 hive_test_user +default hive_test_user2 USER SELECT false -1 hive_test_user +default dummy hive_test_user2 USER SELECT false -1 hive_test_user +default dummy [key] hive_test_user2 USER SELECT false -1 hive_test_user +default dummy [value] hive_test_user2 USER SELECT false -1 hive_test_user +PREHOOK: query: revoke select from user hive_test_user +PREHOOK: type: REVOKE_PRIVILEGE +POSTHOOK: query: revoke select from user hive_test_user +POSTHOOK: type: REVOKE_PRIVILEGE PREHOOK: query: revoke select on database default from user hive_test_user PREHOOK: type: REVOKE_PRIVILEGE POSTHOOK: query: revoke select on database default from user hive_test_user @@ -88,6 +121,10 @@ PREHOOK: Output: default@dummy POSTHOOK: query: revoke select (key, value) on table dummy from user hive_test_user POSTHOOK: type: REVOKE_PRIVILEGE POSTHOOK: Output: default@dummy +PREHOOK: query: revoke select from user hive_test_user2 +PREHOOK: type: REVOKE_PRIVILEGE +POSTHOOK: query: revoke select from user hive_test_user2 +POSTHOOK: type: REVOKE_PRIVILEGE PREHOOK: query: revoke select on database default from user hive_test_user2 PREHOOK: type: REVOKE_PRIVILEGE POSTHOOK: query: revoke select on database default from user hive_test_user2