diff --git a/ql/src/java/org/apache/hadoop/hive/ql/parse/HiveParser.g b/ql/src/java/org/apache/hadoop/hive/ql/parse/HiveParser.g index 25cd3a5..ca01501 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/parse/HiveParser.g +++ b/ql/src/java/org/apache/hadoop/hive/ql/parse/HiveParser.g @@ -1530,11 +1530,18 @@ principalSpecification principalName @init {pushMsg("user|group|role name", state);} @after {popMsg(state);} - : KW_USER identifier -> ^(TOK_USER identifier) - | KW_GROUP identifier -> ^(TOK_GROUP identifier) + : KW_USER principalIdentifier -> ^(TOK_USER principalIdentifier) + | KW_GROUP principalIdentifier -> ^(TOK_GROUP principalIdentifier) | KW_ROLE identifier -> ^(TOK_ROLE identifier) ; +principalIdentifier +@init { pushMsg("identifier for principal spec", state); } +@after { popMsg(state); } + : functionIdentifier + | StringLiteral + ; + withGrantOption @init {pushMsg("with grant option", state);} @after {popMsg(state);} diff --git a/ql/src/test/queries/clientpositive/authorization_non_id.q b/ql/src/test/queries/clientpositive/authorization_non_id.q new file mode 100644 index 0000000..cbf1bcb --- /dev/null +++ b/ql/src/test/queries/clientpositive/authorization_non_id.q @@ -0,0 +1,24 @@ +set hive.test.authz.sstd.hs2.mode=true; +set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest; +set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; +set user.name=hive_admin_user; + +set role ADMIN; +create table src_autho_test (id int); + +create role src_role2; + +grant role src_role2 to user bar; +grant role src_role2 to user 'foo-1'; + +show role grant user bar; +show role grant user 'foo-1'; + +grant select on table src_autho_test to user bar; +grant select on table src_autho_test to user 'foo-1'; + +show grant user bar on all; +show grant user 'foo-1' on all; + +drop table src_autho_test; +drop role src_role2; diff --git a/ql/src/test/results/clientpositive/authorization_non_id.q.out b/ql/src/test/results/clientpositive/authorization_non_id.q.out new file mode 100644 index 0000000..162c2ef --- /dev/null +++ b/ql/src/test/results/clientpositive/authorization_non_id.q.out @@ -0,0 +1,70 @@ +PREHOOK: query: set role ADMIN +PREHOOK: type: SHOW_ROLES +POSTHOOK: query: set role ADMIN +POSTHOOK: type: SHOW_ROLES +PREHOOK: query: create table src_autho_test (id int) +PREHOOK: type: CREATETABLE +PREHOOK: Output: database:default +PREHOOK: Output: default@src_autho_test +POSTHOOK: query: create table src_autho_test (id int) +POSTHOOK: type: CREATETABLE +POSTHOOK: Output: database:default +POSTHOOK: Output: default@src_autho_test +PREHOOK: query: create role src_role2 +PREHOOK: type: CREATEROLE +POSTHOOK: query: create role src_role2 +POSTHOOK: type: CREATEROLE +PREHOOK: query: grant role src_role2 to user bar +PREHOOK: type: GRANT_ROLE +POSTHOOK: query: grant role src_role2 to user bar +POSTHOOK: type: GRANT_ROLE +PREHOOK: query: grant role src_role2 to user 'foo-1' +PREHOOK: type: GRANT_ROLE +POSTHOOK: query: grant role src_role2 to user 'foo-1' +POSTHOOK: type: GRANT_ROLE +PREHOOK: query: show role grant user bar +PREHOOK: type: SHOW_ROLE_GRANT +POSTHOOK: query: show role grant user bar +POSTHOOK: type: SHOW_ROLE_GRANT +public false -1 +src_role2 false -1 hive_admin_user +PREHOOK: query: show role grant user 'foo-1' +PREHOOK: type: SHOW_ROLE_GRANT +POSTHOOK: query: show role grant user 'foo-1' +POSTHOOK: type: SHOW_ROLE_GRANT +public false -1 +src_role2 false -1 hive_admin_user +PREHOOK: query: grant select on table src_autho_test to user bar +PREHOOK: type: GRANT_PRIVILEGE +PREHOOK: Output: default@src_autho_test +POSTHOOK: query: grant select on table src_autho_test to user bar +POSTHOOK: type: GRANT_PRIVILEGE +POSTHOOK: Output: default@src_autho_test +PREHOOK: query: grant select on table src_autho_test to user 'foo-1' +PREHOOK: type: GRANT_PRIVILEGE +PREHOOK: Output: default@src_autho_test +POSTHOOK: query: grant select on table src_autho_test to user 'foo-1' +POSTHOOK: type: GRANT_PRIVILEGE +POSTHOOK: Output: default@src_autho_test +PREHOOK: query: show grant user bar on all +PREHOOK: type: SHOW_GRANT +POSTHOOK: query: show grant user bar on all +POSTHOOK: type: SHOW_GRANT +default src_autho_test bar USER SELECT false -1 hive_admin_user +PREHOOK: query: show grant user 'foo-1' on all +PREHOOK: type: SHOW_GRANT +POSTHOOK: query: show grant user 'foo-1' on all +POSTHOOK: type: SHOW_GRANT +default src_autho_test 'foo-1' USER SELECT false -1 hive_admin_user +PREHOOK: query: drop table src_autho_test +PREHOOK: type: DROPTABLE +PREHOOK: Input: default@src_autho_test +PREHOOK: Output: default@src_autho_test +POSTHOOK: query: drop table src_autho_test +POSTHOOK: type: DROPTABLE +POSTHOOK: Input: default@src_autho_test +POSTHOOK: Output: default@src_autho_test +PREHOOK: query: drop role src_role2 +PREHOOK: type: DROPROLE +POSTHOOK: query: drop role src_role2 +POSTHOOK: type: DROPROLE