diff --git a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/PrivilegeRegistry.java b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/PrivilegeRegistry.java index 6ae2d99..d81e630 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/PrivilegeRegistry.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/PrivilegeRegistry.java @@ -53,6 +53,8 @@ public static Privilege getPrivilege(PrivilegeType privilegeType) { Registry.put(Privilege.SELECT.getPriv(), Privilege.SELECT); Registry.put(Privilege.SHOW_DATABASE.getPriv(), Privilege.SHOW_DATABASE); + Registry.put(Privilege.INSERT.getPriv(), Privilege.INSERT); + Registry.put(Privilege.DELETE.getPriv(), Privilege.DELETE); //add the privileges not supported in V1 //The list of privileges supported in V2 is implementation defined, diff --git a/ql/src/java/org/apache/hadoop/hive/ql/session/SessionState.java b/ql/src/java/org/apache/hadoop/hive/ql/session/SessionState.java index 9f5a1c1..ec4df70 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/session/SessionState.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/session/SessionState.java @@ -392,10 +392,10 @@ private void setupAuth() { authorizerV2 = authorizerFactory.createHiveAuthorizer(new HiveMetastoreClientFactoryImpl(), conf, authenticator); - authorizerV2.applyAuthorizationConfigPolicy(conf); - // create the create table grants with new config - createTableGrants = CreateTableAutomaticGrant.create(conf); + authorizerV2.applyAuthorizationConfigPolicy(conf); } + // create the create table grants with new config + createTableGrants = CreateTableAutomaticGrant.create(conf); } catch (HiveException e) { throw new RuntimeException(e); diff --git a/ql/src/test/queries/clientpositive/authorization_default_create_table_owner_privs.q b/ql/src/test/queries/clientpositive/authorization_default_create_table_owner_privs.q new file mode 100644 index 0000000..c265733 --- /dev/null +++ b/ql/src/test/queries/clientpositive/authorization_default_create_table_owner_privs.q @@ -0,0 +1,6 @@ +set hive.security.authorization.createtable.owner.grants=ALL; + +create table default_auth_table_creator_priv_test(i int); + +-- Table owner (hive_test_user) should have ALL privileges +show grant on table default_auth_table_creator_priv_test; diff --git a/ql/src/test/queries/clientpositive/authorization_default_create_table_owner_privs_stdauth.q b/ql/src/test/queries/clientpositive/authorization_default_create_table_owner_privs_stdauth.q new file mode 100644 index 0000000..aa7933c --- /dev/null +++ b/ql/src/test/queries/clientpositive/authorization_default_create_table_owner_privs_stdauth.q @@ -0,0 +1,6 @@ +set hive.security.authorization.createtable.owner.grants=INSERT,SELECT,UPDATE,DELETE; + +create table default_std_auth_table_creator_priv_test(i int); + +-- Table owner (hive_test_user) should have ALL privileges +show grant on table default_std_auth_table_creator_priv_test; diff --git a/ql/src/test/results/clientpositive/authorization_default_create_table_owner_privs.q.out b/ql/src/test/results/clientpositive/authorization_default_create_table_owner_privs.q.out new file mode 100644 index 0000000..eaa037e --- /dev/null +++ b/ql/src/test/results/clientpositive/authorization_default_create_table_owner_privs.q.out @@ -0,0 +1,15 @@ +PREHOOK: query: create table default_auth_table_creator_priv_test(i int) +PREHOOK: type: CREATETABLE +PREHOOK: Output: database:default +PREHOOK: Output: default@default_auth_table_creator_priv_test +POSTHOOK: query: create table default_auth_table_creator_priv_test(i int) +POSTHOOK: type: CREATETABLE +POSTHOOK: Output: database:default +POSTHOOK: Output: default@default_auth_table_creator_priv_test +#### A masked pattern was here #### +show grant on table default_auth_table_creator_priv_test +PREHOOK: type: SHOW_GRANT +#### A masked pattern was here #### +show grant on table default_auth_table_creator_priv_test +POSTHOOK: type: SHOW_GRANT +default default_auth_table_creator_priv_test hive_test_user USER ALL true -1 hive_test_user diff --git a/ql/src/test/results/clientpositive/authorization_default_create_table_owner_privs_stdauth.q.out b/ql/src/test/results/clientpositive/authorization_default_create_table_owner_privs_stdauth.q.out new file mode 100644 index 0000000..f5aaf63 --- /dev/null +++ b/ql/src/test/results/clientpositive/authorization_default_create_table_owner_privs_stdauth.q.out @@ -0,0 +1,17 @@ +PREHOOK: query: create table default_std_auth_table_creator_priv_test(i int) +PREHOOK: type: CREATETABLE +PREHOOK: Output: database:default +POSTHOOK: query: create table default_std_auth_table_creator_priv_test(i int) +POSTHOOK: type: CREATETABLE +POSTHOOK: Output: database:default +POSTHOOK: Output: default@default_std_auth_table_creator_priv_test +#### A masked pattern was here #### +show grant on table default_std_auth_table_creator_priv_test +PREHOOK: type: SHOW_GRANT +#### A masked pattern was here #### +show grant on table default_std_auth_table_creator_priv_test +POSTHOOK: type: SHOW_GRANT +default default_std_auth_table_creator_priv_test hive_test_user USER DELETE true -1 hive_test_user +default default_std_auth_table_creator_priv_test hive_test_user USER INSERT true -1 hive_test_user +default default_std_auth_table_creator_priv_test hive_test_user USER SELECT true -1 hive_test_user +default default_std_auth_table_creator_priv_test hive_test_user USER UPDATE true -1 hive_test_user