diff --git a/ql/src/java/org/apache/hadoop/hive/ql/parse/HiveParser.g b/ql/src/java/org/apache/hadoop/hive/ql/parse/HiveParser.g index cf7ab3a..3969a54 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/parse/HiveParser.g +++ b/ql/src/java/org/apache/hadoop/hive/ql/parse/HiveParser.g @@ -1495,6 +1495,8 @@ setRole ( (KW_ALL) => (all=KW_ALL) -> ^(TOK_SHOW_SET_ROLE Identifier[$all.text]) | + (KW_NONE) => (none=KW_NONE) -> ^(TOK_SHOW_SET_ROLE Identifier[$none.text]) + | identifier -> ^(TOK_SHOW_SET_ROLE identifier) ) ; diff --git a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessController.java b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessController.java index 9c78876..2f6e26b 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessController.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessController.java @@ -520,6 +520,11 @@ public void setCurrentRole(String roleName) throws HiveAccessControlException, HiveAuthzPluginException { initUserRoles(); + if (NONE.equalsIgnoreCase(roleName)) { + // for set role NONE, clear all roles for current session. + currentRoles.clear(); + return; + } if (ALL.equalsIgnoreCase(roleName)) { // for set role ALL, reset roles to default roles. currentRoles.clear(); diff --git a/ql/src/test/queries/clientpositive/authorization_set_show_current_role.q b/ql/src/test/queries/clientpositive/authorization_set_show_current_role.q index f10b649..50a5862 100644 --- a/ql/src/test/queries/clientpositive/authorization_set_show_current_role.q +++ b/ql/src/test/queries/clientpositive/authorization_set_show_current_role.q @@ -13,6 +13,9 @@ show current roles; set role PUBLIC; show current roles; +set role NONE; +show current roles; + set role ALL; show current roles; diff --git a/ql/src/test/results/clientpositive/authorization_set_show_current_role.q.out b/ql/src/test/results/clientpositive/authorization_set_show_current_role.q.out index 4ac4320..a2b273d 100644 --- a/ql/src/test/results/clientpositive/authorization_set_show_current_role.q.out +++ b/ql/src/test/results/clientpositive/authorization_set_show_current_role.q.out @@ -33,6 +33,14 @@ PREHOOK: type: SHOW_ROLES POSTHOOK: query: show current roles POSTHOOK: type: SHOW_ROLES public +PREHOOK: query: set role NONE +PREHOOK: type: SHOW_ROLES +POSTHOOK: query: set role NONE +POSTHOOK: type: SHOW_ROLES +PREHOOK: query: show current roles +PREHOOK: type: SHOW_ROLES +POSTHOOK: query: show current roles +POSTHOOK: type: SHOW_ROLES PREHOOK: query: set role ALL PREHOOK: type: SHOW_ROLES POSTHOOK: query: set role ALL