diff --git a/ql/src/test/queries/clientnegative/authorization_export_ptn.q b/ql/src/test/queries/clientnegative/authorization_export_ptn.q new file mode 100644 index 0000000..0a9abf9 --- /dev/null +++ b/ql/src/test/queries/clientnegative/authorization_export_ptn.q @@ -0,0 +1,19 @@ +set hive.test.authz.sstd.hs2.mode=true; +set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest; +set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; +set hive.security.authorization.enabled=true; + +dfs ${system:test.dfs.mkdir} ${system:test.tmp.dir}/hive-12875/temp; +dfs -rmr ${system:test.tmp.dir}/hive-12875; +dfs ${system:test.dfs.mkdir} ${system:test.tmp.dir}/hive-12875/; + +-- check export on partition +create table auth_export_ptn(i int) partitioned by (j int); +alter table auth_export_ptn add partition (j=42); +set user.name=user1; +export table auth_export_ptn partition (j=42) to 'pfile://${system:test.tmp.dir}/hive-12875'; + +set hive.security.authorization.enabled=false; + +drop table auth_export_ptn; + diff --git a/ql/src/test/queries/clientnegative/authorization_truncate_2.q b/ql/src/test/queries/clientnegative/authorization_truncate_2.q new file mode 100644 index 0000000..120cf5d --- /dev/null +++ b/ql/src/test/queries/clientnegative/authorization_truncate_2.q @@ -0,0 +1,11 @@ +set hive.test.authz.sstd.hs2.mode=true; +set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest; +set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; +set hive.security.authorization.enabled=true; + +-- check truncate on partition +create table auth_trunc2(i int) partitioned by (j int); +alter table auth_trunc2 add partition (j=42); +set user.name=user1; +truncate table auth_trunc2 partition (j=42); + diff --git a/ql/src/test/results/clientnegative/authorization_export_ptn.q.out b/ql/src/test/results/clientnegative/authorization_export_ptn.q.out new file mode 100644 index 0000000..be0bb9f --- /dev/null +++ b/ql/src/test/results/clientnegative/authorization_export_ptn.q.out @@ -0,0 +1,19 @@ +#### A masked pattern was here #### +PREHOOK: query: -- check export on partition +create table auth_export_ptn(i int) partitioned by (j int) +PREHOOK: type: CREATETABLE +PREHOOK: Output: database:default +PREHOOK: Output: default@auth_export_ptn +POSTHOOK: query: -- check export on partition +create table auth_export_ptn(i int) partitioned by (j int) +POSTHOOK: type: CREATETABLE +POSTHOOK: Output: database:default +POSTHOOK: Output: default@auth_export_ptn +PREHOOK: query: alter table auth_export_ptn add partition (j=42) +PREHOOK: type: ALTERTABLE_ADDPARTS +PREHOOK: Output: default@auth_export_ptn +POSTHOOK: query: alter table auth_export_ptn add partition (j=42) +POSTHOOK: type: ALTERTABLE_ADDPARTS +POSTHOOK: Output: default@auth_export_ptn +POSTHOOK: Output: default@auth_export_ptn@j=42 +#### A masked pattern was here #### diff --git a/ql/src/test/results/clientnegative/authorization_truncate_2.q.out b/ql/src/test/results/clientnegative/authorization_truncate_2.q.out new file mode 100644 index 0000000..04246f4 --- /dev/null +++ b/ql/src/test/results/clientnegative/authorization_truncate_2.q.out @@ -0,0 +1,18 @@ +PREHOOK: query: -- check truncate on partition +create table auth_trunc2(i int) partitioned by (j int) +PREHOOK: type: CREATETABLE +PREHOOK: Output: database:default +PREHOOK: Output: default@auth_trunc2 +POSTHOOK: query: -- check truncate on partition +create table auth_trunc2(i int) partitioned by (j int) +POSTHOOK: type: CREATETABLE +POSTHOOK: Output: database:default +POSTHOOK: Output: default@auth_trunc2 +PREHOOK: query: alter table auth_trunc2 add partition (j=42) +PREHOOK: type: ALTERTABLE_ADDPARTS +PREHOOK: Output: default@auth_trunc2 +POSTHOOK: query: alter table auth_trunc2 add partition (j=42) +POSTHOOK: type: ALTERTABLE_ADDPARTS +POSTHOOK: Output: default@auth_trunc2 +POSTHOOK: Output: default@auth_trunc2@j=42 +FAILED: HiveAccessControlException Permission denied: Principal [name=user1, type=USER] does not have following privileges for operation TRUNCATETABLE [[OBJECT OWNERSHIP] on Object [type=TABLE_OR_VIEW, name=default.auth_trunc2]]