diff --git ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessController.java ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessController.java index d5c3a1a..49d169a 100644 --- ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessController.java +++ ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessController.java @@ -405,39 +405,40 @@ public void revokeRole(List hivePrincipals, List roleName principalType, SQLAuthorizationUtils.getThriftHiveObjectRef(privObj)); + if(msObjPrivs != null){ + // convert the metastore thrift objects to result objects + for (HiveObjectPrivilege msObjPriv : msObjPrivs) { + // result principal + HivePrincipal resPrincipal = new HivePrincipal(msObjPriv.getPrincipalName(), + AuthorizationUtils.getHivePrincipalType(msObjPriv.getPrincipalType())); + + // result privilege + PrivilegeGrantInfo msGrantInfo = msObjPriv.getGrantInfo(); + HivePrivilege resPrivilege = new HivePrivilege(msGrantInfo.getPrivilege(), null); + + // result object + HiveObjectRef msObjRef = msObjPriv.getHiveObject(); + + if (!isSupportedObjectType(msObjRef.getObjectType())) { + // metastore returns object type such as global GLOBAL + // when no object is specified. + // such privileges are not applicable to this authorization mode, so + // ignore them + continue; + } - // convert the metastore thrift objects to result objects - for (HiveObjectPrivilege msObjPriv : msObjPrivs) { - // result principal - HivePrincipal resPrincipal = new HivePrincipal(msObjPriv.getPrincipalName(), - AuthorizationUtils.getHivePrincipalType(msObjPriv.getPrincipalType())); - - // result privilege - PrivilegeGrantInfo msGrantInfo = msObjPriv.getGrantInfo(); - HivePrivilege resPrivilege = new HivePrivilege(msGrantInfo.getPrivilege(), null); - - // result object - HiveObjectRef msObjRef = msObjPriv.getHiveObject(); - - if (!isSupportedObjectType(msObjRef.getObjectType())) { - // metastore returns object type such as global GLOBAL - // when no object is specified. - // such privileges are not applicable to this authorization mode, so - // ignore them - continue; - } - - HivePrivilegeObject resPrivObj = new HivePrivilegeObject( - getPluginPrivilegeObjType(msObjRef.getObjectType()), msObjRef.getDbName(), - msObjRef.getObjectName(), msObjRef.getPartValues(), msObjRef.getColumnName()); + HivePrivilegeObject resPrivObj = new HivePrivilegeObject( + getPluginPrivilegeObjType(msObjRef.getObjectType()), msObjRef.getDbName(), + msObjRef.getObjectName(), msObjRef.getPartValues(), msObjRef.getColumnName()); - // result grantor principal - HivePrincipal grantorPrincipal = new HivePrincipal(msGrantInfo.getGrantor(), - AuthorizationUtils.getHivePrincipalType(msGrantInfo.getGrantorType())); + // result grantor principal + HivePrincipal grantorPrincipal = new HivePrincipal(msGrantInfo.getGrantor(), + AuthorizationUtils.getHivePrincipalType(msGrantInfo.getGrantorType())); - HivePrivilegeInfo resPrivInfo = new HivePrivilegeInfo(resPrincipal, resPrivilege, - resPrivObj, grantorPrincipal, msGrantInfo.isGrantOption(), msGrantInfo.getCreateTime()); - resPrivInfos.add(resPrivInfo); + HivePrivilegeInfo resPrivInfo = new HivePrivilegeInfo(resPrincipal, resPrivilege, + resPrivObj, grantorPrincipal, msGrantInfo.isGrantOption(), msGrantInfo.getCreateTime()); + resPrivInfos.add(resPrivInfo); + } } return resPrivInfos;