commit ed2bc24c97de6a05d4532bfd27e09cfdc154a196 Author: Daniel Dai Date: Mon Jan 29 11:10:06 2018 -0800 Explain authorization diff --git a/ql/src/java/org/apache/hadoop/hive/ql/parse/ExplainSemanticAnalyzer.java b/ql/src/java/org/apache/hadoop/hive/ql/parse/ExplainSemanticAnalyzer.java index f01b497..62cf6dd 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/parse/ExplainSemanticAnalyzer.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/parse/ExplainSemanticAnalyzer.java @@ -162,6 +162,8 @@ public void analyzeInternal(ASTNode ast) throws SemanticException { BaseSemanticAnalyzer sem = SemanticAnalyzerFactory.get(queryState, input); sem.analyze(input, ctx); sem.validate(); + inputs = sem.getInputs(); + outputs = sem.getOutputs(); ctx.setResFile(ctx.getLocalTmpPath()); List> tasks = sem.getAllRootTasks(); diff --git a/ql/src/test/queries/clientnegative/authorization_explain.q b/ql/src/test/queries/clientnegative/authorization_explain.q new file mode 100644 index 0000000..1fed6dd --- /dev/null +++ b/ql/src/test/queries/clientnegative/authorization_explain.q @@ -0,0 +1,7 @@ +set hive.security.authorization.enabled=true; + +explain create table if not exists authorization_explain (key int, value string); + +create table if not exists authorization_explain (key int, value string); +revoke Select on table authorization_explain from user hive_test_user; +explain select * from authorization_explain; diff --git a/ql/src/test/results/clientnegative/authorization_explain.q.out b/ql/src/test/results/clientnegative/authorization_explain.q.out new file mode 100644 index 0000000..792de42 --- /dev/null +++ b/ql/src/test/results/clientnegative/authorization_explain.q.out @@ -0,0 +1,37 @@ +PREHOOK: query: explain create table if not exists authorization_explain (key int, value string) +PREHOOK: type: CREATETABLE +PREHOOK: Output: database:default +PREHOOK: Output: default@authorization_explain +POSTHOOK: query: explain create table if not exists authorization_explain (key int, value string) +POSTHOOK: type: CREATETABLE +POSTHOOK: Output: database:default +POSTHOOK: Output: default@authorization_explain +STAGE DEPENDENCIES: + Stage-0 is a root stage + +STAGE PLANS: + Stage: Stage-0 + Create Table Operator: + Create Table + columns: key int, value string + if not exists: true + input format: org.apache.hadoop.mapred.TextInputFormat + output format: org.apache.hadoop.hive.ql.io.IgnoreKeyTextOutputFormat + serde name: org.apache.hadoop.hive.serde2.lazy.LazySimpleSerDe + name: default.authorization_explain + +PREHOOK: query: create table if not exists authorization_explain (key int, value string) +PREHOOK: type: CREATETABLE +PREHOOK: Output: database:default +PREHOOK: Output: default@authorization_explain +POSTHOOK: query: create table if not exists authorization_explain (key int, value string) +POSTHOOK: type: CREATETABLE +POSTHOOK: Output: database:default +POSTHOOK: Output: default@authorization_explain +PREHOOK: query: revoke Select on table authorization_explain from user hive_test_user +PREHOOK: type: REVOKE_PRIVILEGE +PREHOOK: Output: default@authorization_explain +POSTHOOK: query: revoke Select on table authorization_explain from user hive_test_user +POSTHOOK: type: REVOKE_PRIVILEGE +POSTHOOK: Output: default@authorization_explain +FAILED: HiveAccessControlException Permission denied: Principal [name=hive_test_user, type=USER] does not have following privileges for operation QUERY [[SELECT] on Object [type=TABLE_OR_VIEW, name=default.authorization_explain]]