ql/src/test/queries/clientpositive/authorization_grant_option_role.q - hive - Git at Google

 set hive.test.authz.sstd.hs2.mode=true;
 set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest;
 set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator;

 set user.name=hive_admin_user;
 set role admin;
 create role r1;
 grant role r1 to user r1user;

 set user.name=user1;
 CREATE TABLE  t1_n126(i int);

 -- all privileges should have been set for user

 GRANT ALL ON t1_n126 TO ROLE r1 WITH GRANT OPTION;

 set user.name=r1user;
 -- check if user belong to role r1 can grant privileges to others
 GRANT ALL ON t1_n126 TO USER user3;

 set user.name=hive_admin_user;
 set role admin;
 -- check privileges on table
 show grant on table t1_n126;

 -- check if drop role removes privileges for that role
 drop role r1;
 show grant on table t1_n126;
	set hive.test.authz.sstd.hs2.mode=true;
	set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest;
	set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator;

	set user.name=hive_admin_user;
	set role admin;
	create role r1;
	grant role r1 to user r1user;

	set user.name=user1;
	CREATE TABLE t1_n126(i int);

	-- all privileges should have been set for user

	GRANT ALL ON t1_n126 TO ROLE r1 WITH GRANT OPTION;

	set user.name=r1user;
	-- check if user belong to role r1 can grant privileges to others
	GRANT ALL ON t1_n126 TO USER user3;

	set user.name=hive_admin_user;
	set role admin;
	-- check privileges on table
	show grant on table t1_n126;

	-- check if drop role removes privileges for that role
	drop role r1;
	show grant on table t1_n126;