ql/src/test/queries/clientpositive/authorization_view_sqlstd.q - hive - Git at Google

 set hive.test.authz.sstd.hs2.mode=true;
 set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest;
 set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator;
 set hive.security.authorization.enabled=true;
 set user.name=user1;

 -- Test view authorization , and 'show grant' variants

 create table t1(i int, j int, k int);
 show grant user user1 on table t1;

 -- protecting certain columns
 create view vt1 as select i,k from t1;

 -- protecting certain rows
 create view vt2 as select * from t1 where i > 1;

 show grant user user1 on all;

 --view grant to user
 -- try with and without table keyword

 grant select on vt1 to user user2;
 grant insert on table vt1 to user user3;

 set user.name=user2;
 show grant user user2 on table vt1;
 set user.name=user3;
 show grant user user3 on table vt1;


 set user.name=user2;

 explain authorization select * from vt1;
 select * from vt1;

 set user.name=user1;

 grant all on table vt2 to user user2;

 set user.name=user2;
 show grant user user2 on table vt2;
 show grant user user2 on all;
 set user.name=user1;

 revoke all on vt2 from user user2;

 set user.name=user2;
 show grant user user2 on table vt2;


 set user.name=hive_admin_user;
 set role admin;
 show grant on table vt2;

 set user.name=user1;
 revoke select on table vt1 from user user2;

 set user.name=user2;
 show grant user user2 on table vt1;
 show grant user user2 on all;

 set user.name=user3;
 -- grant privileges on roles for view, after next statement
 show grant user user3 on table vt1;

 set user.name=hive_admin_user;
 show current roles;
 set role ADMIN;
 create role role_v;
 grant  role_v to user user4 ;
 show role grant user user4;
 show roles;

 grant all on table vt2 to role role_v;
 show grant role role_v on table vt2;

 revoke delete on table vt2 from role role_v;
 show grant role role_v on table vt2;
 show grant on table vt2;
	set hive.test.authz.sstd.hs2.mode=true;
	set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest;
	set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator;
	set hive.security.authorization.enabled=true;
	set user.name=user1;

	-- Test view authorization , and 'show grant' variants

	create table t1(i int, j int, k int);
	show grant user user1 on table t1;

	-- protecting certain columns
	create view vt1 as select i,k from t1;

	-- protecting certain rows
	create view vt2 as select * from t1 where i > 1;

	show grant user user1 on all;

	--view grant to user
	-- try with and without table keyword

	grant select on vt1 to user user2;
	grant insert on table vt1 to user user3;

	set user.name=user2;
	show grant user user2 on table vt1;
	set user.name=user3;
	show grant user user3 on table vt1;


	set user.name=user2;

	explain authorization select * from vt1;
	select * from vt1;

	set user.name=user1;

	grant all on table vt2 to user user2;

	set user.name=user2;
	show grant user user2 on table vt2;
	show grant user user2 on all;
	set user.name=user1;

	revoke all on vt2 from user user2;

	set user.name=user2;
	show grant user user2 on table vt2;


	set user.name=hive_admin_user;
	set role admin;
	show grant on table vt2;

	set user.name=user1;
	revoke select on table vt1 from user user2;

	set user.name=user2;
	show grant user user2 on table vt1;
	show grant user user2 on all;

	set user.name=user3;
	-- grant privileges on roles for view, after next statement
	show grant user user3 on table vt1;

	set user.name=hive_admin_user;
	show current roles;
	set role ADMIN;
	create role role_v;
	grant role_v to user user4 ;
	show role grant user user4;
	show roles;

	grant all on table vt2 to role role_v;
	show grant role role_v on table vt2;

	revoke delete on table vt2 from role role_v;
	show grant role role_v on table vt2;
	show grant on table vt2;