| set hive.test.authz.sstd.hs2.mode=true; |
| set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest; |
| set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; |
| set hive.security.authorization.enabled=true; |
| set user.name=user1; |
| |
| -- Test view authorization , and 'show grant' variants |
| |
| create table t1(i int, j int, k int); |
| show grant user user1 on table t1; |
| |
| -- protecting certain columns |
| create view vt1 as select i,k from t1; |
| |
| -- protecting certain rows |
| create view vt2 as select * from t1 where i > 1; |
| |
| show grant user user1 on all; |
| |
| --view grant to user |
| -- try with and without table keyword |
| |
| grant select on vt1 to user user2; |
| grant insert on table vt1 to user user3; |
| |
| set user.name=user2; |
| show grant user user2 on table vt1; |
| set user.name=user3; |
| show grant user user3 on table vt1; |
| |
| |
| set user.name=user2; |
| |
| explain authorization select * from vt1; |
| select * from vt1; |
| |
| set user.name=user1; |
| |
| grant all on table vt2 to user user2; |
| |
| set user.name=user2; |
| show grant user user2 on table vt2; |
| show grant user user2 on all; |
| set user.name=user1; |
| |
| revoke all on vt2 from user user2; |
| |
| set user.name=user2; |
| show grant user user2 on table vt2; |
| |
| |
| set user.name=hive_admin_user; |
| set role admin; |
| show grant on table vt2; |
| |
| set user.name=user1; |
| revoke select on table vt1 from user user2; |
| |
| set user.name=user2; |
| show grant user user2 on table vt1; |
| show grant user user2 on all; |
| |
| set user.name=user3; |
| -- grant privileges on roles for view, after next statement |
| show grant user user3 on table vt1; |
| |
| set user.name=hive_admin_user; |
| show current roles; |
| set role ADMIN; |
| create role role_v; |
| grant role_v to user user4 ; |
| show role grant user user4; |
| show roles; |
| |
| grant all on table vt2 to role role_v; |
| show grant role role_v on table vt2; |
| |
| revoke delete on table vt2 from role role_v; |
| show grant role role_v on table vt2; |
| show grant on table vt2; |