[jira] [Created] (HIVE-22086) Hive revoke the grant err by hive.security.authorization.createtable.role.grants ( SQL Standard Based Hive Authorization )

Tue, 06 Aug 2019 02:07:40 -0700 

xinzhang created HIVE-22086:
-------------------------------

             Summary: Hive revoke the grant err by 
hive.security.authorization.createtable.role.grants  ( SQL Standard Based Hive 
Authorization )
                 Key: HIVE-22086
                 URL: https://issues.apache.org/jira/browse/HIVE-22086
             Project: Hive
          Issue Type: Bug
          Components: Authorization, Beeline, HiveServer2
    Affects Versions: 2.3.5
         Environment: host 172.31.10.119

port 50033

version apache-hive-2.3.5-bin

database tools

hive-site.xml

<property>

     <name>hive.security.authorization.createtable.role.grants</name> 

     <value>da:select;</value>

    </property>

<property>

     <name>hive.users.in.admin.role</name> 

     <value>root,tools </value>

    </property>
            Reporter: xinzhang


# Start hiveserver2

>/opt/hive/hive-bin/bin/hiveserver2 --hiveconf hive.server2.thrift.port=50033 
>--hiveconf hive.server2.webui.port=10003
 # create table

#/opt/hive/hive-bin/bin/beeline -u jdbc:hive2://172.31.10.119:50033 -n tools

>use tools;

>create table test1 as select * from tools.test99 limit 10;

>show grant on table tools.test1;

+-----------+--------------+------------+---------+-----------------+-----------------+------------+---------------+----------------+----------+

| database  |    table     | partition  | column  | principal_name  | 
principal_type  | privilege  | grant_option  |   grant_time   | grantor  |

+-----------+--------------+------------+---------+-----------------+-----------------+------------+---------------+----------------+----------+

| tools     | test1  |            |         | da        | ROLE            | 
SELECT     | true          | 1565061852000  | tools    |

+-----------+--------------+------------+---------+-----------------+-----------------+------------+---------------+----------------+----------+

 
 # revoke select on role da

> set role damin;

> revoke select on table tools.test1 from role da;
 # err log

FAILED: Execution Error, return code 1 from 
org.apache.hadoop.hive.ql.exec.DDLTask. Cannot find privilege Privilege 
[name=SELECT, columns=null] for Principal [name=da, type=ROLE] on Object 
[type=TABLE_OR_VIEW, name=tools.test1] granted by tools

 



--
This message was sent by Atlassian JIRA
(v7.6.14#76016)

Reply via email to