----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/17939/#review34195 -----------------------------------------------------------
trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessController.java <https://reviews.apache.org/r/17939/#comment64206> non admin users should be allowed to grant/revoke role if they have admin privileges on the role. But that can be addressed in followup jira as well. trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessController.java <https://reviews.apache.org/r/17939/#comment64207> It should return true only if the admin role is among the current roles (getCurrentRoles()). Can you also add that to this function javadoc ? - Thejas Nair On Feb. 11, 2014, 6:53 a.m., Ashutosh Chauhan wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/17939/ > ----------------------------------------------------------- > > (Updated Feb. 11, 2014, 6:53 a.m.) > > > Review request for hive. > > > Bugs: HIVE-5944 > https://issues.apache.org/jira/browse/HIVE-5944 > > > Repository: hive > > > Description > ------- > > authorize role ops > > > Diffs > ----- > > trunk/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java 1566991 > trunk/itests/util/src/main/java/org/apache/hadoop/hive/ql/QTestUtil.java > 1566991 > > trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAccessControlException.java > 1566991 > > trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAccessController.java > 1566991 > > trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizer.java > 1566991 > > trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizerImpl.java > 1566991 > > trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessController.java > 1566991 > > trunk/ql/src/test/queries/clientnegative/authorization_create_role_no_admin.q > PRE-CREATION > trunk/ql/src/test/queries/clientnegative/authorization_role_cycles1.q > 1566991 > trunk/ql/src/test/queries/clientnegative/authorization_role_cycles2.q > 1566991 > > trunk/ql/src/test/queries/clientnegative/authorization_show_roles_no_admin.q > PRE-CREATION > trunk/ql/src/test/queries/clientpositive/authorization_1_sql_std.q 1566991 > trunk/ql/src/test/queries/clientpositive/authorization_role_grant1.q > 1566991 > > trunk/ql/src/test/queries/clientpositive/authorization_set_show_current_role.q > 1566991 > > trunk/ql/src/test/results/clientnegative/authorization_create_role_no_admin.q.out > PRE-CREATION > > trunk/ql/src/test/results/clientnegative/authorization_show_roles_no_admin.q.out > PRE-CREATION > trunk/ql/src/test/results/clientpositive/authorization_1_sql_std.q.out > 1566991 > trunk/ql/src/test/results/clientpositive/authorization_role_grant1.q.out > 1566991 > > trunk/ql/src/test/results/clientpositive/authorization_set_show_current_role.q.out > 1566991 > > Diff: https://reviews.apache.org/r/17939/diff/ > > > Testing > ------- > > Added new tests. > > > Thanks, > > Ashutosh Chauhan > >
