----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/19747/#review38809 -----------------------------------------------------------
LGTM, except for 1 comment. metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java <https://reviews.apache.org/r/19747/#comment71141> Earlier, we were not adding PUBLIC role. Wondering how it use to work than. Were we adding that role in client before auth checks? In that case, that can be dropped now. - Ashutosh Chauhan On March 27, 2014, 7:42 p.m., Thejas Nair wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/19747/ > ----------------------------------------------------------- > > (Updated March 27, 2014, 7:42 p.m.) > > > Review request for hive and Ashutosh Chauhan. > > > Bugs: HIVE-6547 > https://issues.apache.org/jira/browse/HIVE-6547 > > > Repository: hive-git > > > Description > ------- > > As discussed in HIVE-5931, it will be cleaner to have the information about > Role to role member mapping removed from the Role object, as it is not part > of a logical Role. This information not relevant for actions such as creating > a Role. > As part of this change get_role_grants_for_principal api will be added, so > that it can be used in place of list_roles, when role mapping information is > desired. > > Also cleans up additional fields - principalname and principaltype in 'show > role grant user user2" output, as that is redundant information. Also removes > role createtime from this command output as that is not relevant to role > grant information. > > > Diffs > ----- > > metastore/if/hive_metastore.thrift b3f01d6 > metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java > d5c7ba7 > > metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStoreClient.java > 0550589 > metastore/src/java/org/apache/hadoop/hive/metastore/IMetaStoreClient.java > 47c49aa > ql/src/java/org/apache/hadoop/hive/ql/exec/DDLTask.java e185f12 > ql/src/java/org/apache/hadoop/hive/ql/metadata/Hive.java ace6cb5 > ql/src/java/org/apache/hadoop/hive/ql/plan/RoleDDLDesc.java bc9d47e > > ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAccessController.java > 50bd592 > > ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizer.java > 48064c4 > > ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizerImpl.java > 2577ae5 > > ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveRole.java > 7f3d78a > > ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveRoleGrant.java > 03f129a > > ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/GrantPrivAuthUtils.java > fdbf3c3 > > ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLAuthorizationUtils.java > 03d12ca > > ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAccessController.java > 5b24578 > > ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/sqlstd/SQLStdHiveAuthorizationValidator.java > 7bb5a88 > ql/src/test/queries/clientpositive/authorization_role_grant2.q 00a67a2 > ql/src/test/results/clientnegative/authorization_fail_7.q.out 00e457d > ql/src/test/results/clientnegative/authorization_role_grant.q.out de17ae9 > ql/src/test/results/clientpositive/authorization_1.q.out 916125b > ql/src/test/results/clientpositive/authorization_1_sql_std.q.out 2302da0 > ql/src/test/results/clientpositive/authorization_5.q.out f1c07d0 > ql/src/test/results/clientpositive/authorization_role_grant1.q.out 48e0f59 > ql/src/test/results/clientpositive/authorization_role_grant2.q.out d08b906 > ql/src/test/results/clientpositive/authorization_view_sqlstd.q.out 0a986e6 > > Diff: https://reviews.apache.org/r/19747/diff/ > > > Testing > ------- > > > Thanks, > > Thejas Nair > >
