[ https://issues.apache.org/jira/browse/HIVE-14157?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Pengcheng Xiong updated HIVE-14157: ----------------------------------- Attachment: DB2BP_Security_RCAC_0412.pdf > deal with ACID operations (insert, update, delete) > -------------------------------------------------- > > Key: HIVE-14157 > URL: https://issues.apache.org/jira/browse/HIVE-14157 > Project: Hive > Issue Type: Sub-task > Components: Security > Reporter: Pengcheng Xiong > Assignee: Pengcheng Xiong > Fix For: 2.1.0 > > Attachments: DB2BP_Security_RCAC_0412.pdf > > > INSERT statement > When you issue an INSERT statement against a table for which row-level access > control > is activated, the rules specified in all the enabled row permissions defined > on that table > determine whether the row can be inserted. To be inserted, the row must > conform to the > enabled row permissions that are defined on the table. A conformant row is a > row that, if > inserted, can be retrieved back by using a SELECT statement by the same user. > This > behavior is identical to how an insert into a symmetric view works. In other > words, you > cannot insert a row that you cannot select. > UPDATE statement > When you issue an UPDATE statement against a table for which row-level access > control > is activated, the rules specified in all the enabled row permissions that are > defined on that > table determine whether the row can be updated. Enabled row permissions are > used as > follows during UPDATE operations: > 1. The enabled row permissions filter the set of rows to be updated. In other > words, > you cannot update rows that you cannot select. > 2. The updated rows (if any) must conform to the enabled row permissions. A > conformant updated row is a row that can be retrieved back using a SELECT > statement by the same user. This is identical to how an update of a symmetric > view works. In other words, you cannot update a row such that you can no > longer select that row. > DELETE statement > When a DELETE statement is issued against a table for which row-level access > control is > activated, the rules specified in all the enabled row permissions that are > defined on that > table determine which rows can be deleted. The enabled row permissions filter > the set of > rows to be deleted. In other words, you cannot delete rows that you cannot > select. > MERGE statement > A MERGE statement can be thought of as both an INSERT and an UPDATE operation. > The processing of a MERGE follows the processing of INSERT and UPDATE. -- This message was sent by Atlassian JIRA (v6.3.4#6332)