Hmm.. looking at the syntax priv_level does not seem to be a keyword but
rather actual name of a table or database.. so why it appears like a
keyword Also priv_level is confusing and rather clear syntax would should
look like below...
Again answer to original question from Brett, yes GRANT syntax should be
similar to REVOKE but rather priv_level should be removed from REVOKE as
well.. :)
GRANT
priv_type [(column_list)]
[, priv_type [(column_list)]] ...
[ON object_type]
TO principal_specification [, principal_specification] ...
[WITH GRANT OPTION]
REVOKE [GRANT OPTION FOR]
priv_type [(column_list)]
[, priv_type [(column_list)]] ...
[ON object_type]
FROM principal_specification [, principal_specification] ...
REVOKE ALL PRIVILEGES, GRANT OPTION
FROM user [, user] ...
priv_type:
ALL | ALTER | UPDATE | CREATE | DROP
| INDEX | LOCK | SELECT | SHOW_DATABASE
object_type:
TABLE tbl_name
| DATABASE db_name
principal_specification:
USER user
| GROUP group
| ROLE role
On Sat, Oct 11, 2014 at 7:55 PM, Lefty Leverenz <leftylever...@gmail.com>
wrote:
> Good catch, Brett. Can we have confirmation from an expert?
>
> Also, is object_type optional?
>
> It isn't clear to me why priv_level isn't called object_name.
>
> -- Lefty
>
> On Thu, Oct 9, 2014 at 8:23 AM, Brett Randall <javabr...@gmail.com> wrote:
>
>> Hi,
>>
>> On
>> https://cwiki.apache.org/confluence/display/Hive/Hive+Default+Authorization+-+Legacy+Mode#HiveDefaultAuthorization-LegacyMode-Grant/RevokePrivileges
>> , GRANT shows as:
>>
>> GRANT
>> priv_type [(column_list)]
>> [, priv_type [(column_list)]] ...
>> [ON object_type]
>> TO principal_specification [, principal_specification] ...
>> [WITH GRANT OPTION]
>>
>> Should that not be [ON object_type priv_level], same as REVOKE, where:
>>
>> object_type:
>> TABLE
>> | DATABASE
>>
>> priv_level:
>> db_name
>> | tbl_name
>>
>> Thanks
>> Brett
>>
>
>
