Agree w/ Brett.. so may be instead of "object_type", we can use
"object_specification" (similar to principal specification)?
GRANT
priv_type [(column_list)]
[, priv_type [(column_list)]] ...
[ON object_specification]
TO principal_specification [, principal_specification] ...
[WITH GRANT OPTION]
REVOKE [GRANT OPTION FOR]
priv_type [(column_list)]
[, priv_type [(column_list)]] ...
[ON object_specification]
FROM principal_specification [, principal_specification] ...
REVOKE ALL PRIVILEGES, GRANT OPTION
FROM user [, user] ...
priv_type:
ALL | ALTER | UPDATE | CREATE | DROP
| INDEX | LOCK | SELECT | SHOW_DATABASE
object_specification:
TABLE tbl_name |
DATABASE db_name
principal_specification:
USER user
| GROUP group
| ROLE role
On Tue, Oct 14, 2014 at 11:06 AM, Lefty Leverenz <leftylever...@gmail.com>
wrote:
> I'll correct it as soon as we reach consensus. (Perhaps Thejas will chime
> in.)
>
> If you want to do it yourself, you can get wiki edit privilege
> <https://cwiki.apache.org/confluence/display/Hive/AboutThisWiki#AboutThisWiki-Howtogetpermissiontoedit>
> quite
> easily.
>
> -- Lefty
>
> On Tue, Oct 14, 2014 at 7:57 AM, Brett Randall <javabr...@gmail.com>
> wrote:
>
>> I agree that the use of priv_level is confusing when it is actually
>> referring to object_name (of type TABLE or DATABASE). I don't mind
>> the rolling-up of tbl_name or db_name into object_type, although it
>> then makes object_type: somewhat misleading. "[ON object_type
>> object_name]" reads well for me.
>>
>> Anything to correct the incorrect syntax on the wiki page (it is not
>> open for edits).
>>
>> Thanks
>> Brett
>>
>> On 13 October 2014 18:18, Suhas Gogate <vgog...@pivotal.io> wrote:
>> > Hmm.. looking at the syntax priv_level does not seem to be a keyword but
>> > rather actual name of a table or database.. so why it appears like a
>> keyword
>> > Also priv_level is confusing and rather clear syntax would should look
>> like
>> > below...
>> >
>> > Again answer to original question from Brett, yes GRANT syntax should be
>> > similar to REVOKE but rather priv_level should be removed from REVOKE as
>> > well.. :)
>> >
>> > GRANT
>> > priv_type [(column_list)]
>> > [, priv_type [(column_list)]] ...
>> > [ON object_type]
>> > TO principal_specification [, principal_specification] ...
>> > [WITH GRANT OPTION]
>> >
>> > REVOKE [GRANT OPTION FOR]
>> > priv_type [(column_list)]
>> > [, priv_type [(column_list)]] ...
>> > [ON object_type]
>> > FROM principal_specification [, principal_specification] ...
>> >
>> > REVOKE ALL PRIVILEGES, GRANT OPTION
>> > FROM user [, user] ...
>> >
>> > priv_type:
>> > ALL | ALTER | UPDATE | CREATE | DROP
>> > | INDEX | LOCK | SELECT | SHOW_DATABASE
>> >
>> > object_type:
>> > TABLE tbl_name
>> > | DATABASE db_name
>> >
>> > principal_specification:
>> > USER user
>> > | GROUP group
>> > | ROLE role
>> >
>> >
>> > On Sat, Oct 11, 2014 at 7:55 PM, Lefty Leverenz <
>> leftylever...@gmail.com>
>> > wrote:
>> >>
>> >> Good catch, Brett. Can we have confirmation from an expert?
>> >>
>> >> Also, is object_type optional?
>> >>
>> >> It isn't clear to me why priv_level isn't called object_name.
>> >>
>> >> -- Lefty
>> >>
>> >> On Thu, Oct 9, 2014 at 8:23 AM, Brett Randall <javabr...@gmail.com>
>> wrote:
>> >>>
>> >>> Hi,
>> >>>
>> >>> On
>> >>>
>> https://cwiki.apache.org/confluence/display/Hive/Hive+Default+Authorization+-+Legacy+Mode#HiveDefaultAuthorization-LegacyMode-Grant/RevokePrivileges
>> >>> , GRANT shows as:
>> >>>
>> >>> GRANT
>> >>> priv_type [(column_list)]
>> >>> [, priv_type [(column_list)]] ...
>> >>> [ON object_type]
>> >>> TO principal_specification [, principal_specification] ...
>> >>> [WITH GRANT OPTION]
>> >>>
>> >>> Should that not be [ON object_type priv_level], same as REVOKE, where:
>> >>>
>> >>> object_type:
>> >>> TABLE
>> >>> | DATABASE
>> >>>
>> >>> priv_level:
>> >>> db_name
>> >>> | tbl_name
>> >>>
>> >>> Thanks
>> >>> Brett
>> >>
>> >>
>> >
>>
>
>
