-- Licensed to the Apache Software Foundation (ASF) under one or more -- contributor license agreements. See the NOTICE file distributed with -- this work for additional information regarding copyright ownership. -- The ASF licenses this file to You under the Apache License, Version 2.0 -- (the "License") you may not use this file except in compliance with -- the License. You may obtain a copy of the License at -- -- http://www.apache.org/licenses/LICENSE-2.0 -- -- Unless required by applicable law or agreed to in writing, software -- distributed under the License is distributed on an "AS IS" BASIS, -- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -- See the License for the specific language governing permissions and -- limitations under the License. create table authorization_part (key int, value string) partitioned by (ds string); ALTER TABLE authorization_part SET TBLPROPERTIES ("PARTITION_LEVEL_PRIVILEGE"="TRUE"); set hive.security.authorization.enabled=true; -- column grant to user grant Create on table authorization_part to user hive_test_user; grant Update on table authorization_part to user hive_test_user; grant Drop on table authorization_part to user hive_test_user; grant select on table src to user hive_test_user; show grant user hive_test_user on table authorization_part; alter table authorization_part add partition (ds='2010'); show grant user hive_test_user on table authorization_part partition (ds='2010'); grant select(key) on table authorization_part to user hive_test_user; alter table authorization_part drop partition (ds='2010'); insert overwrite table authorization_part partition (ds='2010') select key, value from src; show grant user hive_test_user on table authorization_part(key) partition (ds='2010'); show grant user hive_test_user on table authorization_part(key); select key from authorization_part where ds='2010' order by key limit 20; revoke select(key) on table authorization_part from user hive_test_user; show grant user hive_test_user on table authorization_part(key); show grant user hive_test_user on table authorization_part(key) partition (ds='2010'); select key from authorization_part where ds='2010' order by key limit 20; revoke select(key) on table authorization_part partition (ds='2010') from user hive_test_user; show grant user hive_test_user on table authorization_part(key) partition (ds='2010'); alter table authorization_part drop partition (ds='2010'); -- table grant to user show grant user hive_test_user on table authorization_part; alter table authorization_part add partition (ds='2010'); show grant user hive_test_user on table authorization_part partition (ds='2010'); grant select on table authorization_part to user hive_test_user; alter table authorization_part drop partition (ds='2010'); insert overwrite table authorization_part partition (ds='2010') select key, value from src; show grant user hive_test_user on table authorization_part partition (ds='2010'); show grant user hive_test_user on table authorization_part; select key from authorization_part where ds='2010' order by key limit 20; revoke select on table authorization_part from user hive_test_user; show grant user hive_test_user on table authorization_part; show grant user hive_test_user on table authorization_part partition (ds='2010'); select key from authorization_part where ds='2010' order by key limit 20; revoke select on table authorization_part partition (ds='2010') from user hive_test_user; show grant user hive_test_user on table authorization_part partition (ds='2010'); alter table authorization_part drop partition (ds='2010'); -- column grant to group show grant group hive_test_group1 on table authorization_part; alter table authorization_part add partition (ds='2010'); show grant group hive_test_group1 on table authorization_part partition (ds='2010'); grant select(key) on table authorization_part to group hive_test_group1; alter table authorization_part drop partition (ds='2010'); insert overwrite table authorization_part partition (ds='2010') select key, value from src; show grant group hive_test_group1 on table authorization_part(key) partition (ds='2010'); show grant group hive_test_group1 on table authorization_part(key); select key from authorization_part where ds='2010' order by key limit 20; revoke select(key) on table authorization_part from group hive_test_group1; show grant group hive_test_group1 on table authorization_part(key); show grant group hive_test_group1 on table authorization_part(key) partition (ds='2010'); select key from authorization_part where ds='2010' order by key limit 20; revoke select(key) on table authorization_part partition (ds='2010') from group hive_test_group1; show grant group hive_test_group1 on table authorization_part(key) partition (ds='2010'); alter table authorization_part drop partition (ds='2010'); -- table grant to group show grant group hive_test_group1 on table authorization_part; alter table authorization_part add partition (ds='2010'); show grant group hive_test_group1 on table authorization_part partition (ds='2010'); grant select on table authorization_part to group hive_test_group1; alter table authorization_part drop partition (ds='2010'); insert overwrite table authorization_part partition (ds='2010') select key, value from src; show grant group hive_test_group1 on table authorization_part partition (ds='2010'); show grant group hive_test_group1 on table authorization_part; select key from authorization_part where ds='2010' order by key limit 20; revoke select on table authorization_part from group hive_test_group1; show grant group hive_test_group1 on table authorization_part; show grant group hive_test_group1 on table authorization_part partition (ds='2010'); select key from authorization_part where ds='2010' order by key limit 20; revoke select on table authorization_part partition (ds='2010') from group hive_test_group1; show grant group hive_test_group1 on table authorization_part partition (ds='2010'); revoke select on table src from user hive_test_user; set hive.security.authorization.enabled=false; drop table authorization_part;