set hive.test.authz.sstd.hs2.mode=true; set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest; set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator; set user.name=hive_admin_user; set role ADMIN; ---------------------------------------- -- grant role with admin option, then revoke admin option -- once the admin option has been revoked, last grant should fail ---------------------------------------- create role src_role_wadmin; grant src_role_wadmin to user user2 with admin option; show role grant user user2; set user.name=user2; set role src_role_wadmin; grant src_role_wadmin to user user3; revoke src_role_wadmin from user user3; set user.name=hive_admin_user; set role ADMIN; revoke admin option for src_role_wadmin from user user2; show role grant user user2; set user.name=user2; set role src_role_wadmin; -- grant/revoke should now fail grant src_role_wadmin to user user3;