set hive.test.authz.sstd.hs2.mode=true;
set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest;
set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator;

set user.name=user1;
create table authorization_fail (key int, value string) partitioned by (ds string);
GRANT SELECT ON authorization_fail TO USER user2 WITH GRANT OPTION;

set user.name=user2;
SHOW GRANT USER user2 ON TABLE authorization_fail;
-- user2 current has grant option, this should work
GRANT SELECT ON authorization_fail TO USER user3;
REVOKE SELECT ON authorization_fail FROM USER user3;

set user.name=user1;
REVOKE GRANT OPTION FOR SELECT ON authorization_fail FROM USER user2;

set user.name=user2;
SHOW GRANT USER user2 ON TABLE authorization_fail;
-- Now that grant option has been revoked, granting to other users should fail
GRANT SELECT ON authorization_fail TO USER user3;