set hive.test.authz.sstd.hs2.mode=true;
set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest;
set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator;
set hive.security.authorization.enabled=true;

set user.name=hive_admin_user;
set role admin;

-- test show grant authorization

create role roleA;
create role roleB;

grant role roleA to user userA;
grant role roleB to role roleA;

set user.name=user1;

-- create table and grant privileges to a role
create table t1(i int, j int, k int);
create table t2(i int, j int, k int);

grant select on t1 to role roleA;
grant insert on t2 to role roleA;
grant insert on t2 to role roleB;

grant insert,delete on t1 to user userA;
grant select,insert on t2 to user userA;


set user.name=hive_admin_user;
set role admin;

-- as user in admin role, it should be possible to see other users grant
show grant user user1 on table t1;
show grant user user1;
show grant role roleA on table t1;
show grant role roleA;
show grant;


set user.name=userA;
-- user belonging to role should be able to see it
show grant role roleA on table t1;
show grant role roleA;

show grant role roleB on table t1;
show grant role roleB;

show grant user userA on table t1;
show grant user userA;