PREHOOK: query: show current roles
PREHOOK: type: SHOW_ROLES
POSTHOOK: query: show current roles
POSTHOOK: type: SHOW_ROLES
public
PREHOOK: query: set role ADMIN
PREHOOK: type: SHOW_ROLES
POSTHOOK: query: set role ADMIN
POSTHOOK: type: SHOW_ROLES
PREHOOK: query: ----------
-- create the following user, role mapping
-- user1 -> role1 -> role2 -> role3
----------

create role role1
PREHOOK: type: CREATEROLE
POSTHOOK: query: ----------
-- create the following user, role mapping
-- user1 -> role1 -> role2 -> role3
----------

create role role1
POSTHOOK: type: CREATEROLE
PREHOOK: query: grant role1 to user user1
PREHOOK: type: GRANT_ROLE
POSTHOOK: query: grant role1 to user user1
POSTHOOK: type: GRANT_ROLE
PREHOOK: query: create role role2
PREHOOK: type: CREATEROLE
POSTHOOK: query: create role role2
POSTHOOK: type: CREATEROLE
PREHOOK: query: grant role2 to role role1
PREHOOK: type: GRANT_ROLE
POSTHOOK: query: grant role2 to role role1
POSTHOOK: type: GRANT_ROLE
PREHOOK: query: create role role3
PREHOOK: type: CREATEROLE
POSTHOOK: query: create role role3
POSTHOOK: type: CREATEROLE
PREHOOK: query: grant role3 to role role2
PREHOOK: type: GRANT_ROLE
POSTHOOK: query: grant role3 to role role2
POSTHOOK: type: GRANT_ROLE
PREHOOK: query: create table t1(i int)
PREHOOK: type: CREATETABLE
PREHOOK: Output: database:default
PREHOOK: Output: default@t1
POSTHOOK: query: create table t1(i int)
POSTHOOK: type: CREATETABLE
POSTHOOK: Output: database:default
POSTHOOK: Output: default@t1
PREHOOK: query: grant select on t1 to role role3
PREHOOK: type: GRANT_PRIVILEGE
PREHOOK: Output: default@t1
POSTHOOK: query: grant select on t1 to role role3
POSTHOOK: type: GRANT_PRIVILEGE
POSTHOOK: Output: default@t1
PREHOOK: query: show current roles
PREHOOK: type: SHOW_ROLES
POSTHOOK: query: show current roles
POSTHOOK: type: SHOW_ROLES
public
role1
role2
role3
PREHOOK: query: select * from t1
PREHOOK: type: QUERY
PREHOOK: Input: default@t1
#### A masked pattern was here ####
POSTHOOK: query: select * from t1
POSTHOOK: type: QUERY
POSTHOOK: Input: default@t1
#### A masked pattern was here ####
PREHOOK: query: show current roles
PREHOOK: type: SHOW_ROLES
POSTHOOK: query: show current roles
POSTHOOK: type: SHOW_ROLES
public
PREHOOK: query: grant select on t1 to role role2
PREHOOK: type: GRANT_PRIVILEGE
PREHOOK: Output: default@t1
POSTHOOK: query: grant select on t1 to role role2
POSTHOOK: type: GRANT_PRIVILEGE
POSTHOOK: Output: default@t1
PREHOOK: query: show current roles
PREHOOK: type: SHOW_ROLES
POSTHOOK: query: show current roles
POSTHOOK: type: SHOW_ROLES
public
role1
role2
role3
PREHOOK: query: select * from t1
PREHOOK: type: QUERY
PREHOOK: Input: default@t1
#### A masked pattern was here ####
POSTHOOK: query: select * from t1
POSTHOOK: type: QUERY
POSTHOOK: Input: default@t1
#### A masked pattern was here ####
PREHOOK: query: set role ADMIN
PREHOOK: type: SHOW_ROLES
POSTHOOK: query: set role ADMIN
POSTHOOK: type: SHOW_ROLES
PREHOOK: query: show current roles
PREHOOK: type: SHOW_ROLES
POSTHOOK: query: show current roles
POSTHOOK: type: SHOW_ROLES
admin
PREHOOK: query: revoke select on table t1 from role role2
PREHOOK: type: REVOKE_PRIVILEGE
PREHOOK: Output: default@t1
POSTHOOK: query: revoke select on table t1 from role role2
POSTHOOK: type: REVOKE_PRIVILEGE
POSTHOOK: Output: default@t1
PREHOOK: query: create role role4
PREHOOK: type: CREATEROLE
POSTHOOK: query: create role role4
POSTHOOK: type: CREATEROLE
PREHOOK: query: grant role4 to user user1
PREHOOK: type: GRANT_ROLE
POSTHOOK: query: grant role4 to user user1
POSTHOOK: type: GRANT_ROLE
PREHOOK: query: grant role3 to role role4
PREHOOK: type: GRANT_ROLE
POSTHOOK: query: grant role3 to role role4
POSTHOOK: type: GRANT_ROLE
PREHOOK: query: show current roles
PREHOOK: type: SHOW_ROLES
POSTHOOK: query: show current roles
POSTHOOK: type: SHOW_ROLES
public
role1
role2
role3
role4
PREHOOK: query: select * from t1
PREHOOK: type: QUERY
PREHOOK: Input: default@t1
#### A masked pattern was here ####
POSTHOOK: query: select * from t1
POSTHOOK: type: QUERY
POSTHOOK: Input: default@t1
#### A masked pattern was here ####
PREHOOK: query: show current roles
PREHOOK: type: SHOW_ROLES
POSTHOOK: query: show current roles
POSTHOOK: type: SHOW_ROLES
public
PREHOOK: query: set role ADMIN
PREHOOK: type: SHOW_ROLES
POSTHOOK: query: set role ADMIN
POSTHOOK: type: SHOW_ROLES
PREHOOK: query: -- Revoke role3 from hierarchy one at a time and check permissions
-- after revoking from both, select should fail
revoke role3 from role role2
PREHOOK: type: REVOKE_ROLE
POSTHOOK: query: -- Revoke role3 from hierarchy one at a time and check permissions
-- after revoking from both, select should fail
revoke role3 from role role2
POSTHOOK: type: REVOKE_ROLE
PREHOOK: query: show current roles
PREHOOK: type: SHOW_ROLES
POSTHOOK: query: show current roles
POSTHOOK: type: SHOW_ROLES
public
role1
role2
role3
role4
PREHOOK: query: select * from t1
PREHOOK: type: QUERY
PREHOOK: Input: default@t1
#### A masked pattern was here ####
POSTHOOK: query: select * from t1
POSTHOOK: type: QUERY
POSTHOOK: Input: default@t1
#### A masked pattern was here ####
PREHOOK: query: show current roles
PREHOOK: type: SHOW_ROLES
POSTHOOK: query: show current roles
POSTHOOK: type: SHOW_ROLES
public
PREHOOK: query: set role ADMIN
PREHOOK: type: SHOW_ROLES
POSTHOOK: query: set role ADMIN
POSTHOOK: type: SHOW_ROLES
PREHOOK: query: revoke role3 from role role4
PREHOOK: type: REVOKE_ROLE
POSTHOOK: query: revoke role3 from role role4
POSTHOOK: type: REVOKE_ROLE
PREHOOK: query: show current roles
PREHOOK: type: SHOW_ROLES
POSTHOOK: query: show current roles
POSTHOOK: type: SHOW_ROLES
public
role1
role2
role4
FAILED: HiveAccessControlException Permission denied: Principal [name=user1, type=USER] does not have following privileges for operation QUERY [[SELECT] on Object [type=TABLE_OR_VIEW, name=default.t1]]