PREHOOK: query: set role admin PREHOOK: type: SHOW_ROLES POSTHOOK: query: set role admin POSTHOOK: type: SHOW_ROLES PREHOOK: query: -- test show grant authorization create role roleA PREHOOK: type: CREATEROLE POSTHOOK: query: -- test show grant authorization create role roleA POSTHOOK: type: CREATEROLE PREHOOK: query: create role roleB PREHOOK: type: CREATEROLE POSTHOOK: query: create role roleB POSTHOOK: type: CREATEROLE PREHOOK: query: grant role roleA to user userA PREHOOK: type: GRANT_ROLE POSTHOOK: query: grant role roleA to user userA POSTHOOK: type: GRANT_ROLE PREHOOK: query: grant role roleB to role roleA PREHOOK: type: GRANT_ROLE POSTHOOK: query: grant role roleB to role roleA POSTHOOK: type: GRANT_ROLE PREHOOK: query: -- create table and grant privileges to a role create table t1(i int, j int, k int) PREHOOK: type: CREATETABLE PREHOOK: Output: database:default PREHOOK: Output: default@t1 POSTHOOK: query: -- create table and grant privileges to a role create table t1(i int, j int, k int) POSTHOOK: type: CREATETABLE POSTHOOK: Output: database:default POSTHOOK: Output: default@t1 PREHOOK: query: create table t2(i int, j int, k int) PREHOOK: type: CREATETABLE PREHOOK: Output: database:default PREHOOK: Output: default@t2 POSTHOOK: query: create table t2(i int, j int, k int) POSTHOOK: type: CREATETABLE POSTHOOK: Output: database:default POSTHOOK: Output: default@t2 PREHOOK: query: grant select on t1 to role roleA PREHOOK: type: GRANT_PRIVILEGE PREHOOK: Output: default@t1 POSTHOOK: query: grant select on t1 to role roleA POSTHOOK: type: GRANT_PRIVILEGE POSTHOOK: Output: default@t1 PREHOOK: query: grant insert on t2 to role roleA PREHOOK: type: GRANT_PRIVILEGE PREHOOK: Output: default@t2 POSTHOOK: query: grant insert on t2 to role roleA POSTHOOK: type: GRANT_PRIVILEGE POSTHOOK: Output: default@t2 PREHOOK: query: grant insert on t2 to role roleB PREHOOK: type: GRANT_PRIVILEGE PREHOOK: Output: default@t2 POSTHOOK: query: grant insert on t2 to role roleB POSTHOOK: type: GRANT_PRIVILEGE POSTHOOK: Output: default@t2 PREHOOK: query: grant insert,delete on t1 to user userA PREHOOK: type: GRANT_PRIVILEGE PREHOOK: Output: default@t1 POSTHOOK: query: grant insert,delete on t1 to user userA POSTHOOK: type: GRANT_PRIVILEGE POSTHOOK: Output: default@t1 PREHOOK: query: grant select,insert on t2 to user userA PREHOOK: type: GRANT_PRIVILEGE PREHOOK: Output: default@t2 POSTHOOK: query: grant select,insert on t2 to user userA POSTHOOK: type: GRANT_PRIVILEGE POSTHOOK: Output: default@t2 PREHOOK: query: set role admin PREHOOK: type: SHOW_ROLES POSTHOOK: query: set role admin POSTHOOK: type: SHOW_ROLES PREHOOK: query: -- as user in admin role, it should be possible to see other users grant show grant user user1 on table t1 PREHOOK: type: SHOW_GRANT POSTHOOK: query: -- as user in admin role, it should be possible to see other users grant show grant user user1 on table t1 POSTHOOK: type: SHOW_GRANT default t1 user1 USER DELETE true -1 hive_admin_user default t1 user1 USER INSERT true -1 hive_admin_user default t1 user1 USER SELECT true -1 hive_admin_user default t1 user1 USER UPDATE true -1 hive_admin_user PREHOOK: query: show grant user user1 PREHOOK: type: SHOW_GRANT POSTHOOK: query: show grant user user1 POSTHOOK: type: SHOW_GRANT default t1 user1 USER DELETE true -1 hive_admin_user default t1 user1 USER INSERT true -1 hive_admin_user default t1 user1 USER SELECT true -1 hive_admin_user default t1 user1 USER UPDATE true -1 hive_admin_user default t2 user1 USER DELETE true -1 hive_admin_user default t2 user1 USER INSERT true -1 hive_admin_user default t2 user1 USER SELECT true -1 hive_admin_user default t2 user1 USER UPDATE true -1 hive_admin_user PREHOOK: query: show grant role roleA on table t1 PREHOOK: type: SHOW_GRANT POSTHOOK: query: show grant role roleA on table t1 POSTHOOK: type: SHOW_GRANT default t1 rolea ROLE SELECT false -1 user1 PREHOOK: query: show grant role roleA PREHOOK: type: SHOW_GRANT POSTHOOK: query: show grant role roleA POSTHOOK: type: SHOW_GRANT default t1 rolea ROLE SELECT false -1 user1 default t2 rolea ROLE INSERT false -1 user1 PREHOOK: query: show grant PREHOOK: type: SHOW_GRANT POSTHOOK: query: show grant POSTHOOK: type: SHOW_GRANT default t1 rolea ROLE SELECT false -1 user1 default t1 user1 USER DELETE true -1 hive_admin_user default t1 user1 USER INSERT true -1 hive_admin_user default t1 user1 USER SELECT true -1 hive_admin_user default t1 user1 USER UPDATE true -1 hive_admin_user default t1 userA USER DELETE false -1 user1 default t1 userA USER INSERT false -1 user1 default t2 rolea ROLE INSERT false -1 user1 default t2 roleb ROLE INSERT false -1 user1 default t2 user1 USER DELETE true -1 hive_admin_user default t2 user1 USER INSERT true -1 hive_admin_user default t2 user1 USER SELECT true -1 hive_admin_user default t2 user1 USER UPDATE true -1 hive_admin_user default t2 userA USER INSERT false -1 user1 default t2 userA USER SELECT false -1 user1 PREHOOK: query: -- user belonging to role should be able to see it show grant role roleA on table t1 PREHOOK: type: SHOW_GRANT POSTHOOK: query: -- user belonging to role should be able to see it show grant role roleA on table t1 POSTHOOK: type: SHOW_GRANT default t1 rolea ROLE SELECT false -1 user1 PREHOOK: query: show grant role roleA PREHOOK: type: SHOW_GRANT POSTHOOK: query: show grant role roleA POSTHOOK: type: SHOW_GRANT default t1 rolea ROLE SELECT false -1 user1 default t2 rolea ROLE INSERT false -1 user1 PREHOOK: query: show grant role roleB on table t1 PREHOOK: type: SHOW_GRANT POSTHOOK: query: show grant role roleB on table t1 POSTHOOK: type: SHOW_GRANT PREHOOK: query: show grant role roleB PREHOOK: type: SHOW_GRANT POSTHOOK: query: show grant role roleB POSTHOOK: type: SHOW_GRANT default t2 roleb ROLE INSERT false -1 user1 PREHOOK: query: show grant user userA on table t1 PREHOOK: type: SHOW_GRANT POSTHOOK: query: show grant user userA on table t1 POSTHOOK: type: SHOW_GRANT default t1 userA USER DELETE false -1 user1 default t1 userA USER INSERT false -1 user1 PREHOOK: query: show grant user userA PREHOOK: type: SHOW_GRANT POSTHOOK: query: show grant user userA POSTHOOK: type: SHOW_GRANT default t1 userA USER DELETE false -1 user1 default t1 userA USER INSERT false -1 user1 default t2 userA USER INSERT false -1 user1 default t2 userA USER SELECT false -1 user1