4abd1869fbb86fb3b5dd07c4898f9926f40bcd44,sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hdfs/TestHDFSIntegrationEnd2End.java,TestHDFSIntegrationEnd2End,testColumnPrivileges,#,453

Before Change


    stmt.execute("grant all on server server1 to role admin_role with grant option");
    stmt.execute("grant role admin_role to group " + StaticUserGroup.ADMINGROUP);

    conn = hiveServer2.createConnection(StaticUserGroup.ADMIN1, StaticUserGroup.ADMIN1);
    stmt = conn.createStatement();
    stmt.execute("create database " + dbName);
    stmt.execute("use "+ dbName);
    stmt.execute("create table p1 (s string) partitioned by (month int, day int)");
    stmt.execute("alter table p1 add partition (month=1, day=1)");
    stmt.execute("alter table p1 add partition (month=1, day=2)");
    stmt.execute("alter table p1 add partition (month=2, day=1)");
    stmt.execute("alter table p1 add partition (month=2, day=2)");
    loadData(stmt);

    stmt.execute("create role db_role");
    stmt.execute("grant select on database " + dbName + " to role db_role");
    stmt.execute("create role tab_role");
    stmt.execute("grant select on p1 to role tab_role");
    stmt.execute("create role col_role");
    stmt.execute("grant select(s) on p1 to role col_role");

    stmt.execute("grant role col_role to group "+ StaticUserGroup.USERGROUP1);

    stmt.execute("grant role tab_role to group "+ StaticUserGroup.USERGROUP2);
    stmt.execute("grant role col_role to group "+ StaticUserGroup.USERGROUP2);

    stmt.execute("grant role db_role to group "+ StaticUserGroup.USERGROUP3);
    stmt.execute("grant role col_role to group "+ StaticUserGroup.USERGROUP3);

    stmt.execute("grant role col_role to group " + StaticUserGroup.ADMINGROUP);

    Thread.sleep(CACHE_REFRESH);//Wait till sentry cache is updated in Namenode

    //User with just column level privileges cannot read HDFS
    verifyOnAllSubDirs("/user/hive/warehouse/" + dbName + ".db/p1", null, StaticUserGroup.USERGROUP1, false);

    //User with permissions on table and column can read HDFS file
    verifyOnAllSubDirs("/user/hive/warehouse/" + dbName + ".db/p1", FsAction.READ_EXECUTE, StaticUserGroup.USERGROUP2, true);

    //User with permissions on db and column can read HDFS file
    verifyOnAllSubDirs("/user/hive/warehouse/" + dbName + ".db/p1", FsAction.READ_EXECUTE, StaticUserGroup.USERGROUP3, true);

    //User with permissions on server and column cannot read HDFS file
    //TODO:SENTRY-751
    verifyOnAllSubDirs("/user/hive/warehouse/" + dbName + ".db/p1", null, StaticUserGroup.ADMINGROUP, false);

    stmt.close();
    conn.close();
  }

After Change


         Statement stmt = conn.createStatement())
    {
      stmt.execute("create database " + dbName);
      stmt.execute("use "+ dbName);
      stmt.execute("create table p1 (s string) partitioned by (month int, day int)");
      stmt.execute("alter table p1 add partition (month=1, day=1)");
      stmt.execute("alter table p1 add partition (month=1, day=2)");
      stmt.execute("alter table p1 add partition (month=2, day=1)");
      stmt.execute("alter table p1 add partition (month=2, day=2)");
      loadData(stmt);

      stmt.execute("create role db_role");
      stmt.execute("grant select on database " + dbName + " to role db_role");
      stmt.execute("create role tab_role");
      stmt.execute("grant select on p1 to role tab_role");
      stmt.execute("create role col_role");
      stmt.execute("grant select(s) on p1 to role col_role");

      stmt.execute("grant role col_role to group "+ StaticUserGroup.USERGROUP1);

      stmt.execute("grant role tab_role to group "+ StaticUserGroup.USERGROUP2);
      stmt.execute("grant role col_role to group "+ StaticUserGroup.USERGROUP2);

      stmt.execute("grant role db_role to group "+ StaticUserGroup.USERGROUP3);
      stmt.execute("grant role col_role to group "+ StaticUserGroup.USERGROUP3);