THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
SHOW GRANT [principal_name] ON (ALL| ([TABLE] <table_or_view_name>)
Currently any user can run this command. But this is likely to change in future to allow users to see only their own privileges, and additional privileges would be needed to see privileges of other users.
Examples:
Find out privileges user ashutosh has on table hivejiratable.0: jdbc:hive2://localhost:10000> show grant user ashutosh on table hivejiratable;+-----------+----------------+------------+---------+-----------------+-----------------+------------+---------------+----------------+----------+| database | table | partition | column | principal_name | principal_type | privilege | grant_option | grant_time | grantor |+-----------+----------------+------------+---------+-----------------+-----------------+------------+---------------+----------------+----------+| default | hivejiratable | | | ashutosh | USER | DELETE | false | 1398303419000 | thejas || default | hivejiratable | | | ashutosh | USER | SELECT | false | 1398303407000 | thejas |+-----------+----------------+------------+---------+-----------------+-----------------+------------+---------------+----------------+----------+
Find out privileges user ashutosh has on all objects.0: jdbc:hive2://localhost:10000> show grant user ashutosh on all; +-----------+-------------------+------------+---------+-----------------+-----------------+------------+---------------+----------------+----------+| database | table | partition | column | principal_name | principal_type | privilege | grant_option | grant_time | grantor |+-----------+-------------------+------------+---------+-----------------+-----------------+------------+---------------+----------------+----------+| default | hivecontributors | | | ashutosh | USER | DELETE | false | 1398303576000 | thejas || default | hivecontributors | | | ashutosh | USER | INSERT | false | 1398303576000 | thejas || default | hivecontributors | | | ashutosh | USER | SELECT | false | 1398303576000 | thejas || default | hivejiratable | | | ashutosh | USER | DELETE | false | 1398303419000 | thejas || default | hivejiratable | | | ashutosh | USER | SELECT | false | 1398303407000 | thejas |+-----------+-------------------+------------+---------+-----------------+-----------------+------------+---------------+----------------+----------+
Find out the privileges all users have on table hivejiratable.0: jdbc:hive2://localhost:10000> show grant on table hivejiratable;+-----------+----------------+------------+---------+-----------------+-----------------+------------+---------------+----------------+----------+| database | table | partition | column | principal_name | principal_type | privilege | grant_option | grant_time | grantor |+-----------+----------------+------------+---------+-----------------+-----------------+------------+---------------+----------------+----------+| default | hivejiratable | | | ashutosh | USER | DELETE | false | 1398303419000 | thejas || default | hivejiratable | | | ashutosh | USER | SELECT | false | 1398303407000 | thejas || default | hivejiratable | | | navis | USER | INSERT | false | 1398303650000 | thejas || default | hivejiratable | | | navis | USER | SELECT | false | 1398303650000 | thejas || default | hivejiratable | | | public | ROLE | SELECT | false | 1398303481000 | thejas || default | hivejiratable | | | thejas | USER | DELETE | true | 1398303380000 | thejas || default | hivejiratable | | | thejas | USER | INSERT | true | 1398303380000 | thejas || default | hivejiratable | | | thejas | USER | SELECT | true | 1398303380000 | thejas || default | hivejiratable | | | thejas | USER | UPDATE | true | 1398303380000 | thejas |+-----------+----------------+------------+---------+-----------------+-----------------+------------+---------------+----------------+----------+
Configuration
Set the following to hive-site.xml
hive.server2.enable.doAs to false.
hive.users.in.admin.role to the list of comma separated users who need to be added to admin role
...