There are two models of security in hive 0.12 (and earlier versions). See http://www.slideshare.net/thejasmn/hive-authorization-models , http://docs.hortonworks.com/HDPDocuments/HDP2/HDP-220.127.116.11/bk_dataintegration/content/ch_using-hive-3a.html .
The default grant/revoke based authorization model has some major issues like the one you mentioned. But there is a need for this model as it is flexible and can provide cell level security using views.
Hive 0.13 will have support for SQL standard based authorization that solves the issues . See https://issues.apache.org/jira/browse/HIVE-5837 , and design document in https://issues.apache.org/jira/secure/attachment/12614195/SQL%20standard%20authorization%20hive.pdf .