thevar1able/ClickHouse
1
0
Fork 0
mirror of https://github.com/ClickHouse/ClickHouse.git synced 2024-11-22 23:52:03 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add implicit grants with grant option too. (#38017)

Browse Source
This commit is contained in:
Vitaly Baranov 2022-06-14 00:09:51 +02:00 committed by GitHub
parent a694ba5fc3
commit 241b51c7d4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/Access/ContextAccess.cpp
View File

@ -120,6 +120,7 @@ namespace
AccessRights res = access; AccessRights res = access;
res.modifyFlags(modifier); res.modifyFlags(modifier);
res.modifyFlagsWithGrantOption(modifier);
/// Anyone has access to the "system" and "information_schema" database. /// Anyone has access to the "system" and "information_schema" database.
res.grant(AccessType::SELECT, DatabaseCatalog::SYSTEM_DATABASE); res.grant(AccessType::SELECT, DatabaseCatalog::SYSTEM_DATABASE);

12
tests/integration/test_grant_and_revoke/test.py
View File

@ -342,6 +342,18 @@ def test_implicit_create_view_grant():
"CREATE VIEW test.view_1 AS SELECT 1", user="A" "CREATE VIEW test.view_1 AS SELECT 1", user="A"
) )
# check grant option
instance.query("CREATE USER B")
expected_error = "Not enough privileges"
assert expected_error in instance.query_and_get_error(
"GRANT CREATE VIEW ON test.* TO B", user="A"
)
instance.query("GRANT CREATE TABLE ON test.* TO A WITH GRANT OPTION")
instance.query("GRANT CREATE VIEW ON test.* TO B", user="A")
instance.query("CREATE VIEW test.view_2 AS SELECT 1", user="B")
assert instance.query("SELECT * FROM test.view_2") == "1\n"
def test_implicit_create_temporary_table_grant(): def test_implicit_create_temporary_table_grant():
instance.query("CREATE USER A") instance.query("CREATE USER A")