This commit is contained in:
jsc0218 2024-04-04 02:02:58 +00:00
parent ee589f8a8b
commit a1e3a4a58c
3 changed files with 27 additions and 7 deletions

View File

@ -754,15 +754,35 @@ def test_table_engine_grant_and_revoke():
def test_table_engine_and_source_grant():
instance.query("DROP USER IF EXISTS A")
instance.query("CREATE USER A")
instance.query("GRANT CREATE TABLE ON test.table1 TO A")
instance.query("GRANT TABLE ENGINE ON PostgreSQL TO A")
# We don't need the following statement as GRANT TABLE ENGINE covers it already.
# instance.query("GRANT POSTGRES ON *.* TO A")
instance.query(
"""
CREATE TABLE test.table1(a Integer)
CREATE TABLE test.table1(a Integer)
engine=PostgreSQL('localhost:5432', 'dummy', 'dummy', 'dummy', 'dummy');
""",
user="A",
)
instance.query("DROP TABLE test.table1")
instance.query("REVOKE TABLE ENGINE ON PostgreSQL FROM A")
assert "Not enough privileges" in instance.query_and_get_error(
"""
CREATE TABLE test.table1(a Integer)
engine=PostgreSQL('localhost:5432', 'dummy', 'dummy', 'dummy', 'dummy');
""",
user="A",
)
instance.query("GRANT SOURCES ON *.* TO A")
instance.query(
"""
CREATE TABLE test.table1(a Integer)
engine=PostgreSQL('localhost:5432', 'dummy', 'dummy', 'dummy', 'dummy');
""",
user="A",

View File

@ -16,7 +16,7 @@ $CLICKHOUSE_CLIENT --query "CREATE TABLE url ENGINE=URL('https://clickhouse.com'
$CLICKHOUSE_CLIENT --user=user_test_02184 --password=user_test_02184 --query "CREATE TABLE t AS url" 2>&1| grep -Fo "ACCESS_DENIED" | uniq
$CLICKHOUSE_CLIENT --query "GRANT TABLE ENGINE ON URL TO user_test_02184;"
$CLICKHOUSE_CLIENT --query "GRANT URL ON *.* TO user_test_02184;"
$CLICKHOUSE_CLIENT --user=user_test_02184 --password=user_test_02184 --query "CREATE TABLE t AS url"
$CLICKHOUSE_CLIENT --query "SHOW CREATE TABLE t"
$CLICKHOUSE_CLIENT --query "DROP TABLE t"

View File

@ -26,13 +26,13 @@ $CLICKHOUSE_CLIENT --user $user --password hello --query "CREATE TEMPORARY TABLE
$CLICKHOUSE_CLIENT --user $user --password hello --query "CREATE TEMPORARY TABLE table_file_02561(name String) ENGINE = File(TabSeparated)" 2>&1 | grep -F "Not enough privileges. To execute this query, it's necessary to have the grant TABLE ENGINE ON File" > /dev/null && echo "OK"
$CLICKHOUSE_CLIENT --query "GRANT TABLE ENGINE ON File TO $user"
$CLICKHOUSE_CLIENT --query "GRANT FILE ON *.* TO $user"
$CLICKHOUSE_CLIENT --user $user --password hello --query "CREATE TEMPORARY TABLE table_file_02561(name String) ENGINE = File(TabSeparated)"
$CLICKHOUSE_CLIENT --user $user --password hello --query "CREATE TEMPORARY TABLE table_url_02561(name String) ENGINE = URL('http://127.0.0.1:8123?query=select+12', 'RawBLOB')" 2>&1 | grep -F "Not enough privileges. To execute this query, it's necessary to have the grant TABLE ENGINE ON URL" > /dev/null && echo "OK"
$CLICKHOUSE_CLIENT --query "GRANT TABLE ENGINE ON URL TO $user"
$CLICKHOUSE_CLIENT --query "GRANT URL ON *.* TO $user"
$CLICKHOUSE_CLIENT --user $user --password hello --query "CREATE TEMPORARY TABLE table_url_02561(name String) ENGINE = URL('http://127.0.0.1:8123?query=select+12', 'RawBLOB')"