mirror of
https://github.com/ClickHouse/ClickHouse.git
synced 2024-09-20 00:30:49 +00:00
add test
This commit is contained in:
parent
afa7a95c8c
commit
fa6bf25800
@ -50,10 +50,10 @@ TEST(AccessRights, Union)
|
||||
"GRANT SHOW, SELECT, ALTER, CREATE DATABASE, CREATE TABLE, CREATE VIEW, "
|
||||
"CREATE DICTIONARY, DROP DATABASE, DROP TABLE, DROP VIEW, DROP DICTIONARY, UNDROP TABLE, "
|
||||
"TRUNCATE, OPTIMIZE, BACKUP, CREATE ROW POLICY, ALTER ROW POLICY, DROP ROW POLICY, "
|
||||
"SHOW ROW POLICIES, TABLE ENGINE, SYSTEM MERGES, SYSTEM TTL MERGES, SYSTEM FETCHES, "
|
||||
"SHOW ROW POLICIES, SYSTEM MERGES, SYSTEM TTL MERGES, SYSTEM FETCHES, "
|
||||
"SYSTEM MOVES, SYSTEM PULLING REPLICATION LOG, SYSTEM CLEANUP, SYSTEM VIEWS, SYSTEM SENDS, SYSTEM REPLICATION QUEUES, "
|
||||
"SYSTEM DROP REPLICA, SYSTEM SYNC REPLICA, SYSTEM RESTART REPLICA, "
|
||||
"SYSTEM RESTORE REPLICA, SYSTEM WAIT LOADING PARTS, SYSTEM SYNC DATABASE REPLICA, SYSTEM FLUSH DISTRIBUTED, dictGet ON db1.*, GRANT NAMED COLLECTION ADMIN ON db1");
|
||||
"SYSTEM RESTORE REPLICA, SYSTEM WAIT LOADING PARTS, SYSTEM SYNC DATABASE REPLICA, SYSTEM FLUSH DISTRIBUTED, dictGet ON db1.*, GRANT NAMED COLLECTION ADMIN ON db1, GRANT TABLE ENGINE ON db1");
|
||||
}
|
||||
|
||||
|
||||
|
@ -0,0 +1,5 @@
|
||||
<clickhouse>
|
||||
<access_control_improvements>
|
||||
<table_engines_require_grant>true</table_engines_require_grant>
|
||||
</access_control_improvements>
|
||||
</clickhouse>
|
@ -5,9 +5,8 @@ from helpers.test_tools import TSV
|
||||
cluster = ClickHouseCluster(__file__)
|
||||
instance = cluster.add_instance(
|
||||
"instance",
|
||||
user_configs=[
|
||||
"configs/users.d/users.xml",
|
||||
],
|
||||
main_configs=["configs/config.xml"],
|
||||
user_configs=["configs/users.d/users.xml"],
|
||||
)
|
||||
|
||||
|
||||
@ -719,3 +718,36 @@ def test_current_grants_override():
|
||||
"REVOKE SELECT ON test.* FROM B",
|
||||
]
|
||||
)
|
||||
|
||||
|
||||
def test_table_engine_grant_and_revoke():
|
||||
instance.query("DROP USER IF EXISTS A")
|
||||
instance.query("CREATE USER A")
|
||||
instance.query("GRANT CREATE TABLE ON test.table1 TO A")
|
||||
assert "Not enough privileges" in instance.query_and_get_error(
|
||||
"CREATE TABLE test.table1(a Integer) engine=TinyLog", user="A"
|
||||
)
|
||||
|
||||
instance.query("GRANT TABLE ENGINE ON TinyLog TO A")
|
||||
|
||||
assert "Not enough privileges" not in instance.query(
|
||||
"CREATE TABLE test.table1(a Integer) engine=TinyLog", user="A"
|
||||
)
|
||||
|
||||
assert instance.query("SHOW GRANTS FOR A") == TSV(
|
||||
[
|
||||
"GRANT TABLE ENGINE ON TinyLog TO A",
|
||||
"GRANT CREATE TABLE ON test.table1 TO A",
|
||||
]
|
||||
)
|
||||
|
||||
instance.query("REVOKE TABLE ENGINE ON TinyLog FROM A")
|
||||
|
||||
assert "Not enough privileges" in instance.query_and_get_error(
|
||||
"CREATE TABLE test.table1(a Integer) engine=TinyLog", user="A"
|
||||
)
|
||||
|
||||
instance.query("REVOKE CREATE TABLE ON test.table1 FROM A")
|
||||
instance.query("DROP TABLE test.table1")
|
||||
|
||||
assert instance.query("SHOW GRANTS FOR A") == TSV([])
|
||||
|
Loading…
Reference in New Issue
Block a user