首页 项目目录 关于我们
Sign In
rust
/
Materialize
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 6dd8e59864
Branches Tags
Materialize
/
test
/
sqllogictest
/
builtin_roles.slt

builtin_roles.slt 4.0 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133 
  1. # Copyright Materialize, Inc. and contributors. All rights reserved.
    2. 

  2. #
    3. 

  3. # Use of this software is governed by the Business Source License
    4. 

  4. # included in the LICENSE file at the root of this repository.
    5. 

  5. #
    6. 

  6. # As of the Change Date specified in that file, in accordance with
    7. 

  7. # the Business Source License, use of this software will be governed
    8. 

  8. # by the Apache License, Version 2.0.
    9. 

  9. 

  10. mode cockroach
    11. 

  11. 

  12. reset-server
    13. 

  13. 

  14. # Test that by default, nobody is allowed to access statement log
    15. 

  15. # objects
    16. 

  16. 

  17. statement error permission denied for SOURCE
    18. 

  18. SELECT 1 FROM mz_internal.mz_prepared_statement_history WHERE 1 = 0
    19. 

  19. 

  20. statement error permission denied for SOURCE
    21. 

  21. SELECT 1 FROM mz_internal.mz_statement_execution_history WHERE 1 = 0
    22. 

  22. 

  23. statement error db error: ERROR: unknown catalog item 'mz_internal\.mz_activity_log'
    24. 

  24. SELECT 1 FROM mz_internal.mz_activity_log WHERE 1 = 0
    25. 

  25. 

  26. statement error permission denied for VIEW
    27. 

  27. SELECT 1 FROM mz_internal.mz_sql_text_redacted WHERE 1 = 0
    28. 

  28. 

  29. statement error permission denied for VIEW
    30. 

  30. SELECT 1 FROM mz_internal.mz_statement_execution_history_redacted WHERE 1 = 0
    31. 

  31. 

  32. statement error db error: ERROR: unknown catalog item 'mz_internal\.mz_activity_log_redacted'
    33. 

  33. SELECT 1 FROM mz_internal.mz_activity_log_redacted WHERE 1 = 0
    34. 

  34. 

  35. # Test that after granting the less-privileged
    36. 

  36. # `mz_monitor_redacted` role, we can
    37. 

  37. # query the redacted objects, but not the unredacted ones.
    38. 

  38. 

  39. simple conn=mz_system,user=mz_system
    40. 

  40. GRANT mz_monitor_redacted TO materialize
    41. 

  41. ----
    42. 

  42. COMPLETE 0
    43. 

  43. 

  44. statement error permission denied for SOURCE
    45. 

  45. SELECT 1 FROM mz_internal.mz_sql_text WHERE 1 = 0
    46. 

  46. 

  47. statement error permission denied for SOURCE
    48. 

  48. SELECT 1 FROM mz_internal.mz_statement_execution_history WHERE 1 = 0
    49. 

  49. 

  50. statement error db error: ERROR: unknown catalog item 'mz_internal\.mz_activity_log'
    51. 

  51. SELECT 1 FROM mz_internal.mz_activity_log WHERE 1 = 0
    52. 

  52. 

  53. query I
    54. 

  54. SELECT 1 FROM mz_internal.mz_sql_text_redacted WHERE 1 = 0
    55. 

  55. ----
    56. 

  56. 

  57. query I
    58. 

  58. SELECT 1 FROM mz_internal.mz_sql_text_redacted WHERE 1 = 0
    59. 

  59. ----
    60. 

  60. 

  61. query I
    62. 

  62. SELECT 1 FROM mz_internal.mz_recent_activity_log_redacted WHERE 1 = 0
    63. 

  63. ----
    64. 

  64. 

  65. # Sanity check that none of the `redacted` objects expose sql.
    66. 

  66. 

  67. statement error db error: ERROR: column "sql" does not exist
    68. 

  68. SELECT sql FROM mz_internal.mz_recent_activity_log_redacted
    69. 

  69. 

  70. statement error db error: ERROR: column "sql" does not exist
    71. 

  71. SELECT sql FROM mz_internal.mz_recent_sql_text_redacted
    72. 

  72. 

  73. statement error db error: ERROR: column "sql" does not exist
    74. 

  74. SELECT sql FROM mz_internal.mz_recent_sql_text_redacted
    75. 

  75. 

  76. statement error db error: ERROR: column "sql" does not exist
    77. 

  77. SELECT sql FROM mz_internal.mz_statement_execution_history_redacted
    78. 

  78. 

  79. # TEST that revocation does something
    80. 

  80. simple conn=mz_system,user=mz_system
    81. 

  81. REVOKE mz_monitor_redacted FROM materialize
    82. 

  82. ----
    83. 

  83. COMPLETE 0
    84. 

  84. 

  85. statement error permission denied for SOURCE
    86. 

  86. SELECT 1 FROM mz_internal.mz_sql_text WHERE 1 = 0
    87. 

  87. 

  88. statement error permission denied for SOURCE
    89. 

  89. SELECT 1 FROM mz_internal.mz_statement_execution_history WHERE 1 = 0
    90. 

  90. 

  91. statement error db error: ERROR: unknown catalog item 'mz_internal\.mz_activity_log'
    92. 

  92. SELECT 1 FROM mz_internal.mz_activity_log WHERE 1 = 0
    93. 

  93. 

  94. statement error permission denied for VIEW
    95. 

  95. SELECT 1 FROM mz_internal.mz_sql_text_redacted WHERE 1 = 0
    96. 

  96. 

  97. statement error permission denied for VIEW
    98. 

  98. SELECT 1 FROM mz_internal.mz_sql_text_redacted WHERE 1 = 0
    99. 

  99. 

  100. statement error db error: ERROR: unknown catalog item 'mz_internal\.mz_activity_log_redacted'
    101. 

  101. SELECT 1 FROM mz_internal.mz_activity_log_redacted WHERE 1 = 0
    102. 

  102. 

  103. # Test that we can read all tables with the more powerful permission
    104. 

  104. # (`mz_monitor`)
    105. 

  105. 

  106. simple conn=mz_system,user=mz_system
    107. 

  107. GRANT mz_monitor TO materialize
    108. 

  108. ----
    109. 

  109. COMPLETE 0
    110. 

  110. 

  111. query I
    112. 

  112. SELECT 1 FROM mz_internal.mz_sql_text WHERE 1 = 0
    113. 

  113. ----
    114. 

  114. 

  115. query I
    116. 

  116. SELECT 1 FROM mz_internal.mz_statement_execution_history WHERE 1 = 0
    117. 

  117. ----
    118. 

  118. 

  119. query I
    120. 

  120. SELECT 1 FROM mz_internal.mz_recent_activity_log WHERE 1 = 0
    121. 

  121. ----
    122. 

  122. 

  123. query I
    124. 

  124. SELECT 1 FROM mz_internal.mz_sql_text_redacted WHERE 1 = 0
    125. 

  125. ----
    126. 

  126. 

  127. query I
    128. 

  128. SELECT 1 FROM mz_internal.mz_statement_execution_history_redacted WHERE 1 = 0
    129. 

  129. ----
    130. 

  130. 

  131. query I
    132. 

  132. SELECT 1 FROM mz_internal.mz_recent_activity_log_redacted WHERE 1 = 0
    133. 

  133. ----
    134.