Google Git
Sign in
android / platform / external / hsqldb / fe8cd37122dc94d0220b738e0db4867e5dd4488b / . / testrun / hsqldb / TestSelfGrantees.txt
blob: a958732021e5bf99c6c11e7ec61cc9cdd02e57a8 [file] [log] [blame]
/*e*/CREATE USER public PASSWORD public ADMIN
/*e*/CREATE USER _SYSTEM PASSWORD system ADMIN
/*e*/CREATE USER public PASSWORD public
/*e*/CREATE USER _SYSTEM PASSWORD system
CREATE USER blaine PASSWORD blaine;
/*u0*/GRANT CHANGE_AUTHORIZATION TO blaine;
CREATE USER blaineadm PASSWORD blaineadm ADMIN;
CREATE USER debbie PASSWORD debbie;
DROP TABLE public.t1 IF EXISTS;
CREATE TABLE public.t1 (i int);
INSERT INTO public.t1 VALUES (1);
CREATE USER us3 PASSWORD us3;
/*u0*/GRANT CHANGE_AUTHORIZATION TO us3;
-----------------------------------------------------------------------
-- RESERVED USERS and ROLES
-- Test public grants
DROP TABLE t2 IF EXISTS;
CREATE TABLE public.t2 (i int);
INSERT INTO public.t2 VALUES (1);
CONNECT USER us3 PASSWORD us3;
/*e*/SELECT * FROM t2;
CONNECT USER sa PASSWORD "";
GRANT SELECT ON t2 TO public;
CONNECT USER us3 PASSWORD us3;
/*c1*/SELECT * FROM t2;
CONNECT USER sa PASSWORD "";
REVOKE SELECT ON t2 FROM public RESTRICT;
CONNECT USER us3 PASSWORD us3;
/*e*/SELECT * FROM t2;
CONNECT USER sa PASSWORD "";
-- Prohibit adding/dropping reserved Roles and Users
-- _SYSTEM role?
/*e*/DROP ROLE dba;
-- Spec says can't create a user or role called "public"
/*e*/DROP USER public password x;
/*e*/DROP USER _system password x;
/*e*/DROP USER dba password x;
/*e*/CREATE ROLE public;
/*e*/CREATE ROLE _system;
/*e*/CREATE ROLE dba;
-- We prohibit change the built-in permissions for the DBA group, since
-- the role is not persisted.
-- Prohibit grants/revokes for _SYSTEM, DBA
/*e*/GRANT ALL ON public.t1 TO dba;
/*e*/GRANT ALL ON public.t1 TO _system;
/*e*/REVOKE ALL ON public.t1 FROM dba RESTRICT;
/*e*/REVOKE ALL ON public.t1 FROM _system RESTRICT;
-----------------------------------------------------------------------
-- Roles and Users share a namespace
CREATE USER conflict1 PASSWORD conflict1;
/*e*/CREATE ROLE conflict1;
/*u0*/CREATE ROLE conflict2;
/*e*/CREATE USER conflict2 PASSWORD conflict2;
-- Can grant a Role but not a user
/*e*/GRANT us3 TO conflict2;
-- Grant and revoke lists for users and roles
GRANT SELECT, UPDATE, DELETE, INSERT ON public.t2 TO conflict1;
GRANT SELECT, UPDATE, DELETE, INSERT ON public.t2 TO conflict2;
REVOKE SELECT, UPDATE, DELETE, INSERT ON public.t2 FROM conflict1 RESTRICT;
REVOKE SELECT, UPDATE, DELETE, INSERT ON public.t2 FROM conflict2 RESTRICT;
-- Wrong right names
/*e*/GRANT SELECT, TABLE, COLUMN ON public.t2 TO conflict1;
/*e*/REVOKE SELECT, TABLE, COLUMN ON public.t2 FROM conflict1 RESTRICT;
-- Roles are not schemas
/*e*/CREATE TABLE dba.x1 (i int);
-- Test global (non-object) permissions of DBA Role
GRANT ALL ON public.t1 TO blaine;
CONNECT USER blaineadm PASSWORD blaineadm;
/*u0*/SET TABLE public.t1 READONLY true;
CONNECT USER blaine PASSWORD blaine;
/*e*/INSERT INTO public.t1 VALUES(1);
/*e*/SET TABLE public.t1 READONLY true;
/*e*/CREATE USER user1 password user1;
/*e*/GRANT dba TO debbie;
CONNECT USER blaineadm PASSWORD blaineadm;
/*u0*/GRANT dba TO blaine;
CONNECT USER blaine PASSWORD blaine;
/*e*/INSERT INTO public.t1 VALUES(1);
/*u0*/SET TABLE public.t1 READONLY false;
/*u1*/INSERT INTO public.t1 VALUES(1);
/*u0*/CREATE USER user1 password user1;
/*u0*/GRANT dba TO debbie;
--CONNECT USER sa PASSWORD "";
SET SESSION AUTHORIZATION 'SA'
/*u0*/REVOKE dba FROM blaine RESTRICT;
CONNECT USER blaine PASSWORD blaine;
/*e*/SET TABLE public.t1 READONLY true;
/*e*/CREATE USER user2 password user2;
/*e*/REVOKE dba FROM debbie RESTRICT;
-- Test using non-existent roles and re-creating existing roles.
CONNECT USER sa PASSWORD "";
CREATE USER us1 PASSWORD us1;
/*u0*/GRANT CHANGE_AUTHORIZATION TO us1;
CREATE USER us2 PASSWORD us2;
/*e*/DROP ROLE r1;
/*u0*/CREATE ROLE r1;
/*u0*/GRANT r1 TO us1;
/*e*/GRANT r1 TO us1;
/*u0*/REVOKE r1 FROM us1 RESTRICT;
/*e*/REVOKE r1 FROM us1 RESTRICT;
/*e*/REVOKE r2 FROM us1 RESTRICT;
/*u0*/DROP ROLE r1;
-- Basics
CONNECT USER blaineadm PASSWORD blaineadm;
/*e*/GRANT ALL ON t1 TO r1;
/*u0*/CREATE ROLE r1;
/*e*/GRANT r1 TO r1;
-- us1: no privs
CONNECT USER us1 PASSWORD us1;
/*e*/SELECT * FROM public.t1;
/*e*/CREATE TABLE us1t1 (i int);
CONNECT USER sa PASSWORD "";
GRANT r1 TO us1;
-- us1: no privs
CONNECT USER us1 PASSWORD us1;
/*e*/SELECT * FROM public.t1;
/*e*/CREATE TABLE us1t1 (i int);
CONNECT USER sa PASSWORD "";
GRANT SELECT ON t1 TO r1;
-- us1: t1 rights via role r1
CONNECT USER us1 PASSWORD us1;
/*c2*/SELECT * FROM public.t1;
/*e*/CREATE TABLE us1t1 (i int);
CONNECT USER sa PASSWORD "";
GRANT dba TO us1;
-- us1: DBA + t1 rights via role r1
CONNECT USER us1 PASSWORD us1;
/*c2*/SELECT * FROM public.t1;
/*u0*/CREATE TABLE us1t1 (i int);
/*u0*/DROP TABLE us1t1;
CONNECT USER sa PASSWORD "";
/*u0*/REVOKE dba FROM us1 RESTRICT;
-- us1: t1 rights via role r1
CONNECT USER us1 PASSWORD us1;
/*c2*/SELECT * FROM public.t1;
/*e*/CREATE TABLE us1t1 (i int);
CONNECT USER sa PASSWORD "";
/*u0*/REVOKE r1 FROM us1 RESTRICT;
-- us1: no privs
CONNECT USER us1 PASSWORD us1;
/*e*/SELECT * FROM public.t1;
/*e*/CREATE TABLE us1t1 (i int);
CONNECT USER sa PASSWORD "";
/*u0*/GRANT r1 TO us1;
-- us1: t1 rights via role r1
CONNECT USER us1 PASSWORD us1;
/*c2*/SELECT * FROM public.t1;
/*e*/CREATE TABLE us1t1 (i int);
CONNECT USER sa PASSWORD "";
/*u0*/REVOKE ALL ON t1 FROM r1 RESTRICT;
-- us1: no privs
CONNECT USER us1 PASSWORD us1;
/*e*/SELECT * FROM public.t1;
/*e*/CREATE TABLE us1t1 (i int);
CONNECT USER sa PASSWORD "";
/*u0*/GRANT ALL ON t1 TO r1;
-- us1: t1 rights via role r1
CONNECT USER us1 PASSWORD us1;
/*c2*/SELECT * FROM public.t1;
/*e*/CREATE TABLE us1t1 (i int);
CONNECT USER sa PASSWORD "";
/*u0*/DROP ROLE r1;
-- us1: no privs
CONNECT USER us1 PASSWORD us1;
/*e*/SELECT * FROM public.t1;
/*e*/CREATE TABLE us1t1 (i int);
CONNECT USER sa PASSWORD '';
/*u0*/GRANT SELECT ON t1 TO us1;
-- us1: t1 rights via role table right
CONNECT USER us1 PASSWORD us1;
/*c2*/SELECT * FROM public.t1;
/*e*/CREATE TABLE us1t1 (i int);
CONNECT USER sa PASSWORD "";
/*u0*/REVOKE ALL ON t1 FROM us1 RESTRICT;
-- Role nesting
CREATE ROLE r1;
CONNECT USER us1 PASSWORD us1;
/*e*/CREATE TABLE us1t1 (i int);
CONNECT USER sa PASSWORD "";
GRANT r1 TO us1;
CONNECT USER us1 PASSWORD us1;
/*e*/CREATE TABLE us1t1 (i int);
CONNECT USER sa PASSWORD "";
GRANT dba TO r1;
CONNECT USER us1 PASSWORD us1;
/*u0*/CREATE TABLE us1t1 (i int);
/*u0*/DROP TABLE us1t1;
CONNECT USER sa PASSWORD "";
REVOKE dba FROM r1 RESTRICT;