Google Git
Sign in
apache / trafodion / 4528a10009f8f704c8516d1f42a7451ae7deafe6 / . / core / sql / regress / privs2 / TEST146
blob: 124aa9f35bc45bc1cca59d73e716a4442d411917 [file] [log] [blame]
-- ============================================================================
-- TEST146 - tests grant and revoke privileges on native HBase tables
--
-- @@@ START COPYRIGHT @@@
--
-- Licensed to the Apache Software Foundation (ASF) under one
-- or more contributor license agreements. See the NOTICE file
-- distributed with this work for additional information
-- regarding copyright ownership. The ASF licenses this file
-- to you under the Apache License, Version 2.0 (the
-- "License"); you may not use this file except in compliance
-- with the License. You may obtain a copy of the License at
--
-- http://www.apache.org/licenses/LICENSE-2.0
--
-- Unless required by applicable law or agreed to in writing,
-- software distributed under the License is distributed on an
-- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-- KIND, either express or implied. See the License for the
-- specific language governing permissions and limitations
-- under the License.
--
-- @@@ END COPYRIGHT @@@
--
-- ============================================================================
cqd SHOWDDL_DISPLAY_PRIVILEGE_GRANTS 'ON';
obey TEST146(clean_up);
log LOG146 clear;
obey TEST146(create_db);
obey TEST146(test_grants);
obey TEST146(test_revokes);
obey TEST146(test_ddl);
log;
obey TEST146(clean_up);
exit;
?section clean_up
-- =================================================================
-- remove objects and update standard privileges
-- =================================================================
revoke all on hbase."_CELL_".t146t1 from t146_role1 by db__hbaserole;
revoke all on hbase."_ROW_".t146t1 from t146_role1 by db__hbaserole;
revoke all on hbase."_CELL_".t146t1 from sql_user1 by db__hbaserole;
revoke all on hbase."_ROW_".t146t1 from sql_user1 by db__hbaserole;
revoke select (row_id, col_value) on hbase."_CELL_".t146t1 from sql_user2 by db__hbaserole;
revoke select on hbase."_CELL_".t146t1 from sql_user3 by db__hbaserole;
revoke select (row_id) on hbase."_ROW_".t146t1 from sql_user3 by db__hbaserole;
revoke select on hbase."_ROW_".t146t1 from sql_user3 by db__hbaserole;
revoke select on t146t1 from sql_user3 by db__hbaserole;
revoke role t146_role1 from sql_user1;
unregister hbase table if exists t146t1;
drop external table if exists t146t1;
drop hbase table t146t1;
drop hbase table t146t2;
drop hbase table t146t3;
drop role t146_role1;
revoke role db__hbaserole from sql_user5;
grant component privilege "SHOW" on sql_operations to "PUBLIC";
?section create_db
-- =================================================================
-- create native hbase table and roles
-- =================================================================
-- create hbase table
create hbase table t146t1 ( column family 'cf');
insert into hbase."_CELL_".t146t1 values ('1', 'cf', 'team_number', -1, '1');
insert into hbase."_CELL_".t146t1 values ('1', 'cf', 'visitor_team', -1, '2');
insert into hbase."_CELL_".t146t1 values ('1', 'cf', 'game_location', -1, 'California');
insert into hbase."_CELL_".t146t1 values ('2', 'cf', 'team_number', -1, '1');
insert into hbase."_CELL_".t146t1 values ('2', 'cf', 'visitor_team', -1, '3');
insert into hbase."_CELL_".t146t1 values ('2', 'cf', 'game_location', -1, 'Oklahoma');
select count(*) from hbase."_CELL_".t146t1;
select count(*) from hbase."_ROW_".t146t1;
create external table t146t1
(row_id varchar(20) not null primary key,
row_value varchar (1000))
attribute default column family 'cf'
map to hbase table t146t1;
create hbase table t146t3 ( column family 'cf');
-- These operations are not allowed on hbase tables
update hbase."_CELL_".t146t1 set col_value = '4' where row_id = '2' and col_name = 'visitor_team';
delete from hbase."_CELL_".t146t1 where row_id = '3';
showddl hbase."_CELL_".t146t1;
showddl hbase."_ROW_".t146t1;
showddl hbase."_MAP_".t146t1;
get hbase registered tables in catalog trafodion, match '%T146%';
create role t146_role1;
grant role t146_role1 to sql_user1;
grant role db__hbaserole to sql_user5;
revoke component privilege "SHOW" on sql_operations from "PUBLIC";
get privileges on component sql_operations for "PUBLIC";
get external hbase objects, match '%T146%';
?section test_grants
-- =================================================================
-- this set of tests run basic grant tests for native Hive tables
-- =================================================================
-- grant a privilege where user has no grant privilege
sh sqlci -i "TEST146(perform_grants)" -u sql_user3;
-- grant privileges by the hbase admin user
sh sqlci -i "TEST146(perform_grants)" -u sql_user5;
-- user1 can select and update table via t146_role1, no select from map table
sh sqlci -i "TEST146(perform_ops)" -u sql_user1;
-- user2 can select subset of columns
sh sqlci -i "TEST146(perform_ops)" -u sql_user2;
-- user3 can select all
sh sqlci -i "TEST146(perform_ops)" -u sql_user3;
-- user4 has no privileges
sh sqlci -i "TEST146(perform_ops)" -u sql_user4;
-- user5 has all privileges through role db__hbaserole
sh sqlci -i "TEST146(perform_ops)" -u sql_user5;
?section test_revokes
-- ============================================================================
-- verify that revoking privileges work as expected on native Hive tables
-- ============================================================================
-- revoke update from t146_role1
revoke update on hbase."_ROW_".t146t1 from t146_role1 by db__hbaserole;
sh sqlci -i "TEST146(perform_ops)" -u sql_user1;
-- revoke role from sql_user1, no longer has privilege
revoke role t146_role1 from sql_user1;
sh sqlci -i "TEST146(perform_ops)" -u sql_user1;
--revoke column privs from sql_user2
revoke select (row_id) on hbase."_ROW_".t146t1 from sql_user2 by db__hbaserole;
sh sqlci -i "TEST146(perform_ops)" -u sql_user2;
?section test_ddl
-- ============================================================================
-- verify that DDL operations work correctly
-- ============================================================================
-- db__root can create hbase tables
obey TEST146(perform_ddl);
-- sql_user3 has no privleges, cannot create tables
sh sqlci -i "TEST146(perform_ddl)" -u sql_user3;
-- sql_user5 that has been granted db__hbaserole can create hbase tables
grant role db__hbaserole to sql_user5;
sh sqlci -i "TEST146(perform_ddl)" -u sql_user5;
revoke role db__hbaserole from sql_user5;
-- make sure correct result when repeating tests
create hbase table t146t2 ( column family 'cf');
create hbase table t146t2 ( column family 'cf');
drop hbase table t146t2;
drop hbase table t146t2;
drop hbase table t146t3;
?section perform_ddl
-- ============================================================================
cqd SHOWDDL_DISPLAY_PRIVILEGE_GRANTS 'ON';
log LOG146;
values(user);
create hbase table t146t2 ( column family 'cf');
create external table t146t2
(row_id varchar(20) not null primary key,
row_value varchar (1000))
attribute default column family 'cf'
map to hbase table t146t2;
grant select on hbase."_CELL_".t146t2 to sql_user1 by db__hbaserole;
grant select on hbase."_ROW_".t146t2 to sql_user1 by db__hbaserole;
grant select on hbase."_MAP_".t146t2 to sql_user1 by db__hbaserole;
get privileges for role db__hbaserole, match '%146%';
drop hbase table t146t2;
get privileges for role db__hbaserole, match '%146%';
?section perform_grants
-- ============================================================================
cqd SHOWDDL_DISPLAY_PRIVILEGE_GRANTS 'ON';
log LOG146;
values(user);
grant all on hbase."_CELL_".t146t1 to t146_role1 by db__hbaserole;
grant select, update, insert, delete on hbase."_ROW_".t146t1 to t146_role1 by db__hbaserole;
grant select(row_id, col_value) on hbase."_CELL_".t146t1 to sql_user2 by db__hbaserole;
grant select on hbase."_CELL_".t146t1 to sql_user3 by db__hbaserole;
grant select (row_id) on hbase."_ROW_".t146t1 to sql_user2 by db__hbaserole;
grant select on hbase."_ROW_".t146t1 to sql_user3 by db__hbaserole;
grant select on t146t1 to sql_user3 by db__hbaserole;
showddl hbase."_CELL_".t146t1;
showddl hbase."_ROW_".t146t1;
showddl hbase."_MAP_".t146t1;
?section perform_ops
-- ============================================================================
cqd SHOWDDL_DISPLAY_PRIVILEGE_GRANTS 'ON';
log LOG146;
values (user);
-- contains most columns
select substring (row_id,1,5) as row_id,
col_family,
cast(col_name as char(20) character set iso88591) as col_name,
cast(col_value as char(20) character set iso88591) as col_value
from hbase."_CELL_".t146t1 order by 1;
prepare s1 from
select substring (row_id,1,4) as row_id,
cast (col_value as char (40) character set iso88591) as col_value
from hbase."_CELL_".t146t1 order by 1;
execute s1;
select row_id from t146t1;
-- contains columns associated with granted column level privileges
select substring(row_id,1,4) as row_id,
substring (column_details,3,8) as column_details
from hbase."_ROW_".t146t1;
select substring(row_id,1,4) as row_id from hbase."_ROW_".t146t1;
insert into hbase."_CELL_".t146t1 values
('3', 'cf', 'game_location', -1, 'Ohio'),
('3', 'cf', 'visitor_team', -1, '3'),
('3', 'cf', 'team_number', -1, '1');
execute s1;
update hbase."_ROW_".t146t1 set column_details = column_create ('cf:game_time', '2018-04-30')
where row_id = '3';
execute s1;
delete from hbase."_ROW_".t146t1 where row_id = '3';
execute s1;
get external hbase objects, match '%T146%';
get hbase registered tables in catalog trafodion, match '%T146%';