Skip to content

Commit

Permalink
sql: add tests for privileges for statements in udfs
Browse files Browse the repository at this point in the history 
This PR adds test coverage for privileges in UDFs, e.g., SELECT and
INSERT privileges.

Epic: CRDB-25388
Informs: cockroachdb#87289

Release note: None
  • Loading branch information
@rharding6373
rharding6373 committed Oct 3, 2023
1 parent 3e42a0b commit 59cb25e
Showing 1 changed file with 94 additions and 0 deletions.
94 changes: 94 additions & 0 deletions pkg/sql/logictest/testdata/logic_test/udf_privileges
View file
Original file line number Diff line number Diff line change
Expand Up @@ -783,4 +783,98 @@ SET ROLE tester
statement ok
SELECT test.my_add(1,2)

statement ok
SET ROLE root

subtest end

subtest mutations

statement ok
CREATE TABLE t (a INT, b INT);
CREATE FUNCTION f_insert() RETURNS VOID LANGUAGE SQL AS $$ INSERT INTO t VALUES (1,2); $$;
CREATE FUNCTION f_select() RETURNS INT LANGUAGE SQL AS $$ SELECT b FROM t WHERE a = 1; $$;
CREATE FUNCTION f_update() RETURNS VOID LANGUAGE SQL AS $$ UPDATE t SET b = 3 WHERE a = 1; $$;
CREATE FUNCTION f_delete() RETURNS VOID LANGUAGE SQL AS $$ DELETE FROM t WHERE a = 1; $$;
CREATE USER test_user;

statement ok
SET ROlE test_user

statement error pq: user test_user does not have INSERT privilege on relation t
select f_insert();

statement error pq: user test_user does not have SELECT privilege on relation t
select f_select();

statement error pq: user test_user does not have UPDATE privilege on relation t
select f_update();

statement error pq: user test_user does not have DELETE privilege on relation t
select f_delete();

statement ok
SET ROlE root

statement ok
GRANT SELECT, INSERT, DELETE, UPDATE ON t TO test_user;

statement ok
SET ROlE test_user


statement ok
SELECT f_insert();

query I
SELECT f_select();
----
2

statement ok
SELECT f_update();

query II
SELECT * FROM t;
----
1 3

statement ok
SELECT f_delete();

query II
SELECT * FROM t;
----

statement ok
SET ROlE root

statement ok
REVOKE SELECT, INSERT, DELETE, UPDATE ON t FROM test_user;

statement ok
SET ROLE test_user

statement error pq: user test_user does not have SELECT privilege on relation t
select f_select();

statement error pq: user test_user does not have INSERT privilege on relation t
select f_insert();

statement error pq: user test_user does not have UPDATE privilege on relation t
select f_update();

statement error pq: user test_user does not have DELETE privilege on relation t
select f_delete();

statement ok
SET ROLE root

statement ok
DROP FUNCTION f_insert;
DROP FUNCTION f_select;
DROP FUNCTION f_update;
DROP FUNCTION f_delete;
DROP USER test_user;

subtest end

0 comments on commit 59cb25e

Please sign in to comment.