This is an automated email from the ASF dual-hosted git repository.
jiangtian pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/iotdb.git
The following commit(s) were added to refs/heads/master by this push:
new 5802fa2e0ab Resolve the problem that everyone can alter table column
data type. (#17089)
5802fa2e0ab is described below
commit 5802fa2e0ab6e6d15fded869ae8c447b1e28d726
Author: libo <[email protected]>
AuthorDate: Wed Jan 28 11:37:35 2026 +0800
Resolve the problem that everyone can alter table column data type. (#17089)
* Resolve the problem that everyone can alter table column data type.
* Delete spare codes.
---
.../iotdb/db/it/auth/IoTDBSeriesPermissionIT.java | 7 +++++
.../it/db/it/IoTDBAuthenticationTableIT.java | 36 ++++++++++++++++++++++
.../execution/config/TableConfigTaskVisitor.java | 4 +++
3 files changed, 47 insertions(+)
diff --git
a/integration-test/src/test/java/org/apache/iotdb/db/it/auth/IoTDBSeriesPermissionIT.java
b/integration-test/src/test/java/org/apache/iotdb/db/it/auth/IoTDBSeriesPermissionIT.java
index ad34c1cc0b9..198cebfe16e 100644
---
a/integration-test/src/test/java/org/apache/iotdb/db/it/auth/IoTDBSeriesPermissionIT.java
+++
b/integration-test/src/test/java/org/apache/iotdb/db/it/auth/IoTDBSeriesPermissionIT.java
@@ -112,6 +112,11 @@ public class IoTDBSeriesPermissionIT {
"803: No permissions for this operation, please add privilege
WRITE_SCHEMA",
"test",
"test123123456");
+ assertNonQueryTestFail(
+ "alter timeseries root.test.d1.s1 set data type float",
+ "803: No permissions for this operation, please add privilege
WRITE_SCHEMA on [root.test.d1.s1]",
+ "test",
+ "test123123456");
grantUserSeriesPrivilege("test", PrivilegeType.WRITE_SCHEMA,
"root.test.**");
@@ -126,6 +131,8 @@ public class IoTDBSeriesPermissionIT {
executeNonQuery(
"create timeseries root.test.d1.s1 with dataType = int32", "test",
"test123123456");
executeNonQuery("ALTER timeseries root.test.d1.s1 ADD TAGS tag3=v3",
"test", "test123123456");
+ executeNonQuery(
+ "alter timeseries root.test.d1.s1 set data type float", "test",
"test123123456");
executeNonQuery("drop timeseries root.test.d1.s1", "test",
"test123123456");
executeNonQuery("set TTL to root.test.** 10000", "test", "test123123456");
executeNonQuery("unset TTL to root.test.**", "test", "test123123456");
diff --git
a/integration-test/src/test/java/org/apache/iotdb/relational/it/db/it/IoTDBAuthenticationTableIT.java
b/integration-test/src/test/java/org/apache/iotdb/relational/it/db/it/IoTDBAuthenticationTableIT.java
index f5c04f03bb0..0565ff9e6fd 100644
---
a/integration-test/src/test/java/org/apache/iotdb/relational/it/db/it/IoTDBAuthenticationTableIT.java
+++
b/integration-test/src/test/java/org/apache/iotdb/relational/it/db/it/IoTDBAuthenticationTableIT.java
@@ -1103,4 +1103,40 @@ public class IoTDBAuthenticationTableIT {
tmpDir.getAbsolutePath()));
}
}
+
+ @Test
+ public void testAlter() throws IoTDBConnectionException,
StatementExecutionException {
+ try (ITableSession sessionRoot =
EnvFactory.getEnv().getTableSessionConnection()) {
+ sessionRoot.executeNonQueryStatement("CREATE DATABASE test3");
+ sessionRoot.executeNonQueryStatement("USE test3");
+ sessionRoot.executeNonQueryStatement("CREATE TABLE t1 (c1 INT32)");
+
+ // test users
+ sessionRoot.executeNonQueryStatement("CREATE USER userA 'userA1234567'");
+ sessionRoot.executeNonQueryStatement("CREATE USER userB 'userB1234567'");
+
+ try (ITableSession sessionA =
+ EnvFactory.getEnv().getTableSessionConnection("userA",
"userA1234567");
+ ITableSession sessionB =
+ EnvFactory.getEnv().getTableSessionConnection("userB",
"userB1234567")) {
+ sessionRoot.executeNonQueryStatement(
+ "GRANT SELECT,INSERT,DELETE ON test3.t1 TO USER userA");
+ sessionRoot.executeNonQueryStatement(
+ "GRANT SELECT,ALTER,INSERT,DELETE ON test3.t1 TO USER userB");
+ sessionA.executeNonQueryStatement("USE test3");
+ sessionB.executeNonQueryStatement("USE test3");
+
+ try {
+ sessionA.executeNonQueryStatement("ALTER TABLE t1 ALTER COLUMN c1
SET DATA TYPE FLOAT");
+ fail("Should have thrown an exception");
+ } catch (StatementExecutionException e) {
+ assertEquals(
+ "803: Access Denied: No permissions for this operation, please
add privilege ALTER ON test3.t1",
+ e.getMessage());
+ }
+
+ sessionB.executeNonQueryStatement("ALTER TABLE t1 ALTER COLUMN c1 SET
DATA TYPE FLOAT");
+ }
+ }
+ }
}
diff --git
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/execution/config/TableConfigTaskVisitor.java
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/execution/config/TableConfigTaskVisitor.java
index 008cb7946fc..a712e916d9e 100644
---
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/execution/config/TableConfigTaskVisitor.java
+++
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/queryengine/plan/execution/config/TableConfigTaskVisitor.java
@@ -636,6 +636,10 @@ public class TableConfigTaskVisitor extends
AstVisitor<IConfigTask, MPPQueryCont
final DataType dataType = node.getDataType();
final boolean ifTableExists = node.isIfTableExists();
final boolean ifColumnExists = node.isIfColumnExists();
+ accessControl.checkCanAlterTable(
+ context.getSession().getUserName(),
+ new QualifiedObjectName(databaseTablePair.getLeft(),
databaseTablePair.getRight()),
+ context);
return new AlterColumnDataTypeTask(
databaseTablePair.getLeft(),
databaseTablePair.getRight(),
