Github user karanmehta93 commented on a diff in the pull request: https://github.com/apache/phoenix/pull/289#discussion_r161662712 --- Diff: phoenix-core/src/it/java/org/apache/phoenix/end2end/ChangePermissionsIT.java --- @@ -267,4 +267,26 @@ public void testMultiTenantTables() throws Exception { verifyAllowed(readMultiTenantTableWithIndex(VIEW1_TABLE_NAME, "o1"), regularUser2); verifyAllowed(readMultiTenantTableWithoutIndex(VIEW2_TABLE_NAME, "o2"), regularUser2); } + + /** + * Grant RX permissions on the schema to regularUser1, + * Creating view on a table with that schema by regularUser1 should be allowed + */ + @Test + public void testCreateViewOnTableWithRXPermsOnSchema() throws Exception { + + startNewMiniCluster(); + grantSystemTableAccess(superUser1, regularUser1, regularUser2, regularUser3); + + if(isNamespaceMapped) { + verifyAllowed(createSchema(SCHEMA_NAME), superUser1); + verifyAllowed(createTable(FULL_TABLE_NAME), superUser1); + verifyAllowed(grantPermissions("RX", regularUser1, SCHEMA_NAME, true), superUser1); + } else { + verifyAllowed(createTable(FULL_TABLE_NAME), superUser1); + verifyAllowed(grantPermissions("RX", regularUser1, surroundWithDoubleQuotes(SchemaUtil.SCHEMA_FOR_DEFAULT_NAMESPACE), true), superUser1); + } + + verifyAllowed(createView(VIEW1_TABLE_NAME, FULL_TABLE_NAME), regularUser1); + } --- End diff -- If the user has access on the SCHEMA of FULL_TABLE_NAME, that should be sufficient, since namespace is bigger in scope that per table scope. Hence I merge all these permissions and then use the `hasAccess()` method to determine the final access.
---