Github user karanmehta93 commented on a diff in the pull request:
https://github.com/apache/phoenix/pull/289#discussion_r161662712
--- Diff:
phoenix-core/src/it/java/org/apache/phoenix/end2end/ChangePermissionsIT.java ---
@@ -267,4 +267,26 @@ public void testMultiTenantTables() throws Exception {
verifyAllowed(readMultiTenantTableWithIndex(VIEW1_TABLE_NAME,
"o1"), regularUser2);
verifyAllowed(readMultiTenantTableWithoutIndex(VIEW2_TABLE_NAME,
"o2"), regularUser2);
}
+
+ /**
+ * Grant RX permissions on the schema to regularUser1,
+ * Creating view on a table with that schema by regularUser1 should be
allowed
+ */
+ @Test
+ public void testCreateViewOnTableWithRXPermsOnSchema() throws
Exception {
+
+ startNewMiniCluster();
+ grantSystemTableAccess(superUser1, regularUser1, regularUser2,
regularUser3);
+
+ if(isNamespaceMapped) {
+ verifyAllowed(createSchema(SCHEMA_NAME), superUser1);
+ verifyAllowed(createTable(FULL_TABLE_NAME), superUser1);
+ verifyAllowed(grantPermissions("RX", regularUser1,
SCHEMA_NAME, true), superUser1);
+ } else {
+ verifyAllowed(createTable(FULL_TABLE_NAME), superUser1);
+ verifyAllowed(grantPermissions("RX", regularUser1,
surroundWithDoubleQuotes(SchemaUtil.SCHEMA_FOR_DEFAULT_NAMESPACE), true),
superUser1);
+ }
+
+ verifyAllowed(createView(VIEW1_TABLE_NAME, FULL_TABLE_NAME),
regularUser1);
+ }
--- End diff --
If the user has access on the SCHEMA of FULL_TABLE_NAME, that should be
sufficient, since namespace is bigger in scope that per table scope. Hence I
merge all these permissions and then use the `hasAccess()` method to determine
the final access.
---
