rtib commented on code in PR #3905:
URL: https://github.com/apache/cassandra/pull/3905#discussion_r1961028131
##########
test/unit/org/apache/cassandra/auth/GrantAndRevokeTest.java:
##########
@@ -472,6 +477,28 @@ public void testGrantOnAllKeyspaces() throws Throwable
executeNet(ProtocolVersion.CURRENT, "INSERT INTO system.peers_v2(peer,
peer_port, data_center) VALUES ('127.0.100.100', 7012, 'invalid_dc')");
}
+ @Test
+ public void testGrantOnVirtualKeyspaces() throws Throwable
+ {
+ useSuperUser();
+ executeNet(String.format("CREATE ROLE %s WITH LOGIN = TRUE AND
password='%s'", user, pass));
+
+ useUser(user, pass);
+ assertUnauthorizedQuery("User user has no SELECT permission on <table
system_views.settings> or any of its parents",
+ "SELECT * FROM system_views.settings LIMIT 1");
+ // This is not failing on 5.0 as expected and observed on 4.0 and 4.1.
+// assertUnauthorizedQuery("User user has no SELECT permission on
<table system_views.settings> or any of its parents",
+// "SELECT * FROM system_virtual_schema.tables
LIMIT 1");
Review Comment:
It is exactly the same statement as in 487, but before the grant permission
it is expected to fail. However, it doesn't fail on 5.0, which is the issue. It
seems `system_virtual_schema` is accessible without granted permission.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
