rtib commented on code in PR #3905:
URL: https://github.com/apache/cassandra/pull/3905#discussion_r1961648069
##########
test/unit/org/apache/cassandra/auth/GrantAndRevokeTest.java:
##########
@@ -472,6 +477,28 @@ public void testGrantOnAllKeyspaces() throws Throwable
executeNet(ProtocolVersion.CURRENT, "INSERT INTO system.peers_v2(peer,
peer_port, data_center) VALUES ('127.0.100.100', 7012, 'invalid_dc')");
}
+ @Test
+ public void testGrantOnVirtualKeyspaces() throws Throwable
+ {
+ useSuperUser();
+ executeNet(String.format("CREATE ROLE %s WITH LOGIN = TRUE AND
password='%s'", user, pass));
+
+ useUser(user, pass);
+ assertUnauthorizedQuery("User user has no SELECT permission on <table
system_views.settings> or any of its parents",
+ "SELECT * FROM system_views.settings LIMIT 1");
+ // This is not failing on 5.0 as expected and observed on 4.0 and 4.1.
+// assertUnauthorizedQuery("User user has no SELECT permission on
<table system_views.settings> or any of its parents",
+// "SELECT * FROM system_virtual_schema.tables
LIMIT 1");
Review Comment:
It's unclear why `system_virtual_schema` is always accessible, but I think
that's a different issue, if any. So I'm going to remove these comments here.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
