Skip to content

Add test for check permissions after authorize #4502

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 2 commits into
base: trunk
Choose a base branch
from
+40 −0
Open

Add test for check permissions after authorize #4502

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
7776508
Add test for check permissions after authorize
klammrock Dec 1, 2025
23f1e75
Rename idm user, add check permissions for user
klammrock Dec 1, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
40 changes: 40 additions & 0 deletions test/unit/org/apache/cassandra/auth/GrantAndRevokeTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -577,6 +577,46 @@ public void testGrantOnVirtualKeyspaces() throws Throwable
executeNet(ProtocolVersion.CURRENT, format("REVOKE SELECT PERMISSION ON KEYSPACE system_views FROM %s", user));
}

@Test
public void testCheckPermissionsAfterAuthorize() throws Throwable
{
useSuperUser();

executeNet("CREATE KEYSPACE check_permissions WITH replication = {'class': 'SimpleStrategy', 'replication_factor': '1'}");
executeNet("CREATE TABLE check_permissions.t1 (k int PRIMARY KEY)");
executeNet("INSERT INTO check_permissions.t1 (k) VALUES (1)");

executeNet(String.format("CREATE ROLE %s WITH LOGIN = TRUE AND password='%s'", user, pass));

final String simple_user = "simple_user";
executeNet(String.format("CREATE ROLE %s WITH LOGIN = TRUE AND password='%s'", simple_user, simple_user));
executeNet("GRANT AUTHORIZE ON check_permissions.t1 TO " + simple_user);

useUser(user, pass);
assertUnauthorizedQuery("User user has no SELECT permission on <table check_permissions.t1> or any of its parents",
"SELECT * FROM check_permissions.t1");

useUser(simple_user, simple_user);
assertUnauthorizedQuery("User simple_user has no SELECT permission on <table check_permissions.t1> or any of its parents",
"SELECT * FROM check_permissions.t1");
assertUnauthorizedQuery("User simple_user has no SELECT permission on <table check_permissions.t1> or any of its parents",
"GRANT SELECT ON check_permissions.t1 TO " + user);

useUser(user, pass);
assertUnauthorizedQuery("User user has no SELECT permission on <table check_permissions.t1> or any of its parents",
"SELECT * FROM check_permissions.t1");

useSuperUser();
executeNet("GRANT SELECT ON check_permissions.t1 TO " + simple_user);

useUser(simple_user, simple_user);
executeNet("SELECT * FROM check_permissions.t1");
executeNet("GRANT SELECT ON check_permissions.t1 TO " + user);

useUser(user, pass);
executeNet("SELECT * FROM check_permissions.t1");
}

private void maybeReadSystemTables(boolean superuser) throws Throwable
{
if (superuser)
Expand Down