github.com/matrixorigin/matrixone@v1.2.0/test/distributed/cases/tenant/privilege/role.test

github.com/matrixorigin/matrixone@v1.2.0/test/distributed/cases/tenant/privilege/role.test (about)

     1  set global enable_privilege_cache = off;
     2  create role role_r1,role_r2,role_r3;
     3  create user role_u1 identified by '111', role_u2 identified by '111', role_u3 identified by '111';
     4  grant role_r1 to role_u1;
     5  grant role_r1,role_r2,role_r3 to role_u1,role_u2,role_u2;
     6  grant role_r1 to role_r2;
     7  grant role_r2 to role_r3;
     8  grant role_r3 to role_r1;
     9  revoke role_r2 from role_r3;
    10  revoke role_r1 from role_r2;
    11  grant show databases on account * to role_r1;
    12  grant show databases on database * to role_r1;
    13  grant show tables on database * to role_r1;
    14  grant create database on account * to role_r1;
    15  grant create table on database * to role_r1;
    16  drop database if exists t;
    17  create database t ;
    18  use t;
    19  create table A (a int);
    20  grant select,insert,delete,update on table t.a to role_r1;
    21  revoke select,insert,delete,update on table t.a from role_r1;
    22  create database d;
    23  use d;
    24  create table t(a int);
    25  grant create account on account * to role_r1;
    26  grant drop account on account * to role_r1;
    27  grant alter account on account * to role_r1;
    28  grant create user on account * to role_r1;
    29  grant drop user on account * to role_r1;
    30  grant alter user on account * to role_r1;
    31  grant create role on account * to role_r1;
    32  grant drop role on account * to role_r1;
    33  grant alter role on account * to role_r1;
    34  grant create database on account * to role_r1;
    35  grant drop database on account * to role_r1;
    36  grant show databases on account * to role_r1;
    37  grant connect on account * to role_r1;
    38  -- grant manage grants on account * to role_r1;
    39  grant all on account * to role_r1;
    40  grant ownership on account * to role_r1;
    41  grant show tables on database * to role_r1;
    42  grant show tables on database *.* to role_r1;
    43  grant show tables on database d to role_r1;
    44  grant create table on database * to role_r1;
    45  grant create table on database *.* to role_r1;
    46  grant create table on database d to role_r1;
    47  grant create view on database * to role_r1;
    48  grant create view on database *.* to role_r1;
    49  grant create view on database d to role_r1;
    50  grant drop table on database * to role_r1;
    51  grant drop table on database *.* to role_r1;
    52  grant drop table on database d to role_r1;
    53  grant drop view on database * to role_r1;
    54  grant drop view on database *.* to role_r1;
    55  grant drop view on database d to role_r1;
    56  grant alter table on database * to role_r1;
    57  grant alter table on database *.* to role_r1;
    58  grant alter table on database d to role_r1;
    59  grant alter view on database * to role_r1;
    60  grant alter view on database *.* to role_r1;
    61  grant alter view on database d to role_r1;
    62  grant all on database * to role_r1;
    63  grant all on database *.* to role_r1;
    64  grant all on database d to role_r1;
    65  grant ownership on database * to role_r1;
    66  grant select on table * to role_r1;
    67  grant select on table *.* to role_r1;
    68  grant select on table d.* to role_r1;
    69  grant select on table d.t to role_r1;
    70  grant select on table t to role_r1;
    71  grant insert on table * to role_r1;
    72  grant insert on table *.* to role_r1;
    73  grant insert on table d.* to role_r1;
    74  grant insert on table d.t to role_r1;
    75  grant insert on table t to role_r1;
    76  grant update on table * to role_r1;
    77  grant update on table *.* to role_r1;
    78  grant update on table d.* to role_r1;
    79  grant update on table d.t to role_r1;
    80  grant update on table t to role_r1;
    81  --grant truncate on table * to role_r1;
    82  --grant truncate on table *.* to role_r1;
    83  --grant truncate on table d.* to role_r1;
    84  --grant truncate on table d.t to role_r1;
    85  --grant truncate on table t to role_r1;
    86  grant delete on table * to role_r1;
    87  grant delete on table *.* to role_r1;
    88  grant delete on table d.* to role_r1;
    89  grant delete on table d.t to role_r1;
    90  grant delete on table t to role_r1;
    91  --grant reference on table * to role_r1;
    92  --grant reference on table *.* to role_r1;
    93  --grant reference on table d.* to role_r1;
    94  --grant reference on table d.t to role_r1;
    95  --grant reference on table t to role_r1;
    96  grant index on table * to role_r1;
    97  grant index on table *.* to role_r1;
    98  grant index on table d.* to role_r1;
    99  grant index on table d.t to role_r1;
   100  grant index on table t to role_r1;
   101  grant all on table * to role_r1;
   102  grant all on table *.* to role_r1;
   103  grant all on table d.* to role_r1;
   104  grant all on table d.t to role_r1;
   105  grant all on table t to role_r1;
   106  grant ownership on table * to role_r1;
   107  grant execute on table * to role_r1;
   108  grant execute on table *.* to role_r1;
   109  grant execute on table d.* to role_r1;
   110  grant execute on table d.t to role_r1;
   111  grant execute on table t to role_r1;
   112  revoke create account on account * from role_r1;
   113  revoke drop account on account * from role_r1;
   114  revoke alter account on account * from role_r1;
   115  revoke create user on account * from role_r1;
   116  revoke drop user on account * from role_r1;
   117  revoke alter user on account * from role_r1;
   118  revoke create role on account * from role_r1;
   119  revoke drop role on account * from role_r1;
   120  revoke alter role on account * from role_r1;
   121  revoke create database on account * from role_r1;
   122  revoke drop database on account * from role_r1;
   123  revoke show databases on account * from role_r1;
   124  revoke connect on account * from role_r1;
   125  revoke all on account * from role_r1;
   126  --revoke ownership on account * from role_r1;
   127  revoke show tables on database * from role_r1;
   128  revoke show tables on database *.* from role_r1;
   129  revoke show tables on database d from role_r1;
   130  revoke create table on database * from role_r1;
   131  revoke create table on database *.* from role_r1;
   132  revoke create table on database d from role_r1;
   133  revoke create view on database * from role_r1;
   134  revoke create view on database *.* from role_r1;
   135  revoke create view on database d from role_r1;
   136  revoke drop table on database * from role_r1;
   137  revoke drop table on database *.* from role_r1;
   138  revoke drop table on database d from role_r1;
   139  revoke drop view on database * from role_r1;
   140  revoke drop view on database *.* from role_r1;
   141  revoke drop view on database d from role_r1;
   142  revoke alter table on database * from role_r1;
   143  revoke alter table on database *.* from role_r1;
   144  revoke alter table on database d from role_r1;
   145  revoke alter view on database * from role_r1;
   146  revoke alter view on database *.* from role_r1;
   147  revoke alter view on database d from role_r1;
   148  revoke all on database * from role_r1;
   149  revoke all on database *.* from role_r1;
   150  revoke all on database d from role_r1;
   151  --revoke ownership on database * from role_r1;
   152  revoke select on table * from role_r1;
   153  revoke select on table *.* from role_r1;
   154  revoke select on table d.* from role_r1;
   155  revoke select on table d.t from role_r1;
   156  revoke select on table t from role_r1;
   157  revoke insert on table * from role_r1;
   158  revoke insert on table *.* from role_r1;
   159  revoke insert on table d.* from role_r1;
   160  revoke insert on table d.t from role_r1;
   161  revoke insert on table t from role_r1;
   162  revoke update on table * from role_r1;
   163  revoke update on table *.* from role_r1;
   164  revoke update on table d.* from role_r1;
   165  revoke update on table d.t from role_r1;
   166  revoke update on table t from role_r1;
   167  revoke delete on table * from role_r1;
   168  revoke delete on table *.* from role_r1;
   169  revoke delete on table d.* from role_r1;
   170  revoke delete on table d.t from role_r1;
   171  revoke delete on table t from role_r1;
   172  revoke index on table * from role_r1;
   173  revoke index on table *.* from role_r1;
   174  revoke index on table d.* from role_r1;
   175  revoke index on table d.t from role_r1;
   176  revoke index on table t from role_r1;
   177  revoke all on table * from role_r1;
   178  revoke all on table *.* from role_r1;
   179  revoke all on table d.* from role_r1;
   180  revoke all on table d.t from role_r1;
   181  revoke all on table t from role_r1;
   182  --revoke ownership on table * from role_r1;
   183  revoke execute on table * from role_r1;
   184  revoke execute on table *.* from role_r1;
   185  revoke execute on table d.* from role_r1;
   186  revoke execute on table d.t from role_r1;
   187  revoke execute on table t from role_r1;
   188  
   189  drop role role_r1,role_r2,role_r3;
   190  drop user role_u1,role_u2,role_u3;
   191  drop database if exists t;
   192  drop database if exists d;
   193  set global enable_privilege_cache = on;