github.com/matrixorigin/matrixone@v1.2.0/test/distributed/cases/zz_accesscontrol/inner_object.sql (about) 1 set global enable_privilege_cache = off; 2 -- env prepare statement 3 drop account if exists account1; 4 drop account if exists inner_account; 5 drop role if exists revoke_role_1; 6 7 --验证访问控制表中内置对象数据正确性 8 select user_name,owner from mo_catalog.mo_user where user_name="root"; 9 select role_id,role_name,owner from mo_catalog.mo_role where role_name in ("moadmin","public"); 10 11 --验证moadminaccount初始化,sys租户root下创建普通租户下管理员用户查看 12 create account account1 ADMIN_NAME 'admin' IDENTIFIED BY '123456'; 13 -- @session:id=2&user=account1:admin&password=123456 14 select role_id,role_name,owner from mo_catalog.mo_role; 15 show databases; 16 show grants; 17 use system; 18 show triggers; 19 use mo_catalog; 20 show columns from mo_tables; 21 select datname, dat_createsql from mo_database; 22 select relname from mo_tables where relname="sql_statement_total"; 23 select relname from mo_tables where relname="mo_user"; 24 select relname from mo_tables where relname="tables"; 25 select user_name,authentication_string from mo_user; 26 select role_name from mo_role; 27 create database account_db; 28 use account_db; 29 show tables; 30 create table a(col int); 31 show create table a; 32 show tables; 33 -- @session 34 35 --public只有连接权限 36 -- @session:id=2&user=account1:admin:public&password=123456 37 show databases; 38 -- @session 39 40 --内置表不能增删改 41 update mo_catalog.mo_tables set relname='mo_aaaa'; 42 insert into mo_catalog.mo_role values (1763,'apple',0,1,'2022-09-22 06:53:34',''); 43 delete from mo_catalog.mo_user; 44 drop table mo_catalog.mo_account; 45 delete from mo_catalog.mo_user_grant; 46 delete from mo_catalog.mo_role_grant; 47 delete from mo_catalog.mo_role_privs; 48 delete from mo_catalog.mo_database; 49 delete from mo_catalog.mo_columns; 50 delete from mo_catalog.mo_indexes; 51 delete from mo_catalog.mo_table_partitions; 52 53 --内置数据库不能删除 54 drop database information_schema; 55 drop database mo_catalog; 56 drop database system; 57 drop database system_metrics; 58 59 --moadmin,public删除/回收 60 revoke moadmin,public from root; 61 select count(*) from mo_catalog.mo_role_privs where role_name in ('moadmin','public'); 62 drop role if exists moadmin,public; 63 select role_name from mo_role where role_name in('moadmin','public'); 64 65 --root/admin user修改/删除/授权 66 drop user if exists admin,root; 67 68 --accountadmin删除/回收,切换到普通account验证 69 create account inner_account ADMIN_NAME 'admin' IDENTIFIED BY '111'; 70 -- @session:id=2&user=inner_account:admin&password=123456 71 revoke accountadmin from admin; 72 select count(*) from mo_catalog.mo_role_privs where role_name in ('accountadmin'); 73 drop role if exists accountadmin; 74 select role_name from mo_catalog.mo_role where role_name in('accountadmin'); 75 -- @session 76 77 create table tb1( 78 deptno int unsigned, 79 dname varchar(15), 80 loc varchar(50), 81 unique key(deptno) 82 ); 83 select `name`,`type`,`name`,`is_visible`,`hidden`,`comment`,`column_name`,`ordinal_position`,`options` from mo_catalog.mo_indexes where table_id = (select rel_id from mo_catalog.mo_tables where relname = 'tb1'); 84 desc mo_catalog.mo_indexes; 85 86 CREATE TABLE trp ( 87 id INT NOT NULL, 88 fname VARCHAR(30), 89 lname VARCHAR(30), 90 hired DATE NOT NULL DEFAULT '1970-01-01', 91 separated DATE NOT NULL DEFAULT '9999-12-31', 92 job_code INT, 93 store_id INT 94 ) 95 PARTITION BY RANGE ( YEAR(separated) ) ( 96 PARTITION p0 VALUES LESS THAN (1991), 97 PARTITION p1 VALUES LESS THAN (1996), 98 PARTITION p2 VALUES LESS THAN (2001), 99 PARTITION p3 VALUES LESS THAN MAXVALUE 100 ); 101 select tbl.relname, part.number, part.name, part.description_utf8, part.comment, part.options, part.partition_table_name 102 from mo_catalog.mo_tables tbl left join mo_catalog.mo_table_partitions part on tbl.rel_id = part.table_id 103 where tbl.relname = 'trp'; 104 desc mo_catalog.mo_table_partitions; 105 106 --accountadmin删除/回收,切换到普通account验证 107 create account accx11 ADMIN_NAME 'admin' IDENTIFIED BY '111'; 108 -- @session:id=2&user=accx11:admin&password=123456 109 select `name`,`type`,`name`,`is_visible`,`hidden`,`comment`,`column_name`,`ordinal_position`,`options` from mo_catalog.mo_indexes where table_id = (select rel_id from mo_catalog.mo_tables where relname = 'tb1'); 110 desc mo_catalog.mo_indexes; 111 -- @session 112 113 drop account if exists account1; 114 drop account if exists inner_account; 115 drop account if exists accx11; 116 drop role if exists revoke_role_1; 117 set global enable_privilege_cache = on; 118 desc mo_catalog.mo_stages; 119 120 -- sys and non sys account admin user information_schema:columns,schemata,tables,views,partitions isolation 121 create account ac_1 ADMIN_NAME 'admin' IDENTIFIED BY '111'; 122 create database sys_db1; 123 create table sys_db1.sys_t1(c1 char); 124 create view sys_db1.sys_v1 as select * from sys_db1.sys_t1; 125 create table sys_db1.test01 ( 126 emp_no int not null, 127 birth_date date not null, 128 first_name varchar(14) not null, 129 last_name varchar(16) not null, 130 gender varchar(5) not null, 131 hire_date date not null, 132 primary key (emp_no) 133 ) partition by range columns (emp_no)( 134 partition p01 values less than (100001), 135 partition p02 values less than (200001), 136 partition p03 values less than (300001), 137 partition p04 values less than (400001) 138 ); 139 -- @session:id=3&user=ac_1:admin&password=111 140 create database ac_db; 141 create table ac_db.ac_t1(c1 int); 142 create view ac_db.ac_v1 as select * from ac_db.ac_t1; 143 create table ac_db.test02 ( 144 emp_no int not null, 145 birth_date date not null, 146 first_name varchar(14) not null, 147 last_name varchar(16) not null, 148 gender varchar(5) not null, 149 hire_date date not null, 150 primary key (emp_no) 151 ) partition by range columns (emp_no)( 152 partition p01 values less than (100001), 153 partition p02 values less than (200001), 154 partition p03 values less than (300001), 155 partition p04 values less than (400001) 156 ); 157 select table_catalog,table_schema,table_name,column_name from information_schema.columns where table_schema="ac_db" and table_name='ac_t1'; 158 select table_catalog,table_schema,table_name,column_name from information_schema.columns where table_schema="ac_db" and table_name='test02'; 159 select table_catalog,table_schema,table_name,column_name from information_schema.columns where table_schema="sys_db1"; 160 select count(*),table_name, column_name from information_schema.columns group by table_name, column_name having count(*)>1; 161 select * from information_schema.schemata where schema_name='ac_db'; 162 select * from information_schema.schemata where schema_name='sys_db1'; 163 select count(*),schema_name from information_schema.schemata group by schema_name having count(*)>1; 164 select table_schema,table_name from information_schema.tables where table_name='sys_t1'; 165 select table_schema,table_name from information_schema.tables where table_name='ac_t1'; 166 select count(*),table_name from information_schema.tables group by table_name having count(*) >1; 167 select * from information_schema.views where table_name='ac_v1'; 168 select * from information_schema.views where table_name='sys_v1'; 169 select count(*),table_name from information_schema.views group by table_name having count(*)>1; 170 select count(*) from information_schema.partitions where table_schema='ac_db' and table_name='test02'; 171 select table_schema,table_name,partition_name from information_schema.partitions where table_schema='sys_db1'; 172 select count(*),table_schema,table_name,partition_name from information_schema.partitions group by table_schema,table_name,partition_name having count(*) >1; 173 -- @session 174 select table_catalog,table_schema,table_name,column_name from information_schema.columns where table_name='ac_t1'; 175 select table_catalog,table_schema,table_name,column_name from information_schema.columns where table_name='sys_t1'; 176 select count(*),table_name, column_name from information_schema.columns group by table_name, column_name having count(*)>1; 177 select * from information_schema.schemata where schema_name='ac_db'; 178 select * from information_schema.schemata where schema_name='sys_db1'; 179 select count(*),schema_name from information_schema.schemata group by schema_name having count(*)>1; 180 select table_schema,table_name from information_schema.tables where table_name='sys_t1'; 181 select table_schema,table_name from information_schema.tables where table_name='ac_t1'; 182 select count(*),table_name from information_schema.tables group by table_name having count(*) >1; 183 select * from information_schema.views where table_name='sys_v1'; 184 select * from information_schema.views where table_name='ac_v1'; 185 select count(*),table_name from information_schema.views group by table_name having count(*)>1; 186 select count(*) from information_schema.partitions where table_schema='sys_db1' and table_name='test01'; 187 select table_schema,table_name from information_schema.partitions where table_schema='ac_db'; 188 select count(*),table_schema,table_name,partition_name from information_schema.partitions group by table_schema,table_name,partition_name having count(*) >1; 189 190 -- sys and non sys account non admin user information_schema:columns,schemata,tables,views,partitions isolation 191 create user 'sys_user' identified by '123456'; 192 create role 'sys_role'; 193 grant all on account * to 'sys_role'; 194 grant OWNERSHIP on database *.* to sys_role; 195 grant select on table *.* to sys_role; 196 grant sys_role to sys_user; 197 -- @session:id=3&user=ac_1:admin&password=111 198 create user 'ac_user' identified by '123456'; 199 create role 'ac_role'; 200 grant all on account * to 'ac_role'; 201 grant OWNERSHIP on database *.* to ac_role; 202 grant select on table *.* to ac_role; 203 grant ac_role to ac_user; 204 -- @session 205 -- @session:id=4&user=sys:sys_user:sys_role&password=123456 206 create database user_db; 207 create table user_db.user_t1(c1 int,c2 varchar); 208 create view user_db.sysuser_v1 as select * from user_db.user_t1; 209 create table user_db.test02 ( 210 emp_no int not null, 211 birth_date date not null, 212 first_name varchar(14) not null, 213 last_name varchar(16) not null, 214 gender varchar(5) not null, 215 hire_date date not null, 216 primary key (emp_no) 217 ) partition by range columns (emp_no)( 218 partition p01 values less than (100001), 219 partition p02 values less than (200001), 220 partition p03 values less than (300001), 221 partition p04 values less than (400001) 222 ); 223 -- @session 224 -- @session:id=5&user=ac_1:ac_user:ac_role&password=123456 225 create database acuser_db; 226 create table acuser_db.acuser_t1(c1 int,c2 varchar); 227 create view acuser_db.acuser_v1 as select * from acuser_db.acuser_t1; 228 create table acuser_db.test ( 229 emp_no int not null, 230 birth_date date not null, 231 first_name varchar(14) not null, 232 last_name varchar(16) not null, 233 gender varchar(5) not null, 234 hire_date date not null, 235 primary key (emp_no) 236 ) partition by range columns (emp_no)( 237 partition p01 values less than (100001), 238 partition p02 values less than (200001), 239 partition p03 values less than (300001), 240 partition p04 values less than (400001) 241 ); 242 select table_catalog,table_schema,table_name,column_name from information_schema.columns where table_schema="acuser_db" and table_name='acuser_t1'; 243 select table_catalog,table_schema,table_name,column_name from information_schema.columns where table_schema="user_db"; 244 select count(*),table_name, column_name from information_schema.columns group by table_name, column_name having count(*)>1; 245 select * from information_schema.schemata where schema_name='acuser_db'; 246 select * from information_schema.schemata where schema_name='user_db1'; 247 select count(*),schema_name from information_schema.schemata group by schema_name having count(*)>1; 248 select table_schema,table_name from information_schema.tables where table_name='user_t1'; 249 select table_schema,table_name from information_schema.tables where table_name='acuser_t1'; 250 select count(*),table_name from information_schema.tables group by table_name having count(*) >1; 251 select table_schema,table_name from information_schema.views where table_name='acuser_v1'; 252 select table_schema,table_name from information_schema.views where table_name='sysuser_v1'; 253 select count(*),table_name from information_schema.views group by table_name having count(*)>1; 254 select table_schema,table_name,partition_name from information_schema.partitions where table_schema='acuser_db'; 255 select table_schema,table_name,partition_name from information_schema.partitions where table_schema='user_db'; 256 select count(*),table_schema,table_name,partition_name from information_schema.partitions group by table_schema,table_name,partition_name having count(*) >1; 257 -- @session 258 -- @session:id=4&user=sys:sys_user:sys_role&password=123456 259 select table_catalog,table_schema,table_name,column_name from information_schema.columns where table_schema="user_db" and table_name='user_t1'; 260 select table_catalog,table_schema,table_name,column_name from information_schema.columns where table_schema="acuser_db"; 261 select count(*),table_name, column_name from information_schema.columns group by table_name, column_name having count(*)>1; 262 select * from information_schema.schemata where schema_name='acuser_db'; 263 select * from information_schema.schemata where schema_name='user_db'; 264 select count(*),schema_name from information_schema.schemata group by schema_name having count(*)>1; 265 select table_schema,table_name from information_schema.tables where table_name='user_t1'; 266 select table_schema,table_name from information_schema.tables where table_name='acuser_t1'; 267 select count(*),table_name from information_schema.tables group by table_name having count(*) >1; 268 select table_schema,table_name from information_schema.views where table_name='acuser_v1'; 269 select table_schema,table_name from information_schema.views where table_name='sysuser_v1'; 270 select count(*),table_name from information_schema.views group by table_name having count(*)>1; 271 select table_schema,table_name,partition_name from information_schema.partitions where table_schema='acuser_db'; 272 select table_schema,table_name,partition_name from information_schema.partitions where table_schema='user_db'; 273 select count(*),table_schema,table_name,partition_name from information_schema.partitions group by table_schema,table_name,partition_name having count(*) >1; 274 -- @session 275 276 drop database sys_db1; 277 drop database user_db; 278 drop account ac_1; 279 drop user sys_user; 280 drop role sys_role;