use of com.facebook.presto.spi.security.AccessDeniedException in project presto by prestodb.
the class TestFileBasedAccessControl method testSessionPropertyRules.
@Test
public void testSessionPropertyRules() throws IOException {
ConnectorAccessControl accessControl = createAccessControl("session_property.json");
accessControl.checkCanSetCatalogSessionProperty(user("admin"), "dangerous");
accessControl.checkCanSetCatalogSessionProperty(user("alice"), "safe");
accessControl.checkCanSetCatalogSessionProperty(user("alice"), "unsafe");
accessControl.checkCanSetCatalogSessionProperty(user("bob"), "safe");
try {
accessControl.checkCanSetCatalogSessionProperty(user("bob"), "unsafe");
fail();
} catch (AccessDeniedException e) {
// expected
}
try {
accessControl.checkCanSetCatalogSessionProperty(user("alice"), "dangerous");
fail();
} catch (AccessDeniedException e) {
// expected
}
try {
accessControl.checkCanSetCatalogSessionProperty(user("charlie"), "safe");
fail();
} catch (AccessDeniedException e) {
// expected
}
}
use of com.facebook.presto.spi.security.AccessDeniedException in project presto by prestodb.
the class TestFileBasedAccessControl method testTableRules.
@Test
public void testTableRules() throws IOException {
ConnectorAccessControl accessControl = createAccessControl("table.json");
accessControl.checkCanSelectFromTable(TRANSACTION_HANDLE, user("alice"), SchemaTableName.valueOf("test.test"));
accessControl.checkCanSelectFromTable(TRANSACTION_HANDLE, user("alice"), SchemaTableName.valueOf("bobschema.bobtable"));
accessControl.checkCanSelectFromTable(TRANSACTION_HANDLE, user("bob"), SchemaTableName.valueOf("bobschema.bobtable"));
accessControl.checkCanInsertIntoTable(TRANSACTION_HANDLE, user("bob"), SchemaTableName.valueOf("bobschema.bobtable"));
accessControl.checkCanDeleteFromTable(TRANSACTION_HANDLE, user("bob"), SchemaTableName.valueOf("bobschema.bobtable"));
accessControl.checkCanCreateViewWithSelectFromTable(TRANSACTION_HANDLE, user("bob"), SchemaTableName.valueOf("bobschema.bobtable"));
accessControl.checkCanDropTable(TRANSACTION_HANDLE, user("admin"), SchemaTableName.valueOf("bobschema.bobtable"));
try {
accessControl.checkCanInsertIntoTable(TRANSACTION_HANDLE, user("alice"), SchemaTableName.valueOf("bobschema.bobtable"));
fail();
} catch (AccessDeniedException e) {
// expected
}
try {
accessControl.checkCanDropTable(TRANSACTION_HANDLE, user("bob"), SchemaTableName.valueOf("bobschema.bobtable"));
fail();
} catch (AccessDeniedException e) {
// expected
}
try {
accessControl.checkCanInsertIntoTable(TRANSACTION_HANDLE, user("bob"), SchemaTableName.valueOf("test.test"));
fail();
} catch (AccessDeniedException e) {
// expected
}
try {
accessControl.checkCanSelectFromTable(TRANSACTION_HANDLE, user("admin"), SchemaTableName.valueOf("secret.secret"));
fail();
} catch (AccessDeniedException e) {
// expected
}
}
use of com.facebook.presto.spi.security.AccessDeniedException in project presto by prestodb.
the class TestFileBasedAccessControl method testSchemaRules.
@Test
public void testSchemaRules() throws IOException {
ConnectorAccessControl accessControl = createAccessControl("schema.json");
accessControl.checkCanCreateTable(TRANSACTION_HANDLE, user("admin"), SchemaTableName.valueOf("test.test"));
accessControl.checkCanCreateTable(TRANSACTION_HANDLE, user("bob"), SchemaTableName.valueOf("bob.test"));
try {
accessControl.checkCanCreateTable(TRANSACTION_HANDLE, user("bob"), SchemaTableName.valueOf("test.test"));
fail();
} catch (AccessDeniedException e) {
// expected
}
try {
accessControl.checkCanCreateTable(TRANSACTION_HANDLE, user("admin"), SchemaTableName.valueOf("secret.test"));
fail();
} catch (AccessDeniedException e) {
// expected
}
}
use of com.facebook.presto.spi.security.AccessDeniedException in project presto by prestodb.
the class TestAccessControlManager method testReadOnlySystemAccessControl.
@Test
public void testReadOnlySystemAccessControl() throws Exception {
Identity identity = new Identity(USER_NAME, Optional.of(PRINCIPAL));
QualifiedObjectName tableName = new QualifiedObjectName("catalog", "schema", "table");
TransactionManager transactionManager = createTestTransactionManager();
AccessControlManager accessControlManager = new AccessControlManager(transactionManager);
accessControlManager.setSystemAccessControl(ReadOnlySystemAccessControl.NAME, ImmutableMap.of());
accessControlManager.checkCanSetUser(PRINCIPAL, USER_NAME);
accessControlManager.checkCanSetSystemSessionProperty(identity, "property");
transaction(transactionManager, accessControlManager).execute(transactionId -> {
accessControlManager.checkCanSetCatalogSessionProperty(transactionId, identity, "catalog", "property");
accessControlManager.checkCanSelectFromTable(transactionId, identity, tableName);
accessControlManager.checkCanSelectFromView(transactionId, identity, tableName);
accessControlManager.checkCanCreateViewWithSelectFromTable(transactionId, identity, tableName);
accessControlManager.checkCanCreateViewWithSelectFromView(transactionId, identity, tableName);
accessControlManager.checkCanShowSchemas(transactionId, identity, "catalog");
accessControlManager.checkCanShowTables(transactionId, identity, new CatalogSchemaName("catalog", "schema"));
Set<String> catalogs = ImmutableSet.of("catalog");
assertEquals(accessControlManager.filterCatalogs(identity, catalogs), catalogs);
Set<String> schemas = ImmutableSet.of("schema");
assertEquals(accessControlManager.filterSchemas(transactionId, identity, "catalog", schemas), schemas);
Set<SchemaTableName> tableNames = ImmutableSet.of(new SchemaTableName("schema", "table"));
assertEquals(accessControlManager.filterTables(transactionId, identity, "catalog", tableNames), tableNames);
});
try {
transaction(transactionManager, accessControlManager).execute(transactionId -> {
accessControlManager.checkCanInsertIntoTable(transactionId, identity, tableName);
});
fail();
} catch (AccessDeniedException expected) {
}
}
Aggregations