Example 66 with SystemAccessControl
use of io.trino.spi.security.SystemAccessControl in project trino by trinodb.
the class TestFileBasedSystemAccessControl method testTableRulesForCheckCanGrantTablePrivilege.
@Test
public void testTableRulesForCheckCanGrantTablePrivilege() {
SystemAccessControl accessControl = newFileBasedSystemAccessControl("file-based-system-access-table.json");
accessControl.checkCanGrantTablePrivilege(ADMIN, Privilege.DELETE, new CatalogSchemaTableName("some-catalog", "bobschema", "bobtable"), null, false);
assertAccessDenied(() -> accessControl.checkCanGrantTablePrivilege(BOB, Privilege.DELETE, new CatalogSchemaTableName("some-catalog", "bobschema", "bobtable"), null, false), GRANT_DELETE_PRIVILEGE_ACCESS_DENIED_MESSAGE);
}
Also used :
SystemAccessControl(io.trino.spi.security.SystemAccessControl)
CatalogSchemaTableName(io.trino.spi.connector.CatalogSchemaTableName)
Test(org.testng.annotations.Test)
Example 67 with SystemAccessControl
use of io.trino.spi.security.SystemAccessControl in project trino by trinodb.
the class TestFileBasedSystemAccessControl method testTableRulesForCheckCanDropMaterializedView.
@Test
public void testTableRulesForCheckCanDropMaterializedView() {
SystemAccessControl accessControl = newFileBasedSystemAccessControl("file-based-system-access-table.json");
accessControl.checkCanDropMaterializedView(ADMIN, new CatalogSchemaTableName("some-catalog", "bobschema", "bob-materialized-view"));
assertAccessDenied(() -> accessControl.checkCanDropMaterializedView(BOB, new CatalogSchemaTableName("some-catalog", "bobschema", "bob-materialized-view")), DROP_MATERIALIZED_VIEW_ACCESS_DENIED_MESSAGE);
}
Also used :
SystemAccessControl(io.trino.spi.security.SystemAccessControl)
CatalogSchemaTableName(io.trino.spi.connector.CatalogSchemaTableName)
Test(org.testng.annotations.Test)
Example 68 with SystemAccessControl
use of io.trino.spi.security.SystemAccessControl in project trino by trinodb.
the class TestFileBasedSystemAccessControl method testTableRulesForFilterColumnsWithNoAccess.
@Test
public void testTableRulesForFilterColumnsWithNoAccess() {
SystemAccessControl accessControl = newFileBasedSystemAccessControl("file-based-system-no-access.json");
assertEquals(accessControl.filterColumns(BOB, new CatalogSchemaTableName("some-catalog", "bobschema", "bobtable"), ImmutableSet.of("a")), ImmutableSet.of());
}
Also used :
SystemAccessControl(io.trino.spi.security.SystemAccessControl)
CatalogSchemaTableName(io.trino.spi.connector.CatalogSchemaTableName)
Test(org.testng.annotations.Test)
Aggregations
SystemAccessControl (io.trino.spi.security.SystemAccessControl)68
Test (org.testng.annotations.Test)59
CatalogSchemaTableName (io.trino.spi.connector.CatalogSchemaTableName)36
CatalogSchemaName (io.trino.spi.connector.CatalogSchemaName)12
TrinoPrincipal (io.trino.spi.security.TrinoPrincipal)12
SystemSecurityContext (io.trino.spi.security.SystemSecurityContext)10
AllowAllSystemAccessControl (io.trino.plugin.base.security.AllowAllSystemAccessControl)9
DefaultSystemAccessControl (io.trino.plugin.base.security.DefaultSystemAccessControl)9
FileBasedSystemAccessControl (io.trino.plugin.base.security.FileBasedSystemAccessControl)9
ReadOnlySystemAccessControl (io.trino.plugin.base.security.ReadOnlySystemAccessControl)9
ForwardingSystemAccessControl (io.trino.plugin.base.security.ForwardingSystemAccessControl)8
AccessDeniedException (io.trino.spi.security.AccessDeniedException)8
ViewExpression (io.trino.spi.security.ViewExpression)5
File (java.io.File)4
Files.newTemporaryFile (org.assertj.core.util.Files.newTemporaryFile)4
SchemaTableName (io.trino.spi.connector.SchemaTableName)3
SystemAccessControlFactory (io.trino.spi.security.SystemAccessControlFactory)3
ImmutableList (com.google.common.collect.ImmutableList)2
ImmutableList.toImmutableList (com.google.common.collect.ImmutableList.toImmutableList)2
ThreadContextClassLoader (io.trino.spi.classloader.ThreadContextClassLoader)2
