external
/
citus
mirror of https://github.com/citusdata/citus.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Grant usage on schema citus to public

pull/3075/head
Marco Slot 2019-10-04 10:49:54 +02:00
parent c15ddfb63f
commit 1a3a174f67
3 changed files with 38 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/backend/distributed/sql/citus--8.3-1--9.0-1.sql
View File

@ -17,6 +17,9 @@ ALTER FUNCTION citus.refresh_isolation_tester_prepared_statement SET SCHEMA citu
ALTER FUNCTION citus.replace_isolation_tester_func SET SCHEMA citus_internal; ALTER FUNCTION citus.replace_isolation_tester_func SET SCHEMA citus_internal;
ALTER FUNCTION citus.restore_isolation_tester_func SET SCHEMA citus_internal; ALTER FUNCTION citus.restore_isolation_tester_func SET SCHEMA citus_internal;
-- we can now safely grant usage on the citus schema to use types
GRANT USAGE ON SCHEMA citus TO public;
#include "udfs/pg_dist_shard_placement_trigger_func/9.0-1.sql" #include "udfs/pg_dist_shard_placement_trigger_func/9.0-1.sql"
CREATE OR REPLACE FUNCTION pg_catalog.worker_create_or_replace_object(statement text) CREATE OR REPLACE FUNCTION pg_catalog.worker_create_or_replace_object(statement text)

34
src/test/regress/expected/multi_multiuser.out
View File

@ -180,6 +180,32 @@ SELECT task_tracker_assign_task(1, 1, 'SELECT 1');
-- check read permission -- check read permission
SET ROLE read_access; SET ROLE read_access;
-- should be allowed to run commands, as the current user
SELECT result FROM run_command_on_workers($$SELECT current_user$$);
result
-------------
read_access
read_access
(2 rows)
SELECT result FROM run_command_on_placements('test', $$SELECT current_user$$);
result
-------------
read_access
read_access
read_access
read_access
(4 rows)
SELECT result FROM run_command_on_colocated_placements('test', 'test_coloc', $$SELECT current_user$$);
result
-------------
read_access
read_access
read_access
read_access
(4 rows)
EXECUTE prepare_insert(1); EXECUTE prepare_insert(1);
ERROR: permission denied for table test ERROR: permission denied for table test
EXECUTE prepare_select; EXECUTE prepare_select;
@ -402,7 +428,7 @@ INSERT INTO full_access_user_schema.t1 VALUES (1),(2),(3);
-- not allowed to create a table -- not allowed to create a table
SELECT create_distributed_table('full_access_user_schema.t1', 'id'); SELECT create_distributed_table('full_access_user_schema.t1', 'id');
ERROR: permission denied for schema full_access_user_schema ERROR: permission denied for schema full_access_user_schema
CONTEXT: while executing command on localhost:57637 CONTEXT: while executing command on localhost:57638
RESET ROLE; RESET ROLE;
-- now we distribute the table as super user -- now we distribute the table as super user
SELECT create_distributed_table('full_access_user_schema.t1', 'id'); SELECT create_distributed_table('full_access_user_schema.t1', 'id');
@ -536,7 +562,7 @@ ERROR: could not receive file "base/pgsql_job_cache/job_0042/task_000001/p_0000
-- different user should not be able to fetch partition file -- different user should not be able to fetch partition file
SET ROLE usage_access; SET ROLE usage_access;
SELECT worker_fetch_partition_file(42, 1, 1, 1, 'localhost', :worker_1_port); SELECT worker_fetch_partition_file(42, 1, 1, 1, 'localhost', :worker_1_port);
WARNING: could not open file "base/pgsql_job_cache/job_0042/task_000001/p_00001.17981": No such file or directory WARNING: could not open file "base/pgsql_job_cache/job_0042/task_000001/p_00001.17996": No such file or directory
CONTEXT: while executing command on localhost:57637 CONTEXT: while executing command on localhost:57637
ERROR: could not receive file "base/pgsql_job_cache/job_0042/task_000001/p_00001" from localhost:57637 ERROR: could not receive file "base/pgsql_job_cache/job_0042/task_000001/p_00001" from localhost:57637
-- only the user whom created the files should be able to fetch -- only the user whom created the files should be able to fetch
@ -575,7 +601,7 @@ RESET ROLE;
-- test that the super user is unable to read the contents of the intermediate file, -- test that the super user is unable to read the contents of the intermediate file,
-- although it does create the table -- although it does create the table
SELECT worker_merge_files_into_table(42, 1, ARRAY['a'], ARRAY['integer']); SELECT worker_merge_files_into_table(42, 1, ARRAY['a'], ARRAY['integer']);
WARNING: Task file "task_000001.17977" does not have expected suffix ".10" WARNING: Task file "task_000001.17982" does not have expected suffix ".10"
worker_merge_files_into_table worker_merge_files_into_table
------------------------------- -------------------------------
@ -617,7 +643,7 @@ SELECT worker_merge_files_and_run_query(42, 1,
'CREATE TABLE task_000001_merge(merge_column_0 int)', 'CREATE TABLE task_000001_merge(merge_column_0 int)',
'CREATE TABLE task_000001 (a) AS SELECT sum(merge_column_0) FROM task_000001_merge' 'CREATE TABLE task_000001 (a) AS SELECT sum(merge_column_0) FROM task_000001_merge'
); );
WARNING: Task file "task_000001.17977" does not have expected suffix ".10" WARNING: Task file "task_000001.17982" does not have expected suffix ".10"
worker_merge_files_and_run_query worker_merge_files_and_run_query
---------------------------------- ----------------------------------

5
src/test/regress/sql/multi_multiuser.sql
View File

@ -128,6 +128,11 @@ SELECT task_tracker_assign_task(1, 1, 'SELECT 1');
-- check read permission -- check read permission
SET ROLE read_access; SET ROLE read_access;
-- should be allowed to run commands, as the current user
SELECT result FROM run_command_on_workers($$SELECT current_user$$);
SELECT result FROM run_command_on_placements('test', $$SELECT current_user$$);
SELECT result FROM run_command_on_colocated_placements('test', 'test_coloc', $$SELECT current_user$$);
EXECUTE prepare_insert(1); EXECUTE prepare_insert(1);
EXECUTE prepare_select; EXECUTE prepare_select;