-
Notifications
You must be signed in to change notification settings - Fork 43
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[CBRD-24519] Add test case for PL/CSQL test cases 15 (feature/plcsql-p1) #1901
base: feature/plcsql-p1
Are you sure you want to change the base?
[CBRD-24519] Add test case for PL/CSQL test cases 15 (feature/plcsql-p1) #1901
Conversation
|
||
=================================================== | ||
Grants for DBA | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@hgryoo
이 결과는 dba에 grant를 수행한 후, show grants for dba를 수행한 결과입니다.
DBA는 권한을 부여할 필요가 없으니 결과상 문제는 없는 것 같은데, 의도하신 바가 맞는지 확인 부탁드립니다.
GRANT EXECUTE ON PROCEDURE t1.sp2 TO dba;
SHOW GRANTS FOR DBA;
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
질문주셨던 부분이 OUTDATED 되어 있어서요. 현재 코드에서 어떤 부분일까요?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
아 파일명이 바뀌면서 Outdated가 되었네요
테스트 쿼리 전문을 comment로 남기겠습니다.
아래의 테스트 쿼리는 '01_grant_plcsql.sql' 테스트 파일의 쿼리 일부 입니다.
- t1 계정을 만들고, t1.sp2()를 생성합니다.
- 이 t1.sp2()에 GRANT EXECUTE ON PROCEDURE t1.sp2 TO dba;를 수행합니다.
- 이후 SHOW GRANTS FOR DBA;를 수행하면, '01_grant_plcsql.answer'파일의 27번째 라인과 같이 dba에 부여된 grant 계정의 결과를 확인할 수 없습니다.
-- 테스트 쿼리
CREATE USER t1 GROUPS dba;
CREATE OR REPLACE FUNCTION t1.sp2() return varchar as
begin
return 't1 hello';
end;
GRANT EXECUTE ON PROCEDURE t1.sp2 TO dba;
SHOW GRANTS FOR DBA;
-- 결과
Grants for DBA
sql/_05_plcsql/_01_testspec/_04_expression/_22_grant/answers/02_grant_javasp.answer 가 비어있습니다. |
추가했습니다. |
sql/_05_plcsql/_01_testspec/_04_expression/_22_grant/cases/01_grant_plcsql.sql
Outdated
Show resolved
Hide resolved
sql/_05_plcsql/_01_testspec/_04_expression/_22_grant/cases/01_grant_plcsql.sql
Outdated
Show resolved
Hide resolved
return 'hello'; | ||
end; | ||
|
||
-- bug, If use the command a 'show grant' on the not DBA user group, that return a error |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"03_error_permission.sql" 파일에 dba 그룹이 아닌 user를 생성하고, show grant 명령을 실행하는 TC 추가하고, 해당 주석은 삭제해 주세요.
추가한 TC에 bug로 주석 작성해 주세요.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
확인 했습니다
의견 감사합니다.
-- REVOKE test (verify with CBRD-25506) | ||
REVOKE EXECUTE ON PROCEDURE sp1 FROM t1; | ||
SHOW GRANTS FOR T1; | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
revoke 명령 실행하기 전에 dba계정에서 user를 drop하는 TC 추가해 주세요.
결과에 대해서 개발팀에 정상적으로 처리된 것인지 확인해 주세요. ( 에러메세지 출력 또는 user 정상적으로 drop )
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
확인 했습니다.
의견 감사합니다.
evaluate('Comparison to table and sp grant/revoke'); | ||
CREATE TABLE u1.tbl1 (a INT); | ||
|
||
GRANT EXECUTE ON u1.tbl1 TO u2; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
grant, revoe 명령 실행시마다, db_atuh 테이블에서 권한지정 데이타 확인 쿼리 추가할것
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
의견 감사합니다
return 'hello'; | ||
end; | ||
|
||
GRANT EXECUTE ON PROCEDURE u1.test1 TO u2; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
grant, revoe 명령 실행시마다, db_atuh 테이블에서 권한지정 데이타 확인 쿼리 추가할것
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
의견 감사합니다
GRANT EXECUTE ON u1.tbl1 TO u1; | ||
|
||
-- Execute OK. but no operate because u2 does not have permission on tb1 | ||
GRANT EXECUTE ON u1.tbl1 TO u2; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
권한이 없는 u1.tbl1에 대해서 자기자신에게 권한을 부여하는 경우 에러인지? 정상처리가 맞는 것인지 개발팀에 확인 필요 ( 바로 아래 procedure 권한 부여하는 것도 동일 )
확인후에 bug 표시 작성여부 판단
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
이 부분은 확인해서, 공유하도록 하겠습니다
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
이 문제는 legacy issue로 http://jira.cubrid.org/browse/CBRD-25585 에서 진행합니다.
SHOW GRANTS FOR u2; | ||
-- ERROR: Cannot revoke privileges from self | ||
REVOKE EXECUTE ON PROCEDURE u1.test1 FROM u2; | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
에러케이스 추가
"show grant for 없는user명;" 에러발생 및 메세지 확인
grant / revoke 오탈자 명령 실행에 따른 에러메세지 확인
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
몇가지 scenario를 추가해봤습니다.
혹시 추가로 아이디어 있으시면, 공유 부탁드립니다.
Refer to http://jira.cubrid.org/browse/CBRD-25499, http://jira.cubrid.org/browse/CBRD-25506