Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[CBRD-25574] Add test case for When dropped user then remove related data on db_auth, db_authorization table #1950

Open
wants to merge 4 commits into
base: develop
Choose a base branch
from
Open

[CBRD-25574] Add test case for When dropped user then remove related data on db_auth, db_authorization table #1950

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
9254184
Add test case for CBRD-25574
swi0110 Nov 8, 2024
8ad32cb
reflected review
swi0110 Nov 22, 2024
d388284
reflected review
swi0110 Nov 25, 2024
8798b53
reflected review
swi0110 Nov 25, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
43 changes: 43 additions & 0 deletions sql/_35_fig_cake/cbrd_25574/answers/01_not_grant.answer
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
===================================================
0
===================================================
0
===================================================

create table u1.tbl

===================================================
0
===================================================
name
DBA
PUBLIC
U1
U2

===================================================

drop user u1, ERROR: Cannot drop the user who owns database objects

===================================================
Error:-837
===================================================

drop user u2, success

===================================================
0
===================================================
name
DBA
PUBLIC
U1

===================================================

Test done

===================================================
0
===================================================
0
85 changes: 85 additions & 0 deletions sql/_35_fig_cake/cbrd_25574/answers/02_drop_last_granted_user.answer
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,85 @@
===================================================
0
===================================================
0
===================================================
0
===================================================

create table u1.tbl, create javasp u1.hello

===================================================
0
===================================================
0
===================================================

connect to u1 & u2 grant to u1.tbl, u1.hello & u3 grant to u1.hello

===================================================

null

===================================================
0
===================================================
0
===================================================
0
===================================================

connect to u2 & u3 grant to u1.tbl

===================================================

null

===================================================
0
===================================================
grantor_name grantee_name object_type object_name owner_name auth_type is_grantable
U1 U2 CLASS tbl U1 SELECT YES
U1 U2 FUNCTION hello U1 EXECUTE NO
U1 U3 FUNCTION hello U1 EXECUTE NO
U2 U3 CLASS tbl U1 SELECT YES

===================================================
owner.name grants
DBA
U1
U2 null
U3 null
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

jdbc driver의 구현상의 문제로 db_authorization 테이블의 grants column은 출력되지 않습니다.


===================================================

connect to dba & drop user u3

===================================================

null

===================================================
0
===================================================
grantor_name grantee_name object_type object_name owner_name auth_type is_grantable
U1 U2 CLASS tbl U1 SELECT YES
U1 U2 FUNCTION hello U1 EXECUTE NO

===================================================
owner.name grants
DBA
U1
swi0110 marked this conversation as resolved.
Show resolved Hide resolved
U2 null

===================================================

Test done

===================================================
0
===================================================
0
===================================================
0
===================================================
0
136 changes: 136 additions & 0 deletions sql/_35_fig_cake/cbrd_25574/answers/03_drop_mid_granted_user.answer
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,136 @@
===================================================
0
===================================================
0
===================================================
0
===================================================
0
===================================================

create table u1.tbl, create javasp u1.hello, create u1.v1_tbl

===================================================
0
===================================================
0
===================================================
0
===================================================

connect to u1

===================================================

null

===================================================

u2 grant to u1.tbl (granted select twice, but duplicate granted does not work)

===================================================
0
===================================================
0
===================================================
grantor_name grantee_name object_type object_name owner_name auth_type is_grantable
U1 U2 CLASS tbl U1 SELECT YES

===================================================

u2 grant to u1.tbl (insert)

===================================================
0
===================================================

u2 grant to u1.hello, u3 grant to u1.v1_tbl

===================================================
0
===================================================
0
===================================================

connect u2 & u3 grant to u1.tbl (select, insert)

===================================================

null

===================================================
0
===================================================
0
===================================================

connect to u3 & u4 grant to u1.tbl

===================================================

null

===================================================
0
===================================================
grantor_name grantee_name object_type object_name owner_name auth_type is_grantable
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

GRANT EXECUTE ON PROCEDURE u1.hello TO u2; 수행 결과도 포함되어야 하는 것 아닌가요?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

지적 감사합니다.
해당 내용은 개발팀에 report하여 확인중입니다.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

해당 내용은 추후 spec 논의가 필요할 것으로 판단됩니다.
(관련 url: http://jira.cubrid.org/browse/CBRD-25580?focusedCommentId=4768802&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-4768802 )

따라서 현재 답지를 merge한 후, 추후 spec 논의 후 답지를 변경하는건 어떨까요?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

네, 알겠습니다.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@ssihil
개발팀하고 논의한 내용을 공유 드립니다.
해당 tc는 u3가 db_auth를 통해 자신이 부여 받았거나, 부여한 권한에 대해서 조회하는 내용입니다.
만약, 말씀하신 것 처럼, u3 계정에서 u2가 u1에게 받은 권한을 확인하게 된다면, 보안 이슈가 발생하게 됩니다.
따라서 u3계정에서 'u2가 u1으로부터 부여 받은 권한을 열람하는 것은 바람직하지 않은 것 같습니다.

향후 스펙 논의를 하게 될 경우, 현행 유지 또는 oracle과 유사한 방식으로 변경하는 두가지 관점에서 논의하게 될 것 같습니다.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

네, 알겠습니다.

U1 U2 CLASS tbl U1 SELECT YES
U1 U2 CLASS tbl U1 INSERT YES
U1 U3 VCLASS v1_tbl U1 SELECT NO
U2 U3 CLASS tbl U1 SELECT YES
U2 U3 CLASS tbl U1 INSERT NO
U3 U4 CLASS tbl U1 SELECT YES

===================================================
owner.name grants
DBA
U1
swi0110 marked this conversation as resolved.
Show resolved Hide resolved
U2 null
U3 null
U4 null

===================================================

connect to dba & drop user u2

===================================================

null

===================================================
0
===================================================
grantor_name grantee_name object_type object_name owner_name auth_type is_grantable
U1 U3 VCLASS v1_tbl U1 SELECT NO

===================================================
owner.name grants
DBA
U1
U3 null
U4
swi0110 marked this conversation as resolved.
Show resolved Hide resolved

===================================================
name
DBA
PUBLIC
U1
U3
U4

===================================================

Test done

===================================================
0
===================================================
0
===================================================
0
===================================================
0
===================================================
0
===================================================
0
85 changes: 85 additions & 0 deletions sql/_35_fig_cake/cbrd_25574/answers/04_drop_user_granted_partition_table.answer
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,85 @@
===================================================
0
===================================================
0
===================================================

connect to u1 & create partition table t1_r, t1_h, t1_l

===================================================

null

===================================================
0
===================================================
0
===================================================
0
===================================================

u2 grant to t1_r, t1_h, t1_l

===================================================
0
===================================================
0
===================================================
0
===================================================

ERROR: Invalid partition requests

===================================================
Error:-494
===================================================
grantor_name grantee_name object_type object_name owner_name auth_type is_grantable
U1 U2 CLASS t1_h U1 SELECT YES
U1 U2 CLASS t1_h__p__p0 U1 SELECT YES
U1 U2 CLASS t1_h__p__p1 U1 SELECT YES
U1 U2 CLASS t1_l U1 SELECT YES
U1 U2 CLASS t1_l U1 ALTER YES
U1 U2 CLASS t1_l__p__p0 U1 SELECT YES
U1 U2 CLASS t1_l__p__p0 U1 ALTER YES
U1 U2 CLASS t1_l__p__p1 U1 SELECT YES
U1 U2 CLASS t1_l__p__p1 U1 ALTER YES
U1 U2 CLASS t1_r U1 SELECT YES
U1 U2 CLASS t1_r__p__p0 U1 SELECT YES
U1 U2 CLASS t1_r__p__p1 U1 SELECT YES

===================================================
owner.name grants
DBA
U1
swi0110 marked this conversation as resolved.
Show resolved Hide resolved
U2 null

===================================================

connect to dba & drop user u2

===================================================

null

===================================================
0
===================================================
grantor_name grantee_name object_type object_name owner_name auth_type is_grantable

===================================================
owner.name grants
DBA
U1
swi0110 marked this conversation as resolved.
Show resolved Hide resolved

===================================================

Test done

===================================================
0
===================================================
0
===================================================
0
===================================================
0
27 changes: 27 additions & 0 deletions sql/_35_fig_cake/cbrd_25574/cases/01_not_grant.sql
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
/* Verified the CBRD-25574
As-is: if dropped user then set 'NULL' related data on the db_auth, db_authorization table
To-be: if dropped user then remove the related data on the db_auth, db_authorization table
*/


create user u1;
create user u2;

evaluate 'create table u1.tbl';
create table u1.tbl (col1 int);

select name from db_user order by name;

evaluate 'drop user u1, ERROR: Cannot drop the user who owns database objects';
drop user u1;


evaluate 'drop user u2, success';
drop user u2;

select name from db_user order by name;


evaluate 'Test done';
drop table u1.tbl;
drop user u1;
Loading