You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@iotdb.apache.org by qi...@apache.org on 2022/08/29 04:16:10 UTC
[iotdb] branch master updated: [IOTDB-2760][IOTDB-2769][IOTDB-3302] Fix some auth problems and add Auth IT test. (#7134)
This is an automated email from the ASF dual-hosted git repository.
qiaojialin pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/iotdb.git
The following commit(s) were added to refs/heads/master by this push:
new 2a5efd828e [IOTDB-2760][IOTDB-2769][IOTDB-3302] Fix some auth problems and add Auth IT test. (#7134)
2a5efd828e is described below
commit 2a5efd828ebb25b73ca2d10e59f2ae0ee4cd03e7
Author: ZhangHongYin <46...@users.noreply.github.com>
AuthorDate: Mon Aug 29 12:16:03 2022 +0800
[IOTDB-2760][IOTDB-2769][IOTDB-3302] Fix some auth problems and add Auth IT test. (#7134)
---
.../java/org/apache/iotdb/it/env/AbstractEnv.java | 28 +-
.../org/apache/iotdb/it/env/RemoteServerEnv.java | 11 +-
.../java/org/apache/iotdb/itbase/env/BaseEnv.java | 13 +-
.../java/org/apache/iotdb/db/it/IoTDBAuthIT.java | 807 +++++++++++++++++++--
.../org/apache/iotdb/db/it/IoTDBConfigNodeIT.java | 4 +-
.../org/apache/iotdb/db/it/env/StandaloneEnv.java | 12 +-
.../iotdb/db/integration/IoTDBAuthorizationIT.java | 699 ++++--------------
.../iotdb/db/localconfignode/LocalConfigNode.java | 4 +-
.../iotdb/db/mpp/plan/parser/ASTVisitor.java | 4 +-
.../db/mpp/plan/statement/sys/AuthorStatement.java | 10 +-
.../apache/iotdb/db/qp/executor/PlanExecutor.java | 4 +-
.../iotdb/db/qp/logical/sys/AuthorOperator.java | 12 +-
.../iotdb/db/qp/physical/sys/AuthorPlan.java | 12 +-
.../apache/iotdb/db/qp/sql/IoTDBSqlVisitor.java | 5 +-
.../db/service/thrift/impl/TSServiceImpl.java | 4 +
15 files changed, 992 insertions(+), 637 deletions(-)
diff --git a/integration-test/src/main/java/org/apache/iotdb/it/env/AbstractEnv.java b/integration-test/src/main/java/org/apache/iotdb/it/env/AbstractEnv.java
index 71c13f51ac..27fa715055 100644
--- a/integration-test/src/main/java/org/apache/iotdb/it/env/AbstractEnv.java
+++ b/integration-test/src/main/java/org/apache/iotdb/it/env/AbstractEnv.java
@@ -235,8 +235,9 @@ public abstract class AbstractEnv implements BaseEnv {
}
@Override
- public Connection getConnection() throws SQLException {
- return new ClusterTestConnection(getWriteConnection(null), getReadConnections(null));
+ public Connection getConnection(String username, String password) throws SQLException {
+ return new ClusterTestConnection(
+ getWriteConnection(null, username, password), getReadConnections(null, username, password));
}
private Connection getConnection(String endpoint, int queryTimeout) throws SQLException {
@@ -252,15 +253,19 @@ public abstract class AbstractEnv implements BaseEnv {
}
@Override
- public Connection getConnection(Constant.Version version) throws SQLException {
+ public Connection getConnection(Constant.Version version, String username, String password)
+ throws SQLException {
if (System.getProperty("ReadAndVerifyWithMultiNode", "true").equalsIgnoreCase("true")) {
- return new ClusterTestConnection(getWriteConnection(version), getReadConnections(version));
+ return new ClusterTestConnection(
+ getWriteConnection(version, username, password),
+ getReadConnections(version, username, password));
} else {
- return getWriteConnection(version).getUnderlyingConnecton();
+ return getWriteConnection(version, username, password).getUnderlyingConnecton();
}
}
- protected NodeConnection getWriteConnection(Constant.Version version) throws SQLException {
+ protected NodeConnection getWriteConnection(
+ Constant.Version version, String username, String password) throws SQLException {
DataNodeWrapper dataNode;
if (System.getProperty("RandomSelectWriteNode", "true").equalsIgnoreCase("true")) {
@@ -274,8 +279,8 @@ public abstract class AbstractEnv implements BaseEnv {
Connection writeConnection =
DriverManager.getConnection(
Config.IOTDB_URL_PREFIX + endpoint + getParam(version, NODE_NETWORK_TIMEOUT_MS),
- System.getProperty("User", "root"),
- System.getProperty("Password", "root"));
+ System.getProperty("User", username),
+ System.getProperty("Password", password));
return new NodeConnection(
endpoint,
NodeConnection.NodeRole.DATA_NODE,
@@ -283,7 +288,8 @@ public abstract class AbstractEnv implements BaseEnv {
writeConnection);
}
- protected List<NodeConnection> getReadConnections(Constant.Version version) throws SQLException {
+ protected List<NodeConnection> getReadConnections(
+ Constant.Version version, String username, String password) throws SQLException {
List<String> endpoints = new ArrayList<>();
ParallelRequestDelegate<NodeConnection> readConnRequestDelegate =
new ParallelRequestDelegate<>(endpoints, NODE_START_TIMEOUT);
@@ -295,8 +301,8 @@ public abstract class AbstractEnv implements BaseEnv {
Connection readConnection =
DriverManager.getConnection(
Config.IOTDB_URL_PREFIX + endpoint + getParam(version, NODE_NETWORK_TIMEOUT_MS),
- System.getProperty("User", "root"),
- System.getProperty("Password", "root"));
+ System.getProperty("User", username),
+ System.getProperty("Password", password));
return new NodeConnection(
endpoint,
NodeConnection.NodeRole.DATA_NODE,
diff --git a/integration-test/src/main/java/org/apache/iotdb/it/env/RemoteServerEnv.java b/integration-test/src/main/java/org/apache/iotdb/it/env/RemoteServerEnv.java
index 23c0a41f8d..54f7c4d310 100644
--- a/integration-test/src/main/java/org/apache/iotdb/it/env/RemoteServerEnv.java
+++ b/integration-test/src/main/java/org/apache/iotdb/it/env/RemoteServerEnv.java
@@ -70,13 +70,13 @@ public class RemoteServerEnv implements BaseEnv {
public void cleanAfterTest() {}
@Override
- public Connection getConnection() throws SQLException {
+ public Connection getConnection(String username, String password) throws SQLException {
Connection connection = null;
try {
Class.forName(Config.JDBC_DRIVER_NAME);
connection =
DriverManager.getConnection(
- Config.IOTDB_URL_PREFIX + ip_addr + ":" + port, user, password);
+ Config.IOTDB_URL_PREFIX + ip_addr + ":" + port, this.user, this.password);
} catch (ClassNotFoundException e) {
e.printStackTrace();
fail();
@@ -85,7 +85,8 @@ public class RemoteServerEnv implements BaseEnv {
}
@Override
- public Connection getConnection(Constant.Version version) throws SQLException {
+ public Connection getConnection(Constant.Version version, String username, String password)
+ throws SQLException {
Connection connection = null;
try {
Class.forName(Config.JDBC_DRIVER_NAME);
@@ -99,8 +100,8 @@ public class RemoteServerEnv implements BaseEnv {
+ VERSION
+ "="
+ version.toString(),
- user,
- password);
+ this.user,
+ this.password);
} catch (ClassNotFoundException e) {
e.printStackTrace();
fail();
diff --git a/integration-test/src/main/java/org/apache/iotdb/itbase/env/BaseEnv.java b/integration-test/src/main/java/org/apache/iotdb/itbase/env/BaseEnv.java
index 1f7f43cc47..32b6c56b1e 100644
--- a/integration-test/src/main/java/org/apache/iotdb/itbase/env/BaseEnv.java
+++ b/integration-test/src/main/java/org/apache/iotdb/itbase/env/BaseEnv.java
@@ -38,9 +38,18 @@ public interface BaseEnv {
void cleanAfterTest();
- Connection getConnection() throws SQLException;
+ default Connection getConnection() throws SQLException {
+ return getConnection("root", "root");
+ }
- Connection getConnection(Constant.Version version) throws SQLException;
+ Connection getConnection(String username, String password) throws SQLException;
+
+ default Connection getConnection(Constant.Version version) throws SQLException {
+ return getConnection(version, "root", "root");
+ }
+
+ Connection getConnection(Constant.Version version, String username, String password)
+ throws SQLException;
void setTestMethodName(String testCaseName);
diff --git a/integration-test/src/test/java/org/apache/iotdb/db/it/IoTDBAuthIT.java b/integration-test/src/test/java/org/apache/iotdb/db/it/IoTDBAuthIT.java
index 1576c8ee2e..37adb50b26 100644
--- a/integration-test/src/test/java/org/apache/iotdb/db/it/IoTDBAuthIT.java
+++ b/integration-test/src/test/java/org/apache/iotdb/db/it/IoTDBAuthIT.java
@@ -24,16 +24,25 @@ import org.apache.iotdb.it.framework.IoTDBTestRunner;
import org.apache.iotdb.itbase.category.ClusterIT;
import org.apache.iotdb.itbase.category.LocalStandaloneIT;
-import org.junit.AfterClass;
-import org.junit.BeforeClass;
+import org.junit.After;
+import org.junit.Assert;
+import org.junit.Before;
import org.junit.Test;
import org.junit.experimental.categories.Category;
import org.junit.runner.RunWith;
+import java.sql.BatchUpdateException;
import java.sql.Connection;
+import java.sql.ResultSet;
+import java.sql.ResultSetMetaData;
import java.sql.SQLException;
import java.sql.Statement;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.List;
+import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
@@ -41,72 +50,782 @@ import static org.junit.Assert.fail;
@RunWith(IoTDBTestRunner.class)
@Category({LocalStandaloneIT.class, ClusterIT.class})
public class IoTDBAuthIT {
- private static Statement statement;
- private static Connection connection;
- @BeforeClass
- public static void setUp() throws Exception {
- EnvFactory.getEnv().initBeforeClass();
- connection = EnvFactory.getEnv().getConnection();
- statement = connection.createStatement();
+ @Before
+ public void setUp() throws Exception {
+ EnvFactory.getEnv().initBeforeTest();
}
- @AfterClass
- public static void tearDown() throws Exception {
- statement.close();
- connection.close();
- EnvFactory.getEnv().cleanAfterClass();
+ @After
+ public void tearDown() throws Exception {
+ EnvFactory.getEnv().cleanAfterTest();
}
@Test
- public void testGrantRevokeUser() {
+ public void allPrivilegesTest() throws SQLException {
+ try (Connection adminCon = EnvFactory.getEnv().getConnection();
+ Statement adminStmt = adminCon.createStatement()) {
+ adminStmt.execute("CREATE USER tempuser 'temppw'");
+
+ try (Connection userCon = EnvFactory.getEnv().getConnection("tempuser", "temppw");
+ Statement userStmt = userCon.createStatement()) {
+
+ Assert.assertThrows(
+ SQLException.class, () -> userStmt.execute("SET STORAGE GROUP TO root.a"));
+ Assert.assertThrows(
+ SQLException.class,
+ () ->
+ userStmt.execute("CREATE TIMESERIES root.a.b WITH DATATYPE=INT32,ENCODING=PLAIN"));
+ Assert.assertThrows(
+ SQLException.class,
+ () -> userStmt.execute("INSERT INTO root.a(timestamp, b) VALUES (100, 100)"));
+ Assert.assertThrows(
+ SQLException.class,
+ () -> userStmt.execute("GRANT USER tempuser PRIVILEGES CREATE_TIMESERIES ON root.a"));
+
+ adminStmt.execute("GRANT USER tempuser PRIVILEGES ALL on root.**");
+
+ userStmt.execute("SET STORAGE GROUP TO root.a");
+ userStmt.execute("CREATE TIMESERIES root.a.b WITH DATATYPE=INT32,ENCODING=PLAIN");
+ userStmt.execute("INSERT INTO root.a(timestamp, b) VALUES (100, 100)");
+ userStmt.execute("SELECT * from root.a");
+ userStmt.execute("GRANT USER tempuser PRIVILEGES SET_STORAGE_GROUP ON root.a");
+ userStmt.execute("GRANT USER tempuser PRIVILEGES CREATE_TIMESERIES ON root.b.b");
+
+ adminStmt.execute("REVOKE USER tempuser PRIVILEGES ALL on root.**");
+ adminStmt.execute("REVOKE USER tempuser PRIVILEGES CREATE_TIMESERIES ON root.b.b");
+
+ Assert.assertThrows(
+ SQLException.class, () -> userStmt.execute("SET STORAGE GROUP TO root.b"));
+ Assert.assertThrows(
+ SQLException.class,
+ () ->
+ userStmt.execute("CREATE TIMESERIES root.b.b WITH DATATYPE=INT32,ENCODING=PLAIN"));
+ Assert.assertThrows(
+ SQLException.class,
+ () -> userStmt.execute("INSERT INTO root.b(timestamp, b) VALUES (100, 100)"));
+ Assert.assertThrows(SQLException.class, () -> userStmt.execute("SELECT * from root.a"));
+ Assert.assertThrows(
+ SQLException.class,
+ () -> userStmt.execute("GRANT USER tempuser PRIVILEGES CREATE_TIMESERIES ON root.a"));
+ }
+ }
+ }
+
+ @Test
+ public void testSetDeleteSG() throws SQLException {
+ try (Connection adminCon = EnvFactory.getEnv().getConnection();
+ Statement adminStmt = adminCon.createStatement()) {
+ adminStmt.execute("CREATE USER sgtest 'sgtest'");
+
+ try (Connection userCon = EnvFactory.getEnv().getConnection("sgtest", "sgtest");
+ Statement userStmt = userCon.createStatement()) {
+
+ Assert.assertThrows(
+ SQLException.class, () -> userStmt.execute("SET STORAGE GROUP TO root.sgtest"));
+
+ adminStmt.execute("GRANT USER sgtest PRIVILEGES SET_STORAGE_GROUP ON root.*");
+
+ try {
+ userStmt.execute("SET STORAGE GROUP TO root.sgtest");
+ } catch (SQLException e) {
+ fail(e.getMessage());
+ }
+
+ Assert.assertThrows(
+ SQLException.class, () -> userStmt.execute("DELETE STORAGE GROUP root.sgtest"));
+
+ adminStmt.execute("GRANT USER sgtest PRIVILEGES DELETE_STORAGE_GROUP ON root.*");
+
+ try {
+ userStmt.execute("DELETE STORAGE GROUP root.sgtest");
+ } catch (SQLException e) {
+ fail(e.getMessage());
+ }
+ }
+ }
+ }
+
+ @Test
+ public void illegalPasswordTest() throws SQLException {
+ try (Connection adminCon = EnvFactory.getEnv().getConnection();
+ Statement adminStmt = adminCon.createStatement()) {
+ Assert.assertThrows(
+ SQLException.class, () -> adminStmt.execute("CREATE USER tempuser 'temppw '"));
+ }
+
+ try (Connection adminCon = EnvFactory.getEnv().getConnection();
+ Statement adminStmt = adminCon.createStatement()) {
+ Assert.assertThrows(SQLException.class, () -> adminStmt.execute("CREATE USER tempuser 'te'"));
+ }
+ }
+
+ @Test
+ public void updatePasswordTest() throws SQLException {
+ try (Connection adminCon = EnvFactory.getEnv().getConnection();
+ Statement adminStmt = adminCon.createStatement()) {
+ adminStmt.execute("CREATE USER tempuser 'temppw'");
+ Connection userCon = EnvFactory.getEnv().getConnection("tempuser", "temppw");
+ userCon.close();
+
+ adminStmt.execute("ALTER USER tempuser SET PASSWORD 'newpw'");
+
+ boolean caught = false;
+ try {
+ userCon = EnvFactory.getEnv().getConnection("tempuser", "temppw");
+ } catch (SQLException e) {
+ caught = true;
+ } finally {
+ userCon.close();
+ }
+ assertTrue(caught);
+
+ userCon = EnvFactory.getEnv().getConnection("tempuser", "newpw");
+
+ userCon.close();
+ }
+ }
+
+ @Test
+ public void illegalGrantRevokeUserTest() throws SQLException {
+ try (Connection adminCon = EnvFactory.getEnv().getConnection();
+ Statement adminStmt = adminCon.createStatement()) {
+ adminStmt.execute("CREATE USER tempuser 'temppw'");
+
+ try (Connection userCon = EnvFactory.getEnv().getConnection("tempuser", "temppw");
+ Statement userStmt = userCon.createStatement()) {
+
+ // grant a non-existing user
+ Assert.assertThrows(
+ SQLException.class,
+ () -> adminStmt.execute("GRANT USER nulluser PRIVILEGES SET_STORAGE_GROUP on root.a"));
+ // grant a non-existing privilege
+ Assert.assertThrows(
+ SQLException.class,
+ () -> adminStmt.execute("GRANT USER tempuser PRIVILEGES NOT_A_PRIVILEGE on root.a"));
+ // duplicate grant
+ adminStmt.execute("GRANT USER tempuser PRIVILEGES CREATE_USER on root.**");
+ Assert.assertThrows(
+ SQLException.class,
+ () -> adminStmt.execute("GRANT USER tempuser PRIVILEGES CREATE_USER on root.**"));
+ // grant on a illegal seriesPath
+ Assert.assertThrows(
+ SQLException.class,
+ () -> adminStmt.execute("GRANT USER tempuser PRIVILEGES DELETE_TIMESERIES on a.b"));
+ // grant admin
+ Assert.assertThrows(
+ SQLException.class,
+ () -> adminStmt.execute("GRANT USER root PRIVILEGES DELETE_TIMESERIES on root.a.b"));
+ // no privilege to grant
+ Assert.assertThrows(
+ SQLException.class,
+ () -> userStmt.execute("GRANT USER tempuser PRIVILEGES DELETE_TIMESERIES on root.a.b"));
+ // revoke a non-existing privilege
+ adminStmt.execute("REVOKE USER tempuser PRIVILEGES CREATE_USER on root.**");
+ Assert.assertThrows(
+ SQLException.class,
+ () -> adminStmt.execute("REVOKE USER tempuser PRIVILEGES CREATE_USER on root.**"));
+ // revoke a non-existing user
+ Assert.assertThrows(
+ SQLException.class,
+ () -> adminStmt.execute("REVOKE USER tempuser1 PRIVILEGES CREATE_USER on root.**"));
+ // revoke on a illegal seriesPath
+ Assert.assertThrows(
+ SQLException.class,
+ () -> adminStmt.execute("REVOKE USER tempuser PRIVILEGES DELETE_TIMESERIES on a.b"));
+ // revoke admin
+ Assert.assertThrows(
+ SQLException.class,
+ () -> adminStmt.execute("REVOKE USER root PRIVILEGES DELETE_TIMESERIES on root.a.b"));
+ // no privilege to revoke
+ Assert.assertThrows(
+ SQLException.class,
+ () ->
+ userStmt.execute("REVOKE USER tempuser PRIVILEGES DELETE_TIMESERIES on root.a.b"));
+ // grant privilege to grant
+ Assert.assertThrows(
+ SQLException.class,
+ () -> userStmt.execute("GRANT USER tempuser PRIVILEGES DELETE_TIMESERIES on root.a.b"));
+
+ adminStmt.execute("GRANT USER tempuser PRIVILEGES GRANT_USER_PRIVILEGE on root.**");
+ userStmt.execute("GRANT USER tempuser PRIVILEGES DELETE_TIMESERIES on root.**");
+
+ // grant privilege to revoke
+ Assert.assertThrows(
+ SQLException.class,
+ () -> userStmt.execute("REVOKE USER tempuser PRIVILEGES DELETE_TIMESERIES on root.**"));
+
+ adminStmt.execute("GRANT USER tempuser PRIVILEGES REVOKE_USER_PRIVILEGE on root.**");
+ userStmt.execute("REVOKE USER tempuser PRIVILEGES DELETE_TIMESERIES on root.**");
+ }
+ }
+ }
+
+ @Test
+ public void createDeleteTimeSeriesTest() throws SQLException {
+ try (Connection adminCon = EnvFactory.getEnv().getConnection();
+ Statement adminStmt = adminCon.createStatement()) {
+
+ adminStmt.execute("CREATE USER tempuser 'temppw'");
+
+ try (Connection userCon = EnvFactory.getEnv().getConnection("tempuser", "temppw");
+ Statement userStmt = userCon.createStatement()) {
+
+ // grant and revoke the user the privilege to create time series
+ Assert.assertThrows(
+ SQLException.class, () -> userStmt.execute("SET STORAGE GROUP TO root.a"));
+
+ adminStmt.execute("GRANT USER tempuser PRIVILEGES SET_STORAGE_GROUP ON root.a");
+ userStmt.execute("SET STORAGE GROUP TO root.a");
+ adminStmt.execute("GRANT USER tempuser PRIVILEGES CREATE_TIMESERIES ON root.a.b");
+ userStmt.execute("CREATE TIMESERIES root.a.b WITH DATATYPE=INT32,ENCODING=PLAIN");
+ // no privilege to create this one
+ Assert.assertThrows(
+ SQLException.class, () -> userStmt.execute("SET STORAGE GROUP TO root.b"));
+ // privilege already exists
+ Assert.assertThrows(
+ SQLException.class,
+ () -> adminStmt.execute("GRANT USER tempuser PRIVILEGES SET_STORAGE_GROUP ON root.a"));
+ // no privilege to create this one any more
+ Assert.assertThrows(
+ SQLException.class, () -> userStmt.execute("SET STORAGE GROUP TO root.a"));
+ // no privilege to create timeseries
+ Assert.assertThrows(
+ SQLException.class, () -> userStmt.execute("SET STORAGE GROUP TO root.a"));
+
+ adminStmt.execute("REVOKE USER tempuser PRIVILEGES SET_STORAGE_GROUP ON root.a");
+ // no privilege to create this one any more
+ Assert.assertThrows(
+ SQLException.class,
+ () ->
+ userStmt.execute("CREATE TIMESERIES root.b.a WITH DATATYPE=INT32,ENCODING=PLAIN"));
+ // privilege already exists
+ Assert.assertThrows(
+ SQLException.class,
+ () ->
+ adminStmt.execute("GRANT USER tempuser PRIVILEGES CREATE_TIMESERIES ON root.a.b"));
+
+ adminStmt.execute("REVOKE USER tempuser PRIVILEGES CREATE_TIMESERIES ON root.a.b");
+ // no privilege to create this one any more
+ Assert.assertThrows(
+ SQLException.class,
+ () ->
+ userStmt.execute("CREATE TIMESERIES root.a.b WITH DATATYPE=INT32,ENCODING=PLAIN"));
+ }
+ }
+ }
+
+ @Test
+ public void insertQueryTest() throws SQLException {
+ try (Connection adminCon = EnvFactory.getEnv().getConnection();
+ Statement adminStmt = adminCon.createStatement()) {
+ adminStmt.execute("CREATE USER tempuser 'temppw'");
+
+ try (Connection userCon = EnvFactory.getEnv().getConnection("tempuser", "temppw");
+ Statement userStmt = userCon.createStatement()) {
+
+ adminStmt.execute("GRANT USER tempuser PRIVILEGES SET_STORAGE_GROUP ON root.a");
+ userStmt.execute("SET STORAGE GROUP TO root.a");
+ adminStmt.execute("GRANT USER tempuser PRIVILEGES CREATE_TIMESERIES ON root.a.b");
+ userStmt.execute("CREATE TIMESERIES root.a.b WITH DATATYPE=INT32,ENCODING=PLAIN");
+
+ // grant privilege to insert
+ Assert.assertThrows(
+ SQLException.class,
+ () -> userStmt.execute("INSERT INTO root.a(timestamp, b) VALUES (1,100)"));
+
+ adminStmt.execute("GRANT USER tempuser PRIVILEGES INSERT_TIMESERIES on root.a.**");
+ userStmt.execute("INSERT INTO root.a(timestamp, b) VALUES (1,100)");
+
+ // revoke privilege to insert
+ adminStmt.execute("REVOKE USER tempuser PRIVILEGES INSERT_TIMESERIES on root.a.**");
+ Assert.assertThrows(
+ SQLException.class,
+ () -> userStmt.execute("INSERT INTO root.a(timestamp, b) VALUES (1,100)"));
+ // grant privilege to query
+ Assert.assertThrows(SQLException.class, () -> userStmt.execute("SELECT * from root.a"));
+
+ adminStmt.execute("GRANT USER tempuser PRIVILEGES READ_TIMESERIES on root.**");
+ ResultSet resultSet = userStmt.executeQuery("SELECT * from root.a");
+ resultSet.close();
+ resultSet = userStmt.executeQuery("SELECT LAST b from root.a");
+ resultSet.close();
+
+ // revoke privilege to query
+ adminStmt.execute("REVOKE USER tempuser PRIVILEGES READ_TIMESERIES on root.**");
+ Assert.assertThrows(SQLException.class, () -> userStmt.execute("SELECT * from root.a"));
+ }
+ }
+ }
+
+ @Test
+ public void rolePrivilegeTest() throws SQLException {
+ try (Connection adminCon = EnvFactory.getEnv().getConnection();
+ Statement adminStmt = adminCon.createStatement()) {
+
+ adminStmt.execute("CREATE USER tempuser 'temppw'");
+ try (Connection userCon = EnvFactory.getEnv().getConnection("tempuser", "temppw");
+ Statement userStmt = userCon.createStatement()) {
+
+ Assert.assertThrows(SQLException.class, () -> userStmt.execute("CREATE ROLE admin"));
+
+ adminStmt.execute("CREATE ROLE admin");
+ adminStmt.execute(
+ "GRANT ROLE admin PRIVILEGES SET_STORAGE_GROUP,CREATE_TIMESERIES,DELETE_TIMESERIES,READ_TIMESERIES,INSERT_TIMESERIES on root.**");
+ adminStmt.execute("GRANT admin TO tempuser");
+
+ userStmt.execute("SET STORAGE GROUP TO root.a");
+ userStmt.execute("CREATE TIMESERIES root.a.b WITH DATATYPE=INT32,ENCODING=PLAIN");
+ userStmt.execute("CREATE TIMESERIES root.a.c WITH DATATYPE=INT32,ENCODING=PLAIN");
+ userStmt.execute("INSERT INTO root.a(timestamp,b,c) VALUES (1,100,1000)");
+ // userStmt.execute("DELETE FROM root.a.b WHERE TIME <= 1000000000");
+ ResultSet resultSet = userStmt.executeQuery("SELECT * FROM root.**");
+ resultSet.close();
+
+ adminStmt.execute("REVOKE ROLE admin PRIVILEGES DELETE_TIMESERIES on root.**");
+
+ Assert.assertThrows(
+ SQLException.class,
+ () -> userStmt.execute("DELETE FROM root.* WHERE TIME <= 1000000000"));
+
+ adminStmt.execute("GRANT USER tempuser PRIVILEGES READ_TIMESERIES on root.**");
+ adminStmt.execute("REVOKE admin FROM tempuser");
+ resultSet = userStmt.executeQuery("SELECT * FROM root.**");
+ resultSet.close();
+
+ Assert.assertThrows(
+ SQLException.class,
+ () ->
+ userStmt.execute("CREATE TIMESERIES root.a.b WITH DATATYPE=INT32,ENCODING=PLAIN"));
+ }
+ }
+ }
+
+ @Test
+ public void testListUser() throws SQLException {
+ Connection adminCon = EnvFactory.getEnv().getConnection();
+ Statement adminStmt = adminCon.createStatement();
try {
- statement.execute("CREATE USER tempuser 'temppw'");
- } catch (SQLException e) {
- fail();
+ ResultSet resultSet = adminStmt.executeQuery("LIST USER");
+ String ans = String.format("root,\n");
+ try {
+ validateResultSet(resultSet, ans);
+
+ for (int i = 0; i < 10; i++) {
+ adminStmt.execute("CREATE USER user" + i + " 'password" + i + "'");
+ }
+ resultSet = adminStmt.executeQuery("LIST USER");
+ ans =
+ "root,\n"
+ + "user0,\n"
+ + "user1,\n"
+ + "user2,\n"
+ + "user3,\n"
+ + "user4,\n"
+ + "user5,\n"
+ + "user6,\n"
+ + "user7,\n"
+ + "user8,\n"
+ + "user9,\n";
+ validateResultSet(resultSet, ans);
+
+ for (int i = 0; i < 10; i++) {
+ if (i % 2 == 0) {
+ adminStmt.execute("DROP USER user" + i);
+ }
+ }
+ resultSet = adminStmt.executeQuery("LIST USER");
+ ans = "root,\n" + "user1,\n" + "user3,\n" + "user5,\n" + "user7,\n" + "user9,\n";
+ validateResultSet(resultSet, ans);
+ } finally {
+ resultSet.close();
+ }
+ } finally {
+ adminCon.close();
}
+ }
+
+ @Test
+ public void testListRole() throws SQLException {
+ Connection adminCon = EnvFactory.getEnv().getConnection();
+ Statement adminStmt = adminCon.createStatement();
- // grant create user
try {
- statement.execute("GRANT USER tempuser PRIVILEGES CREATE_USER");
- } catch (SQLException ignored) {
- fail();
+ ResultSet resultSet = adminStmt.executeQuery("LIST ROLE");
+ String ans = "";
+ try {
+ validateResultSet(resultSet, ans);
+
+ for (int i = 0; i < 10; i++) {
+ adminStmt.execute("CREATE ROLE role" + i);
+ }
+
+ resultSet = adminStmt.executeQuery("LIST ROLE");
+ ans =
+ "role0,\n"
+ + "role1,\n"
+ + "role2,\n"
+ + "role3,\n"
+ + "role4,\n"
+ + "role5,\n"
+ + "role6,\n"
+ + "role7,\n"
+ + "role8,\n"
+ + "role9,\n";
+ validateResultSet(resultSet, ans);
+
+ for (int i = 0; i < 10; i++) {
+ if (i % 2 == 0) {
+ adminStmt.execute("DROP ROLE role" + i);
+ }
+ }
+ resultSet = adminStmt.executeQuery("LIST ROLE");
+ ans = "role1,\n" + "role3,\n" + "role5,\n" + "role7,\n" + "role9,\n";
+ validateResultSet(resultSet, ans);
+ } finally {
+ resultSet.close();
+ }
+ } finally {
+ adminStmt.close();
+ adminCon.close();
}
+ }
+
+ @Test
+ public void testListUserPrivileges() throws SQLException {
+ Connection adminCon = EnvFactory.getEnv().getConnection();
+ Statement adminStmt = adminCon.createStatement();
- // revoke create user
try {
- statement.execute("REVOKE USER tempuser PRIVILEGES CREATE_USER");
- } catch (SQLException ignored) {
- fail();
+ adminStmt.execute("CREATE USER user1 'password1'");
+ adminStmt.execute("GRANT USER user1 PRIVILEGES READ_TIMESERIES ON root.a.b");
+ adminStmt.execute("CREATE ROLE role1");
+ adminStmt.execute(
+ "GRANT ROLE role1 PRIVILEGES READ_TIMESERIES,INSERT_TIMESERIES,DELETE_TIMESERIES ON root.a.b.c");
+ adminStmt.execute(
+ "GRANT ROLE role1 PRIVILEGES READ_TIMESERIES,INSERT_TIMESERIES,DELETE_TIMESERIES ON root.d.b.c");
+ adminStmt.execute("GRANT role1 TO user1");
+
+ ResultSet resultSet = adminStmt.executeQuery("LIST PRIVILEGES USER user1");
+ String ans =
+ ",root.a.b : READ_TIMESERIES"
+ + ",\n"
+ + "role1,root.a.b.c : INSERT_TIMESERIES READ_TIMESERIES DELETE_TIMESERIES"
+ + ",\n"
+ + "role1,root.d.b.c : INSERT_TIMESERIES READ_TIMESERIES DELETE_TIMESERIES"
+ + ",\n";
+ try {
+ validateResultSet(resultSet, ans);
+
+ resultSet = adminStmt.executeQuery("LIST PRIVILEGES USER user1 ON root.a.b.c");
+ ans = "role1,root.a.b.c : INSERT_TIMESERIES READ_TIMESERIES DELETE_TIMESERIES,\n";
+ validateResultSet(resultSet, ans);
+
+ adminStmt.execute("REVOKE role1 from user1");
+
+ resultSet = adminStmt.executeQuery("LIST PRIVILEGES USER user1");
+ ans = ",root.a.b : READ_TIMESERIES,\n";
+ validateResultSet(resultSet, ans);
+
+ resultSet = adminStmt.executeQuery("LIST PRIVILEGES USER user1 ON root.a.**");
+ ans = ",root.a.b : READ_TIMESERIES,\n";
+ validateResultSet(resultSet, ans);
+ } finally {
+ resultSet.close();
+ }
+ } finally {
+ adminStmt.close();
+ adminCon.close();
}
+ }
+
+ @Test
+ public void testListRolePrivileges() throws SQLException {
+ Connection adminCon = EnvFactory.getEnv().getConnection();
+ Statement adminStmt = adminCon.createStatement();
- // duplicate grant create user
try {
- statement.execute("GRANT USER tempuser PRIVILEGES CREATE_USER");
- } catch (SQLException e1) {
- fail();
+ adminStmt.execute("CREATE ROLE role1");
+ ResultSet resultSet = adminStmt.executeQuery("LIST PRIVILEGES ROLE role1");
+ String ans = "";
+ try {
+ // not granted list role privilege, should return empty
+ validateResultSet(resultSet, ans);
+
+ adminStmt.execute(
+ "GRANT ROLE role1 PRIVILEGES READ_TIMESERIES,INSERT_TIMESERIES,DELETE_TIMESERIES ON root.a.b.c");
+ adminStmt.execute(
+ "GRANT ROLE role1 PRIVILEGES READ_TIMESERIES,INSERT_TIMESERIES,DELETE_TIMESERIES ON root.d.b.c");
+ resultSet = adminStmt.executeQuery("LIST PRIVILEGES ROLE role1");
+ ans =
+ "root.a.b.c : INSERT_TIMESERIES READ_TIMESERIES DELETE_TIMESERIES,\n"
+ + "root.d.b.c : INSERT_TIMESERIES READ_TIMESERIES DELETE_TIMESERIES,\n";
+ validateResultSet(resultSet, ans);
+
+ resultSet = adminStmt.executeQuery("LIST PRIVILEGES ROLE role1 ON root.a.b.c");
+ ans = "root.a.b.c : INSERT_TIMESERIES READ_TIMESERIES DELETE_TIMESERIES,\n";
+ validateResultSet(resultSet, ans);
+
+ adminStmt.execute(
+ "REVOKE ROLE role1 PRIVILEGES INSERT_TIMESERIES,DELETE_TIMESERIES ON root.a.b.c");
+
+ resultSet = adminStmt.executeQuery("LIST PRIVILEGES ROLE role1");
+ ans =
+ "root.a.b.c : READ_TIMESERIES,\n"
+ + "root.d.b.c : INSERT_TIMESERIES READ_TIMESERIES DELETE_TIMESERIES,\n";
+ validateResultSet(resultSet, ans);
+
+ resultSet = adminStmt.executeQuery("LIST PRIVILEGES ROLE role1 ON root.a.b.c");
+ ans = "root.a.b.c : READ_TIMESERIES,\n";
+ validateResultSet(resultSet, ans);
+ } finally {
+ resultSet.close();
+ }
+ } finally {
+ adminStmt.close();
+ adminCon.close();
}
- boolean caught = false;
+ }
+
+ @Test
+ public void testListUserRoles() throws SQLException {
+ Connection adminCon = EnvFactory.getEnv().getConnection();
+ Statement adminStmt = adminCon.createStatement();
+
try {
- statement.execute("GRANT USER tempuser PRIVILEGES CREATE_USER");
- } catch (SQLException e) {
- caught = true;
+ adminStmt.execute("CREATE USER chenduxiu 'orange'");
+
+ adminStmt.execute("CREATE ROLE xijing");
+ adminStmt.execute("CREATE ROLE dalao");
+ adminStmt.execute("CREATE ROLE shenshi");
+ adminStmt.execute("CREATE ROLE zhazha");
+ adminStmt.execute("CREATE ROLE hakase");
+
+ adminStmt.execute("GRANT xijing TO chenduxiu");
+ adminStmt.execute("GRANT dalao TO chenduxiu");
+ adminStmt.execute("GRANT shenshi TO chenduxiu");
+ adminStmt.execute("GRANT zhazha TO chenduxiu");
+ adminStmt.execute("GRANT hakase TO chenduxiu");
+
+ ResultSet resultSet = adminStmt.executeQuery("LIST ROLE OF USER chenduxiu");
+ String ans = "xijing,\n" + "dalao,\n" + "shenshi,\n" + "zhazha,\n" + "hakase,\n";
+ try {
+ validateResultSet(resultSet, ans);
+
+ adminStmt.execute("REVOKE dalao FROM chenduxiu");
+ adminStmt.execute("REVOKE hakase FROM chenduxiu");
+
+ resultSet = adminStmt.executeQuery("LIST ROLE OF USER chenduxiu");
+ ans = "xijing,\n" + "shenshi,\n" + "zhazha,\n";
+ validateResultSet(resultSet, ans);
+ } finally {
+ resultSet.close();
+ }
+ } finally {
+ adminStmt.close();
+ adminCon.close();
}
- assertTrue(caught);
+ }
+
+ @Test
+ public void testListRoleUsers() throws SQLException {
+ Connection adminCon = EnvFactory.getEnv().getConnection();
+ Statement adminStmt = adminCon.createStatement();
- // duplicate revoke create user
try {
- statement.execute("REVOKE USER tempuser PRIVILEGES CREATE_USER");
- } catch (SQLException e1) {
- fail();
+ adminStmt.execute("CREATE ROLE dalao");
+ adminStmt.execute("CREATE ROLE zhazha");
+
+ String[] members = {
+ "HighFly",
+ "SunComparison",
+ "Persistence",
+ "GoodWoods",
+ "HealthHonor",
+ "GoldLuck",
+ "DoubleLight",
+ "Eastwards",
+ "ScentEffusion",
+ "Smart",
+ "East",
+ "DailySecurity",
+ "Moon",
+ "RayBud",
+ "RiverSky"
+ };
+
+ for (int i = 0; i < members.length - 1; i++) {
+ adminStmt.execute("CREATE USER " + members[i] + " '666666'");
+ adminStmt.execute("GRANT dalao TO " + members[i]);
+ }
+ adminStmt.execute("CREATE USER RiverSky '2333333'");
+ adminStmt.execute("GRANT zhazha TO RiverSky");
+
+ ResultSet resultSet = adminStmt.executeQuery("LIST USER OF ROLE dalao");
+ String ans =
+ "DailySecurity,\n"
+ + "DoubleLight,\n"
+ + "East,\n"
+ + "Eastwards,\n"
+ + "GoldLuck,\n"
+ + "GoodWoods,\n"
+ + "HealthHonor,\n"
+ + "HighFly,\n"
+ + "Moon,\n"
+ + "Persistence,\n"
+ + "RayBud,\n"
+ + "ScentEffusion,\n"
+ + "Smart,\n"
+ + "SunComparison,\n";
+ try {
+ validateResultSet(resultSet, ans);
+
+ resultSet = adminStmt.executeQuery("LIST USER OF ROLE zhazha");
+ ans = "RiverSky,\n";
+ validateResultSet(resultSet, ans);
+
+ adminStmt.execute("REVOKE zhazha from RiverSky");
+ resultSet = adminStmt.executeQuery("LIST USER OF ROLE zhazha");
+ ans = "";
+ validateResultSet(resultSet, ans);
+ } finally {
+ resultSet.close();
+ }
+
+ } finally {
+ adminStmt.close();
+ adminCon.close();
}
- caught = false;
+ }
+
+ private void validateResultSet(ResultSet set, String ans) throws SQLException {
try {
- statement.execute("REVOKE USER tempuser PRIVILEGES CREATE_USER");
- } catch (SQLException e) {
- caught = true;
+ StringBuilder builder = new StringBuilder();
+ ResultSetMetaData metaData = set.getMetaData();
+ int colNum = metaData.getColumnCount();
+ while (set.next()) {
+ for (int i = 1; i <= colNum; i++) {
+ builder.append(set.getString(i)).append(",");
+ }
+ builder.append("\n");
+ }
+ String result = builder.toString();
+ assertEquals(ans.length(), result.length());
+ List<String> ansLines = Arrays.asList(ans.split("\n"));
+ List<String> resultLines = Arrays.asList(result.split("\n"));
+ assertEquals(ansLines.size(), resultLines.size());
+ for (String resultLine : resultLines) {
+ assertTrue(ansLines.contains(resultLine));
+ }
+ } finally {
+ set.close();
+ }
+ }
+
+ @Test
+ public void testListUserPrivilege() throws SQLException {
+ Connection adminCon = EnvFactory.getEnv().getConnection();
+ Statement adminStmt = adminCon.createStatement();
+
+ for (int i = 0; i < 10; i++) {
+ adminStmt.execute("CREATE USER user" + i + " 'password" + i + "'");
+ }
+
+ adminStmt.execute("CREATE USER tempuser 'temppw'");
+
+ try (Connection userCon = EnvFactory.getEnv().getConnection("tempuser", "temppw");
+ Statement userStmt = userCon.createStatement()) {
+ try {
+ Assert.assertThrows(SQLException.class, () -> userStmt.execute("LIST USER"));
+ // with list user privilege
+ adminStmt.execute("GRANT USER tempuser PRIVILEGES LIST_USER on root.**");
+ ResultSet resultSet = userStmt.executeQuery("LIST USER");
+ String ans =
+ "root,\n"
+ + "tempuser,\n"
+ + "user0,\n"
+ + "user1,\n"
+ + "user2,\n"
+ + "user3,\n"
+ + "user4,\n"
+ + "user5,\n"
+ + "user6,\n"
+ + "user7,\n"
+ + "user8,\n"
+ + "user9,\n";
+ validateResultSet(resultSet, ans);
+ } finally {
+ userStmt.close();
+ }
+ } finally {
+ adminCon.close();
+ }
+ }
+
+ @Test
+ public void testExecuteBatchWithPrivilege() throws SQLException {
+ try (Connection adminCon = EnvFactory.getEnv().getConnection("root", "root");
+ Statement adminStmt = adminCon.createStatement()) {
+ adminStmt.execute("CREATE USER tempuser 'temppw'");
+ try (Connection userCon = EnvFactory.getEnv().getConnection("tempuser", "temppw");
+ Statement userStatement = userCon.createStatement()) {
+ userStatement.addBatch("CREATE TIMESERIES root.sg1.d1.s1 WITH DATATYPE=INT64");
+ userStatement.addBatch("CREATE TIMESERIES root.sg2.d1.s1 WITH DATATYPE=INT64");
+ Assert.assertThrows(BatchUpdateException.class, () -> userStatement.executeBatch());
+ }
+ }
+ }
+
+ @Test
+ public void testExecuteBatchWithPrivilege1() throws SQLException {
+ try (Connection adminCon = EnvFactory.getEnv().getConnection();
+ Statement adminStmt = adminCon.createStatement()) {
+ adminStmt.execute("CREATE USER tempuser 'temppw'");
+ adminStmt.execute("GRANT USER tempuser PRIVILEGES INSERT_TIMESERIES on root.sg1.**");
+
+ try (Connection userCon = EnvFactory.getEnv().getConnection("tempuser", "temppw");
+ Statement userStatement = userCon.createStatement()) {
+ userStatement.addBatch("insert into root.sg1.d1(timestamp,s1) values (1,1)");
+ userStatement.addBatch("insert into root.sg1.d1(timestamp,s2) values (3,1)");
+ userStatement.addBatch("insert into root.sg2.d1(timestamp,s1) values (2,1)");
+ userStatement.addBatch("insert into root.sg2.d1(timestamp,s1) values (4,1)");
+ Assert.assertThrows(BatchUpdateException.class, userStatement::executeBatch);
+ }
+ ResultSet resultSet = adminStmt.executeQuery("select * from root.sg1.**");
+ String[] expected = new String[] {"1, 1.0", "1, null", "3, null", "3, 1.0"};
+ List<String> expectedList = new ArrayList<>();
+ Collections.addAll(expectedList, expected);
+ List<String> result = new ArrayList<>();
+ while (resultSet.next()) {
+ result.add(resultSet.getString("Time") + ", " + resultSet.getString("root.sg1.d1.s1"));
+ result.add(resultSet.getString("Time") + ", " + resultSet.getString("root.sg1.d1.s2"));
+ }
+ assertEquals(expected.length, result.size());
+ assertTrue(expectedList.containsAll(result));
+ }
+ }
+
+ /** ISSUE-4308 */
+ @Test
+ public void testSelectUDTF() throws SQLException {
+ try (Connection adminConnection = EnvFactory.getEnv().getConnection();
+ Statement adminStatement = adminConnection.createStatement()) {
+ adminStatement.execute("CREATE USER a_application 'a_application'");
+ adminStatement.execute("CREATE ROLE application_role");
+ adminStatement.execute("GRANT ROLE application_role PRIVILEGES READ_TIMESERIES ON root.**");
+ adminStatement.execute("GRANT application_role TO a_application");
+
+ adminStatement.execute("INSERT INTO root.test(time, s1, s2, s3) VALUES(1, 2, 3, 4)");
+ }
+
+ try (Connection userConnection =
+ EnvFactory.getEnv().getConnection("a_application", "a_application");
+ Statement userStatement = userConnection.createStatement();
+ ResultSet resultSet =
+ userStatement.executeQuery(
+ "SELECT s1, s1, s1 - s3, s2 * sin(s1), s1 + 1 / 2 * sin(s1), sin(s1), sin(s1) FROM root.test")) {
+ assertTrue(resultSet.next());
}
- assertTrue(caught);
}
}
diff --git a/integration-test/src/test/java/org/apache/iotdb/db/it/IoTDBConfigNodeIT.java b/integration-test/src/test/java/org/apache/iotdb/db/it/IoTDBConfigNodeIT.java
index 677ab7002b..8bc3f7956e 100644
--- a/integration-test/src/test/java/org/apache/iotdb/db/it/IoTDBConfigNodeIT.java
+++ b/integration-test/src/test/java/org/apache/iotdb/db/it/IoTDBConfigNodeIT.java
@@ -675,7 +675,7 @@ public class IoTDBConfigNodeIT {
// grant role to user
authorizerReq =
new TAuthorizerReq(
- AuthorOperator.AuthorType.GRANT_ROLE_TO_USER.ordinal(),
+ AuthorOperator.AuthorType.GRANT_USER_ROLE.ordinal(),
"tempuser0",
"temprole0",
"",
@@ -812,7 +812,7 @@ public class IoTDBConfigNodeIT {
// revoke role from user
authorizerReq =
new TAuthorizerReq(
- AuthorOperator.AuthorType.REVOKE_ROLE_FROM_USER.ordinal(),
+ AuthorOperator.AuthorType.REVOKE_USER_ROLE.ordinal(),
"tempuser0",
"temprole0",
"",
diff --git a/integration-test/src/test/java/org/apache/iotdb/db/it/env/StandaloneEnv.java b/integration-test/src/test/java/org/apache/iotdb/db/it/env/StandaloneEnv.java
index c25f4d9e3a..80019c2885 100644
--- a/integration-test/src/test/java/org/apache/iotdb/db/it/env/StandaloneEnv.java
+++ b/integration-test/src/test/java/org/apache/iotdb/db/it/env/StandaloneEnv.java
@@ -50,7 +50,6 @@ public class StandaloneEnv implements BaseEnv {
@Override
public void initBeforeTest() {
-
EnvironmentUtils.envSetUp();
}
@@ -65,11 +64,11 @@ public class StandaloneEnv implements BaseEnv {
}
@Override
- public Connection getConnection() throws SQLException {
+ public Connection getConnection(String username, String password) throws SQLException {
try {
Class.forName(Config.JDBC_DRIVER_NAME);
return DriverManager.getConnection(
- Config.IOTDB_URL_PREFIX + "127.0.0.1:6667/", "root", "root");
+ Config.IOTDB_URL_PREFIX + "127.0.0.1:6667/", username, password);
} catch (ClassNotFoundException e) {
e.printStackTrace();
fail();
@@ -78,13 +77,14 @@ public class StandaloneEnv implements BaseEnv {
}
@Override
- public Connection getConnection(Constant.Version version) throws SQLException {
+ public Connection getConnection(Constant.Version version, String username, String password)
+ throws SQLException {
try {
Class.forName(Config.JDBC_DRIVER_NAME);
return DriverManager.getConnection(
Config.IOTDB_URL_PREFIX + "127.0.0.1:6667" + "?" + VERSION + "=" + version.toString(),
- "root",
- "root");
+ username,
+ password);
} catch (ClassNotFoundException e) {
e.printStackTrace();
fail();
diff --git a/integration/src/test/java/org/apache/iotdb/db/integration/IoTDBAuthorizationIT.java b/integration/src/test/java/org/apache/iotdb/db/integration/IoTDBAuthorizationIT.java
index 1e5196fc77..3165aaa437 100644
--- a/integration/src/test/java/org/apache/iotdb/db/integration/IoTDBAuthorizationIT.java
+++ b/integration/src/test/java/org/apache/iotdb/db/integration/IoTDBAuthorizationIT.java
@@ -23,6 +23,7 @@ import org.apache.iotdb.itbase.category.LocalStandaloneTest;
import org.apache.iotdb.jdbc.Config;
import org.junit.After;
+import org.junit.Assert;
import org.junit.Before;
import org.junit.Ignore;
import org.junit.Test;
@@ -40,7 +41,6 @@ import java.util.Collections;
import java.util.List;
import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
@@ -70,101 +70,49 @@ public class IoTDBAuthorizationIT {
Statement adminStmt = adminCon.createStatement()) {
adminStmt.execute("CREATE USER tempuser 'temppw'");
- boolean caught = false;
try (Connection userCon =
DriverManager.getConnection(
Config.IOTDB_URL_PREFIX + "127.0.0.1:6667/", "tempuser", "temppw");
Statement userStmt = userCon.createStatement()) {
- try {
- userStmt.execute("SET STORAGE GROUP TO root.a");
- } catch (SQLException e) {
- caught = true;
- }
- assertTrue(caught);
-
- caught = false;
- try {
- userStmt.execute("CREATE TIMESERIES root.a.b WITH DATATYPE=INT32,ENCODING=PLAIN");
- } catch (SQLException e) {
- caught = true;
- }
- assertTrue(caught);
-
- caught = false;
- try {
- userStmt.execute("INSERT INTO root.a(timestamp, b) VALUES (100, 100)");
- } catch (SQLException e) {
- caught = true;
- }
- assertTrue(caught);
-
- // empty result timeseries set doesn't need authority check
- userStmt.execute("SELECT * from root.a");
-
- caught = false;
- try {
- userStmt.execute("GRANT USER tempuser PRIVILEGES CREATE_TIMESERIES ON root.a.**");
- } catch (SQLException e) {
- caught = true;
- }
- assertTrue(caught);
-
- adminStmt.execute("GRANT USER tempuser PRIVILEGES ALL ON root.**");
+ Assert.assertThrows(
+ SQLException.class, () -> userStmt.execute("SET STORAGE GROUP TO root.a"));
+ Assert.assertThrows(
+ SQLException.class,
+ () ->
+ userStmt.execute("CREATE TIMESERIES root.a.b WITH DATATYPE=INT32,ENCODING=PLAIN"));
+ Assert.assertThrows(
+ SQLException.class,
+ () -> userStmt.execute("INSERT INTO root.a(timestamp, b) VALUES (100, 100)"));
+ Assert.assertThrows(
+ SQLException.class,
+ () -> userStmt.execute("GRANT USER tempuser PRIVILEGES CREATE_TIMESERIES ON root.a"));
+
+ adminStmt.execute("GRANT USER tempuser PRIVILEGES ALL on root.**");
userStmt.execute("SET STORAGE GROUP TO root.a");
userStmt.execute("CREATE TIMESERIES root.a.b WITH DATATYPE=INT32,ENCODING=PLAIN");
userStmt.execute("INSERT INTO root.a(timestamp, b) VALUES (100, 100)");
userStmt.execute("SELECT * from root.a");
- userStmt.execute("GRANT USER tempuser PRIVILEGES SET_STORAGE_GROUP ON root.a.**");
- userStmt.execute("GRANT USER tempuser PRIVILEGES CREATE_TIMESERIES ON root.b.b.**");
-
- adminStmt.execute("REVOKE USER tempuser PRIVILEGES ALL ON root.**");
- adminStmt.execute("REVOKE USER tempuser PRIVILEGES CREATE_TIMESERIES ON root.b.b.**");
-
- caught = false;
- try {
- userStmt.execute("SET STORAGE GROUP TO root.b");
- } catch (SQLException e) {
- caught = true;
- }
- assertTrue(caught);
-
- caught = false;
- try {
- userStmt.execute("CREATE TIMESERIES root.b.b WITH DATATYPE=INT32,ENCODING=PLAIN");
- } catch (SQLException e) {
- caught = true;
- }
- assertTrue(caught);
-
- caught = false;
- try {
- userStmt.execute("INSERT INTO root.b(timestamp, b) VALUES (100, 100)");
- } catch (SQLException e) {
- caught = true;
- }
- assertTrue(caught);
-
- caught = false;
- try {
- userStmt.execute("SELECT * from root.a");
- } catch (SQLException e) {
- // user has no authority on root.a
- caught = true;
- }
- assertTrue(caught);
-
- // empty result timeseries set doesn't need authority check
- userStmt.execute("SELECT * from root.b");
-
- caught = false;
- try {
- userStmt.execute("GRANT USER tempuser PRIVILEGES CREATE_TIMESERIES ON root.a.**");
- } catch (SQLException e) {
- caught = true;
- }
- assertTrue(caught);
+ userStmt.execute("GRANT USER tempuser PRIVILEGES SET_STORAGE_GROUP ON root.a");
+ userStmt.execute("GRANT USER tempuser PRIVILEGES CREATE_TIMESERIES ON root.b.b");
+
+ adminStmt.execute("REVOKE USER tempuser PRIVILEGES ALL on root.**");
+ adminStmt.execute("REVOKE USER tempuser PRIVILEGES CREATE_TIMESERIES ON root.b.b");
+
+ Assert.assertThrows(
+ SQLException.class, () -> userStmt.execute("SET STORAGE GROUP TO root.b"));
+ Assert.assertThrows(
+ SQLException.class,
+ () ->
+ userStmt.execute("CREATE TIMESERIES root.b.b WITH DATATYPE=INT32,ENCODING=PLAIN"));
+ Assert.assertThrows(
+ SQLException.class,
+ () -> userStmt.execute("INSERT INTO root.b(timestamp, b) VALUES (100, 100)"));
+ Assert.assertThrows(SQLException.class, () -> userStmt.execute("SELECT * from root.a"));
+ Assert.assertThrows(
+ SQLException.class,
+ () -> userStmt.execute("GRANT USER tempuser PRIVILEGES CREATE_TIMESERIES ON root.a"));
}
}
}
@@ -178,18 +126,13 @@ public class IoTDBAuthorizationIT {
Statement adminStmt = adminCon.createStatement()) {
adminStmt.execute("CREATE USER sgtest 'sgtest'");
- boolean caught = false;
try (Connection userCon =
DriverManager.getConnection(
Config.IOTDB_URL_PREFIX + "127.0.0.1:6667/", "sgtest", "sgtest");
Statement userStmt = userCon.createStatement()) {
- try {
- userStmt.execute("SET STORAGE GROUP TO root.sgtest");
- } catch (SQLException e) {
- caught = true;
- }
- assertTrue(caught);
+ Assert.assertThrows(
+ SQLException.class, () -> userStmt.execute("SET STORAGE GROUP TO root.sgtest"));
adminStmt.execute("GRANT USER sgtest PRIVILEGES SET_STORAGE_GROUP ON root.sgtest");
@@ -199,13 +142,8 @@ public class IoTDBAuthorizationIT {
fail(e.getMessage());
}
- caught = false;
- try {
- userStmt.execute("DELETE STORAGE GROUP root.sgtest");
- } catch (SQLException e) {
- caught = true;
- }
- assertTrue(caught);
+ Assert.assertThrows(
+ SQLException.class, () -> userStmt.execute("DELETE STORAGE GROUP root.sgtest"));
adminStmt.execute("GRANT USER sgtest PRIVILEGES DELETE_STORAGE_GROUP ON root.sgtest");
@@ -340,27 +278,20 @@ public class IoTDBAuthorizationIT {
@Test
public void illegalPasswordTest() throws ClassNotFoundException, SQLException {
Class.forName(Config.JDBC_DRIVER_NAME);
- boolean caught = false;
try (Connection adminCon =
DriverManager.getConnection(
Config.IOTDB_URL_PREFIX + "127.0.0.1:6667/", "root", "root");
Statement adminStmt = adminCon.createStatement()) {
- adminStmt.execute("CREATE USER tempuser 'temppw '");
- } catch (SQLException e) {
- caught = true;
+ Assert.assertThrows(
+ SQLException.class, () -> adminStmt.execute("CREATE USER tempuser 'temppw '"));
}
- assertTrue(caught);
- caught = false;
try (Connection adminCon =
DriverManager.getConnection(
Config.IOTDB_URL_PREFIX + "127.0.0.1:6667/", "root", "root");
Statement adminStmt = adminCon.createStatement()) {
- adminStmt.execute("CREATE USER tempuser 'te'");
- } catch (SQLException e) {
- caught = true;
+ Assert.assertThrows(SQLException.class, () -> adminStmt.execute("CREATE USER tempuser 'te'"));
}
- assertTrue(caught);
}
@Test
@@ -377,6 +308,7 @@ public class IoTDBAuthorizationIT {
userCon.close();
adminStmt.execute("ALTER USER tempuser SET PASSWORD 'newpw'");
+
boolean caught = false;
try {
userCon =
@@ -412,125 +344,65 @@ public class IoTDBAuthorizationIT {
Statement userStmt = userCon.createStatement()) {
// grant a non-existing user
- boolean caught = false;
- try {
- adminStmt.execute("GRANT USER nulluser PRIVILEGES SET_STORAGE_GROUP on root.a.**");
- } catch (SQLException e) {
- caught = true;
- }
- assertTrue(caught);
-
+ Assert.assertThrows(
+ SQLException.class,
+ () -> adminStmt.execute("GRANT USER nulluser PRIVILEGES SET_STORAGE_GROUP on root.a"));
// grant a non-existing privilege
- caught = false;
- try {
- adminStmt.execute("GRANT USER tempuser PRIVILEGES NOT_A_PRIVILEGE on root.a.**");
- } catch (SQLException e) {
- caught = true;
- }
- assertTrue(caught);
-
+ Assert.assertThrows(
+ SQLException.class,
+ () -> adminStmt.execute("GRANT USER tempuser PRIVILEGES NOT_A_PRIVILEGE on root.a"));
// duplicate grant
- adminStmt.execute("GRANT USER tempuser PRIVILEGES CREATE_USER");
- caught = false;
- try {
- adminStmt.execute("GRANT USER tempuser PRIVILEGES CREATE_USER");
- } catch (SQLException e) {
- caught = true;
- }
- assertTrue(caught);
-
- // grant on an illegal seriesPath
- caught = false;
- try {
- adminStmt.execute("GRANT USER tempuser PRIVILEGES DELETE_TIMESERIES on a.b.**");
- } catch (SQLException e) {
- caught = true;
- }
- assertTrue(caught);
-
+ adminStmt.execute("GRANT USER tempuser PRIVILEGES CREATE_USER on root.**");
+ Assert.assertThrows(
+ SQLException.class,
+ () -> adminStmt.execute("GRANT USER tempuser PRIVILEGES CREATE_USER on root.**"));
+ // grant on a illegal seriesPath
+ Assert.assertThrows(
+ SQLException.class,
+ () -> adminStmt.execute("GRANT USER tempuser PRIVILEGES DELETE_TIMESERIES on a.b"));
// grant admin
- caught = false;
- try {
- adminStmt.execute("GRANT USER root PRIVILEGES DELETE_TIMESERIES on root.a.b.**");
- } catch (SQLException e) {
- caught = true;
- }
- assertTrue(caught);
-
+ Assert.assertThrows(
+ SQLException.class,
+ () -> adminStmt.execute("GRANT USER root PRIVILEGES DELETE_TIMESERIES on root.a.b"));
// no privilege to grant
- caught = false;
- try {
- userStmt.execute("GRANT USER tempuser PRIVILEGES DELETE_TIMESERIES on root.a.b.**");
- } catch (SQLException e) {
- caught = true;
- }
- assertTrue(caught);
-
+ Assert.assertThrows(
+ SQLException.class,
+ () -> userStmt.execute("GRANT USER tempuser PRIVILEGES DELETE_TIMESERIES on root.a.b"));
// revoke a non-existing privilege
- adminStmt.execute("REVOKE USER tempuser PRIVILEGES CREATE_USER");
- caught = false;
- try {
- adminStmt.execute("REVOKE USER tempuser PRIVILEGES CREATE_USER");
- } catch (SQLException e) {
- caught = true;
- }
- assertTrue(caught);
-
+ adminStmt.execute("REVOKE USER tempuser PRIVILEGES CREATE_USER on root.**");
+ Assert.assertThrows(
+ SQLException.class,
+ () -> adminStmt.execute("REVOKE USER tempuser PRIVILEGES CREATE_USER on root.**"));
// revoke a non-existing user
- caught = false;
- try {
- adminStmt.execute("REVOKE USER tempuser1 PRIVILEGES CREATE_USER");
- } catch (SQLException e) {
- caught = true;
- }
- assertTrue(caught);
-
- // revoke on an illegal seriesPath
- caught = false;
- try {
- adminStmt.execute("REVOKE USER tempuser PRIVILEGES DELETE_TIMESERIES on a.b.**");
- } catch (SQLException e) {
- caught = true;
- }
- assertTrue(caught);
-
+ Assert.assertThrows(
+ SQLException.class,
+ () -> adminStmt.execute("REVOKE USER tempuser1 PRIVILEGES CREATE_USER on root.**"));
+ // revoke on a illegal seriesPath
+ Assert.assertThrows(
+ SQLException.class,
+ () -> adminStmt.execute("REVOKE USER tempuser PRIVILEGES DELETE_TIMESERIES on a.b"));
// revoke admin
- caught = false;
- try {
- adminStmt.execute("REVOKE USER root PRIVILEGES DELETE_TIMESERIES on root.a.b.**");
- } catch (SQLException e) {
- caught = true;
- }
- assertTrue(caught);
-
+ Assert.assertThrows(
+ SQLException.class,
+ () -> adminStmt.execute("REVOKE USER root PRIVILEGES DELETE_TIMESERIES on root.a.b"));
// no privilege to revoke
- caught = false;
- try {
- userStmt.execute("REVOKE USER tempuser PRIVILEGES DELETE_TIMESERIES on root.a.b.**");
- } catch (SQLException e) {
- caught = true;
- }
- assertTrue(caught);
-
+ Assert.assertThrows(
+ SQLException.class,
+ () ->
+ userStmt.execute("REVOKE USER tempuser PRIVILEGES DELETE_TIMESERIES on root.a.b"));
// grant privilege to grant
- caught = false;
- try {
- userStmt.execute("GRANT USER tempuser PRIVILEGES DELETE_TIMESERIES on root.a.b.**");
- } catch (SQLException e) {
- caught = true;
- }
- assertTrue(caught);
+ Assert.assertThrows(
+ SQLException.class,
+ () -> userStmt.execute("GRANT USER tempuser PRIVILEGES DELETE_TIMESERIES on root.a.b"));
+
adminStmt.execute("GRANT USER tempuser PRIVILEGES GRANT_USER_PRIVILEGE on root.**");
userStmt.execute("GRANT USER tempuser PRIVILEGES DELETE_TIMESERIES on root.**");
// grant privilege to revoke
- caught = false;
- try {
- userStmt.execute("REVOKE USER tempuser PRIVILEGES DELETE_TIMESERIES on root.**");
- } catch (SQLException e) {
- caught = true;
- }
- assertTrue(caught);
+ Assert.assertThrows(
+ SQLException.class,
+ () -> userStmt.execute("REVOKE USER tempuser PRIVILEGES DELETE_TIMESERIES on root.**"));
+
adminStmt.execute("GRANT USER tempuser PRIVILEGES REVOKE_USER_PRIVILEGE on root.**");
userStmt.execute("REVOKE USER tempuser PRIVILEGES DELETE_TIMESERIES on root.**");
}
@@ -553,104 +425,63 @@ public class IoTDBAuthorizationIT {
Statement userStmt = userCon.createStatement()) {
// grant and revoke the user the privilege to create time series
- boolean caught = false;
- try {
- userStmt.execute("SET STORAGE GROUP TO root.a");
- } catch (SQLException e) {
- caught = true;
- }
- assertTrue(caught);
+ Assert.assertThrows(
+ SQLException.class, () -> userStmt.execute("SET STORAGE GROUP TO root.a"));
adminStmt.execute("GRANT USER tempuser PRIVILEGES SET_STORAGE_GROUP ON root.a");
userStmt.execute("SET STORAGE GROUP TO root.a");
adminStmt.execute("GRANT USER tempuser PRIVILEGES CREATE_TIMESERIES ON root.a.b");
userStmt.execute("CREATE TIMESERIES root.a.b WITH DATATYPE=INT32,ENCODING=PLAIN");
-
- caught = false;
- try {
- // no privilege to create this one
- userStmt.execute("SET STORAGE GROUP TO root.b");
- } catch (SQLException e) {
- caught = true;
- }
- assertTrue(caught);
-
- caught = false;
- try {
- // privilege already exists
- adminStmt.execute("GRANT USER tempuser PRIVILEGES SET_STORAGE_GROUP ON root.a");
- } catch (SQLException e) {
- caught = true;
- }
- assertTrue(caught);
+ // no privilege to create this one
+ Assert.assertThrows(
+ SQLException.class, () -> userStmt.execute("SET STORAGE GROUP TO root.b"));
+ // privilege already exists
+ Assert.assertThrows(
+ SQLException.class,
+ () -> adminStmt.execute("GRANT USER tempuser PRIVILEGES SET_STORAGE_GROUP ON root.a"));
+ // no privilege to create this one any more
+ Assert.assertThrows(
+ SQLException.class, () -> userStmt.execute("SET STORAGE GROUP TO root.a"));
+ // no privilege to create timeseries
+ Assert.assertThrows(
+ SQLException.class, () -> userStmt.execute("SET STORAGE GROUP TO root.a"));
adminStmt.execute("REVOKE USER tempuser PRIVILEGES SET_STORAGE_GROUP ON root.a");
- caught = false;
- try {
- // no privilege to create this one any more
- userStmt.execute("SET STORAGE GROUP TO root.a");
- } catch (SQLException e) {
- caught = true;
- }
- assertTrue(caught);
-
- caught = false;
- try {
- // no privilege to create timeseries
- userStmt.execute("CREATE TIMESERIES root.b.a WITH DATATYPE=INT32,ENCODING=PLAIN");
- } catch (SQLException e) {
- caught = true;
- }
- assertTrue(caught);
-
- caught = false;
- try {
- // privilege already exists
- adminStmt.execute("GRANT USER tempuser PRIVILEGES CREATE_TIMESERIES ON root.a.b");
- } catch (SQLException e) {
- caught = true;
- }
- assertTrue(caught);
+ // no privilege to create this one any more
+ Assert.assertThrows(
+ SQLException.class,
+ () ->
+ userStmt.execute("CREATE TIMESERIES root.b.a WITH DATATYPE=INT32,ENCODING=PLAIN"));
+ // privilege already exists
+ Assert.assertThrows(
+ SQLException.class,
+ () ->
+ adminStmt.execute("GRANT USER tempuser PRIVILEGES CREATE_TIMESERIES ON root.a.b"));
adminStmt.execute("REVOKE USER tempuser PRIVILEGES CREATE_TIMESERIES ON root.a.b");
- caught = false;
- try {
- // no privilege to create this one any more
- userStmt.execute("CREATE TIMESERIES root.a.b WITH DATATYPE=INT32,ENCODING=PLAIN");
- } catch (SQLException e) {
- caught = true;
- }
- assertTrue(caught);
-
- // the user cannot delete the timeseries now
- caught = false;
- try {
- // no privilege to delete this one any more
- userStmt.execute("DELETE TIMESERIES root.a.b");
- } catch (SQLException e) {
- caught = true;
- }
- assertTrue(caught);
+ // no privilege to create this one any more
+ Assert.assertThrows(
+ SQLException.class,
+ () ->
+ userStmt.execute("CREATE TIMESERIES root.a.b WITH DATATYPE=INT32,ENCODING=PLAIN"));
+ // the user cannot delete the timeseries now, no privilege to delete this one any more
+ Assert.assertThrows(
+ SQLException.class, () -> userStmt.execute("DELETE TIMESERIES root.a.b"));
// the user can delete the timeseries now
- adminStmt.execute("GRANT USER tempuser PRIVILEGES DELETE_TIMESERIES on root.a.*");
- adminStmt.execute("GRANT USER tempuser PRIVILEGES DELETE_TIMESERIES on root.b.*");
+ adminStmt.execute("GRANT USER tempuser PRIVILEGES DELETE_TIMESERIES on root.a.**");
+ adminStmt.execute("GRANT USER tempuser PRIVILEGES DELETE_TIMESERIES on root.b.**");
userStmt.execute("DELETE TIMESERIES root.a.b");
// revoke the privilege to delete time series
adminStmt.execute("CREATE TIMESERIES root.a.b WITH DATATYPE=INT32,ENCODING=PLAIN");
adminStmt.execute("SET STORAGE GROUP TO root.b");
adminStmt.execute("CREATE TIMESERIES root.b.a WITH DATATYPE=INT32,ENCODING=PLAIN");
- adminStmt.execute("REVOKE USER tempuser PRIVILEGES DELETE_TIMESERIES on root.a.*");
+ adminStmt.execute("REVOKE USER tempuser PRIVILEGES DELETE_TIMESERIES on root.a.**");
userStmt.execute("DELETE TIMESERIES root.b.a");
- caught = false;
- try {
- // no privilege to create this one any more
- userStmt.execute("DELETE TIMESERIES root.a.b");
- } catch (SQLException e) {
- caught = true;
- }
- assertTrue(caught);
+ // no privilege to create this one any more
+ Assert.assertThrows(
+ SQLException.class, () -> userStmt.execute("DELETE TIMESERIES root.a.b"));
}
}
}
@@ -675,49 +506,30 @@ public class IoTDBAuthorizationIT {
userStmt.execute("CREATE TIMESERIES root.a.b WITH DATATYPE=INT32,ENCODING=PLAIN");
// grant privilege to insert
- boolean caught = false;
- try {
- userStmt.execute("INSERT INTO root.a(timestamp, b) VALUES (1,100)");
- } catch (SQLException e) {
- caught = true;
- }
- assertTrue(caught);
- adminStmt.execute("GRANT USER tempuser PRIVILEGES INSERT_TIMESERIES on root.a.*");
+ Assert.assertThrows(
+ SQLException.class,
+ () -> userStmt.execute("INSERT INTO root.a(timestamp, b) VALUES (1,100)"));
+
+ adminStmt.execute("GRANT USER tempuser PRIVILEGES INSERT_TIMESERIES on root.a.**");
userStmt.execute("INSERT INTO root.a(timestamp, b) VALUES (1,100)");
// revoke privilege to insert
- adminStmt.execute("REVOKE USER tempuser PRIVILEGES INSERT_TIMESERIES on root.a.*");
- caught = false;
- try {
- userStmt.execute("INSERT INTO root.a(timestamp, b) VALUES (1,100)");
- } catch (SQLException e) {
- caught = true;
- }
- assertTrue(caught);
-
+ adminStmt.execute("REVOKE USER tempuser PRIVILEGES INSERT_TIMESERIES on root.a.**");
+ Assert.assertThrows(
+ SQLException.class,
+ () -> userStmt.execute("INSERT INTO root.a(timestamp, b) VALUES (1,100)"));
// grant privilege to query
- caught = false;
- try {
- userStmt.execute("SELECT * from root.a");
- } catch (SQLException e) {
- caught = true;
- }
- assertTrue(caught);
- adminStmt.execute("GRANT USER tempuser PRIVILEGES READ_TIMESERIES on root.a.*");
+ Assert.assertThrows(SQLException.class, () -> userStmt.execute("SELECT * from root.a"));
+
+ adminStmt.execute("GRANT USER tempuser PRIVILEGES READ_TIMESERIES on root.a.**");
userStmt.execute("SELECT * from root.a");
userStmt.getResultSet().close();
userStmt.execute("SELECT LAST b from root.a");
userStmt.getResultSet().close();
// revoke privilege to query
- adminStmt.execute("REVOKE USER tempuser PRIVILEGES READ_TIMESERIES on root.a.*");
- caught = false;
- try {
- userStmt.execute("SELECT * from root.a");
- } catch (SQLException e) {
- caught = true;
- }
- assertTrue(caught);
+ adminStmt.execute("REVOKE USER tempuser PRIVILEGES READ_TIMESERIES on root.a.**");
+ Assert.assertThrows(SQLException.class, () -> userStmt.execute("SELECT * from root.a"));
}
}
}
@@ -736,13 +548,8 @@ public class IoTDBAuthorizationIT {
Config.IOTDB_URL_PREFIX + "127.0.0.1:6667/", "tempuser", "temppw");
Statement userStmt = userCon.createStatement()) {
- boolean caught = false;
- try {
- userStmt.execute("CREATE ROLE admin");
- } catch (SQLException e) {
- caught = true;
- }
- assertTrue(caught);
+ Assert.assertThrows(SQLException.class, () -> userStmt.execute("CREATE ROLE admin"));
+
adminStmt.execute("CREATE ROLE admin");
adminStmt.execute(
"GRANT ROLE admin PRIVILEGES SET_STORAGE_GROUP,CREATE_TIMESERIES,DELETE_TIMESERIES,READ_TIMESERIES,INSERT_TIMESERIES on root.**");
@@ -757,25 +564,20 @@ public class IoTDBAuthorizationIT {
userStmt.getResultSet().close();
adminStmt.execute("REVOKE ROLE admin PRIVILEGES DELETE_TIMESERIES on root.**");
- caught = false;
- try {
- userStmt.execute("DELETE FROM root.* WHERE TIME <= 1000000000");
- } catch (SQLException e) {
- caught = true;
- }
- assertTrue(caught);
+
+ Assert.assertThrows(
+ SQLException.class,
+ () -> userStmt.execute("DELETE FROM root.* WHERE TIME <= 1000000000"));
adminStmt.execute("GRANT USER tempuser PRIVILEGES READ_TIMESERIES on root.**");
adminStmt.execute("REVOKE admin FROM tempuser");
userStmt.execute("SELECT * FROM root.**");
userStmt.getResultSet().close();
- caught = false;
- try {
- userStmt.execute("CREATE TIMESERIES root.a.b WITH DATATYPE=INT32,ENCODING=PLAIN");
- } catch (SQLException e) {
- caught = true;
- }
- assertTrue(caught);
+
+ Assert.assertThrows(
+ SQLException.class,
+ () ->
+ userStmt.execute("CREATE TIMESERIES root.a.b WITH DATATYPE=INT32,ENCODING=PLAIN"));
}
}
}
@@ -939,24 +741,8 @@ public class IoTDBAuthorizationIT {
adminStmt.execute("CREATE ROLE role1");
adminStmt.execute(
"GRANT ROLE role1 PRIVILEGES READ_TIMESERIES,INSERT_TIMESERIES,DELETE_TIMESERIES ON root.a.b.c");
- adminStmt.execute(
- "GRANT ROLE role1 PRIVILEGES READ_TIMESERIES,INSERT_TIMESERIES,DELETE_TIMESERIES ON root.b.*");
- adminStmt.execute(
- "GRANT ROLE role1 PRIVILEGES READ_TIMESERIES,INSERT_TIMESERIES,DELETE_TIMESERIES ON root.c.**");
adminStmt.execute(
"GRANT ROLE role1 PRIVILEGES READ_TIMESERIES,INSERT_TIMESERIES,DELETE_TIMESERIES ON root.d.b.c");
- adminStmt.execute(
- "GRANT ROLE role1 PRIVILEGES READ_TIMESERIES,INSERT_TIMESERIES,DELETE_TIMESERIES ON root.e.*.f");
- adminStmt.execute(
- "GRANT ROLE role1 PRIVILEGES READ_TIMESERIES,INSERT_TIMESERIES,DELETE_TIMESERIES ON root.f.**.g");
- adminStmt.execute(
- "GRANT ROLE role1 PRIVILEGES READ_TIMESERIES,INSERT_TIMESERIES,DELETE_TIMESERIES ON root.g.*.h.*");
- adminStmt.execute(
- "GRANT ROLE role1 PRIVILEGES READ_TIMESERIES,INSERT_TIMESERIES,DELETE_TIMESERIES ON root.h.**.i.**");
- adminStmt.execute(
- "GRANT ROLE role1 PRIVILEGES READ_TIMESERIES,INSERT_TIMESERIES,DELETE_TIMESERIES ON root.i.*.j.**");
- adminStmt.execute(
- "GRANT ROLE role1 PRIVILEGES READ_TIMESERIES,INSERT_TIMESERIES,DELETE_TIMESERIES ON root.j.**.k.*");
adminStmt.execute("GRANT role1 TO user1");
ResultSet resultSet = adminStmt.executeQuery("LIST PRIVILEGES USER user1");
@@ -965,75 +751,23 @@ public class IoTDBAuthorizationIT {
+ ",\n"
+ "role1,root.a.b.c : INSERT_TIMESERIES READ_TIMESERIES DELETE_TIMESERIES"
+ ",\n"
- + "role1,root.b.* : INSERT_TIMESERIES READ_TIMESERIES DELETE_TIMESERIES"
- + ",\n"
- + "role1,root.c.** : INSERT_TIMESERIES READ_TIMESERIES DELETE_TIMESERIES"
- + ",\n"
+ "role1,root.d.b.c : INSERT_TIMESERIES READ_TIMESERIES DELETE_TIMESERIES"
- + ",\n"
- + "role1,root.e.*.f : INSERT_TIMESERIES READ_TIMESERIES DELETE_TIMESERIES"
- + ",\n"
- + "role1,root.f.**.g : INSERT_TIMESERIES READ_TIMESERIES DELETE_TIMESERIES"
- + ",\n"
- + "role1,root.g.*.h.* : INSERT_TIMESERIES READ_TIMESERIES DELETE_TIMESERIES"
- + ",\n"
- + "role1,root.h.**.i.** : INSERT_TIMESERIES READ_TIMESERIES DELETE_TIMESERIES"
- + ",\n"
- + "role1,root.i.*.j.** : INSERT_TIMESERIES READ_TIMESERIES DELETE_TIMESERIES"
- + ",\n"
- + "role1,root.j.**.k.* : INSERT_TIMESERIES READ_TIMESERIES DELETE_TIMESERIES"
+ ",\n";
try {
validateResultSet(resultSet, ans);
- resultSet = adminStmt.executeQuery("LIST PRIVILEGES USER user1 ON root.a.b");
- ans = ",root.a.b : READ_TIMESERIES,\n";
- validateResultSet(resultSet, ans);
-
resultSet = adminStmt.executeQuery("LIST PRIVILEGES USER user1 ON root.a.b.c");
ans = "role1,root.a.b.c : INSERT_TIMESERIES READ_TIMESERIES DELETE_TIMESERIES,\n";
validateResultSet(resultSet, ans);
- resultSet = adminStmt.executeQuery("LIST PRIVILEGES USER user1 ON root.b.`x1.x2`");
- ans = "role1,root.b.* : INSERT_TIMESERIES READ_TIMESERIES DELETE_TIMESERIES,\n";
- validateResultSet(resultSet, ans);
-
- resultSet = adminStmt.executeQuery("LIST PRIVILEGES USER user1 ON root.c.d.e");
- ans = "role1,root.c.** : INSERT_TIMESERIES READ_TIMESERIES DELETE_TIMESERIES,\n";
- validateResultSet(resultSet, ans);
-
- resultSet = adminStmt.executeQuery("LIST PRIVILEGES USER user1 ON root.e.`x1.x2`.f");
- ans = "role1,root.e.*.f : INSERT_TIMESERIES READ_TIMESERIES DELETE_TIMESERIES,\n";
- validateResultSet(resultSet, ans);
-
- resultSet = adminStmt.executeQuery("LIST PRIVILEGES USER user1 ON root.f.x1.x2.g");
- ans = "role1,root.f.**.g : INSERT_TIMESERIES READ_TIMESERIES DELETE_TIMESERIES,\n";
- validateResultSet(resultSet, ans);
-
- resultSet = adminStmt.executeQuery("LIST PRIVILEGES USER user1 ON root.g.x1.h.x2");
- ans = "role1,root.g.*.h.* : INSERT_TIMESERIES READ_TIMESERIES DELETE_TIMESERIES,\n";
- validateResultSet(resultSet, ans);
-
- resultSet = adminStmt.executeQuery("LIST PRIVILEGES USER user1 ON root.h.x1.x2.i.x3.x4");
- ans = "role1,root.h.**.i.** : INSERT_TIMESERIES READ_TIMESERIES DELETE_TIMESERIES,\n";
- validateResultSet(resultSet, ans);
-
- resultSet = adminStmt.executeQuery("LIST PRIVILEGES USER user1 ON root.i.x1.j.x2.x3");
- ans = "role1,root.i.*.j.** : INSERT_TIMESERIES READ_TIMESERIES DELETE_TIMESERIES,\n";
- validateResultSet(resultSet, ans);
-
- resultSet = adminStmt.executeQuery("LIST PRIVILEGES USER user1 ON root.j.x1.x2.k.x3");
- ans = "role1,root.j.**.k.* : INSERT_TIMESERIES READ_TIMESERIES DELETE_TIMESERIES,\n";
- validateResultSet(resultSet, ans);
-
adminStmt.execute("REVOKE role1 from user1");
resultSet = adminStmt.executeQuery("LIST PRIVILEGES USER user1");
ans = ",root.a.b : READ_TIMESERIES,\n";
validateResultSet(resultSet, ans);
- resultSet = adminStmt.executeQuery("LIST PRIVILEGES USER user1 ON root.a.b");
- ans = ",root.a.b : READ_TIMESERIES,\n";
+ resultSet = adminStmt.executeQuery("LIST PRIVILEGES USER user1 ON root.a.b.c");
+ ans = "";
validateResultSet(resultSet, ans);
} finally {
resultSet.close();
@@ -1063,7 +797,6 @@ public class IoTDBAuthorizationIT {
"GRANT ROLE role1 PRIVILEGES READ_TIMESERIES,INSERT_TIMESERIES,DELETE_TIMESERIES ON root.a.b.c");
adminStmt.execute(
"GRANT ROLE role1 PRIVILEGES READ_TIMESERIES,INSERT_TIMESERIES,DELETE_TIMESERIES ON root.d.b.c");
-
resultSet = adminStmt.executeQuery("LIST PRIVILEGES ROLE role1");
ans =
"root.a.b.c : INSERT_TIMESERIES READ_TIMESERIES DELETE_TIMESERIES,\n"
@@ -1245,15 +978,11 @@ public class IoTDBAuthorizationIT {
Config.IOTDB_URL_PREFIX + "127.0.0.1:6667/", "tempuser", "temppw");
Statement userStmt = userCon.createStatement()) {
try {
- // without list user privilege
- ResultSet resultSet = userStmt.executeQuery("LIST USER");
- String ans = "";
- validateResultSet(resultSet, ans);
-
+ Assert.assertThrows(SQLException.class, () -> userStmt.execute("LIST USER"));
// with list user privilege
- adminStmt.execute("GRANT USER tempuser PRIVILEGES LIST_USER ON root.**");
- resultSet = userStmt.executeQuery("LIST USER");
- ans =
+ adminStmt.execute("GRANT USER tempuser PRIVILEGES LIST_USER on root.**");
+ ResultSet resultSet = userStmt.executeQuery("LIST USER");
+ String ans =
"root,\n"
+ "tempuser,\n"
+ "user0,\n"
@@ -1376,116 +1105,4 @@ public class IoTDBAuthorizationIT {
assertTrue(resultSet.next());
}
}
-
- @Test
- public void testEmptySetAuthorityCheck() throws ClassNotFoundException, SQLException {
- Class.forName(Config.JDBC_DRIVER_NAME);
- try (Connection adminConnection =
- DriverManager.getConnection(
- Config.IOTDB_URL_PREFIX + "127.0.0.1:6667/", "root", "root");
- Statement adminStatement = adminConnection.createStatement()) {
- adminStatement.execute("CREATE USER a_application 'a_application'");
- adminStatement.execute("GRANT USER a_application PRIVILEGES READ_TIMESERIES on root.ln.**;");
-
- adminStatement.execute("INSERT INTO root.ln.wt01.wf01(time, s1) VALUES(1, 2)");
- }
-
- try (Connection userConnection =
- DriverManager.getConnection(
- Config.IOTDB_URL_PREFIX + "127.0.0.1:6667/", "a_application", "a_application");
- Statement userStatement = userConnection.createStatement();
- ResultSet resultSet = userStatement.executeQuery("SELECT * FROM root.ln.*")) {
- assertFalse(resultSet.next());
- }
- }
-
- @Test
- public void testCheckGrantRevokePrivileges() throws ClassNotFoundException, SQLException {
- Class.forName(Config.JDBC_DRIVER_NAME);
- try (Connection adminCon =
- DriverManager.getConnection(
- Config.IOTDB_URL_PREFIX + "127.0.0.1:6667/", "root", "root");
- Statement adminStmt = adminCon.createStatement()) {
- adminStmt.execute("CREATE USER tempuser 'temppw'");
-
- adminStmt.execute("GRANT USER tempuser PRIVILEGES ALL on root.**");
- adminStmt.execute("REVOKE USER tempuser PRIVILEGES ALL on root.**");
- adminStmt.execute("GRANT USER tempuser PRIVILEGES ALL");
- adminStmt.execute(
- "GRANT USER tempuser PRIVILEGES INSERT_TIMESERIES, READ_TIMESERIES on root.ln.**");
- adminStmt.execute(
- "REVOKE USER tempuser PRIVILEGES INSERT_TIMESERIES, READ_TIMESERIES on root.ln.**");
- boolean caught = false;
- try {
- adminStmt.execute("GRANT USER tempuser PRIVILEGES ALL on root.ln.**");
- } catch (Exception e) {
- caught = true;
- }
- assertTrue(caught);
-
- caught = false;
- try {
- adminStmt.execute("REVOKE USER tempuser PRIVILEGES ALL on root.ln.**");
- } catch (Exception e) {
- caught = true;
- }
- assertTrue(caught);
-
- caught = false;
- try {
- adminStmt.execute("GRANT USER tempuser PRIVILEGES INSERT_TIMESERIES, ALL on root.ln.**");
- } catch (Exception e) {
- caught = true;
- }
- assertTrue(caught);
-
- caught = false;
- try {
- adminStmt.execute("REVOKE USER tempuser PRIVILEGES INSERT_TIMESERIES, ALL on root.ln.**");
- } catch (Exception e) {
- caught = true;
- }
- assertTrue(caught);
-
- adminStmt.execute("CREATE ROLE temprole");
- adminStmt.execute("GRANT ROLE temprole PRIVILEGES ALL on root.**");
- adminStmt.execute("REVOKE ROLE temprole PRIVILEGES ALL on root.**");
- adminStmt.execute("GRANT ROLE temprole PRIVILEGES ALL");
- adminStmt.execute(
- "GRANT ROLE temprole PRIVILEGES INSERT_TIMESERIES, READ_TIMESERIES on root.ln.**");
- adminStmt.execute(
- "REVOKE ROLE temprole PRIVILEGES INSERT_TIMESERIES, READ_TIMESERIES on root.ln.**");
- caught = false;
- try {
- adminStmt.execute("GRANT ROLE temprole PRIVILEGES ALL on root.ln.**");
- } catch (Exception e) {
- caught = true;
- }
- assertTrue(caught);
-
- caught = false;
- try {
- adminStmt.execute("REVOKE ROLE temprole PRIVILEGES ALL on root.ln.**");
- } catch (Exception e) {
- caught = true;
- }
- assertTrue(caught);
-
- caught = false;
- try {
- adminStmt.execute("GRANT ROLE temprole PRIVILEGES INSERT_TIMESERIES, ALL on root.ln.**");
- } catch (Exception e) {
- caught = true;
- }
- assertTrue(caught);
-
- caught = false;
- try {
- adminStmt.execute("REVOKE ROLE temprole PRIVILEGES INSERT_TIMESERIES, ALL on root.ln.**");
- } catch (Exception e) {
- caught = true;
- }
- assertTrue(caught);
- }
- }
}
diff --git a/server/src/main/java/org/apache/iotdb/db/localconfignode/LocalConfigNode.java b/server/src/main/java/org/apache/iotdb/db/localconfignode/LocalConfigNode.java
index 1a13ac2467..b4a3037ed8 100644
--- a/server/src/main/java/org/apache/iotdb/db/localconfignode/LocalConfigNode.java
+++ b/server/src/main/java/org/apache/iotdb/db/localconfignode/LocalConfigNode.java
@@ -1105,7 +1105,7 @@ public class LocalConfigNode {
}
}
break;
- case GRANT_ROLE_TO_USER:
+ case GRANT_USER_ROLE:
iAuthorizer.grantRoleToUser(roleName, userName);
break;
case REVOKE_USER:
@@ -1122,7 +1122,7 @@ public class LocalConfigNode {
}
}
break;
- case REVOKE_ROLE_FROM_USER:
+ case REVOKE_USER_ROLE:
iAuthorizer.revokeRoleFromUser(roleName, userName);
break;
default:
diff --git a/server/src/main/java/org/apache/iotdb/db/mpp/plan/parser/ASTVisitor.java b/server/src/main/java/org/apache/iotdb/db/mpp/plan/parser/ASTVisitor.java
index 92a3a9f584..d20b7007cd 100644
--- a/server/src/main/java/org/apache/iotdb/db/mpp/plan/parser/ASTVisitor.java
+++ b/server/src/main/java/org/apache/iotdb/db/mpp/plan/parser/ASTVisitor.java
@@ -1673,7 +1673,7 @@ public class ASTVisitor extends IoTDBSqlParserBaseVisitor<Statement> {
@Override
public Statement visitGrantRoleToUser(IoTDBSqlParser.GrantRoleToUserContext ctx) {
AuthorStatement authorStatement =
- new AuthorStatement(AuthorOperator.AuthorType.GRANT_ROLE_TO_USER);
+ new AuthorStatement(AuthorOperator.AuthorType.GRANT_USER_ROLE);
authorStatement.setRoleName(parseIdentifier(ctx.roleName.getText()));
authorStatement.setUserName(parseIdentifier(ctx.userName.getText()));
return authorStatement;
@@ -1746,7 +1746,7 @@ public class ASTVisitor extends IoTDBSqlParserBaseVisitor<Statement> {
@Override
public Statement visitRevokeRoleFromUser(IoTDBSqlParser.RevokeRoleFromUserContext ctx) {
AuthorStatement authorStatement =
- new AuthorStatement(AuthorOperator.AuthorType.REVOKE_ROLE_FROM_USER);
+ new AuthorStatement(AuthorOperator.AuthorType.REVOKE_USER_ROLE);
authorStatement.setRoleName(parseIdentifier(ctx.roleName.getText()));
authorStatement.setUserName(parseIdentifier(ctx.userName.getText()));
return authorStatement;
diff --git a/server/src/main/java/org/apache/iotdb/db/mpp/plan/statement/sys/AuthorStatement.java b/server/src/main/java/org/apache/iotdb/db/mpp/plan/statement/sys/AuthorStatement.java
index 40d04f3a07..29a279873e 100644
--- a/server/src/main/java/org/apache/iotdb/db/mpp/plan/statement/sys/AuthorStatement.java
+++ b/server/src/main/java/org/apache/iotdb/db/mpp/plan/statement/sys/AuthorStatement.java
@@ -75,10 +75,10 @@ public class AuthorStatement extends Statement implements IConfigStatement {
case UPDATE_USER:
this.setType(StatementType.MODIFY_PASSWORD);
break;
- case GRANT_ROLE_TO_USER:
- this.setType(StatementType.GRANT_ROLE_PRIVILEGE);
+ case GRANT_USER_ROLE:
+ this.setType(StatementType.GRANT_USER_ROLE);
break;
- case REVOKE_ROLE_FROM_USER:
+ case REVOKE_USER_ROLE:
this.setType(StatementType.REVOKE_USER_ROLE);
break;
case LIST_USER_PRIVILEGE:
@@ -175,10 +175,10 @@ public class AuthorStatement extends Statement implements IConfigStatement {
case DROP_ROLE:
case GRANT_ROLE:
case GRANT_USER:
- case GRANT_ROLE_TO_USER:
+ case GRANT_USER_ROLE:
case REVOKE_USER:
case REVOKE_ROLE:
- case REVOKE_ROLE_FROM_USER:
+ case REVOKE_USER_ROLE:
case UPDATE_USER:
queryType = QueryType.WRITE;
break;
diff --git a/server/src/main/java/org/apache/iotdb/db/qp/executor/PlanExecutor.java b/server/src/main/java/org/apache/iotdb/db/qp/executor/PlanExecutor.java
index 5ff9feb5f6..dc31226eb1 100644
--- a/server/src/main/java/org/apache/iotdb/db/qp/executor/PlanExecutor.java
+++ b/server/src/main/java/org/apache/iotdb/db/qp/executor/PlanExecutor.java
@@ -1936,7 +1936,7 @@ public class PlanExecutor implements IPlanExecutor {
}
}
break;
- case GRANT_ROLE_TO_USER:
+ case GRANT_USER_ROLE:
authorizerManager.grantRoleToUser(roleName, userName);
break;
case REVOKE_USER:
@@ -1953,7 +1953,7 @@ public class PlanExecutor implements IPlanExecutor {
}
}
break;
- case REVOKE_ROLE_FROM_USER:
+ case REVOKE_USER_ROLE:
authorizerManager.revokeRoleFromUser(roleName, userName);
break;
default:
diff --git a/server/src/main/java/org/apache/iotdb/db/qp/logical/sys/AuthorOperator.java b/server/src/main/java/org/apache/iotdb/db/qp/logical/sys/AuthorOperator.java
index 6e79d2b00d..bfe6031a13 100644
--- a/server/src/main/java/org/apache/iotdb/db/qp/logical/sys/AuthorOperator.java
+++ b/server/src/main/java/org/apache/iotdb/db/qp/logical/sys/AuthorOperator.java
@@ -135,10 +135,10 @@ public class AuthorOperator extends Operator {
DROP_ROLE,
GRANT_ROLE,
GRANT_USER,
- GRANT_ROLE_TO_USER,
+ GRANT_USER_ROLE,
REVOKE_USER,
REVOKE_ROLE,
- REVOKE_ROLE_FROM_USER,
+ REVOKE_USER_ROLE,
UPDATE_USER,
LIST_USER,
LIST_ROLE,
@@ -166,13 +166,13 @@ public class AuthorOperator extends Operator {
case 5:
return GRANT_USER;
case 6:
- return GRANT_ROLE_TO_USER;
+ return GRANT_USER_ROLE;
case 7:
return REVOKE_USER;
case 8:
return REVOKE_ROLE;
case 9:
- return REVOKE_ROLE_FROM_USER;
+ return REVOKE_USER_ROLE;
case 10:
return UPDATE_USER;
case 11:
@@ -207,13 +207,13 @@ public class AuthorOperator extends Operator {
return 4;
case GRANT_USER:
return 5;
- case GRANT_ROLE_TO_USER:
+ case GRANT_USER_ROLE:
return 6;
case REVOKE_USER:
return 7;
case REVOKE_ROLE:
return 8;
- case REVOKE_ROLE_FROM_USER:
+ case REVOKE_USER_ROLE:
return 9;
case UPDATE_USER:
return 10;
diff --git a/server/src/main/java/org/apache/iotdb/db/qp/physical/sys/AuthorPlan.java b/server/src/main/java/org/apache/iotdb/db/qp/physical/sys/AuthorPlan.java
index 6db520ad4a..bfb94ad0ff 100644
--- a/server/src/main/java/org/apache/iotdb/db/qp/physical/sys/AuthorPlan.java
+++ b/server/src/main/java/org/apache/iotdb/db/qp/physical/sys/AuthorPlan.java
@@ -106,10 +106,10 @@ public class AuthorPlan extends PhysicalPlan {
case UPDATE_USER:
this.setOperatorType(Operator.OperatorType.MODIFY_PASSWORD);
break;
- case GRANT_ROLE_TO_USER:
- this.setOperatorType(Operator.OperatorType.GRANT_ROLE_PRIVILEGE);
+ case GRANT_USER_ROLE:
+ this.setOperatorType(Operator.OperatorType.GRANT_USER_ROLE);
break;
- case REVOKE_ROLE_FROM_USER:
+ case REVOKE_USER_ROLE:
this.setOperatorType(Operator.OperatorType.REVOKE_USER_ROLE);
break;
case LIST_USER_PRIVILEGE:
@@ -151,7 +151,7 @@ public class AuthorPlan extends PhysicalPlan {
type = AuthorType.CREATE_USER;
break;
case REVOKE_USER_ROLE:
- type = AuthorType.REVOKE_ROLE_FROM_USER;
+ type = AuthorType.REVOKE_USER_ROLE;
break;
case REVOKE_ROLE_PRIVILEGE:
type = AuthorType.REVOKE_ROLE;
@@ -160,13 +160,13 @@ public class AuthorPlan extends PhysicalPlan {
type = AuthorType.REVOKE_USER;
break;
case GRANT_ROLE_PRIVILEGE:
- type = AuthorType.GRANT_ROLE_TO_USER;
+ type = AuthorType.GRANT_ROLE;
break;
case GRANT_USER_PRIVILEGE:
type = AuthorType.GRANT_USER;
break;
case GRANT_USER_ROLE:
- type = AuthorType.GRANT_ROLE;
+ type = AuthorType.GRANT_USER_ROLE;
break;
case MODIFY_PASSWORD:
type = AuthorType.UPDATE_USER;
diff --git a/server/src/main/java/org/apache/iotdb/db/qp/sql/IoTDBSqlVisitor.java b/server/src/main/java/org/apache/iotdb/db/qp/sql/IoTDBSqlVisitor.java
index e4c2673a34..7d922dc882 100644
--- a/server/src/main/java/org/apache/iotdb/db/qp/sql/IoTDBSqlVisitor.java
+++ b/server/src/main/java/org/apache/iotdb/db/qp/sql/IoTDBSqlVisitor.java
@@ -2010,8 +2010,7 @@ public class IoTDBSqlVisitor extends IoTDBSqlParserBaseVisitor<Operator> {
@Override
public Operator visitGrantRoleToUser(IoTDBSqlParser.GrantRoleToUserContext ctx) {
AuthorOperator authorOperator =
- new AuthorOperator(
- SQLConstant.TOK_AUTHOR_GRANT, AuthorOperator.AuthorType.GRANT_ROLE_TO_USER);
+ new AuthorOperator(SQLConstant.TOK_AUTHOR_GRANT, AuthorOperator.AuthorType.GRANT_USER_ROLE);
authorOperator.setRoleName(parseIdentifier(ctx.roleName.getText()));
authorOperator.setUserName(parseIdentifier(ctx.userName.getText()));
return authorOperator;
@@ -2086,7 +2085,7 @@ public class IoTDBSqlVisitor extends IoTDBSqlParserBaseVisitor<Operator> {
@Override
public Operator visitRevokeRoleFromUser(IoTDBSqlParser.RevokeRoleFromUserContext ctx) {
AuthorOperator authorOperator =
- new AuthorOperator(SQLConstant.TOK_AUTHOR_GRANT, AuthorType.REVOKE_ROLE_FROM_USER);
+ new AuthorOperator(SQLConstant.TOK_AUTHOR_GRANT, AuthorType.REVOKE_USER_ROLE);
authorOperator.setRoleName(parseIdentifier(ctx.roleName.getText()));
authorOperator.setUserName(parseIdentifier(ctx.userName.getText()));
return authorOperator;
diff --git a/server/src/main/java/org/apache/iotdb/db/service/thrift/impl/TSServiceImpl.java b/server/src/main/java/org/apache/iotdb/db/service/thrift/impl/TSServiceImpl.java
index 0654444a79..0fefed3604 100644
--- a/server/src/main/java/org/apache/iotdb/db/service/thrift/impl/TSServiceImpl.java
+++ b/server/src/main/java/org/apache/iotdb/db/service/thrift/impl/TSServiceImpl.java
@@ -773,6 +773,10 @@ public class TSServiceImpl implements IClientRPCServiceWithHandler {
private TSExecuteStatementResp submitQueryTask(
PhysicalPlan physicalPlan, long startTime, TSExecuteStatementReq req) throws Exception {
+ TSStatus status = SESSION_MANAGER.checkAuthority(physicalPlan, req.getSessionId());
+ if (status != null) {
+ return new TSExecuteStatementResp(status);
+ }
QueryTask queryTask =
new QueryTask(
physicalPlan,