@@ -66,8 +66,22 @@ public void listUserPrivileges() throws SQLException {
6666 Statement adminStmt = adminCon .createStatement ()) {
6767
6868 adminStmt .execute ("create user testuser 'password123456'" );
69+ try (Connection userCon =
70+ EnvFactory .getEnv ()
71+ .getConnection ("testuser" , "password123456" , BaseEnv .TABLE_SQL_DIALECT );
72+ Statement userStmt = userCon .createStatement ()) {
73+ ResultSet resultSet = userStmt .executeQuery ("LIST USER" );
74+ Assert .assertTrue (resultSet .next ());
75+ Assert .assertEquals ("testuser" , resultSet .getString (1 ));
76+ Assert .assertFalse (resultSet .next ());
77+ }
6978 adminStmt .execute ("create database testdb" );
70- adminStmt .execute ("GRANT MANAGE_USER to user testuser" );
79+ adminStmt .execute ("GRANT SECURITY to user testuser" );
80+ Assert .assertThrows (
81+ SQLException .class ,
82+ () -> {
83+ adminStmt .execute ("GRANT MANAGE_USER to user testuser" );
84+ });
7185 Assert .assertThrows (
7286 SQLException .class ,
7387 () -> {
@@ -85,7 +99,11 @@ public void listUserPrivileges() throws SQLException {
8599 adminStmt .execute ("GRANT MAINTAIN to user testuser" );
86100 });
87101
88- adminStmt .execute ("GRANT MANAGE_ROLE TO USER testuser" );
102+ Assert .assertThrows (
103+ SQLException .class ,
104+ () -> {
105+ adminStmt .execute ("GRANT MANAGE_ROLE to user testuser" );
106+ });
89107 adminStmt .execute ("GRANT SELECT ON ANY TO USER testuser" );
90108 adminStmt .execute ("GRANT INSERT ON ANY TO USER testuser" );
91109 adminStmt .execute ("GRANT DELETE ON ANY TO USER testuser" );
@@ -106,8 +124,7 @@ public void listUserPrivileges() throws SQLException {
106124 Set <String > ans =
107125 new HashSet <>(
108126 Arrays .asList (
109- ",,MANAGE_USER,false," ,
110- ",,MANAGE_ROLE,false," ,
127+ ",,SECURITY,false," ,
111128 ",*.*,SELECT,false," ,
112129 ",*.*,INSERT,false," ,
113130 ",*.*,DELETE,false," ,
@@ -162,8 +179,7 @@ public void checkAuthorStatementPrivilegeCheck() throws SQLException {
162179 });
163180
164181 // admin can do all things below.
165- adminStmt .execute ("GRANT MANAGE_USER to user testuser2 with grant option" );
166- adminStmt .execute ("GRANT MANAGE_ROLE to user testuser" );
182+ adminStmt .execute ("GRANT SECURITY to user testuser with grant option" );
167183
168184 adminStmt .execute ("use testdb" );
169185 adminStmt .execute ("GRANT SELECT ON TABLE TB to user testuser" );
@@ -183,49 +199,18 @@ public void checkAuthorStatementPrivilegeCheck() throws SQLException {
183199 EnvFactory .getEnv ()
184200 .getConnection ("testuser" , "password123456" , BaseEnv .TABLE_SQL_DIALECT );
185201 Statement userStmt = userCon1 .createStatement ()) {
186- // 1. user1's privileges
187- // testdb.TB select
188- // testdb.TB insert
189- // testdb.* insert
190- // any alter
191- // manage_role
192-
193- // cannot create user
194- Assert .assertThrows (
195- SQLException .class ,
196- () -> {
197- userStmt .execute ("CREATE USER testuser3 'password'" );
198- });
202+
199203 // can create role
200204 userStmt .execute ("CREATE ROLE testrole2" );
201205 // can grant role to user
202206 userStmt .execute ("GRANT ROLE testrole2 to testuser" );
203- // cannot grant privileges to other
204- Assert .assertThrows (
205- SQLException .class ,
206- () -> {
207- userStmt .execute ("GRANT SELECT ON testdb.TB to role testrole2" );
208- });
209-
210- Assert .assertThrows (
211- SQLException .class ,
212- () -> {
213- userStmt .execute ("GRANT ALTER ON ANY to role testrole2" );
214- });
215-
216- // cannot grant manage_role to other
217- Assert .assertThrows (
218- SQLException .class ,
219- () -> {
220- userStmt .execute ("GRANT manage_role to role testrole2" );
221- });
222207
223208 // can list itself privileges and the all roles privileges
224209 ResultSet rs = userStmt .executeQuery ("List privileges of user testuser" );
225210 Set <String > ans =
226211 new HashSet <>(
227212 Arrays .asList (
228- ",,MANAGE_ROLE,false ," ,
213+ ",,SECURITY,true ," ,
229214 ",*.*,ALTER,false," ,
230215 ",testdb.*,INSERT,false," ,
231216 ",testdb.tb,SELECT,false," ,
@@ -237,60 +222,14 @@ public void checkAuthorStatementPrivilegeCheck() throws SQLException {
237222 rs = userStmt .executeQuery ("List privileges of role testrole2" );
238223 TestUtils .assertResultSetEqual (
239224 rs , "Role,Scope,Privileges,GrantOption," , Collections .emptySet ());
240- // testdb.TB's privilege is not grant option.
241- Assert .assertThrows (
242- SQLException .class ,
243- () -> {
244- userStmt .execute ("GRANT insert on testdb.TB to role testrole2" );
245- });
246-
247- Assert .assertThrows (
248- SQLException .class ,
249- () -> {
250- userStmt .execute ("GRANT ALTER on any to role testrole2" );
251- });
252- }
253-
254- try (Connection userCon1 =
255- EnvFactory .getEnv ()
256- .getConnection ("testuser2" , "password123456" , BaseEnv .TABLE_SQL_DIALECT );
257- Statement userStmt = userCon1 .createStatement ()) {
258- // 2. user2's privileges
259- // MANAGE_USER with grant option
260- // testdb.tb drop with grant option
261- // testdb.tb create with grant option
262- // testdb.* drop with grant option
263- // any select with grant option
264-
265- // can create user.
266225 userStmt .execute ("CREATE USER testuser3 'password123456'" );
267226
268- // can not create role
269- Assert .assertThrows (
270- SQLException .class ,
271- () -> {
272- userStmt .execute ("CREATE ROLE testrole3" );
273- });
274-
275- // cannot list role's privileges
276- Assert .assertThrows (
277- SQLException .class ,
278- () -> {
279- userStmt .executeQuery ("List privileges of role testrole" );
280- });
281-
282227 userStmt .execute ("GRANT drop on database testdb to user testuser3" );
283228 userStmt .execute ("GRANT SELECT ON database testdb to user testuser3" );
284- ResultSet rs = userStmt .executeQuery ("List privileges of user testuser3" );
285- Set <String > ans =
286- new HashSet <>(Arrays .asList (",testdb.*,SELECT,false," , ",testdb.*,DROP,false," ));
229+ rs = userStmt .executeQuery ("List privileges of user testuser3" );
230+ ans = new HashSet <>(Arrays .asList (",testdb.*,SELECT,false," , ",testdb.*,DROP,false," ));
287231 TestUtils .assertResultSetEqual (rs , "Role,Scope,Privileges,GrantOption," , ans );
288232 userStmt .execute ("REVOKE SELECT ON DATABASE testdb from user testuser3" );
289- Assert .assertThrows (
290- SQLException .class ,
291- () -> {
292- userStmt .execute ("GRANT CREATE ON DATABASE testdb to user testuser3" );
293- });
294233
295234 rs = userStmt .executeQuery ("List privileges of user testuser3" );
296235 TestUtils .assertResultSetEqual (
@@ -329,7 +268,7 @@ public void checkGrantRevokeAllPrivileges() throws SQLException {
329268 + " with grant option" );
330269 Set <String > listPrivilegeResult = new HashSet <>();
331270 for (PrivilegeType privilegeType : PrivilegeType .values ()) {
332- if (privilegeType .isRelationalPrivilege ()) {
271+ if (privilegeType .isRelationalPrivilege () && ! privilegeType . isDeprecated () ) {
333272 listPrivilegeResult .add (
334273 (isUser ? "," : "test," ) + "testdb.tb1," + privilegeType + ",true," );
335274 }
@@ -426,6 +365,9 @@ public void checkGrantRevokeAllPrivileges() throws SQLException {
426365 // 1. grant all on user/role
427366 adminStmt .execute ("grant all to " + (isUser ? "user test" : "role test" ));
428367 for (PrivilegeType privilegeType : PrivilegeType .values ()) {
368+ if (privilegeType .isDeprecated () || privilegeType .isHided ()) {
369+ continue ;
370+ }
429371 if (privilegeType .isRelationalPrivilege ()) {
430372 listPrivilegeResult .add ((isUser ? "," : "test," ) + "*.*," + privilegeType + ",false," );
431373 } else if (privilegeType .forRelationalSys ()) {
@@ -475,7 +417,9 @@ public void checkGrantRevokeAllPrivileges() throws SQLException {
475417
476418 Set <String > listUserPrivilegeResult = new HashSet <>();
477419 for (PrivilegeType privilegeType : PrivilegeType .values ()) {
478- if (privilegeType == PrivilegeType .SELECT ) {
420+ if (privilegeType == PrivilegeType .SELECT
421+ || privilegeType .isDeprecated ()
422+ || privilegeType .isHided ()) {
479423 continue ;
480424 }
481425 if (privilegeType .isRelationalPrivilege ()) {
@@ -488,6 +432,9 @@ public void checkGrantRevokeAllPrivileges() throws SQLException {
488432
489433 Set <String > listRolePrivilegeResult = new HashSet <>();
490434 for (PrivilegeType privilegeType : PrivilegeType .values ()) {
435+ if (privilegeType .isDeprecated () || privilegeType .isHided ()) {
436+ continue ;
437+ }
491438 if (privilegeType .isRelationalPrivilege ()) {
492439 listRolePrivilegeResult .add ("role1,*.*," + privilegeType + ",true," );
493440 }
@@ -507,20 +454,6 @@ public void checkGrantRevokeAllPrivileges() throws SQLException {
507454 resultSet = userConStatement .executeQuery ("List privileges of role role1" );
508455 TestUtils .assertResultSetEqual (
509456 resultSet , "Role,Scope,Privileges,GrantOption," , listRolePrivilegeResult );
510-
511- // Do not have grant option
512- Assert .assertThrows (
513- SQLException .class ,
514- () -> {
515- userConStatement .execute ("GRANT SELECT ON DATABASE TEST to role role1" );
516- });
517-
518- // Do not have grant option
519- Assert .assertThrows (
520- SQLException .class ,
521- () -> {
522- userConStatement .execute ("GRANT ALL to user test2" );
523- });
524457 }
525458
526459 try (Connection userCon =
@@ -537,7 +470,7 @@ public void checkGrantRevokeAllPrivileges() throws SQLException {
537470
538471 try (Connection adminCon = EnvFactory .getEnv ().getConnection (BaseEnv .TABLE_SQL_DIALECT );
539472 Statement adminStmt = adminCon .createStatement ()) {
540- adminStmt .execute ("revoke MANAGE_USER from user test2" );
473+ adminStmt .execute ("revoke SECURITY from user test2" );
541474 }
542475
543476 try (Connection userCon =
0 commit comments