25-Privileges¶
¶
Privileges basic
1. Test common user privileges
2. Test common user with create database privilege
3. Test grant read and write privileges with condition
4. Test grant privilege on multiple tables
5. Test grant privilege error cases
6. Test revoke privilege
7. Test grant on super/child/normal table
¶
Privilege control
[Database Privileges]
- CREATE DATABASE
- ALTER DATABASE
- DROP DATABASE
- USE DATABASE
- SHOW DATABASES
[Table Privileges]
- CREATE TABLE
- DROP TABLE
- ALTER TABLE
- SELECT
- INSERT
- DELETE
[Column and Row Privileges]
- Column-Level Privilege
- Row-Level with Tag Condition
- Column Mask
- Row-Level Complex Conditions (AND/OR combinations)
- Row-Level Time Range Conditions
- Row-Level Mixed Tag and Data Conditions
- Combined Column and Row Privileges
- Column Privilege Update Priority
- Privilege Update Time Priority (User vs Role)
[Role-Based Access Control]
- Role Creation and Grant
- System Roles (SYSDBA/SYSSEC/SYSAUDIT)
- Audit Database Privileges (3.4.0.0+)
[System Privileges]
- User Management (ALTER USER, SHOW USERS SECURITY INFORMATION)
- Token Management (CREATE/ALTER/DROP TOKEN, SHOW TOKENS)
- TOTP Management (CREATE/DROP TOTP)
- Password Management (ALTER PASS, ALTER SELF PASS)
- Node Management (CREATE/DROP NODE, SHOW NODES)
- Mount Management (CREATE/DROP MOUNT, SHOW MOUNTS)
- System Variable Management (ALTER/SHOW SYSTEM/SECURITY/AUDIT/DEBUG VARIABLES)
- Information Schema Access (READ INFORMATION_SCHEMA BASIC/PRIVILEGED/SECURITY/AUDIT)
- System Monitoring (SHOW/KILL TRANSACTIONS/CONNECTIONS/QUERIES)
- Cluster Information (SHOW GRANTS/CLUSTER/APPS)
- Privilege Delegation (GRANT/REVOKE PRIVILEGE)
[Function and Index Privileges]
- CREATE FUNCTION
- CREATE INDEX
[View, Topic and Stream Privileges (3.4.0.0+)]
- View Privileges (SELECT VIEW, ALTER VIEW, DROP VIEW)
- Topic Privileges (SUBSCRIBE, DROP TOPIC)
- Stream Privileges (SHOW, START, STOP, DROP STREAM)
[Exception and Reverse Test Cases]
- Privilege Inheritance
- Privilege Conflict Resolution
- Wildcard Privilege (*.* and db.*)
- Privilege Revoke Cascading
- Invalid Privilege Operations
- Privilege Boundary Conditions
- Owner Special Privileges
- Database Owner Privileges (implicit permissions)
- Object Owner Privileges (tables, views, topics, streams)
- Permission Query and Display (SHOW USER/ROLE PRIVILEGES, information_schema)
- Concurrent Privilege Operations
[Three-Power Separation Tests (3.4.0.0+)]
- Root User Initial Permissions
- Role Separation Best Practice (Three-Power Separation)
- Daily Operations Without Root
- System Role Constraints
¶
Test basic privileges of Discretionary Access Control and Mandatory Access Control
1. Test mandatory SoD(Separation of Duty).
2. Test mandatory access control with security levels.
3. Test CREATE with SECURITY_LEVEL and ALTER SECURITY POLICY.
¶
Privileges basic
1. Test basic user privileges(grant/revoke/show user privileges)
2. Test basic role privileges(grant/revoke/show role privileges)
3. Test system privileges
4. Test database privileges
5. Test table privileges
6. Test row privileges
7. Test column privileges
8. Test grant privileges
9. Test view privileges
10. Test audit privileges
11. Test user privileges
12. Test role privileges
13. Test variable privileges
¶
Privileges subscribe
1. Prepare 1 database, 1 super table, 4 child tables
2. Insert data into child tables
3. Create topic on the database by admin user
4. Create normal user
5. Test subscribe topic privilege without granted
6. Grant subscribe privilege on the topic to normal user
7. Test subscribe topic privilege after granted
8. Revoke subscribe privilege on the topic from normal user
9. Test subscribe topic privilege after revoked