@Override public void checkCanSelectFromTable(TransactionId transactionId, Identity identity, QualifiedObjectName tableName) { if (shouldDenyPrivilege(identity.getUser(), tableName.getObjectName(), SELECT_TABLE)) { denySelectTable(tableName.toString()); } if (denyPrivileges.isEmpty()) { super.checkCanSelectFromTable(transactionId, identity, tableName); } }
@Test public void testNoCatalogAccessControl() throws Exception { TransactionManager transactionManager = createTestTransactionManager(); AccessControlManager accessControlManager = new AccessControlManager(transactionManager); accessControlManager.setSystemAccessControl(ALLOW_ALL_ACCESS_CONTROL, ImmutableMap.<String, String>of()); transaction(transactionManager) .execute(transactionId -> { accessControlManager.checkCanSelectFromTable(transactionId, new Identity(USER_NAME, Optional.of(PRINCIPAL)), new QualifiedObjectName("catalog", "schema", "table")); }); }
@Test(expectedExceptions = PrestoException.class, expectedExceptionsMessageRegExp = "Access Denied: Cannot select from table schema.table") public void testDenyCatalogAccessControl() throws Exception { TransactionManager transactionManager = createTestTransactionManager(); AccessControlManager accessControlManager = new AccessControlManager(transactionManager); accessControlManager.setSystemAccessControl(ALLOW_ALL_ACCESS_CONTROL, ImmutableMap.<String, String>of()); registerBogusConnector(transactionManager, "connector"); accessControlManager.addCatalogAccessControl("connector", "catalog", new DenyConnectorAccessControl()); transaction(transactionManager) .execute(transactionId -> { accessControlManager.checkCanSelectFromTable(transactionId, new Identity(USER_NAME, Optional.of(PRINCIPAL)), new QualifiedObjectName("catalog", "schema", "table")); }); }