# LogicTest: local local-opt local-parallel-stmts fakedist fakedist-opt fakedist-metadata

# Disable automatic stats to avoid flakiness.
statement ok
SET CLUSTER SETTING sql.stats.automatic_collection.enabled = false

# Test default table-level permissions.
# Default user is root.
statement ok
CREATE DATABASE a

statement ok
SET DATABASE = a

statement ok
CREATE TABLE t (k INT PRIMARY KEY, v int)

statement ok
SELECT * from [54 as num_ref]

statement ok
SHOW GRANTS ON t

statement ok
CREATE USER bar

statement ok
GRANT ALL ON t TO bar

statement ok
REVOKE ALL ON t FROM bar

statement ok
INSERT INTO t VALUES (1, 1), (2, 2)

statement ok
SELECT * from t

statement ok
DELETE FROM t

statement ok
DELETE FROM t where k = 1

statement ok
UPDATE t SET v = 0

statement ok
UPDATE t SET v = 2 WHERE k = 2

statement ok
TRUNCATE t

statement ok
DROP TABLE t

statement ok
CREATE TABLE t (k INT PRIMARY KEY, v int)

# Switch to a user without any privileges.
user testuser

# This needs to be repeated since session variables are per client.
statement ok
SET DATABASE = a

statement ok
SHOW GRANTS ON t

statement error pq: user testuser has no privileges on relation t
SHOW COLUMNS FROM t

statement error pq: user testuser does not have SELECT privilege on relation t
SELECT r FROM t

statement error pq: user testuser does not have SELECT privilege on relation t
SELECT * from [56 as num_ref]

statement error user testuser does not have GRANT privilege on relation t
GRANT ALL ON t TO bar

statement error user testuser does not have GRANT privilege on relation t
REVOKE ALL ON t FROM bar

statement error user testuser does not have INSERT privilege on relation t
INSERT INTO t VALUES (1, 1), (2, 2)

statement error user testuser does not have SELECT privilege on relation t
SELECT * FROM t

statement ok
SELECT 1

statement error user testuser does not have DELETE privilege on relation t
DELETE FROM t

statement error user testuser does not have DELETE privilege on relation t
DELETE FROM t where k = 1

statement error user testuser does not have UPDATE privilege on relation t
UPDATE t SET v = 0

statement error user testuser does not have UPDATE privilege on relation t
UPDATE t SET v = 2 WHERE k = 2

statement error user testuser does not have DROP privilege on relation t
TRUNCATE t

statement error user testuser does not have DROP privilege on relation t
DROP TABLE t

# Grant SELECT privilege.
user root

statement ok
GRANT SELECT ON t TO testuser

user testuser

query TTBTTTB
SHOW COLUMNS FROM t
----
k  INT8  false  NULL  ·  {primary}  false
v  INT8  true   NULL  ·  {}         false

statement error user testuser does not have GRANT privilege on relation t
GRANT ALL ON t TO bar

statement error user testuser does not have GRANT privilege on relation t
REVOKE ALL ON t FROM bar

statement error user testuser does not have INSERT privilege on relation t
INSERT INTO t VALUES (1, 1), (2, 2)

statement error user testuser does not have INSERT privilege on relation t
UPSERT INTO t VALUES (1, 1), (2, 2)

statement ok
SELECT * FROM t

statement ok
SELECT 1

statement error user testuser does not have DELETE privilege on relation t
DELETE FROM t

statement error user testuser does not have DELETE privilege on relation t
DELETE FROM t where k = 1

statement error user testuser does not have UPDATE privilege on relation t
UPDATE t SET v = 0

statement error user testuser does not have UPDATE privilege on relation t
UPDATE t SET v = 2 WHERE k = 2

statement error user testuser does not have DROP privilege on relation t
TRUNCATE t

statement error user testuser does not have DROP privilege on relation t
DROP TABLE t

# Grant all but SELECT privilege.
user root

statement ok
GRANT ALL ON t TO testuser

statement ok
REVOKE SELECT ON t FROM testuser

user testuser

statement ok
GRANT ALL ON t TO bar

statement ok
REVOKE ALL ON t FROM bar

statement ok
INSERT INTO t VALUES (1, 1), (2, 2)

statement error user testuser does not have SELECT privilege on relation t
SELECT * FROM t

statement ok
SELECT 1

statement error user testuser does not have SELECT privilege on relation t
DELETE FROM t

statement error user testuser does not have SELECT privilege on relation t
DELETE FROM t where k = 1

statement error user testuser does not have SELECT privilege on relation t
UPDATE t SET v = 0

statement error user testuser does not have SELECT privilege on relation t
UPDATE t SET v = 2 WHERE k = 2

statement ok
TRUNCATE t

statement ok
DROP TABLE t

# Grant ALL privilege.
user root

statement ok
CREATE TABLE t (k INT PRIMARY KEY, v int)

statement ok
GRANT ALL ON t TO testuser

user testuser

statement ok
GRANT ALL ON t TO bar

statement ok
REVOKE ALL ON t FROM bar

statement ok
INSERT INTO t VALUES (1, 1), (2, 2)

statement ok
SELECT * FROM t

statement ok
SELECT 1

statement ok
DELETE FROM t

statement ok
DELETE FROM t where k = 1

statement ok
UPDATE t SET v = 0

statement ok
UPDATE t SET v = 2 WHERE k = 2

statement ok
TRUNCATE t

statement ok
DROP TABLE t

# Grant INSERT privilege.
user root

statement ok
CREATE TABLE t (k INT PRIMARY KEY, v int)

statement ok
GRANT INSERT ON t TO testuser

user testuser

statement ok
INSERT INTO t VALUES (1, 2)

statement error user testuser does not have SELECT privilege on relation t
INSERT INTO t VALUES (1, 2) ON CONFLICT (k) DO NOTHING

statement error user testuser does not have SELECT privilege on relation t
INSERT INTO t VALUES (1, 2) ON CONFLICT (k) DO UPDATE SET v = excluded.v

statement error user testuser does not have SELECT privilege on relation t
UPSERT INTO t VALUES (1, 2)

user root

statement ok
GRANT SELECT ON t TO testuser

user testuser

statement ok
INSERT INTO t VALUES (1, 2) ON CONFLICT (k) DO NOTHING

statement error user testuser does not have UPDATE privilege on relation t
UPSERT INTO t VALUES (1, 2)

statement error user testuser does not have UPDATE privilege on relation t
INSERT INTO t VALUES (1, 2) ON CONFLICT (k) DO UPDATE SET v = excluded.v

# Grant UPDATE privilege (in addition to INSERT).
user root

statement ok
GRANT UPDATE ON t TO testuser

user testuser

statement ok
UPSERT INTO t VALUES (1, 2)

statement ok
INSERT INTO t VALUES (1, 2) ON CONFLICT (k) DO UPDATE SET v = excluded.v

user root

statement ok
DROP TABLE t

# SHOW privileges.

statement ok
CREATE TABLE t (k INT PRIMARY KEY, v int)

user testuser

statement error user testuser has no privileges on relation t
SHOW COLUMNS FROM t

statement error user testuser has no privileges on relation t
SHOW CREATE TABLE t

statement error user testuser has no privileges on relation t
SHOW INDEX FROM t

statement error user testuser has no privileges on relation t
SHOW CONSTRAINTS FROM t

user root

statement ok
GRANT SELECT ON t TO testuser

user testuser

statement ok
SHOW COLUMNS FROM t

statement ok
SHOW CREATE TABLE t

statement ok
SHOW INDEX FROM t

statement ok
SHOW CONSTRAINTS FROM t
