summaryrefslogtreecommitdiffstats
path: root/src/test/regress/sql/security_label.sql
blob: 98e6a5f2113a1ff3ba8c2e417dfabcad6c198fa3 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
--
-- Test for facilities of security label
--

-- initial setups
SET client_min_messages TO 'warning';

DROP ROLE IF EXISTS regress_seclabel_user1;
DROP ROLE IF EXISTS regress_seclabel_user2;

RESET client_min_messages;

CREATE USER regress_seclabel_user1 WITH CREATEROLE;
CREATE USER regress_seclabel_user2;

CREATE TABLE seclabel_tbl1 (a int, b text);
CREATE TABLE seclabel_tbl2 (x int, y text);
CREATE VIEW seclabel_view1 AS SELECT * FROM seclabel_tbl2;
CREATE FUNCTION seclabel_four() RETURNS integer AS $$SELECT 4$$ language sql;
CREATE DOMAIN seclabel_domain AS text;

ALTER TABLE seclabel_tbl1 OWNER TO regress_seclabel_user1;
ALTER TABLE seclabel_tbl2 OWNER TO regress_seclabel_user2;

--
-- Test of SECURITY LABEL statement without a plugin
--
SECURITY LABEL ON TABLE seclabel_tbl1 IS 'classified';			-- fail
SECURITY LABEL FOR 'dummy' ON TABLE seclabel_tbl1 IS 'classified';		-- fail
SECURITY LABEL ON TABLE seclabel_tbl1 IS '...invalid label...';		-- fail
SECURITY LABEL ON TABLE seclabel_tbl3 IS 'unclassified';			-- fail

SECURITY LABEL ON ROLE regress_seclabel_user1 IS 'classified';			-- fail
SECURITY LABEL FOR 'dummy' ON ROLE regress_seclabel_user1 IS 'classified';		-- fail
SECURITY LABEL ON ROLE regress_seclabel_user1 IS '...invalid label...';		-- fail
SECURITY LABEL ON ROLE regress_seclabel_user3 IS 'unclassified';			-- fail

-- clean up objects
DROP FUNCTION seclabel_four();
DROP DOMAIN seclabel_domain;
DROP VIEW seclabel_view1;
DROP TABLE seclabel_tbl1;
DROP TABLE seclabel_tbl2;
DROP USER regress_seclabel_user1;
DROP USER regress_seclabel_user2;