1-- 2-- Test for facilities of security label 3-- 4 5-- initial setups 6SET client_min_messages TO 'warning'; 7 8DROP ROLE IF EXISTS regress_seclabel_user1; 9DROP ROLE IF EXISTS regress_seclabel_user2; 10 11RESET client_min_messages; 12 13CREATE USER regress_seclabel_user1 WITH CREATEROLE; 14CREATE USER regress_seclabel_user2; 15 16CREATE TABLE seclabel_tbl1 (a int, b text); 17CREATE TABLE seclabel_tbl2 (x int, y text); 18CREATE VIEW seclabel_view1 AS SELECT * FROM seclabel_tbl2; 19CREATE FUNCTION seclabel_four() RETURNS integer AS $$SELECT 4$$ language sql; 20CREATE DOMAIN seclabel_domain AS text; 21 22ALTER TABLE seclabel_tbl1 OWNER TO regress_seclabel_user1; 23ALTER TABLE seclabel_tbl2 OWNER TO regress_seclabel_user2; 24 25-- 26-- Test of SECURITY LABEL statement without a plugin 27-- 28SECURITY LABEL ON TABLE seclabel_tbl1 IS 'classified'; -- fail 29SECURITY LABEL FOR 'dummy' ON TABLE seclabel_tbl1 IS 'classified'; -- fail 30SECURITY LABEL ON TABLE seclabel_tbl1 IS '...invalid label...'; -- fail 31SECURITY LABEL ON TABLE seclabel_tbl3 IS 'unclassified'; -- fail 32 33SECURITY LABEL ON ROLE regress_seclabel_user1 IS 'classified'; -- fail 34SECURITY LABEL FOR 'dummy' ON ROLE regress_seclabel_user1 IS 'classified'; -- fail 35SECURITY LABEL ON ROLE regress_seclabel_user1 IS '...invalid label...'; -- fail 36SECURITY LABEL ON ROLE regress_seclabel_user3 IS 'unclassified'; -- fail 37 38-- clean up objects 39DROP FUNCTION seclabel_four(); 40DROP DOMAIN seclabel_domain; 41DROP VIEW seclabel_view1; 42DROP TABLE seclabel_tbl1; 43DROP TABLE seclabel_tbl2; 44DROP USER regress_seclabel_user1; 45DROP USER regress_seclabel_user2; 46