Improve authorization test coverage for update/upsert/delete statements

Currently the authorization test code for update/insert/delete statements only test against "server" scope which can give an illusion that an ALL privilege on "server" is required for those statements. The privilege scope for those statements are at the "table"-level, so we need to make sure we have tests for that.