mariadb/mysql-test/suite/roles/admin.result

create user foo@localhost;
grant create user on *.* to foo@localhost;
create role role1;
create role role2 with admin current_user;
create role role3 with admin current_role;
ERROR 0L000: Invalid definer
create role role3 with admin role1;
create role role4 with admin root@localhost;
connect  c1, localhost, foo,,;
create role role5 with admin root@localhost;
ERROR 42000: Access denied; you need (at least one of) the SUPER privilege(s) for this operation
create role role5 with admin role3;
ERROR 42000: Access denied; you need (at least one of) the SUPER privilege(s) for this operation
create role role5 with admin foo@localhost;
connection default;
call mtr.add_suppression("Invalid roles_mapping table entry user:'foo@bar', rolename:'role6'");
create role role6 with admin foo@bar;
Warnings:
Note	1449	The user specified as a definer ('foo'@'bar') does not exist
create user bar with admin current_user;
ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'admin current_user' at line 1
grant role1 to foo@localhost with admin option;
grant role2 to foo@localhost;
grant role2 to role1;
grant role4 to role3 with admin option;
grant select on *.* to foo@localhost with admin option;
ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'admin option' at line 1
show grants for foo@localhost;
Grants for foo@localhost
GRANT CREATE USER ON *.* TO 'foo'@'localhost'
GRANT role1 TO 'foo'@'localhost' WITH ADMIN OPTION
GRANT role2 TO 'foo'@'localhost'
GRANT role5 TO 'foo'@'localhost' WITH ADMIN OPTION
show grants for role1;
Grants for role1
GRANT USAGE ON *.* TO 'role1'
GRANT USAGE ON *.* TO 'role2'
GRANT USAGE ON *.* TO 'role3'
GRANT USAGE ON *.* TO 'role4'
GRANT role2 TO 'role1'
GRANT role3 TO 'role1' WITH ADMIN OPTION
GRANT role4 TO 'role3' WITH ADMIN OPTION
show grants for role4;
Grants for role4
GRANT USAGE ON *.* TO 'role4'
select * from mysql.roles_mapping;
Host	User	Role	Admin_option
	role1	role2	N
	role1	role3	Y
	role3	role4	Y
bar	foo	role6	Y
localhost	foo	role1	Y
localhost	foo	role2	N
localhost	foo	role5	Y
localhost	root	role1	Y
localhost	root	role2	Y
localhost	root	role4	Y
flush privileges;
show grants for foo@localhost;
Grants for foo@localhost
GRANT CREATE USER ON *.* TO 'foo'@'localhost'
GRANT role1 TO 'foo'@'localhost' WITH ADMIN OPTION
GRANT role2 TO 'foo'@'localhost'
GRANT role5 TO 'foo'@'localhost' WITH ADMIN OPTION
show grants for role1;
Grants for role1
GRANT USAGE ON *.* TO 'role1'
GRANT USAGE ON *.* TO 'role2'
GRANT USAGE ON *.* TO 'role3'
GRANT USAGE ON *.* TO 'role4'
GRANT role2 TO 'role1'
GRANT role3 TO 'role1' WITH ADMIN OPTION
GRANT role4 TO 'role3' WITH ADMIN OPTION
show grants for role4;
Grants for role4
GRANT USAGE ON *.* TO 'role4'
select * from information_schema.applicable_roles;
GRANTEE	ROLE_NAME	IS_GRANTABLE	IS_DEFAULT
role1	role2	NO	NULL
role1	role3	YES	NULL
role3	role4	YES	NULL
root@localhost	role1	YES	NO
root@localhost	role2	YES	NO
root@localhost	role4	YES	NO
grant role2 to role1 with admin option;
revoke role1 from foo@localhost;
revoke admin option for role4 from role3;
revoke admin option for role2 from foo@localhost;
revoke admin option for role1 from root@localhost;
show grants for foo@localhost;
Grants for foo@localhost
GRANT CREATE USER ON *.* TO 'foo'@'localhost'
GRANT role2 TO 'foo'@'localhost'
GRANT role5 TO 'foo'@'localhost' WITH ADMIN OPTION
show grants for role1;
Grants for role1
GRANT USAGE ON *.* TO 'role1'
GRANT USAGE ON *.* TO 'role2'
GRANT USAGE ON *.* TO 'role3'
GRANT USAGE ON *.* TO 'role4'
GRANT role2 TO 'role1' WITH ADMIN OPTION
GRANT role3 TO 'role1' WITH ADMIN OPTION
GRANT role4 TO 'role3'
show grants for role4;
Grants for role4
GRANT USAGE ON *.* TO 'role4'
select * from mysql.roles_mapping;
Host	User	Role	Admin_option
	role1	role2	Y
	role1	role3	Y
	role3	role4	N
bar	foo	role6	Y
localhost	foo	role2	N
localhost	foo	role5	Y
localhost	root	role1	N
localhost	root	role2	Y
localhost	root	role4	Y
flush privileges;
show grants for foo@localhost;
Grants for foo@localhost
GRANT CREATE USER ON *.* TO 'foo'@'localhost'
GRANT role2 TO 'foo'@'localhost'
GRANT role5 TO 'foo'@'localhost' WITH ADMIN OPTION
show grants for role1;
Grants for role1
GRANT USAGE ON *.* TO 'role1'
GRANT USAGE ON *.* TO 'role2'
GRANT USAGE ON *.* TO 'role3'
GRANT USAGE ON *.* TO 'role4'
GRANT role2 TO 'role1' WITH ADMIN OPTION
GRANT role3 TO 'role1' WITH ADMIN OPTION
GRANT role4 TO 'role3'
show grants for role4;
Grants for role4
GRANT USAGE ON *.* TO 'role4'
select * from information_schema.applicable_roles;
GRANTEE	ROLE_NAME	IS_GRANTABLE	IS_DEFAULT
role1	role2	YES	NULL
role1	role3	YES	NULL
role3	role4	NO	NULL
root@localhost	role1	NO	NO
root@localhost	role2	YES	NO
root@localhost	role4	YES	NO
grant role1 to role4;
ERROR 28000: Access denied for user 'root'@'localhost'
grant role1 to role4 with admin option;
ERROR 28000: Access denied for user 'root'@'localhost'
grant role3 to role2;
revoke role3 from role2;
grant role4 to role2 with admin option;
revoke role2 from current_user;
revoke role4 from current_user;
grant role4 to current_user;
drop role role1, role2, role3, role4, role5, role6;
drop user foo@localhost;
MDEV-6066: Merge new defaults from 5.6 and 5.7 (defaults changed, QC can be stopped with no-zero size) 2015-08-11 18:45:38 +02:00			`create user foo@localhost;`
require SUPER to specify an arbitrary admin 2013-10-18 12:26:29 -07:00			`grant create user on . to foo@localhost;`
New syntax: CREATE ROLE xxx WITH ADMIN yyy GRANT xxx TO yyy WITH ADMIN OPTION REVOKE ADMIN OPTION FOR xxx FROM yyy 2013-10-18 12:23:15 -07:00			`create role role1;`
			`create role role2 with admin current_user;`
			`create role role3 with admin current_role;`
auto-grant a role to its admin on CREATE ROLE 2013-10-18 12:26:05 -07:00			`ERROR 0L000: Invalid definer`
			`create role role3 with admin role1;`
New syntax: CREATE ROLE xxx WITH ADMIN yyy GRANT xxx TO yyy WITH ADMIN OPTION REVOKE ADMIN OPTION FOR xxx FROM yyy 2013-10-18 12:23:15 -07:00			`create role role4 with admin root@localhost;`
MDEV-6720 - enable connection log in mysqltest by default 2016-03-25 20:51:22 +04:00			`connect c1, localhost, foo,,;`
require SUPER to specify an arbitrary admin 2013-10-18 12:26:29 -07:00			`create role role5 with admin root@localhost;`
			`ERROR 42000: Access denied; you need (at least one of) the SUPER privilege(s) for this operation`
			`create role role5 with admin role3;`
			`ERROR 42000: Access denied; you need (at least one of) the SUPER privilege(s) for this operation`
New syntax: CREATE ROLE xxx WITH ADMIN yyy GRANT xxx TO yyy WITH ADMIN OPTION REVOKE ADMIN OPTION FOR xxx FROM yyy 2013-10-18 12:23:15 -07:00			`create role role5 with admin foo@localhost;`
MDEV-6720 - enable connection log in mysqltest by default 2016-03-25 20:51:22 +04:00			`connection default;`
require SUPER to specify an arbitrary admin 2013-10-18 12:26:29 -07:00			`call mtr.add_suppression("Invalid roles_mapping table entry user:'foo@bar', rolename:'role6'");`
New syntax: CREATE ROLE xxx WITH ADMIN yyy GRANT xxx TO yyy WITH ADMIN OPTION REVOKE ADMIN OPTION FOR xxx FROM yyy 2013-10-18 12:23:15 -07:00			`create role role6 with admin foo@bar;`
require SUPER to specify an arbitrary admin 2013-10-18 12:26:29 -07:00			`Warnings:`
			`Note 1449 The user specified as a definer ('foo'@'bar') does not exist`
New syntax: CREATE ROLE xxx WITH ADMIN yyy GRANT xxx TO yyy WITH ADMIN OPTION REVOKE ADMIN OPTION FOR xxx FROM yyy 2013-10-18 12:23:15 -07:00			`create user bar with admin current_user;`
			`ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'admin current_user' at line 1`
			`grant role1 to foo@localhost with admin option;`
store ADMIN OPTION in the roles_mapping hash and table 2013-10-18 12:25:39 -07:00			`grant role2 to foo@localhost;`
New syntax: CREATE ROLE xxx WITH ADMIN yyy GRANT xxx TO yyy WITH ADMIN OPTION REVOKE ADMIN OPTION FOR xxx FROM yyy 2013-10-18 12:23:15 -07:00			`grant role2 to role1;`
enforce privileges for GRANT role 2013-10-18 12:34:59 -07:00			`grant role4 to role3 with admin option;`
New syntax: CREATE ROLE xxx WITH ADMIN yyy GRANT xxx TO yyy WITH ADMIN OPTION REVOKE ADMIN OPTION FOR xxx FROM yyy 2013-10-18 12:23:15 -07:00			`grant select on . to foo@localhost with admin option;`
			`ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'admin option' at line 1`
store ADMIN OPTION in the roles_mapping hash and table 2013-10-18 12:25:39 -07:00			`show grants for foo@localhost;`
			`Grants for foo@localhost`
require SUPER to specify an arbitrary admin 2013-10-18 12:26:29 -07:00			`GRANT CREATE USER ON . TO 'foo'@'localhost'`
store ADMIN OPTION in the roles_mapping hash and table 2013-10-18 12:25:39 -07:00			`GRANT role1 TO 'foo'@'localhost' WITH ADMIN OPTION`
			`GRANT role2 TO 'foo'@'localhost'`
auto-grant a role to its admin on CREATE ROLE 2013-10-18 12:26:05 -07:00			`GRANT role5 TO 'foo'@'localhost' WITH ADMIN OPTION`
store ADMIN OPTION in the roles_mapping hash and table 2013-10-18 12:25:39 -07:00			`show grants for role1;`
			`Grants for role1`
			`GRANT USAGE ON . TO 'role1'`
			`GRANT USAGE ON . TO 'role2'`
auto-grant a role to its admin on CREATE ROLE 2013-10-18 12:26:05 -07:00			`GRANT USAGE ON . TO 'role3'`
enforce privileges for GRANT role 2013-10-18 12:34:59 -07:00			`GRANT USAGE ON . TO 'role4'`
store ADMIN OPTION in the roles_mapping hash and table 2013-10-18 12:25:39 -07:00			`GRANT role2 TO 'role1'`
auto-grant a role to its admin on CREATE ROLE 2013-10-18 12:26:05 -07:00			`GRANT role3 TO 'role1' WITH ADMIN OPTION`
enforce privileges for GRANT role 2013-10-18 12:34:59 -07:00			`GRANT role4 TO 'role3' WITH ADMIN OPTION`
store ADMIN OPTION in the roles_mapping hash and table 2013-10-18 12:25:39 -07:00			`show grants for role4;`
			`Grants for role4`
			`GRANT USAGE ON . TO 'role4'`
			`select * from mysql.roles_mapping;`
			`Host User Role Admin_option`
			`role1 role2 N`
auto-grant a role to its admin on CREATE ROLE 2013-10-18 12:26:05 -07:00			`role1 role3 Y`
enforce privileges for GRANT role 2013-10-18 12:34:59 -07:00			`role3 role4 Y`
auto-grant a role to its admin on CREATE ROLE 2013-10-18 12:26:05 -07:00			`bar foo role6 Y`
store ADMIN OPTION in the roles_mapping hash and table 2013-10-18 12:25:39 -07:00			`localhost foo role1 Y`
			`localhost foo role2 N`
auto-grant a role to its admin on CREATE ROLE 2013-10-18 12:26:05 -07:00			`localhost foo role5 Y`
			`localhost root role1 Y`
			`localhost root role2 Y`
			`localhost root role4 Y`
load with_admin flag from the mysql.roles_mapping table 2013-10-18 12:25:52 -07:00			`flush privileges;`
			`show grants for foo@localhost;`
			`Grants for foo@localhost`
require SUPER to specify an arbitrary admin 2013-10-18 12:26:29 -07:00			`GRANT CREATE USER ON . TO 'foo'@'localhost'`
load with_admin flag from the mysql.roles_mapping table 2013-10-18 12:25:52 -07:00			`GRANT role1 TO 'foo'@'localhost' WITH ADMIN OPTION`
			`GRANT role2 TO 'foo'@'localhost'`
auto-grant a role to its admin on CREATE ROLE 2013-10-18 12:26:05 -07:00			`GRANT role5 TO 'foo'@'localhost' WITH ADMIN OPTION`
load with_admin flag from the mysql.roles_mapping table 2013-10-18 12:25:52 -07:00			`show grants for role1;`
			`Grants for role1`
			`GRANT USAGE ON . TO 'role1'`
			`GRANT USAGE ON . TO 'role2'`
auto-grant a role to its admin on CREATE ROLE 2013-10-18 12:26:05 -07:00			`GRANT USAGE ON . TO 'role3'`
enforce privileges for GRANT role 2013-10-18 12:34:59 -07:00			`GRANT USAGE ON . TO 'role4'`
load with_admin flag from the mysql.roles_mapping table 2013-10-18 12:25:52 -07:00			`GRANT role2 TO 'role1'`
auto-grant a role to its admin on CREATE ROLE 2013-10-18 12:26:05 -07:00			`GRANT role3 TO 'role1' WITH ADMIN OPTION`
enforce privileges for GRANT role 2013-10-18 12:34:59 -07:00			`GRANT role4 TO 'role3' WITH ADMIN OPTION`
load with_admin flag from the mysql.roles_mapping table 2013-10-18 12:25:52 -07:00			`show grants for role4;`
			`Grants for role4`
			`GRANT USAGE ON . TO 'role4'`
information_schema.applicable_roles.is_grantable column 2013-10-18 12:26:43 -07:00			`select * from information_schema.applicable_roles;`
MDEV-6918 Create a way to see a user's default role. Added an extra column to i_s_applicable_roles, named IS_DEFAULT. The column displays which role is the default role for the user querying the table. 2015-02-09 17:16:55 +02:00			`GRANTEE ROLE_NAME IS_GRANTABLE IS_DEFAULT`
			`role1 role2 NO NULL`
			`role1 role3 YES NULL`
			`role3 role4 YES NULL`
			`root@localhost role1 YES NO`
			`root@localhost role2 YES NO`
			`root@localhost role4 YES NO`
store ADMIN OPTION in the roles_mapping hash and table 2013-10-18 12:25:39 -07:00			`grant role2 to role1 with admin option;`
New syntax: CREATE ROLE xxx WITH ADMIN yyy GRANT xxx TO yyy WITH ADMIN OPTION REVOKE ADMIN OPTION FOR xxx FROM yyy 2013-10-18 12:23:15 -07:00			`revoke role1 from foo@localhost;`
enforce privileges for GRANT role 2013-10-18 12:34:59 -07:00			`revoke admin option for role4 from role3;`
store ADMIN OPTION in the roles_mapping hash and table 2013-10-18 12:25:39 -07:00			`revoke admin option for role2 from foo@localhost;`
enforce privileges for GRANT role 2013-10-18 12:34:59 -07:00			`revoke admin option for role1 from root@localhost;`
store ADMIN OPTION in the roles_mapping hash and table 2013-10-18 12:25:39 -07:00			`show grants for foo@localhost;`
			`Grants for foo@localhost`
require SUPER to specify an arbitrary admin 2013-10-18 12:26:29 -07:00			`GRANT CREATE USER ON . TO 'foo'@'localhost'`
store ADMIN OPTION in the roles_mapping hash and table 2013-10-18 12:25:39 -07:00			`GRANT role2 TO 'foo'@'localhost'`
auto-grant a role to its admin on CREATE ROLE 2013-10-18 12:26:05 -07:00			`GRANT role5 TO 'foo'@'localhost' WITH ADMIN OPTION`
store ADMIN OPTION in the roles_mapping hash and table 2013-10-18 12:25:39 -07:00			`show grants for role1;`
			`Grants for role1`
			`GRANT USAGE ON . TO 'role1'`
			`GRANT USAGE ON . TO 'role2'`
auto-grant a role to its admin on CREATE ROLE 2013-10-18 12:26:05 -07:00			`GRANT USAGE ON . TO 'role3'`
enforce privileges for GRANT role 2013-10-18 12:34:59 -07:00			`GRANT USAGE ON . TO 'role4'`
store ADMIN OPTION in the roles_mapping hash and table 2013-10-18 12:25:39 -07:00			`GRANT role2 TO 'role1' WITH ADMIN OPTION`
auto-grant a role to its admin on CREATE ROLE 2013-10-18 12:26:05 -07:00			`GRANT role3 TO 'role1' WITH ADMIN OPTION`
enforce privileges for GRANT role 2013-10-18 12:34:59 -07:00			`GRANT role4 TO 'role3'`
store ADMIN OPTION in the roles_mapping hash and table 2013-10-18 12:25:39 -07:00			`show grants for role4;`
			`Grants for role4`
			`GRANT USAGE ON . TO 'role4'`
			`select * from mysql.roles_mapping;`
			`Host User Role Admin_option`
			`role1 role2 Y`
auto-grant a role to its admin on CREATE ROLE 2013-10-18 12:26:05 -07:00			`role1 role3 Y`
enforce privileges for GRANT role 2013-10-18 12:34:59 -07:00			`role3 role4 N`
auto-grant a role to its admin on CREATE ROLE 2013-10-18 12:26:05 -07:00			`bar foo role6 Y`
store ADMIN OPTION in the roles_mapping hash and table 2013-10-18 12:25:39 -07:00			`localhost foo role2 N`
auto-grant a role to its admin on CREATE ROLE 2013-10-18 12:26:05 -07:00			`localhost foo role5 Y`
enforce privileges for GRANT role 2013-10-18 12:34:59 -07:00			`localhost root role1 N`
auto-grant a role to its admin on CREATE ROLE 2013-10-18 12:26:05 -07:00			`localhost root role2 Y`
			`localhost root role4 Y`
load with_admin flag from the mysql.roles_mapping table 2013-10-18 12:25:52 -07:00			`flush privileges;`
			`show grants for foo@localhost;`
			`Grants for foo@localhost`
require SUPER to specify an arbitrary admin 2013-10-18 12:26:29 -07:00			`GRANT CREATE USER ON . TO 'foo'@'localhost'`
load with_admin flag from the mysql.roles_mapping table 2013-10-18 12:25:52 -07:00			`GRANT role2 TO 'foo'@'localhost'`
auto-grant a role to its admin on CREATE ROLE 2013-10-18 12:26:05 -07:00			`GRANT role5 TO 'foo'@'localhost' WITH ADMIN OPTION`
load with_admin flag from the mysql.roles_mapping table 2013-10-18 12:25:52 -07:00			`show grants for role1;`
			`Grants for role1`
			`GRANT USAGE ON . TO 'role1'`
			`GRANT USAGE ON . TO 'role2'`
auto-grant a role to its admin on CREATE ROLE 2013-10-18 12:26:05 -07:00			`GRANT USAGE ON . TO 'role3'`
enforce privileges for GRANT role 2013-10-18 12:34:59 -07:00			`GRANT USAGE ON . TO 'role4'`
load with_admin flag from the mysql.roles_mapping table 2013-10-18 12:25:52 -07:00			`GRANT role2 TO 'role1' WITH ADMIN OPTION`
auto-grant a role to its admin on CREATE ROLE 2013-10-18 12:26:05 -07:00			`GRANT role3 TO 'role1' WITH ADMIN OPTION`
enforce privileges for GRANT role 2013-10-18 12:34:59 -07:00			`GRANT role4 TO 'role3'`
load with_admin flag from the mysql.roles_mapping table 2013-10-18 12:25:52 -07:00			`show grants for role4;`
			`Grants for role4`
			`GRANT USAGE ON . TO 'role4'`
information_schema.applicable_roles.is_grantable column 2013-10-18 12:26:43 -07:00			`select * from information_schema.applicable_roles;`
MDEV-6918 Create a way to see a user's default role. Added an extra column to i_s_applicable_roles, named IS_DEFAULT. The column displays which role is the default role for the user querying the table. 2015-02-09 17:16:55 +02:00			`GRANTEE ROLE_NAME IS_GRANTABLE IS_DEFAULT`
			`role1 role2 YES NULL`
			`role1 role3 YES NULL`
			`role3 role4 NO NULL`
			`root@localhost role1 NO NO`
			`root@localhost role2 YES NO`
			`root@localhost role4 YES NO`
enforce privileges for GRANT role 2013-10-18 12:34:59 -07:00			`grant role1 to role4;`
			`ERROR 28000: Access denied for user 'root'@'localhost'`
			`grant role1 to role4 with admin option;`
			`ERROR 28000: Access denied for user 'root'@'localhost'`
			`grant role3 to role2;`
			`revoke role3 from role2;`
			`grant role4 to role2 with admin option;`
			`revoke role2 from current_user;`
			`revoke role4 from current_user;`
			`grant role4 to current_user;`
New syntax: CREATE ROLE xxx WITH ADMIN yyy GRANT xxx TO yyy WITH ADMIN OPTION REVOKE ADMIN OPTION FOR xxx FROM yyy 2013-10-18 12:23:15 -07:00			`drop role role1, role2, role3, role4, role5, role6;`
require SUPER to specify an arbitrary admin 2013-10-18 12:26:29 -07:00			`drop user foo@localhost;`