mirror/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-01-16 03:52:35 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
mariadb/mysql-test/suite/roles/show_grants.result

163 lines
5.5 KiB
Text
Raw Normal View History

add Admin_option column to mysql.roles_mapping. update tests/results
2013-10-18 21:21:10 +02:00
create user test_user@localhost;
GRANT/REVOKE should specify role name as 'role' not as 'role'@'%'
2013-10-18 18:08:42 +02:00
create role test_role1;
create role test_role2;
add Admin_option column to mysql.roles_mapping. update tests/results
2013-10-18 21:21:10 +02:00
grant test_role1 to test_user@localhost;
grant test_role2 to test_user@localhost;
cleanup. mainly to avoid the pattern of * get username/hostname/rolename * optionally find the corresponding ACL_USER and ACL_ROLE * allocate memory, concatenate username/hostname/rolename * call a function passing only this memory as an argument ** use concatenated username/etc to find ACL_USER and ACL_ROLE again ** do something * free the object Also to undo push_dynamic we use pop_dynamic now, not a linear search/scan through the dynamic array. as a bonus, role@ is now an invalid way to refer to a role.
2013-10-18 21:34:44 +02:00
grant test_role2 to test_role1;
Implemented SHOW GRANTS functionality
2013-10-18 15:40:25 +02:00
select user, host from mysql.user where user not like 'root';
MDEV-17658 change the structure of mysql.user table Implement User_table_json. Fix scripts to use mysql.global_priv. Fix tests.
2018-11-24 14:13:41 +01:00
User Host
MDEV-19650: Privilege bug on MariaDB 10.4 Also fixes: MDEV-21487: Implement option for mysql_upgrade that allows root@localhost to be replaced MDEV-21486: Implement option for mysql_install_db that allows root@localhost to be replaced Add user mariadb.sys to be definer of user view (and has right on underlying table global_priv for required operation over global_priv (SELECT,UPDATE,DELETE)) Also changed definer of gis functions in case of creation, but they work with any definer so upgrade script do not try to push this change.
2020-02-19 17:50:30 +01:00
mariadb.sys localhost
Implemented SHOW GRANTS functionality
2013-10-18 15:40:25 +02:00
test_role1
test_role2
test_user localhost
select * from mysql.roles_mapping;
add Admin_option column to mysql.roles_mapping. update tests/results
2013-10-18 21:21:10 +02:00
Host User Role Admin_option
test_role1 test_role2 N
bugfix: missing restore_record when modifying roles_mapping() table. (and an assert in myisam to catch these bugs easier in the future) update tests/results
2013-10-18 21:27:07 +02:00
localhost root test_role1 Y
localhost root test_role2 Y
add Admin_option column to mysql.roles_mapping. update tests/results
2013-10-18 21:21:10 +02:00
localhost test_user test_role1 N
localhost test_user test_role2 N
Implemented SHOW GRANTS functionality
2013-10-18 15:40:25 +02:00
select user, host from mysql.db;
user host
GRANT/REVOKE should specify role name as 'role' not as 'role'@'%'
2013-10-18 18:08:42 +02:00
grant select on mysql.* to test_role2;
Implemented SHOW GRANTS functionality
2013-10-18 15:40:25 +02:00
flush privileges;
INFORMATION_SCHEMA.APPLICABLE_ROLES table
2013-10-18 18:15:55 +02:00
select * from information_schema.applicable_roles;
MDEV-6918 Create a way to see a user's default role. Added an extra column to i_s_applicable_roles, named IS_DEFAULT. The column displays which role is the default role for the user querying the table.
2015-02-09 16:16:55 +01:00
GRANTEE ROLE_NAME IS_GRANTABLE IS_DEFAULT
root@localhost test_role1 YES NO
root@localhost test_role2 YES NO
test_role1 test_role2 NO NULL
INFORMATION_SCHEMA.APPLICABLE_ROLES table
2013-10-18 18:15:55 +02:00
select * from information_schema.applicable_roles;
MDEV-6918 Create a way to see a user's default role. Added an extra column to i_s_applicable_roles, named IS_DEFAULT. The column displays which role is the default role for the user querying the table.
2015-02-09 16:16:55 +01:00
GRANTEE ROLE_NAME IS_GRANTABLE IS_DEFAULT
test_role1 test_role2 NO NULL
test_user@localhost test_role1 NO NO
test_user@localhost test_role2 NO NO
Implemented SHOW GRANTS functionality
2013-10-18 15:40:25 +02:00
show grants;
Grants for test_user@localhost
MDEV-20076: SHOW GRANTS does not quote role names properly Quotes added to output.
2019-11-06 12:35:19 +01:00
GRANT USAGE ON *.* TO `test_user`@`localhost`
GRANT `test_role1` TO `test_user`@`localhost`
GRANT `test_role2` TO `test_user`@`localhost`
CURRENT_ROLE() function
2013-10-18 15:55:26 +02:00
select current_user(), current_role();
current_user() current_role()
CURRENT_ROLE() should return NULL, not "NONE"
2013-10-18 18:09:08 +02:00
test_user@localhost NULL
Implemented SHOW GRANTS functionality
2013-10-18 15:40:25 +02:00
set role test_role1;
information_schema.enabled_roles table
2013-10-18 18:15:46 +02:00
select * from information_schema.enabled_roles;
ROLE_NAME
test_role1
Added GRANT ROLE TO ... and REVOKE ROLE FROM ... functionality. TODO: Privilege checks are not done upon executing the command.
2013-10-18 18:25:42 +02:00
test_role2
CURRENT_ROLE() function
2013-10-18 15:55:26 +02:00
select current_user(), current_role();
current_user() current_role()
test_user@localhost test_role1
Implemented SHOW GRANTS functionality
2013-10-18 15:40:25 +02:00
show grants;
Grants for test_user@localhost
MDEV-20076: SHOW GRANTS does not quote role names properly Quotes added to output.
2019-11-06 12:35:19 +01:00
GRANT SELECT ON `mysql`.* TO `test_role2`
GRANT USAGE ON *.* TO `test_role1`
GRANT USAGE ON *.* TO `test_role2`
GRANT USAGE ON *.* TO `test_user`@`localhost`
GRANT `test_role1` TO `test_user`@`localhost`
GRANT `test_role2` TO `test_role1`
GRANT `test_role2` TO `test_user`@`localhost`
Implemented SHOW GRANTS functionality
2013-10-18 15:40:25 +02:00
set role none;
information_schema.enabled_roles table
2013-10-18 18:15:46 +02:00
select * from information_schema.enabled_roles;
ROLE_NAME
NULL
CURRENT_ROLE() function
2013-10-18 15:55:26 +02:00
select current_user(), current_role();
current_user() current_role()
CURRENT_ROLE() should return NULL, not "NONE"
2013-10-18 18:09:08 +02:00
test_user@localhost NULL
Implemented SHOW GRANTS functionality
2013-10-18 15:40:25 +02:00
show grants;
Grants for test_user@localhost
MDEV-20076: SHOW GRANTS does not quote role names properly Quotes added to output.
2019-11-06 12:35:19 +01:00
GRANT USAGE ON *.* TO `test_user`@`localhost`
GRANT `test_role1` TO `test_user`@`localhost`
GRANT `test_role2` TO `test_user`@`localhost`
Implemented SHOW GRANTS functionality
2013-10-18 15:40:25 +02:00
show grants for test_user@localhost;
Fixes for mysql-test failures mysql-test/r/acl_roles_show_grants.result: one can do SHOW GRANTS for himself mysql-test/t/acl_roles_set_role-table-column-priv.test: correct error message mysql-test/t/acl_roles_show_grants.test: one can SHOW GRANTS for himself sql/sql_acl.cc: bugfixing: * don't assign with && - it can shortcut and the second assignment won't be executed * correct the test in check_grant_all_columns() - want_access should not be modified * sql/sql_cmd.h.OTHER: add new commands at the end sql/sql_db.cc: don't call acl_get() if all privileges are already satisfied (crashes when run with --skip-grants, because acl data stuctures aren't initialized) sql/sql_parse.cc: * test for current_user in get_current_user() * map explicitly specified user@host to current_user
2013-10-18 17:10:51 +02:00
Grants for test_user@localhost
MDEV-20076: SHOW GRANTS does not quote role names properly Quotes added to output.
2019-11-06 12:35:19 +01:00
GRANT USAGE ON *.* TO `test_user`@`localhost`
GRANT `test_role1` TO `test_user`@`localhost`
GRANT `test_role2` TO `test_user`@`localhost`
Implemented SHOW GRANTS functionality
2013-10-18 15:40:25 +02:00
show grants for test_role1;
ERROR 42000: Access denied for user 'test_user'@'localhost' to database 'mysql'
show grants for test_role2;
ERROR 42000: Access denied for user 'test_user'@'localhost' to database 'mysql'
show grants for CURRENT_USER;
Grants for test_user@localhost
MDEV-20076: SHOW GRANTS does not quote role names properly Quotes added to output.
2019-11-06 12:35:19 +01:00
GRANT USAGE ON *.* TO `test_user`@`localhost`
GRANT `test_role1` TO `test_user`@`localhost`
GRANT `test_role2` TO `test_user`@`localhost`
Implemented SHOW GRANTS functionality
2013-10-18 15:40:25 +02:00
show grants for CURRENT_USER();
Grants for test_user@localhost
MDEV-20076: SHOW GRANTS does not quote role names properly Quotes added to output.
2019-11-06 12:35:19 +01:00
GRANT USAGE ON *.* TO `test_user`@`localhost`
GRANT `test_role1` TO `test_user`@`localhost`
GRANT `test_role2` TO `test_user`@`localhost`
Implemented SHOW GRANTS functionality
2013-10-18 15:40:25 +02:00
show grants for CURRENT_ROLE;
ERROR 42000: There is no such grant defined for user 'test_user' on host 'localhost'
show grants for CURRENT_ROLE();
ERROR 42000: There is no such grant defined for user 'test_user' on host 'localhost'
set role test_role2;
information_schema.enabled_roles table
2013-10-18 18:15:46 +02:00
select * from information_schema.enabled_roles;
ROLE_NAME
test_role2
CURRENT_ROLE() function
2013-10-18 15:55:26 +02:00
select current_user(), current_role();
current_user() current_role()
test_user@localhost test_role2
Implemented SHOW GRANTS functionality
2013-10-18 15:40:25 +02:00
show grants;
Grants for test_user@localhost
MDEV-20076: SHOW GRANTS does not quote role names properly Quotes added to output.
2019-11-06 12:35:19 +01:00
GRANT SELECT ON `mysql`.* TO `test_role2`
GRANT USAGE ON *.* TO `test_role2`
GRANT USAGE ON *.* TO `test_user`@`localhost`
GRANT `test_role1` TO `test_user`@`localhost`
GRANT `test_role2` TO `test_user`@`localhost`
Implemented SHOW GRANTS functionality
2013-10-18 15:40:25 +02:00
show grants for test_user@localhost;
Grants for test_user@localhost
MDEV-20076: SHOW GRANTS does not quote role names properly Quotes added to output.
2019-11-06 12:35:19 +01:00
GRANT USAGE ON *.* TO `test_user`@`localhost`
GRANT `test_role1` TO `test_user`@`localhost`
GRANT `test_role2` TO `test_user`@`localhost`
Implemented SHOW GRANTS functionality
2013-10-18 15:40:25 +02:00
show grants for test_role1;
Grants for test_role1
MDEV-20076: SHOW GRANTS does not quote role names properly Quotes added to output.
2019-11-06 12:35:19 +01:00
GRANT SELECT ON `mysql`.* TO `test_role2`
GRANT USAGE ON *.* TO `test_role1`
GRANT USAGE ON *.* TO `test_role2`
GRANT `test_role2` TO `test_role1`
Implemented SHOW GRANTS functionality
2013-10-18 15:40:25 +02:00
show grants for test_role2;
Grants for test_role2
MDEV-20076: SHOW GRANTS does not quote role names properly Quotes added to output.
2019-11-06 12:35:19 +01:00
GRANT SELECT ON `mysql`.* TO `test_role2`
GRANT USAGE ON *.* TO `test_role2`
Implemented SHOW GRANTS functionality
2013-10-18 15:40:25 +02:00
show grants for CURRENT_USER;
Grants for test_user@localhost
MDEV-20076: SHOW GRANTS does not quote role names properly Quotes added to output.
2019-11-06 12:35:19 +01:00
GRANT USAGE ON *.* TO `test_user`@`localhost`
GRANT `test_role1` TO `test_user`@`localhost`
GRANT `test_role2` TO `test_user`@`localhost`
Implemented SHOW GRANTS functionality
2013-10-18 15:40:25 +02:00
show grants for CURRENT_USER();
Grants for test_user@localhost
MDEV-20076: SHOW GRANTS does not quote role names properly Quotes added to output.
2019-11-06 12:35:19 +01:00
GRANT USAGE ON *.* TO `test_user`@`localhost`
GRANT `test_role1` TO `test_user`@`localhost`
GRANT `test_role2` TO `test_user`@`localhost`
Implemented SHOW GRANTS functionality
2013-10-18 15:40:25 +02:00
show grants for CURRENT_ROLE;
Grants for test_role2
MDEV-20076: SHOW GRANTS does not quote role names properly Quotes added to output.
2019-11-06 12:35:19 +01:00
GRANT SELECT ON `mysql`.* TO `test_role2`
GRANT USAGE ON *.* TO `test_role2`
Implemented SHOW GRANTS functionality
2013-10-18 15:40:25 +02:00
show grants for CURRENT_ROLE();
Grants for test_role2
MDEV-20076: SHOW GRANTS does not quote role names properly Quotes added to output.
2019-11-06 12:35:19 +01:00
GRANT SELECT ON `mysql`.* TO `test_role2`
GRANT USAGE ON *.* TO `test_role2`
Implemented SHOW GRANTS functionality
2013-10-18 15:40:25 +02:00
drop user 'test_user'@'localhost';
GRANT/REVOKE should specify role name as 'role' not as 'role'@'%'
2013-10-18 18:08:42 +02:00
revoke select on mysql.* from test_role2;
drop role test_role1;
drop role test_role2;
rename columns in mysql.roles_mapping to be consistent with other privilege tables
2013-10-18 21:19:37 +02:00
delete from mysql.roles_mapping where Role='test_role1';
delete from mysql.roles_mapping where Role='test_role2';
Implemented SHOW GRANTS functionality
2013-10-18 15:40:25 +02:00
flush privileges;
MDEV-24289: show grants missing with grant option Reviewed by:serg@mariadb.com
2020-11-26 12:43:23 +01:00
#
# MDEV-24289: show grants missing with grant option
#
create role anel;
GRANT SELECT, UPDATE, DELETE, ALTER ON *.* TO 'anel';
SHOW GRANTS for 'anel';
Grants for anel
Merge 10.2 into 10.3
2020-12-01 13:55:46 +01:00
GRANT SELECT, UPDATE, DELETE, ALTER ON *.* TO `anel`
MDEV-24289: show grants missing with grant option Reviewed by:serg@mariadb.com
2020-11-26 12:43:23 +01:00
create role MariaDB_admin;
GRANT SELECT, UPDATE, DELETE, ALTER ON *.* TO 'MariaDB_admin' WITH GRANT OPTION;
SHOW GRANTS for 'MariaDB_admin';
Grants for MariaDB_admin
Merge 10.2 into 10.3
2020-12-01 13:55:46 +01:00
GRANT SELECT, UPDATE, DELETE, ALTER ON *.* TO `MariaDB_admin` WITH GRANT OPTION
MDEV-24289: show grants missing with grant option Reviewed by:serg@mariadb.com
2020-11-26 12:43:23 +01:00
drop role MariaDB_admin;
drop role anel;
Reference in a new issue Copy permalink