MDEV-29632 SUPER users created before 10.11 should retain READ_ONLY ADMIN privilege upon upgrade

2026-04-19 06:45:32 +02:00 · 2022-09-26 20:26:29 +02:00 · 2022-09-26 20:26:29 +02:00 · 07581249e9
commit 07581249e9
parent e30f30d43b
3 changed files with 22 additions and 0 deletions
--- a/mysql-test/suite/sys_vars/r/read_only_grant.result
+++ b/mysql-test/suite/sys_vars/r/read_only_grant.result
@ -29,3 +29,12 @@ ERROR HY000: Variable 'read_only' is a GLOBAL variable and should be set with SE
 disconnect user1;
 connection default;
 DROP USER user1@localhost;
+#
+# MDEV-29632 SUPER users created before 10.11 should retain READ_ONLY ADMIN privilege upon upgrade
+#
+insert mysql.global_priv values ('bar', 'foo', '{"access":32768,"version_id":101000,"plugin":"mysql_native_password","authentication_string":""}');
+flush privileges;
+show grants for foo@bar;
+Grants for foo@bar
+GRANT SUPER, READ_ONLY ADMIN ON *.* TO `foo`@`bar`
+drop user foo@bar;
--- a/mysql-test/suite/sys_vars/t/read_only_grant.test
+++ b/mysql-test/suite/sys_vars/t/read_only_grant.test
@ -35,3 +35,11 @@ SET SESSION read_only=0;
 --disconnect user1
 --connection default
 DROP USER user1@localhost;
+
+--echo #
+--echo # MDEV-29632 SUPER users created before 10.11 should retain READ_ONLY ADMIN privilege upon upgrade
+--echo #
+insert mysql.global_priv values ('bar', 'foo', '{"access":32768,"version_id":101000,"plugin":"mysql_native_password","authentication_string":""}');
+flush privileges;
+show grants for foo@bar;
+drop user foo@bar;
--- a/sql/sql_acl.cc
+++ b/sql/sql_acl.cc
@ -1532,6 +1532,11 @@ class User_table_json: public User_table
  {
    privilege_t mask= ALL_KNOWN_ACL_100304;
    ulonglong orig_access= access;
+    if (version_id < 101100)
+    {
+      if (access & SUPER_ACL)
+        access|= READ_ONLY_ADMIN_ACL;
+    }
    if (version_id >= 100509)
    {
      mask= ALL_KNOWN_ACL_100509;