connection default;
reset master;
set @saved_binlog_format = @@global.binlog_format;
create user mysqltest_1@localhost;
GRANT SELECT on test.* to mysqltest_1@localhost;
show grants for mysqltest_1@localhost;
Grants for mysqltest_1@localhost
GRANT USAGE ON *.* TO `mysqltest_1`@`localhost`
GRANT SELECT ON `test`.* TO `mysqltest_1`@`localhost`
connect  plain,localhost,mysqltest_1,,test;
connect  root,localhost,root,,test;
**** Variable SQL_LOG_BIN ****
connection root;
[root]
set session sql_log_bin = 1;
connection plain;
[plain]
set session sql_log_bin = 1;
ERROR 42000: Access denied; you need (at least one of) the BINLOG ADMIN privilege(s) for this operation
**** Variable BINLOG_FORMAT ****
connection root;
[root]
set global binlog_format = row;
set session binlog_format = row;
connection plain;
[plain]
set global binlog_format = row;
ERROR 42000: Access denied; you need (at least one of) the BINLOG ADMIN privilege(s) for this operation
set session binlog_format = row;
ERROR 42000: Access denied; you need (at least one of) the BINLOG ADMIN privilege(s) for this operation
**** Clean up ****
disconnect plain;
disconnect root;
connection default;
set global binlog_format = @saved_binlog_format;
drop user mysqltest_1@localhost;
CREATE USER 'mysqltest_1'@'localhost';
GRANT REPLICATION CLIENT ON *.* TO 'mysqltest_1'@'localhost';
connect rpl,localhost,mysqltest_1,,"*NO-ONE*";
connection rpl;
SHOW MASTER LOGS;
SHOW BINARY LOGS;
SHOW BINLOG STATUS;
disconnect rpl;
connection default;
DROP USER 'mysqltest_1'@'localhost';
#
# End of 10.4 tests
#
#
# Start of 10.5 tests
#
#
# MDEV-21743 Split up SUPER privilege to smaller privileges 
#
# Test that REPLICATION CLIENT is an alias for BINLOG MONITOR
CREATE USER user1@localhost;
GRANT REPLICATION CLIENT ON *.* TO user1@localhost;
SHOW GRANTS FOR user1@localhost;
Grants for user1@localhost
GRANT BINLOG MONITOR ON *.* TO `user1`@`localhost`
REVOKE REPLICATION CLIENT ON *.* FROM user1@localhost;
SHOW GRANTS FOR user1@localhost;
Grants for user1@localhost
GRANT USAGE ON *.* TO `user1`@`localhost`
DROP USER user1@localhost;
# Test if SHOW BINARY LOGS and SHOW BINGLOG STATUS are not allowed without REPLICATION CLIENT
CREATE USER user1@localhost;
GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
REVOKE REPLICATION CLIENT ON *.* FROM user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SHOW MASTER LOGS;
ERROR 42000: Access denied; you need (at least one of) the BINLOG MONITOR privilege(s) for this operation
SHOW BINARY LOGS;
ERROR 42000: Access denied; you need (at least one of) the BINLOG MONITOR privilege(s) for this operation
SHOW BINLOG STATUS;
ERROR 42000: Access denied; you need (at least one of) the BINLOG MONITOR privilege(s) for this operation
disconnect user1;
connection default;
DROP USER user1@localhost;
# Test if PURGE BINARY LOGS is not allowed without BINLOG ADMIN
CREATE USER user1@localhost;
GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
REVOKE BINLOG ADMIN ON *.* FROM user1@localhost;
connect user1,localhost,user1,,;
connection user1;
PURGE BINARY LOGS BEFORE '2001-01-01 00:00:00';
ERROR 42000: Access denied; you need (at least one of) the BINLOG ADMIN privilege(s) for this operation
disconnect user1;
connection default;
DROP USER user1@localhost;
# Test if PURGE BINLOG is allowed with BINLOG ADMIN
CREATE USER user1@localhost;
GRANT BINLOG ADMIN ON *.* TO user1@localhost;
connect user1,localhost,user1,,"*NO-ONE*";
connection user1;
PURGE BINARY LOGS BEFORE '2001-01-01 00:00:00';
disconnect user1;
connection default;
DROP USER user1@localhost;
# Test if SHOW BINLOG EVENTS is not allowed without BINLOG MONITOR
CREATE USER user1@localhost;
GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
REVOKE BINLOG MONITOR ON *.* FROM user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SHOW BINLOG EVENTS;
ERROR 42000: Access denied; you need (at least one of) the BINLOG MONITOR privilege(s) for this operation
disconnect user1;
connection default;
DROP USER user1@localhost;
# Test if SHOW BINLOG EVENTS is allowed with BINLOG MONITOR
CREATE USER user1@localhost;
GRANT BINLOG MONITOR ON *.* TO user1@localhost;
connect user1,localhost,user1,,"*NO-ONE*";
connection user1;
SHOW BINLOG EVENTS;
disconnect user1;
connection default;
DROP USER user1@localhost;
#
# MDEV-21975 Add BINLOG REPLAY privilege and bind new privileges to
#             gtid_seq_no, preudo_thread_id, server_id, gtid_domain_id
#
# Test combinations of BINLOG REPLAY guarded features which typically
# arise in mysqlbinlog output replay on server.
#
CREATE USER user1@localhost;
GRANT BINLOG REPLAY ON *.* TO user1@localhost;
GRANT ALL ON test.* TO user1@localhost;
RESET MASTER;
CREATE TABLE t1 (a INT);
INSERT INTO t1 VALUES (1),(2),(3);
connect user1,localhost,user1,,;
RENAME TABLE t1 to t2;
connection default;
REVOKE BINLOG REPLAY ON *.* FROM user1@localhost;
call mtr.add_suppression("Access denied; you need (at least one of) the BINLOG REPLAY privilege(s) for this operation");
# Privilege errors are expected now:
connection user1;
connection default;
include/diff_tables.inc [t1,t2]
#  Test cleanup
DROP TABLE t2,t1;
DROP USER user1@localhost;
#
# End of 10.5 test
#