mirror of
				https://github.com/MariaDB/server.git
				synced 2025-10-26 08:28:13 +01:00 
			
		
		
		
	 ce8a74f235
			
		
	
	
	ce8a74f235
	
	
	
		
			
			The main purpose of this allow one to use the --read-only option to ensure that no one can issue a query that can block replication. The --read-only option can now take 4 different values: 0 No read only (as before). 1 Blocks changes for users without the 'READ ONLY ADMIN' privilege (as before). 2 Blocks in addition LOCK TABLES and SELECT IN SHARE MODE for not 'READ ONLY ADMIN' users. 3 Blocks in addition 'READ_ONLY_ADMIN' users for all the previous statements. read_only is changed to an enum and one can use the following names for the lock levels: OFF, ON, NO_LOCK, NO_LOCK_NO_ADMIN Too keep things compatible with older versions config files, one can still use values FALSE and TRUE, which are mapped to OFF and ON. The main visible changes are: - 'show variables like "read_only"' now returns a string instead of a number. - Error messages related to read_only violations now contains the current value off readonly. Other things: - is_read_only_ctx() renamed to check_read_only_with_error() - Moved TL_READ_SKIP_LOCKED to it's logical place Reviewed by: Sergei Golubchik <serg@mariadb.org>
		
			
				
	
	
		
			79 lines
		
	
	
	
		
			2.5 KiB
		
	
	
	
		
			Text
		
	
	
	
	
	
			
		
		
	
	
			79 lines
		
	
	
	
		
			2.5 KiB
		
	
	
	
		
			Text
		
	
	
	
	
	
| #
 | |
| # Start of 10.5 tests
 | |
| #
 | |
| #
 | |
| # Test that @@read_only is not ignored without READ_ONLY ADMIN or SUPER
 | |
| #
 | |
| CREATE TABLE t1 (a INT);
 | |
| CREATE USER user1@localhost IDENTIFIED BY '';
 | |
| GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
 | |
| REVOKE READ_ONLY ADMIN, SUPER ON *.* FROM user1@localhost;
 | |
| SET @@GLOBAL.read_only=1;
 | |
| connect  con1,localhost,user1,,;
 | |
| connection con1;
 | |
| UPDATE t1 SET a=11 WHERE a=10;
 | |
| ERROR HY000: The MariaDB server is running with the --read-only=ON option so it cannot execute this statement
 | |
| DELETE FROM t1 WHERE a=11;
 | |
| ERROR HY000: The MariaDB server is running with the --read-only=ON option so it cannot execute this statement
 | |
| INSERT INTO t1 VALUES (20);
 | |
| ERROR HY000: The MariaDB server is running with the --read-only=ON option so it cannot execute this statement
 | |
| disconnect con1;
 | |
| connection default;
 | |
| SET @@GLOBAL.read_only=0;
 | |
| DROP USER user1@localhost;
 | |
| DROP TABLE t1;
 | |
| #
 | |
| # Test that @@read_only is ignored with READ_ONLY ADMIN
 | |
| #
 | |
| CREATE TABLE t1 (a INT);
 | |
| CREATE USER user1@localhost IDENTIFIED BY '';
 | |
| GRANT SELECT, INSERT, UPDATE, DELETE, READ_ONLY ADMIN ON *.* TO user1@localhost;
 | |
| SHOW GRANTS FOR user1@localhost;
 | |
| Grants for user1@localhost
 | |
| GRANT SELECT, INSERT, UPDATE, DELETE, READ_ONLY ADMIN ON *.* TO `user1`@`localhost`
 | |
| SET @@GLOBAL.read_only=1;
 | |
| connect  con1,localhost,user1,,;
 | |
| connection con1;
 | |
| SELECT @@read_only;
 | |
| @@read_only
 | |
| ON
 | |
| UPDATE t1 SET a=11 WHERE a=10;
 | |
| DELETE FROM t1 WHERE a=11;
 | |
| INSERT INTO t1 VALUES (20);
 | |
| disconnect con1;
 | |
| connection default;
 | |
| SET @@GLOBAL.read_only=0;
 | |
| DROP USER user1@localhost;
 | |
| DROP TABLE t1;
 | |
| #
 | |
| # Test that @@read_only is not ignored with SUPER
 | |
| #
 | |
| CREATE TABLE t1 (a INT);
 | |
| CREATE USER user1@localhost IDENTIFIED BY '';
 | |
| GRANT SELECT, INSERT, UPDATE, DELETE, SUPER ON *.* TO user1@localhost;
 | |
| SHOW GRANTS FOR user1@localhost;
 | |
| Grants for user1@localhost
 | |
| GRANT SELECT, INSERT, UPDATE, DELETE, SUPER ON *.* TO `user1`@`localhost`
 | |
| SET @@GLOBAL.read_only=1;
 | |
| connect  con1,localhost,user1,,;
 | |
| connection con1;
 | |
| SELECT @@read_only;
 | |
| @@read_only
 | |
| ON
 | |
| UPDATE t1 SET a=11 WHERE a=10;
 | |
| ERROR HY000: The MariaDB server is running with the --read-only=ON option so it cannot execute this statement
 | |
| DELETE FROM t1 WHERE a=11;
 | |
| ERROR HY000: The MariaDB server is running with the --read-only=ON option so it cannot execute this statement
 | |
| connection default;
 | |
| grant read only admin on *.* to user1@localhost;
 | |
| disconnect con1;
 | |
| connect  con1,localhost,user1,,;
 | |
| INSERT INTO t1 VALUES (20);
 | |
| disconnect con1;
 | |
| connection default;
 | |
| SET @@GLOBAL.read_only=0;
 | |
| DROP USER user1@localhost;
 | |
| DROP TABLE t1;
 | |
| #
 | |
| # End of 10.5 tests
 | |
| #
 |