mirror of
https://github.com/MariaDB/server.git
synced 2025-08-02 00:21:35 +02:00
ce8a74f235
The main purpose of this allow one to use the --read-only option to ensure that no one can issue a query that can block replication. The --read-only option can now take 4 different values: 0 No read only (as before). 1 Blocks changes for users without the 'READ ONLY ADMIN' privilege (as before). 2 Blocks in addition LOCK TABLES and SELECT IN SHARE MODE for not 'READ ONLY ADMIN' users. 3 Blocks in addition 'READ_ONLY_ADMIN' users for all the previous statements. read_only is changed to an enum and one can use the following names for the lock levels: OFF, ON, NO_LOCK, NO_LOCK_NO_ADMIN Too keep things compatible with older versions config files, one can still use values FALSE and TRUE, which are mapped to OFF and ON. The main visible changes are: - 'show variables like "read_only"' now returns a string instead of a number. - Error messages related to read_only violations now contains the current value off readonly. Other things: - is_read_only_ctx() renamed to check_read_only_with_error() - Moved TL_READ_SKIP_LOCKED to it's logical place Reviewed by: Sergei Golubchik <serg@mariadb.org>
79 lines
2.5 KiB
Text
79 lines
2.5 KiB
Text
#
|
|
# Start of 10.5 tests
|
|
#
|
|
#
|
|
# Test that @@read_only is not ignored without READ_ONLY ADMIN or SUPER
|
|
#
|
|
CREATE TABLE t1 (a INT);
|
|
CREATE USER user1@localhost IDENTIFIED BY '';
|
|
GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
|
|
REVOKE READ_ONLY ADMIN, SUPER ON *.* FROM user1@localhost;
|
|
SET @@GLOBAL.read_only=1;
|
|
connect con1,localhost,user1,,;
|
|
connection con1;
|
|
UPDATE t1 SET a=11 WHERE a=10;
|
|
ERROR HY000: The MariaDB server is running with the --read-only=ON option so it cannot execute this statement
|
|
DELETE FROM t1 WHERE a=11;
|
|
ERROR HY000: The MariaDB server is running with the --read-only=ON option so it cannot execute this statement
|
|
INSERT INTO t1 VALUES (20);
|
|
ERROR HY000: The MariaDB server is running with the --read-only=ON option so it cannot execute this statement
|
|
disconnect con1;
|
|
connection default;
|
|
SET @@GLOBAL.read_only=0;
|
|
DROP USER user1@localhost;
|
|
DROP TABLE t1;
|
|
#
|
|
# Test that @@read_only is ignored with READ_ONLY ADMIN
|
|
#
|
|
CREATE TABLE t1 (a INT);
|
|
CREATE USER user1@localhost IDENTIFIED BY '';
|
|
GRANT SELECT, INSERT, UPDATE, DELETE, READ_ONLY ADMIN ON *.* TO user1@localhost;
|
|
SHOW GRANTS FOR user1@localhost;
|
|
Grants for user1@localhost
|
|
GRANT SELECT, INSERT, UPDATE, DELETE, READ_ONLY ADMIN ON *.* TO `user1`@`localhost`
|
|
SET @@GLOBAL.read_only=1;
|
|
connect con1,localhost,user1,,;
|
|
connection con1;
|
|
SELECT @@read_only;
|
|
@@read_only
|
|
ON
|
|
UPDATE t1 SET a=11 WHERE a=10;
|
|
DELETE FROM t1 WHERE a=11;
|
|
INSERT INTO t1 VALUES (20);
|
|
disconnect con1;
|
|
connection default;
|
|
SET @@GLOBAL.read_only=0;
|
|
DROP USER user1@localhost;
|
|
DROP TABLE t1;
|
|
#
|
|
# Test that @@read_only is not ignored with SUPER
|
|
#
|
|
CREATE TABLE t1 (a INT);
|
|
CREATE USER user1@localhost IDENTIFIED BY '';
|
|
GRANT SELECT, INSERT, UPDATE, DELETE, SUPER ON *.* TO user1@localhost;
|
|
SHOW GRANTS FOR user1@localhost;
|
|
Grants for user1@localhost
|
|
GRANT SELECT, INSERT, UPDATE, DELETE, SUPER ON *.* TO `user1`@`localhost`
|
|
SET @@GLOBAL.read_only=1;
|
|
connect con1,localhost,user1,,;
|
|
connection con1;
|
|
SELECT @@read_only;
|
|
@@read_only
|
|
ON
|
|
UPDATE t1 SET a=11 WHERE a=10;
|
|
ERROR HY000: The MariaDB server is running with the --read-only=ON option so it cannot execute this statement
|
|
DELETE FROM t1 WHERE a=11;
|
|
ERROR HY000: The MariaDB server is running with the --read-only=ON option so it cannot execute this statement
|
|
connection default;
|
|
grant read only admin on *.* to user1@localhost;
|
|
disconnect con1;
|
|
connect con1,localhost,user1,,;
|
|
INSERT INTO t1 VALUES (20);
|
|
disconnect con1;
|
|
connection default;
|
|
SET @@GLOBAL.read_only=0;
|
|
DROP USER user1@localhost;
|
|
DROP TABLE t1;
|
|
#
|
|
# End of 10.5 tests
|
|
#
|