mirror of
https://github.com/MariaDB/server.git
synced 2025-02-12 00:15:35 +01:00
d6e3d89c80
SUPER privilege used to allow various actions that were alternatively allowed by one of BINLOG ADMIN, BINLOG MONITOR, BINLOG REPLAY, CONNECTION ADMIN, FEDERATED ADMIN, REPL MASTER ADMIN, REPL SLAVE ADMIN, SET USER, SLAVE MONITOR. Now SUPER no longer does that, one has to grant one of the fine-grained privileges above to be to perform corresponding actions. On upgrade from MariaDB versions 10.11 and below all the privileges above are granted automatically if the user has SUPER. As a side-effect, such an upgrade will allow SUPER-user to run SHOW BINLOG EVENTS, SHOW RELAYLOG EVENTS, SHOW SLAVE HOSTS, even if he wasn't able to do it before the upgrade.
37 lines
978 B
PHP
37 lines
978 B
PHP
--source include/not_embedded.inc
|
|
|
|
--eval SET @global=@@global.$var
|
|
|
|
--echo # Test that "SET $var" is not allowed without $grant
|
|
|
|
CREATE USER user1@localhost;
|
|
GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
|
|
--eval REVOKE $grant ON *.* FROM user1@localhost
|
|
--connect(user1,localhost,user1,,)
|
|
--connection user1
|
|
--error ER_SPECIFIC_ACCESS_DENIED_ERROR
|
|
--eval SET GLOBAL $var=$value
|
|
--error ER_GLOBAL_VARIABLE
|
|
--eval SET $var=$value
|
|
--error ER_GLOBAL_VARIABLE
|
|
--eval SET SESSION $var=$value
|
|
--disconnect user1
|
|
--connection default
|
|
DROP USER user1@localhost;
|
|
|
|
--echo # Test that "SET $var" is allowed with $grant
|
|
|
|
CREATE USER user1@localhost;
|
|
--eval GRANT $grant ON *.* TO user1@localhost
|
|
--connect(user1,localhost,user1,,)
|
|
--connection user1
|
|
--eval SET GLOBAL $var=$value
|
|
--error ER_GLOBAL_VARIABLE
|
|
--eval SET $var=$value
|
|
--error ER_GLOBAL_VARIABLE
|
|
--eval SET SESSION $var=$value
|
|
--disconnect user1
|
|
--connection default
|
|
DROP USER user1@localhost;
|
|
|
|
--eval SET @@global.$var=@global
|