mirror of
https://github.com/MariaDB/server.git
synced 2025-02-12 00:15:35 +01:00
d6e3d89c80
SUPER privilege used to allow various actions that were alternatively allowed by one of BINLOG ADMIN, BINLOG MONITOR, BINLOG REPLAY, CONNECTION ADMIN, FEDERATED ADMIN, REPL MASTER ADMIN, REPL SLAVE ADMIN, SET USER, SLAVE MONITOR. Now SUPER no longer does that, one has to grant one of the fine-grained privileges above to be to perform corresponding actions. On upgrade from MariaDB versions 10.11 and below all the privileges above are granted automatically if the user has SUPER. As a side-effect, such an upgrade will allow SUPER-user to run SHOW BINLOG EVENTS, SHOW RELAYLOG EVENTS, SHOW SLAVE HOSTS, even if he wasn't able to do it before the upgrade.
50 lines
1.8 KiB
Text
50 lines
1.8 KiB
Text
#
|
|
# MDEV-21975 Add BINLOG REPLAY privilege and bind new privileges to gtid_seq_no, preudo_thread_id, server_id, gtid_domain_id
|
|
#
|
|
SET @global=@@global.server_id;
|
|
# Test that "SET GLOBAL server_id" is not allowed without REPLICATION MASTER ADMIN
|
|
CREATE USER user1@localhost;
|
|
GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
|
|
REVOKE REPLICATION MASTER ADMIN ON *.* FROM user1@localhost;
|
|
connect user1,localhost,user1,,;
|
|
connection user1;
|
|
SET GLOBAL server_id=1;
|
|
ERROR 42000: Access denied; you need (at least one of) the REPLICATION MASTER ADMIN privilege(s) for this operation
|
|
disconnect user1;
|
|
connection default;
|
|
DROP USER user1@localhost;
|
|
# Test that "SET GLOBAL server_id" is allowed with REPLICATION MASTER ADMIN
|
|
CREATE USER user1@localhost;
|
|
GRANT REPLICATION MASTER ADMIN ON *.* TO user1@localhost;
|
|
connect user1,localhost,user1,,;
|
|
connection user1;
|
|
SET GLOBAL server_id=1;
|
|
disconnect user1;
|
|
connection default;
|
|
DROP USER user1@localhost;
|
|
SET @@global.server_id=@global;
|
|
SET @session=@@session.server_id;
|
|
# Test that "SET server_id" is not allowed without BINLOG REPLAY
|
|
CREATE USER user1@localhost;
|
|
GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
|
|
REVOKE BINLOG REPLAY ON *.* FROM user1@localhost;
|
|
connect user1,localhost,user1,,;
|
|
connection user1;
|
|
SET server_id=1;
|
|
ERROR 42000: Access denied; you need (at least one of) the BINLOG REPLAY privilege(s) for this operation
|
|
SET SESSION server_id=1;
|
|
ERROR 42000: Access denied; you need (at least one of) the BINLOG REPLAY privilege(s) for this operation
|
|
disconnect user1;
|
|
connection default;
|
|
DROP USER user1@localhost;
|
|
# Test that "SET server_id" is allowed with BINLOG REPLAY
|
|
CREATE USER user1@localhost;
|
|
GRANT BINLOG REPLAY ON *.* TO user1@localhost;
|
|
connect user1,localhost,user1,,;
|
|
connection user1;
|
|
SET server_id=1;
|
|
SET SESSION server_id=1;
|
|
disconnect user1;
|
|
connection default;
|
|
DROP USER user1@localhost;
|
|
SET @@session.server_id=@session;
|