mirror of
https://github.com/MariaDB/server.git
synced 2025-01-15 19:42:28 +01:00
1f51d6c0f6
- Added missing information about database of corresponding table for various types of commands - Update some typos - Reviewed by: <vicentiu@mariadb.org>
147 lines
5 KiB
Text
147 lines
5 KiB
Text
create user 'test_user'@'localhost';
|
|
create role r_sel;
|
|
create role r_ins;
|
|
create role r_upd;
|
|
create role r_del;
|
|
create role r_crt;
|
|
create role r_drp;
|
|
create role r_rld;
|
|
grant select on *.* to r_sel;
|
|
grant insert on *.* to r_ins;
|
|
grant update on *.* to r_upd;
|
|
grant delete on *.* to r_del;
|
|
grant create on *.* to r_crt;
|
|
grant drop on *.* to r_drp;
|
|
grant reload on *.* to r_rld;
|
|
grant r_sel to test_user@localhost;
|
|
grant r_ins to test_user@localhost;
|
|
grant r_upd to test_user@localhost;
|
|
grant r_del to test_user@localhost;
|
|
grant r_crt to test_user@localhost;
|
|
grant r_drp to test_user@localhost;
|
|
grant r_rld to test_user@localhost;
|
|
flush privileges;
|
|
select * from mysql.roles_mapping;
|
|
ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table `mysql`.`roles_mapping`
|
|
show grants;
|
|
Grants for test_user@localhost
|
|
GRANT USAGE ON *.* TO `test_user`@`localhost`
|
|
GRANT `r_crt` TO `test_user`@`localhost`
|
|
GRANT `r_del` TO `test_user`@`localhost`
|
|
GRANT `r_drp` TO `test_user`@`localhost`
|
|
GRANT `r_ins` TO `test_user`@`localhost`
|
|
GRANT `r_rld` TO `test_user`@`localhost`
|
|
GRANT `r_sel` TO `test_user`@`localhost`
|
|
GRANT `r_upd` TO `test_user`@`localhost`
|
|
select current_user(), current_role();
|
|
current_user() current_role()
|
|
test_user@localhost NULL
|
|
set role r_sel;
|
|
select current_user(), current_role();
|
|
current_user() current_role()
|
|
test_user@localhost r_sel
|
|
show grants;
|
|
Grants for test_user@localhost
|
|
GRANT SELECT ON *.* TO `r_sel`
|
|
GRANT USAGE ON *.* TO `test_user`@`localhost`
|
|
GRANT `r_crt` TO `test_user`@`localhost`
|
|
GRANT `r_del` TO `test_user`@`localhost`
|
|
GRANT `r_drp` TO `test_user`@`localhost`
|
|
GRANT `r_ins` TO `test_user`@`localhost`
|
|
GRANT `r_rld` TO `test_user`@`localhost`
|
|
GRANT `r_sel` TO `test_user`@`localhost`
|
|
GRANT `r_upd` TO `test_user`@`localhost`
|
|
select * from mysql.roles_mapping;
|
|
Host User Role Admin_option
|
|
localhost root r_crt Y
|
|
localhost root r_del Y
|
|
localhost root r_drp Y
|
|
localhost root r_ins Y
|
|
localhost root r_rld Y
|
|
localhost root r_sel Y
|
|
localhost root r_upd Y
|
|
localhost test_user r_crt N
|
|
localhost test_user r_del N
|
|
localhost test_user r_drp N
|
|
localhost test_user r_ins N
|
|
localhost test_user r_rld N
|
|
localhost test_user r_sel N
|
|
localhost test_user r_upd N
|
|
set role r_ins;
|
|
select current_user(), current_role();
|
|
current_user() current_role()
|
|
test_user@localhost r_ins
|
|
show grants;
|
|
Grants for test_user@localhost
|
|
GRANT INSERT ON *.* TO `r_ins`
|
|
GRANT USAGE ON *.* TO `test_user`@`localhost`
|
|
GRANT `r_crt` TO `test_user`@`localhost`
|
|
GRANT `r_del` TO `test_user`@`localhost`
|
|
GRANT `r_drp` TO `test_user`@`localhost`
|
|
GRANT `r_ins` TO `test_user`@`localhost`
|
|
GRANT `r_rld` TO `test_user`@`localhost`
|
|
GRANT `r_sel` TO `test_user`@`localhost`
|
|
GRANT `r_upd` TO `test_user`@`localhost`
|
|
select * from mysql.roles_mapping;
|
|
ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table `mysql`.`roles_mapping`
|
|
insert into mysql.roles_mapping values ('', 'r_sel', 'r_rld', 'N');
|
|
flush privileges;
|
|
ERROR 42000: Access denied; you need (at least one of) the RELOAD privilege(s) for this operation
|
|
set role r_rld;
|
|
select current_user(), current_role();
|
|
current_user() current_role()
|
|
test_user@localhost r_rld
|
|
flush privileges;
|
|
set role r_sel;
|
|
select current_user(), current_role();
|
|
current_user() current_role()
|
|
test_user@localhost r_sel
|
|
flush privileges;
|
|
set role none;
|
|
select current_user(), current_role();
|
|
current_user() current_role()
|
|
test_user@localhost NULL
|
|
flush privileges;
|
|
ERROR 42000: Access denied; you need (at least one of) the RELOAD privilege(s) for this operation
|
|
set role r_ins;
|
|
select current_user(), current_role();
|
|
current_user() current_role()
|
|
test_user@localhost r_ins
|
|
insert into mysql.roles_mapping values ('', 'r_sel', 'r_upd', 'N');
|
|
insert into mysql.roles_mapping values ('', 'r_sel', 'r_del', 'N');
|
|
insert into mysql.roles_mapping values ('', 'r_sel', 'r_crt', 'N');
|
|
insert into mysql.roles_mapping values ('', 'r_sel', 'r_drp', 'N');
|
|
insert into mysql.roles_mapping values ('', 'r_del', 'r_ins', 'N');
|
|
set role r_rld;
|
|
select current_user(), current_role();
|
|
current_user() current_role()
|
|
test_user@localhost r_rld
|
|
flush privileges;
|
|
set role r_sel;
|
|
select current_user(), current_role();
|
|
current_user() current_role()
|
|
test_user@localhost r_sel
|
|
update mysql.roles_mapping set Role='r_ins' where Role='r_ins_wrong';
|
|
flush privileges;
|
|
set role r_sel;
|
|
select current_user(), current_role();
|
|
current_user() current_role()
|
|
test_user@localhost r_sel
|
|
create table mysql.random_test_table (id INT);
|
|
insert into mysql.random_test_table values (1);
|
|
select * from mysql.random_test_table;
|
|
id
|
|
1
|
|
delete from mysql.roles_mapping where Role='r_ins';
|
|
flush privileges;
|
|
set role r_sel;
|
|
select current_user(), current_role();
|
|
current_user() current_role()
|
|
test_user@localhost r_sel
|
|
insert into mysql.random_test_table values (1);
|
|
ERROR 42000: INSERT command denied to user 'test_user'@'localhost' for table `mysql`.`random_test_table`
|
|
drop table mysql.random_test_table;
|
|
delete from mysql.user where user like 'r\_%';
|
|
delete from mysql.roles_mapping where Role like 'r\_%';
|
|
flush privileges;
|
|
drop user 'test_user'@'localhost';
|