mirror/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-01-17 20:42:30 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
mariadb/mysql-test/main/grant_slave_monitor.test

117 lines
3.6 KiB
Text
Raw Blame History

# ==== Purpose ====
#
# SLAVE MONITOR privilege is required to execute following commands.
# SHOW SLAVE STATUS
# SHOW RELAYLOG EVENTS
#
# ==== Implementation ====
#
# Step1: GRANT ALL privileges for a new user 'user1' and then REVOKE
# SLAVE MONITOR and SUPER privileges.
# Step2: Execute SHOW SLAVE STAUTS/SHOW RELAYLOG EVENTS commands and expect
# ER_SPECIFIC_ACCESS_DENIED_ERROR. This also verifies that REPLICATION
# SLAVE ADMIN privilege is not required for these two commands.
# Step3: GRANT SLAVE MONITOR privilege and observe that both commands are
# allowd to execute.
# Step4: GRANT SUPER privilege and observe that only SHOW SLAVE STATUS command
# is allowed.
#
# ==== References ====
#
# MDEV-23610: Slave user can't run "SHOW SLAVE STATUS" anymore after upgrade
# to 10.5, mysql_upgrade should take of that
# MDEV-23918: admin privlege required to view contents of relay logs in 10.5
#
--source include/not_embedded.inc
CREATE USER user1@localhost IDENTIFIED BY '';
GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
REVOKE SLAVE MONITOR, SUPER ON *.* FROM user1@localhost;
FLUSH PRIVILEGES;
--connect(con1,localhost,user1,,)
--connection con1
SHOW GRANTS;
--echo #
--echo # Verify that having REPLICATION SLAVE ADMIN doesn't allow SHOW SLAVE STATUS
--echo # Expected error: Access denied; you need (at least one of) the SUPER, SLAVE
--echo # MONITOR privilege(s) for this operation
--echo #
--error ER_SPECIFIC_ACCESS_DENIED_ERROR
SHOW SLAVE STATUS;
--echo #
--echo # Verify that having REPLICATION SLAVE ADMIN doesn't allow SHOW RELAYLOG EVENTS
--echo # Expected error: Access denied; you need (at least one of) the REPLICA MONITOR
--echo # privilege(s) for this operation
--echo #
--disable_ps_protocol
--error ER_SPECIFIC_ACCESS_DENIED_ERROR
SHOW RELAYLOG EVENTS;
--enable_ps_protocol
--disconnect con1
--echo #
--echo # SHOW SLAVE STATUS and SHOW RELAYLOG EVENTS are allowed with SLAVE MONITOR privilege
--echo #
--connection default
GRANT SLAVE MONITOR ON *.* TO user1@localhost;
FLUSH PRIVILEGES;
--connect(con1,localhost,user1,,)
--connection con1
SHOW GRANTS;
--disable_result_log
SHOW SLAVE STATUS;
--disable_ps_protocol
SHOW RELAYLOG EVENTS;
--enable_ps_protocol
--enable_result_log
--disconnect con1
--connection default
DROP USER user1@localhost;
--echo #
--echo # SHOW SLAVE STATUS command is allowed with SUPER privilege
--echo #
CREATE USER user1@localhost IDENTIFIED BY '';
GRANT SUPER ON *.* TO user1@localhost;
--connect(con1,localhost,user1,,)
--disable_result_log
SHOW SLAVE STATUS;
--enable_result_log
--echo #
--echo # SHOW RELAYLOG EVENTS is not allowed with SUPER privilege, it requires SLAVE MONITOR
--echo #
--disable_ps_protocol
--error ER_SPECIFIC_ACCESS_DENIED_ERROR
SHOW RELAYLOG EVENTS;
--enable_ps_protocol
--disconnect con1
--connection default
DROP USER user1@localhost;
--echo #
--echo # MDEV-25030 Upgrade to 10.5.9 breaks root's ability to grant
--echo #
insert mysql.global_priv values ('bar', 'foo7', '{"access":274877906943,"version_id":100507,"plugin":"mysql_native_password","authentication_string":""}'),
('bar', 'foo8', '{"access":274877906943,"version_id":100508,"plugin":"mysql_native_password","authentication_string":""}'),
('bar', 'foo9', '{"access":274877906943,"version_id":100509,"plugin":"mysql_native_password","authentication_string":""}');
flush privileges;
show grants for foo7@bar;
show grants for foo8@bar;
show grants for foo9@bar;
drop user foo7@bar, foo8@bar, foo9@bar;
--echo #
--echo # End of 10.5 tests
--echo #
Reference in a new issue View git blame Copy permalink