mirror/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-01-30 18:41:56 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
mariadb/mysql-test/suite/perfschema/t/privilege.test
Marc Alff e0e0f9e3d4 WL#2360 Performance schema 
Part V: performance schema implementation
2010-01-11 18:47:27 -07:00

362 lines
13 KiB
Text
Raw Blame History

# Copyright (C) 2009 Sun Microsystems, Inc
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; version 2 of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
# Tests for PERFORMANCE_SCHEMA
--source include/not_embedded.inc
--source include/have_perfschema.inc
show grants;
grant ALL on *.* to 'pfs_user_1'@localhost with GRANT OPTION;
# Test denied privileges on performance_schema.*
--error ER_DBACCESS_DENIED_ERROR
grant ALL on performance_schema.* to 'pfs_user_2'@localhost
with GRANT OPTION;
# will be ER_DBACCESS_DENIED_ERROR once .FRM are removed
grant CREATE on performance_schema.* to 'pfs_user_2'@localhost;
# will be ER_DBACCESS_DENIED_ERROR once .FRM are removed
grant DROP on performance_schema.* to 'pfs_user_2'@localhost;
--error ER_DBACCESS_DENIED_ERROR
grant REFERENCES on performance_schema.* to 'pfs_user_2'@localhost;
--error ER_DBACCESS_DENIED_ERROR
grant INDEX on performance_schema.* to 'pfs_user_2'@localhost;
--error ER_DBACCESS_DENIED_ERROR
grant ALTER on performance_schema.* to 'pfs_user_2'@localhost;
--error ER_DBACCESS_DENIED_ERROR
grant CREATE TEMPORARY TABLES on performance_schema.* to 'pfs_user_2'@localhost;
--error ER_DBACCESS_DENIED_ERROR
grant EXECUTE on performance_schema.* to 'pfs_user_2'@localhost;
--error ER_DBACCESS_DENIED_ERROR
grant CREATE VIEW on performance_schema.* to 'pfs_user_2'@localhost;
--error ER_DBACCESS_DENIED_ERROR
grant SHOW VIEW on performance_schema.* to 'pfs_user_2'@localhost;
--error ER_DBACCESS_DENIED_ERROR
grant CREATE ROUTINE on performance_schema.* to 'pfs_user_2'@localhost;
--error ER_DBACCESS_DENIED_ERROR
grant ALTER ROUTINE on performance_schema.* to 'pfs_user_2'@localhost;
--error ER_DBACCESS_DENIED_ERROR
grant EVENT on performance_schema.* to 'pfs_user_2'@localhost;
--error ER_DBACCESS_DENIED_ERROR
grant TRIGGER on performance_schema.* to 'pfs_user_2'@localhost;
# Test allowed privileges on performance_schema.*
grant SELECT on performance_schema.* to 'pfs_user_2'@localhost;
grant INSERT on performance_schema.* to 'pfs_user_2'@localhost;
grant UPDATE on performance_schema.* to 'pfs_user_2'@localhost;
grant DELETE on performance_schema.* to 'pfs_user_2'@localhost;
grant LOCK TABLES on performance_schema.* to 'pfs_user_2'@localhost;
# Test denied privileges on specific performance_schema tables.
# SETUP_INSTRUMENT : example of PFS_updatable_acl
# EVENTS_WAITS_CURRENT : example of PFS_truncatable_acl
# FILE_INSTANCES : example of PFS_readonly_acl
--error ER_DBACCESS_DENIED_ERROR
grant ALL on performance_schema.SETUP_INSTRUMENTS to 'pfs_user_3'@localhost
with GRANT OPTION;
# will be ER_DBACCESS_DENIED_ERROR once .FRM are removed
grant CREATE on performance_schema.SETUP_INSTRUMENTS to 'pfs_user_3'@localhost;
# will be ER_DBACCESS_DENIED_ERROR once .FRM are removed
grant DROP on performance_schema.SETUP_INSTRUMENTS to 'pfs_user_3'@localhost;
--error ER_DBACCESS_DENIED_ERROR
grant REFERENCES on performance_schema.SETUP_INSTRUMENTS to 'pfs_user_3'@localhost;
--error ER_DBACCESS_DENIED_ERROR
grant INDEX on performance_schema.SETUP_INSTRUMENTS to 'pfs_user_3'@localhost;
--error ER_DBACCESS_DENIED_ERROR
grant ALTER on performance_schema.SETUP_INSTRUMENTS to 'pfs_user_3'@localhost;
--error ER_DBACCESS_DENIED_ERROR
grant CREATE VIEW on performance_schema.SETUP_INSTRUMENTS to 'pfs_user_3'@localhost;
--error ER_DBACCESS_DENIED_ERROR
grant SHOW VIEW on performance_schema.SETUP_INSTRUMENTS to 'pfs_user_3'@localhost;
--error ER_DBACCESS_DENIED_ERROR
grant TRIGGER on performance_schema.SETUP_INSTRUMENTS to 'pfs_user_3'@localhost;
--replace_result '\'setup_instruments' '\'SETUP_INSTRUMENTS'
--error ER_TABLEACCESS_DENIED_ERROR
grant INSERT on performance_schema.SETUP_INSTRUMENTS to 'pfs_user_3'@localhost;
--replace_result '\'setup_instruments' '\'SETUP_INSTRUMENTS'
--error ER_TABLEACCESS_DENIED_ERROR
grant DELETE on performance_schema.SETUP_INSTRUMENTS to 'pfs_user_3'@localhost;
grant SELECT on performance_schema.SETUP_INSTRUMENTS to 'pfs_user_3'@localhost
with GRANT OPTION;
grant UPDATE on performance_schema.SETUP_INSTRUMENTS to 'pfs_user_3'@localhost
with GRANT OPTION;
--error ER_DBACCESS_DENIED_ERROR
grant ALL on performance_schema.EVENTS_WAITS_CURRENT to 'pfs_user_3'@localhost
with GRANT OPTION;
# will be ER_DBACCESS_DENIED_ERROR once .FRM are removed
grant CREATE on performance_schema.EVENTS_WAITS_CURRENT to 'pfs_user_3'@localhost;
# will be ER_DBACCESS_DENIED_ERROR once .FRM are removed
grant DROP on performance_schema.EVENTS_WAITS_CURRENT to 'pfs_user_3'@localhost;
--error ER_DBACCESS_DENIED_ERROR
grant REFERENCES on performance_schema.EVENTS_WAITS_CURRENT to 'pfs_user_3'@localhost;
--error ER_DBACCESS_DENIED_ERROR
grant INDEX on performance_schema.EVENTS_WAITS_CURRENT to 'pfs_user_3'@localhost;
--error ER_DBACCESS_DENIED_ERROR
grant ALTER on performance_schema.EVENTS_WAITS_CURRENT to 'pfs_user_3'@localhost;
--error ER_DBACCESS_DENIED_ERROR
grant CREATE VIEW on performance_schema.EVENTS_WAITS_CURRENT to 'pfs_user_3'@localhost;
--error ER_DBACCESS_DENIED_ERROR
grant SHOW VIEW on performance_schema.EVENTS_WAITS_CURRENT to 'pfs_user_3'@localhost;
--error ER_DBACCESS_DENIED_ERROR
grant TRIGGER on performance_schema.EVENTS_WAITS_CURRENT to 'pfs_user_3'@localhost;
--replace_result '\'events_waits_current' '\'EVENTS_WAITS_CURRENT'
--error ER_TABLEACCESS_DENIED_ERROR
grant INSERT on performance_schema.EVENTS_WAITS_CURRENT to 'pfs_user_3'@localhost;
--replace_result '\'events_waits_current' '\'EVENTS_WAITS_CURRENT'
--error ER_TABLEACCESS_DENIED_ERROR
grant UPDATE on performance_schema.EVENTS_WAITS_CURRENT to 'pfs_user_3'@localhost;
--replace_result '\'events_waits_current' '\'EVENTS_WAITS_CURRENT'
--error ER_TABLEACCESS_DENIED_ERROR
grant DELETE on performance_schema.EVENTS_WAITS_CURRENT to 'pfs_user_3'@localhost;
grant SELECT on performance_schema.EVENTS_WAITS_CURRENT to 'pfs_user_3'@localhost
with GRANT OPTION;
--error ER_DBACCESS_DENIED_ERROR
grant ALL on performance_schema.FILE_INSTANCES to 'pfs_user_3'@localhost
with GRANT OPTION;
# will be ER_DBACCESS_DENIED_ERROR once .FRM are removed
grant CREATE on performance_schema.FILE_INSTANCES to 'pfs_user_3'@localhost;
# will be ER_DBACCESS_DENIED_ERROR once .FRM are removed
grant DROP on performance_schema.FILE_INSTANCES to 'pfs_user_3'@localhost;
--error ER_DBACCESS_DENIED_ERROR
grant REFERENCES on performance_schema.FILE_INSTANCES to 'pfs_user_3'@localhost;
--error ER_DBACCESS_DENIED_ERROR
grant INDEX on performance_schema.FILE_INSTANCES to 'pfs_user_3'@localhost;
--error ER_DBACCESS_DENIED_ERROR
grant ALTER on performance_schema.FILE_INSTANCES to 'pfs_user_3'@localhost;
--error ER_DBACCESS_DENIED_ERROR
grant CREATE VIEW on performance_schema.FILE_INSTANCES to 'pfs_user_3'@localhost;
--error ER_DBACCESS_DENIED_ERROR
grant SHOW VIEW on performance_schema.FILE_INSTANCES to 'pfs_user_3'@localhost;
--error ER_DBACCESS_DENIED_ERROR
grant TRIGGER on performance_schema.FILE_INSTANCES to 'pfs_user_3'@localhost;
--replace_result '\'file_instances' '\'FILE_INSTANCES'
--error ER_TABLEACCESS_DENIED_ERROR
grant INSERT on performance_schema.FILE_INSTANCES to 'pfs_user_3'@localhost;
--replace_result '\'file_instances' '\'FILE_INSTANCES'
--error ER_TABLEACCESS_DENIED_ERROR
grant UPDATE on performance_schema.FILE_INSTANCES to 'pfs_user_3'@localhost;
--replace_result '\'file_instances' '\'FILE_INSTANCES'
--error ER_TABLEACCESS_DENIED_ERROR
grant DELETE on performance_schema.FILE_INSTANCES to 'pfs_user_3'@localhost;
grant SELECT on performance_schema.FILE_INSTANCES to 'pfs_user_3'@localhost
with GRANT OPTION;
# See bug#45354 LOCK TABLES is not a TABLE privilege
grant LOCK TABLES on performance_schema.* to 'pfs_user_3'@localhost
with GRANT OPTION;
flush privileges;
--source ../include/privilege.inc
connect (con1, localhost, pfs_user_1, , );
--source ../include/privilege.inc
--disconnect con1
connect (con2, localhost, pfs_user_2, , );
--source ../include/privilege.inc
--disconnect con2
connect (con3, localhost, pfs_user_3, , );
--source ../include/privilege.inc
--disconnect con3
--connection default
revoke all privileges, grant option from 'pfs_user_1'@localhost;
revoke all privileges, grant option from 'pfs_user_2'@localhost;
revoke all privileges, grant option from 'pfs_user_3'@localhost;
drop user 'pfs_user_1'@localhost;
drop user 'pfs_user_2'@localhost;
drop user 'pfs_user_3'@localhost;
flush privileges;
--echo # Test cases from WL#4818
--echo # Setup user
CREATE user pfs_user_4;
--connect (pfs_user_4, localhost, pfs_user_4, , )
--echo #
--echo # WL#4818, NFS4: Normal user does not have access to view data
--echo # without grants
--echo #
--connection pfs_user_4
--echo # Select as pfs_user_4 should fail without grant
--replace_result '\'events_waits_history' '\'EVENTS_WAITS_HISTORY'
--error ER_TABLEACCESS_DENIED_ERROR
SELECT event_id FROM performance_schema.EVENTS_WAITS_HISTORY;
--replace_result '\'events_waits_history_long' '\'EVENTS_WAITS_HISTORY_LONG'
--error ER_TABLEACCESS_DENIED_ERROR
SELECT event_id FROM performance_schema.EVENTS_WAITS_HISTORY_LONG;
--replace_result '\'events_waits_current' '\'EVENTS_WAITS_CURRENT'
--error ER_TABLEACCESS_DENIED_ERROR
SELECT event_id FROM performance_schema.EVENTS_WAITS_CURRENT;
--replace_result '\'events_waits_summary_by_instance' '\'EVENTS_WAITS_SUMMARY_BY_INSTANCE'
--error ER_TABLEACCESS_DENIED_ERROR
SELECT event_name FROM performance_schema.EVENTS_WAITS_SUMMARY_BY_INSTANCE;
--replace_result '\'file_summary_by_instance' '\'FILE_SUMMARY_BY_INSTANCE'
--error ER_TABLEACCESS_DENIED_ERROR
SELECT event_name FROM performance_schema.FILE_SUMMARY_BY_INSTANCE;
--echo #
--echo # WL#4818, NFS3: Normal user does not have access to change what is
--echo # instrumented without grants
--echo #
--connection pfs_user_4
--echo # User pfs_user_4 should not be allowed to tweak instrumentation without
--echo # explicit grant
--replace_result '\'setup_instruments' '\'SETUP_INSTRUMENTS'
--error ER_TABLEACCESS_DENIED_ERROR
UPDATE performance_schema.SETUP_INSTRUMENTS SET enabled = 'NO', timed = 'YES';
--replace_result '\'setup_instruments' '\'SETUP_INSTRUMENTS'
--error ER_TABLEACCESS_DENIED_ERROR
UPDATE performance_schema.SETUP_INSTRUMENTS SET enabled = 'YES'
WHERE name LIKE 'wait/synch/mutex/%'
OR name LIKE 'wait/synch/rwlock/%';
--replace_result '\'setup_consumers' '\'SETUP_CONSUMERS'
--error ER_TABLEACCESS_DENIED_ERROR
UPDATE performance_schema.SETUP_CONSUMERS SET enabled = 'YES';
--replace_result '\'setup_timers' '\'SETUP_TIMERS'
--error ER_TABLEACCESS_DENIED_ERROR
UPDATE performance_schema.SETUP_TIMERS SET timer_name = 'TICK';
--replace_result '\'events_waits_history_long' '\'EVENTS_WAITS_HISTORY_LONG'
--error ER_TABLEACCESS_DENIED_ERROR
TRUNCATE TABLE performance_schema.EVENTS_WAITS_HISTORY_LONG;
--replace_result '\'events_waits_history' '\'EVENTS_WAITS_HISTORY'
--error ER_TABLEACCESS_DENIED_ERROR
TRUNCATE TABLE performance_schema.EVENTS_WAITS_HISTORY;
--replace_result '\'events_waits_current' '\'EVENTS_WAITS_CURRENT'
--error ER_TABLEACCESS_DENIED_ERROR
TRUNCATE TABLE performance_schema.EVENTS_WAITS_CURRENT;
--echo #
--echo # WL#4814, NFS1: Can use grants to give normal user access
--echo # to turn on and off instrumentation
--echo #
--connection default
--echo # Grant access to change tables with the root account
GRANT UPDATE ON performance_schema.SETUP_CONSUMERS TO pfs_user_4;
GRANT UPDATE ON performance_schema.SETUP_TIMERS TO pfs_user_4;
GRANT UPDATE, SELECT ON performance_schema.SETUP_INSTRUMENTS TO pfs_user_4;
GRANT DROP ON performance_schema.EVENTS_WAITS_CURRENT TO pfs_user_4;
GRANT DROP ON performance_schema.EVENTS_WAITS_HISTORY TO pfs_user_4;
GRANT DROP ON performance_schema.EVENTS_WAITS_HISTORY_LONG TO pfs_user_4;
--connection pfs_user_4
--echo # User pfs_user_4 should now be allowed to tweak instrumentation
UPDATE performance_schema.SETUP_INSTRUMENTS SET enabled = 'NO', timed = 'YES';
UPDATE performance_schema.SETUP_INSTRUMENTS SET enabled = 'YES'
WHERE name LIKE 'wait/synch/mutex/%'
OR name LIKE 'wait/synch/rwlock/%';
UPDATE performance_schema.SETUP_CONSUMERS SET enabled = 'YES';
UPDATE performance_schema.SETUP_TIMERS SET timer_name = 'TICK';
TRUNCATE TABLE performance_schema.EVENTS_WAITS_HISTORY_LONG;
TRUNCATE TABLE performance_schema.EVENTS_WAITS_HISTORY;
TRUNCATE TABLE performance_schema.EVENTS_WAITS_CURRENT;
--echo # Clean up
--connection default
--disconnect pfs_user_4
REVOKE ALL PRIVILEGES, GRANT OPTION FROM pfs_user_4;
DROP USER pfs_user_4;
flush privileges;
UPDATE performance_schema.SETUP_INSTRUMENTS SET enabled = 'YES', timed = 'YES';
UPDATE performance_schema.SETUP_CONSUMERS SET enabled = 'YES';
UPDATE performance_schema.SETUP_TIMERS SET timer_name = 'CYCLE';
Reference in a new issue View git blame Copy permalink