mirror/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-01-16 03:52:35 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
mariadb/mysql-test/main/grant_kill.result
Sergei Golubchik d6e3d89c80 MDEV-29668 SUPER should not allow actions that have fine-grained dedicated privileges 
SUPER privilege used to allow various actions that were alternatively
allowed by one of BINLOG ADMIN, BINLOG MONITOR, BINLOG REPLAY,
CONNECTION ADMIN, FEDERATED ADMIN, REPL MASTER ADMIN, REPL SLAVE ADMIN,
SET USER, SLAVE MONITOR.

Now SUPER no longer does that, one has to grant one of the fine-grained
privileges above to be to perform corresponding actions.

On upgrade from MariaDB versions 10.11 and below all the privileges
above are granted automatically if the user has SUPER.

As a side-effect, such an upgrade will allow SUPER-user to run SHOW
BINLOG EVENTS, SHOW RELAYLOG EVENTS, SHOW SLAVE HOSTS, even if he wasn't
able to do it before the upgrade.
2023-02-06 14:31:48 +01:00

51 lines
1.1 KiB
Text
Raw Blame History

#
# Start of 10.5 tests
#
#
# MDEV-21743 Split up SUPER privilege to smaller privileges
#
#
# Test that KILL is not allowed without CONNECTION ADMIN
#
CREATE USER foo@localhost;
GRANT SELECT ON *.* TO foo@localhost;
CREATE USER bar@localhost;
GRANT ALL PRIVILEGES ON *.* TO bar@localhost;
REVOKE CONNECTION ADMIN ON *.* FROM bar@localhost;
connect foo,localhost,foo,,;
connect bar,localhost,bar,,;
SELECT user FROM information_schema.processlist ORDER BY user;
user
bar
foo
root
KILL ID;
ERROR HY000: You are not owner of thread ID
disconnect foo;
disconnect bar;
connection default;
DROP USER foo@localhost;
DROP USER bar@localhost;
#
# Test that KILL is allowed with CONNECTION ADMIN
#
CREATE USER foo@localhost;
GRANT SELECT ON *.* TO foo@localhost;
CREATE USER bar@localhost;
GRANT PROCESS, CONNECTION ADMIN ON *.* TO bar@localhost;
connect foo,localhost,foo,,;
connect bar,localhost,bar,,;
SELECT user FROM information_schema.processlist ORDER BY user;
user
bar
foo
root
KILL ID;
connection default;
disconnect foo;
disconnect bar;
DROP USER foo@localhost;
DROP USER bar@localhost;
#
# End of 10.5 tests
#
Reference in a new issue View git blame Copy permalink