mirror/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-01-30 10:31:54 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
mariadb/mysql-test/suite/perfschema/t/privilege.test
Sergei Golubchik beded7d9c9 Merge branch '10.0' into 10.1
2015-11-19 15:52:14 +01:00

338 lines
12 KiB
Text
Raw Blame History

# Tests for PERFORMANCE_SCHEMA
--source include/not_embedded.inc
--source include/have_perfschema.inc
show grants;
create user 'pfs_user_1'@localhost;
create user 'pfs_user_2'@localhost;
create user 'pfs_user_3'@localhost;
grant ALL on *.* to 'pfs_user_1'@localhost with GRANT OPTION;
# Test denied privileges on performance_schema.*
--error ER_DBACCESS_DENIED_ERROR
grant ALL on performance_schema.* to 'pfs_user_2'@localhost
with GRANT OPTION;
# will be ER_DBACCESS_DENIED_ERROR once .FRM are removed
grant CREATE on performance_schema.* to 'pfs_user_2'@localhost;
# will be ER_DBACCESS_DENIED_ERROR once .FRM are removed
grant DROP on performance_schema.* to 'pfs_user_2'@localhost;
--error ER_DBACCESS_DENIED_ERROR
grant REFERENCES on performance_schema.* to 'pfs_user_2'@localhost;
--error ER_DBACCESS_DENIED_ERROR
grant INDEX on performance_schema.* to 'pfs_user_2'@localhost;
--error ER_DBACCESS_DENIED_ERROR
grant ALTER on performance_schema.* to 'pfs_user_2'@localhost;
--error ER_DBACCESS_DENIED_ERROR
grant CREATE TEMPORARY TABLES on performance_schema.* to 'pfs_user_2'@localhost;
--error ER_DBACCESS_DENIED_ERROR
grant EXECUTE on performance_schema.* to 'pfs_user_2'@localhost;
--error ER_DBACCESS_DENIED_ERROR
grant CREATE VIEW on performance_schema.* to 'pfs_user_2'@localhost;
--error ER_DBACCESS_DENIED_ERROR
grant SHOW VIEW on performance_schema.* to 'pfs_user_2'@localhost;
--error ER_DBACCESS_DENIED_ERROR
grant CREATE ROUTINE on performance_schema.* to 'pfs_user_2'@localhost;
--error ER_DBACCESS_DENIED_ERROR
grant ALTER ROUTINE on performance_schema.* to 'pfs_user_2'@localhost;
--error ER_DBACCESS_DENIED_ERROR
grant EVENT on performance_schema.* to 'pfs_user_2'@localhost;
--error ER_DBACCESS_DENIED_ERROR
grant TRIGGER on performance_schema.* to 'pfs_user_2'@localhost;
# Test allowed privileges on performance_schema.*
grant SELECT on performance_schema.* to 'pfs_user_2'@localhost;
grant INSERT on performance_schema.* to 'pfs_user_2'@localhost;
grant UPDATE on performance_schema.* to 'pfs_user_2'@localhost;
grant DELETE on performance_schema.* to 'pfs_user_2'@localhost;
grant LOCK TABLES on performance_schema.* to 'pfs_user_2'@localhost;
# Test denied privileges on specific performance_schema tables.
# setup_instrument : example of PFS_updatable_acl
# events_waits_current : example of PFS_truncatable_acl
# file_instances : example of PFS_readonly_acl
--error ER_DBACCESS_DENIED_ERROR
grant ALL on performance_schema.setup_instruments to 'pfs_user_3'@localhost
with GRANT OPTION;
# will be ER_DBACCESS_DENIED_ERROR once .FRM are removed
grant CREATE on performance_schema.setup_instruments to 'pfs_user_3'@localhost;
# will be ER_DBACCESS_DENIED_ERROR once .FRM are removed
grant DROP on performance_schema.setup_instruments to 'pfs_user_3'@localhost;
--error ER_DBACCESS_DENIED_ERROR
grant REFERENCES on performance_schema.setup_instruments to 'pfs_user_3'@localhost;
--error ER_DBACCESS_DENIED_ERROR
grant INDEX on performance_schema.setup_instruments to 'pfs_user_3'@localhost;
--error ER_DBACCESS_DENIED_ERROR
grant ALTER on performance_schema.setup_instruments to 'pfs_user_3'@localhost;
--error ER_DBACCESS_DENIED_ERROR
grant CREATE VIEW on performance_schema.setup_instruments to 'pfs_user_3'@localhost;
--error ER_DBACCESS_DENIED_ERROR
grant SHOW VIEW on performance_schema.setup_instruments to 'pfs_user_3'@localhost;
--error ER_DBACCESS_DENIED_ERROR
grant TRIGGER on performance_schema.setup_instruments to 'pfs_user_3'@localhost;
--error ER_TABLEACCESS_DENIED_ERROR
grant INSERT on performance_schema.setup_instruments to 'pfs_user_3'@localhost;
--error ER_TABLEACCESS_DENIED_ERROR
grant DELETE on performance_schema.setup_instruments to 'pfs_user_3'@localhost;
grant SELECT on performance_schema.setup_instruments to 'pfs_user_3'@localhost
with GRANT OPTION;
grant UPDATE on performance_schema.setup_instruments to 'pfs_user_3'@localhost
with GRANT OPTION;
--error ER_DBACCESS_DENIED_ERROR
grant ALL on performance_schema.events_waits_current to 'pfs_user_3'@localhost
with GRANT OPTION;
# will be ER_DBACCESS_DENIED_ERROR once .FRM are removed
grant CREATE on performance_schema.events_waits_current to 'pfs_user_3'@localhost;
# will be ER_DBACCESS_DENIED_ERROR once .FRM are removed
grant DROP on performance_schema.events_waits_current to 'pfs_user_3'@localhost;
--error ER_DBACCESS_DENIED_ERROR
grant REFERENCES on performance_schema.events_waits_current to 'pfs_user_3'@localhost;
--error ER_DBACCESS_DENIED_ERROR
grant INDEX on performance_schema.events_waits_current to 'pfs_user_3'@localhost;
--error ER_DBACCESS_DENIED_ERROR
grant ALTER on performance_schema.events_waits_current to 'pfs_user_3'@localhost;
--error ER_DBACCESS_DENIED_ERROR
grant CREATE VIEW on performance_schema.events_waits_current to 'pfs_user_3'@localhost;
--error ER_DBACCESS_DENIED_ERROR
grant SHOW VIEW on performance_schema.events_waits_current to 'pfs_user_3'@localhost;
--error ER_DBACCESS_DENIED_ERROR
grant TRIGGER on performance_schema.events_waits_current to 'pfs_user_3'@localhost;
--error ER_TABLEACCESS_DENIED_ERROR
grant INSERT on performance_schema.events_waits_current to 'pfs_user_3'@localhost;
--error ER_TABLEACCESS_DENIED_ERROR
grant UPDATE on performance_schema.events_waits_current to 'pfs_user_3'@localhost;
--error ER_TABLEACCESS_DENIED_ERROR
grant DELETE on performance_schema.events_waits_current to 'pfs_user_3'@localhost;
grant SELECT on performance_schema.events_waits_current to 'pfs_user_3'@localhost
with GRANT OPTION;
--error ER_DBACCESS_DENIED_ERROR
grant ALL on performance_schema.file_instances to 'pfs_user_3'@localhost
with GRANT OPTION;
# will be ER_DBACCESS_DENIED_ERROR once .FRM are removed
grant CREATE on performance_schema.file_instances to 'pfs_user_3'@localhost;
# will be ER_DBACCESS_DENIED_ERROR once .FRM are removed
grant DROP on performance_schema.file_instances to 'pfs_user_3'@localhost;
--error ER_DBACCESS_DENIED_ERROR
grant REFERENCES on performance_schema.file_instances to 'pfs_user_3'@localhost;
--error ER_DBACCESS_DENIED_ERROR
grant INDEX on performance_schema.file_instances to 'pfs_user_3'@localhost;
--error ER_DBACCESS_DENIED_ERROR
grant ALTER on performance_schema.file_instances to 'pfs_user_3'@localhost;
--error ER_DBACCESS_DENIED_ERROR
grant CREATE VIEW on performance_schema.file_instances to 'pfs_user_3'@localhost;
--error ER_DBACCESS_DENIED_ERROR
grant SHOW VIEW on performance_schema.file_instances to 'pfs_user_3'@localhost;
--error ER_DBACCESS_DENIED_ERROR
grant TRIGGER on performance_schema.file_instances to 'pfs_user_3'@localhost;
--error ER_TABLEACCESS_DENIED_ERROR
grant INSERT on performance_schema.file_instances to 'pfs_user_3'@localhost;
--error ER_TABLEACCESS_DENIED_ERROR
grant UPDATE on performance_schema.file_instances to 'pfs_user_3'@localhost;
--error ER_TABLEACCESS_DENIED_ERROR
grant DELETE on performance_schema.file_instances to 'pfs_user_3'@localhost;
grant SELECT on performance_schema.file_instances to 'pfs_user_3'@localhost
with GRANT OPTION;
# See bug#45354 LOCK TABLES is not a TABLE privilege
grant LOCK TABLES on performance_schema.* to 'pfs_user_3'@localhost
with GRANT OPTION;
flush privileges;
--source ../include/privilege.inc
connect (con1, localhost, pfs_user_1, , );
--source ../include/privilege.inc
--disconnect con1
connect (con2, localhost, pfs_user_2, , );
--source ../include/privilege.inc
--disconnect con2
connect (con3, localhost, pfs_user_3, , );
--source ../include/privilege.inc
--disconnect con3
--connection default
revoke all privileges, grant option from 'pfs_user_1'@localhost;
revoke all privileges, grant option from 'pfs_user_2'@localhost;
revoke all privileges, grant option from 'pfs_user_3'@localhost;
drop user 'pfs_user_1'@localhost;
drop user 'pfs_user_2'@localhost;
drop user 'pfs_user_3'@localhost;
flush privileges;
--echo # Test cases from WL#4818
--echo # Setup user
CREATE user pfs_user_4;
--connect (pfs_user_4, localhost, pfs_user_4, , )
--echo #
--echo # WL#4818, NFS4: Normal user does not have access to view data
--echo # without grants
--echo #
--connection pfs_user_4
--echo # Select as pfs_user_4 should fail without grant
--error ER_TABLEACCESS_DENIED_ERROR
SELECT event_id FROM performance_schema.events_waits_history;
--error ER_TABLEACCESS_DENIED_ERROR
SELECT event_id FROM performance_schema.events_waits_history_long;
--error ER_TABLEACCESS_DENIED_ERROR
SELECT event_id FROM performance_schema.events_waits_current;
--error ER_TABLEACCESS_DENIED_ERROR
SELECT event_name FROM performance_schema.events_waits_summary_by_instance;
--error ER_TABLEACCESS_DENIED_ERROR
SELECT event_name FROM performance_schema.file_summary_by_instance;
--echo #
--echo # WL#4818, NFS3: Normal user does not have access to change what is
--echo # instrumented without grants
--echo #
--connection pfs_user_4
--echo # User pfs_user_4 should not be allowed to tweak instrumentation without
--echo # explicit grant
--error ER_TABLEACCESS_DENIED_ERROR
UPDATE performance_schema.setup_instruments SET enabled = 'NO', timed = 'YES';
--error ER_TABLEACCESS_DENIED_ERROR
UPDATE performance_schema.setup_instruments SET enabled = 'YES'
WHERE name LIKE 'wait/synch/mutex/%'
OR name LIKE 'wait/synch/rwlock/%';
--error ER_TABLEACCESS_DENIED_ERROR
UPDATE performance_schema.setup_consumers SET enabled = 'YES';
--error ER_TABLEACCESS_DENIED_ERROR
UPDATE performance_schema.setup_timers SET timer_name = 'TICK';
--error ER_TABLEACCESS_DENIED_ERROR
TRUNCATE TABLE performance_schema.events_waits_history_long;
--error ER_TABLEACCESS_DENIED_ERROR
TRUNCATE TABLE performance_schema.events_waits_history;
--error ER_TABLEACCESS_DENIED_ERROR
TRUNCATE TABLE performance_schema.events_waits_current;
--echo #
--echo # WL#4814, NFS1: Can use grants to give normal user access
--echo # to turn on and off instrumentation
--echo #
--connection default
--echo # Grant access to change tables with the root account
GRANT UPDATE ON performance_schema.setup_consumers TO pfs_user_4;
GRANT UPDATE, SELECT ON performance_schema.setup_timers TO pfs_user_4;
GRANT UPDATE, SELECT ON performance_schema.setup_instruments TO pfs_user_4;
GRANT DROP ON performance_schema.events_waits_current TO pfs_user_4;
GRANT DROP ON performance_schema.events_waits_history TO pfs_user_4;
GRANT DROP ON performance_schema.events_waits_history_long TO pfs_user_4;
--connection pfs_user_4
--echo # User pfs_user_4 should now be allowed to tweak instrumentation
UPDATE performance_schema.setup_instruments SET enabled = 'NO', timed = 'YES';
UPDATE performance_schema.setup_instruments SET enabled = 'YES'
WHERE name LIKE 'wait/synch/mutex/%'
OR name LIKE 'wait/synch/rwlock/%';
UPDATE performance_schema.setup_consumers SET enabled = 'YES';
# We do not touch "wait", to avoid restoring it at the end of the test,
# as its default value initialized at server startup is ambiguous:
# it can be CYCLE or NANOSECOND depending on platform
UPDATE performance_schema.setup_timers SET timer_name = 'TICK' WHERE name <> "wait";
TRUNCATE TABLE performance_schema.events_waits_history_long;
TRUNCATE TABLE performance_schema.events_waits_history;
TRUNCATE TABLE performance_schema.events_waits_current;
--echo # Clean up
--disconnect pfs_user_4
--source include/wait_until_disconnected.inc
--connection default
REVOKE ALL PRIVILEGES, GRANT OPTION FROM pfs_user_4;
DROP USER pfs_user_4;
flush privileges;
UPDATE performance_schema.setup_instruments SET enabled = 'YES', timed = 'YES';
UPDATE performance_schema.setup_consumers SET enabled = 'YES';
# Restore the default values for the timers that we changed.
# Note, we did not touch "wait", see above.
UPDATE performance_schema.setup_timers SET timer_name = 'MICROSECOND' where name="idle";
UPDATE performance_schema.setup_timers SET timer_name = 'NANOSECOND' where name="stage";
UPDATE performance_schema.setup_timers SET timer_name = 'NANOSECOND' where name="statement";
Reference in a new issue View git blame Copy permalink