mariadb/mysql-test/suite/roles/set_role-database-recursive.result
Oleksandr Byelkin 0253ea7f22 MDEV-19650: Privilege bug on MariaDB 10.4
Also fixes:
MDEV-21487: Implement option for mysql_upgrade that allows root@localhost to be replaced
MDEV-21486: Implement option for mysql_install_db that allows root@localhost to be replaced

Add user mariadb.sys to be definer of user view
(and has right on underlying table global_priv for
required operation over global_priv
(SELECT,UPDATE,DELETE))

Also changed definer of gis functions in case of creation,
but they work with any definer so upgrade script do not try
to push this change.
2020-05-07 10:54:56 +02:00

84 lines
2.7 KiB
Text

create user test_user@localhost;
create role test_role1;
create role test_role2;
grant test_role1 to test_user@localhost;
grant test_role2 to test_user@localhost;
grant test_role2 to test_role1;
select user, host from mysql.user where user not like 'root';
User Host
mariadb.sys localhost
test_role1
test_role2
test_user localhost
select * from mysql.roles_mapping;
Host User Role Admin_option
test_role1 test_role2 N
localhost root test_role1 Y
localhost root test_role2 Y
localhost test_user test_role1 N
localhost test_user test_role2 N
select user, host from mysql.db;
user host
%
%
grant select on mysql.* to test_role2;
flush privileges;
select * from mysql.roles_mapping;
ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table 'roles_mapping'
select current_user(), current_role();
current_user() current_role()
test_user@localhost NULL
set role test_role1;
select current_user(), current_role();
current_user() current_role()
test_user@localhost test_role1
select * from mysql.roles_mapping;
Host User Role Admin_option
test_role1 test_role2 N
localhost root test_role1 Y
localhost root test_role2 Y
localhost test_user test_role1 N
localhost test_user test_role2 N
set role none;
select current_user(), current_role();
current_user() current_role()
test_user@localhost NULL
select * from mysql.roles_mapping;
ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table 'roles_mapping'
set role test_role2;
select current_user(), current_role();
current_user() current_role()
test_user@localhost test_role2
select * from mysql.roles_mapping;
Host User Role Admin_option
test_role1 test_role2 N
localhost root test_role1 Y
localhost root test_role2 Y
localhost test_user test_role1 N
localhost test_user test_role2 N
create role test_role3;
grant test_role3 to test_role2;
create role test_role4;
grant test_role4 to test_role3;
set role test_role1;
delete from mysql.user where user='no such user';
ERROR 42000: DELETE command denied to user 'test_user'@'localhost' for table 'user'
grant delete on mysql.* to test_role4;
set role test_role1;
delete from mysql.user where user='no such user';
show grants;
Grants for test_user@localhost
GRANT DELETE ON `mysql`.* TO `test_role4`
GRANT SELECT ON `mysql`.* TO `test_role2`
GRANT USAGE ON *.* TO `test_role1`
GRANT USAGE ON *.* TO `test_role2`
GRANT USAGE ON *.* TO `test_role3`
GRANT USAGE ON *.* TO `test_role4`
GRANT USAGE ON *.* TO `test_user`@`localhost`
GRANT `test_role1` TO `test_user`@`localhost`
GRANT `test_role2` TO `test_role1`
GRANT `test_role2` TO `test_user`@`localhost`
GRANT `test_role3` TO `test_role2`
GRANT `test_role4` TO `test_role3`
drop user test_user@localhost;
drop role test_role1, test_role2, test_role3, test_role4;