Skip to content
Permalink
Browse files
MDEV-28548: ER_TABLEACCESS_DENIED_ERROR is missing information about DB
- Added missing information about database of corresponding table for various types of commands
- Update some typos

- Reviewed by: <vicentiu@mariadb.org>
  • Loading branch information
an3l committed Sep 30, 2022
1 parent f9605eb commit 1f51d6c
Show file tree
Hide file tree
Showing 144 changed files with 2,032 additions and 1,909 deletions.
@@ -11,11 +11,11 @@ CREATE USER u1@localhost;
grant ALL on db.v1 to u1@localhost;
connect con1,localhost,u1,,;
select * from db.t1;
ERROR 42000: SELECT command denied to user 'u1'@'localhost' for table 't1'
ERROR 42000: SELECT command denied to user 'u1'@'localhost' for table `db`.`t1`
explain select * from db.t1;
ERROR 42000: SELECT command denied to user 'u1'@'localhost' for table 't1'
ERROR 42000: SELECT command denied to user 'u1'@'localhost' for table `db`.`t1`
analyze select * from db.t1;
ERROR 42000: SELECT command denied to user 'u1'@'localhost' for table 't1'
ERROR 42000: SELECT command denied to user 'u1'@'localhost' for table `db`.`t1`
select * from db.v1;
i c
2 bar

Large diffs are not rendered by default.

@@ -32,7 +32,7 @@ CREATE OR REPLACE DATABASE db2;
ERROR 42000: Access denied for user 'mysqltest_1'@'localhost' to database 'db2'
USE db1;
CREATE OR REPLACE TABLE t1(id INT);
ERROR 42000: DROP command denied to user 'mysqltest_1'@'localhost' for table 't1'
ERROR 42000: DROP command denied to user 'mysqltest_1'@'localhost' for table `db1`.`t1`
CREATE OR REPLACE PROCEDURE proc1 (OUT cnt INT) BEGIN END;
ERROR 42000: alter routine command denied to user 'mysqltest_1'@'localhost' for routine 'db1.proc1'
CREATE OR REPLACE FUNCTION lookup RETURNS STRING SONAME "UDF_EXAMPLE_LIB";
@@ -51,7 +51,7 @@ c
select d from mysqltest.v2;
ERROR 42000: SELECT command denied to user 'mysqltest_1'@'localhost' for column 'd' in table 'v2'
select * from mysqltest.v3;
ERROR 42000: SELECT command denied to user 'mysqltest_1'@'localhost' for table 'v3'
ERROR 42000: SELECT command denied to user 'mysqltest_1'@'localhost' for table `mysqltest`.`v3`
connection root;
grant select on mysqltest.v3 to mysqltest_1@localhost;
connection user1;
@@ -116,7 +116,7 @@ revoke SELECT on db.t1 from foo@localhost;
connection con1;
with cte as (select * from t1 where i < 4)
select * from cte;
ERROR 42000: SELECT command denied to user 'foo'@'localhost' for table 't1'
ERROR 42000: SELECT command denied to user 'foo'@'localhost' for table `db`.`t1`
disconnect con1;
connection default;
drop database db;
@@ -39,7 +39,7 @@ cte3 AS
cte4 AS
(SELECT cte2.a FROM t2,cte2 WHERE cte2.a = t2.a)
SELECT * FROM cte4 as r;
ERROR 42000: SELECT command denied to user 'u1'@'localhost' for table 't2'
ERROR 42000: SELECT command denied to user 'u1'@'localhost' for table `db`.`t2`
disconnect u1;
connection default;
DROP USER 'u1'@'localhost';
@@ -30,7 +30,7 @@ disconnect con1;
connection default;
connect con1, localhost, user5;
FLUSH TABLE db1.t1 FOR EXPORT;
ERROR 42000: SELECT command denied to user 'user5'@'localhost' for table 't1'
ERROR 42000: SELECT command denied to user 'user5'@'localhost' for table `db1`.`t1`
disconnect con1;
connection default;
DROP USER user1@localhost, user2@localhost, user3@localhost,
@@ -39,7 +39,7 @@ create user foo@localhost;
grant execute on mysql.* to foo@localhost;
connect foo, localhost, foo;
call mysql.AddGeometryColumn('', 'mysql', 'proc', 'c', 10);
ERROR 42000: ALTER command denied to user 'foo'@'localhost' for table 'proc'
ERROR 42000: ALTER command denied to user 'foo'@'localhost' for table `mysql`.`proc`
disconnect foo;
connection default;
drop user foo@localhost;

Large diffs are not rendered by default.

@@ -107,9 +107,9 @@ GRANT USAGE ON *.* TO `mysqltest_1`@`localhost`
GRANT SELECT, INSERT ON `mysqltest`.* TO `mysqltest_1`@`localhost`
insert into t1 values (1, 'I can''t change it!');
update t1 set data='I can change it!' where id = 1;
ERROR 42000: UPDATE command denied to user 'mysqltest_1'@'localhost' for table 't1'
ERROR 42000: UPDATE command denied to user 'mysqltest_1'@'localhost' for table `mysqltest`.`t1`
insert into t1 values (1, 'XXX') on duplicate key update data= 'I can change it!';
ERROR 42000: UPDATE command denied to user 'mysqltest_1'@'localhost' for table 't1'
ERROR 42000: UPDATE command denied to user 'mysqltest_1'@'localhost' for table `mysqltest`.`t1`
select * from t1;
id data
1 I can't change it!
@@ -126,7 +126,7 @@ connection mrugly;
grant select (a,b) on t1 to mysqltest_2@localhost;
ERROR 42000: SELECT command denied to user 'mysqltest_1'@'localhost' for column 'b' in table 't1'
grant select on t1 to mysqltest_3@localhost;
ERROR 42000: SELECT command denied to user 'mysqltest_1'@'localhost' for table 't1'
ERROR 42000: SELECT command denied to user 'mysqltest_1'@'localhost' for table `mysqltest`.`t1`
disconnect mrugly;
connection default;
drop table t1;
@@ -311,7 +311,7 @@ grant create user on *.* to mysqltest_2@localhost;
connect user3,localhost,mysqltest_2,,;
connection user3;
select host,user,password from mysql.user where user like 'mysqltest_%' order by host,user,password;
ERROR 42000: SELECT command denied to user 'mysqltest_2'@'localhost' for table 'user'
ERROR 42000: SELECT command denied to user 'mysqltest_2'@'localhost' for table `mysql`.`user`
create user mysqltest_A@'%';
rename user mysqltest_A@'%' to mysqltest_B@'%';
drop user mysqltest_B@'%';
@@ -327,7 +327,7 @@ Grants for mysqltest_3@localhost
GRANT USAGE ON *.* TO `mysqltest_3`@`localhost`
GRANT INSERT, UPDATE, DELETE ON `mysql`.* TO `mysqltest_3`@`localhost`
select host,user,password from mysql.user where user like 'mysqltest_%' order by host,user,password;
ERROR 42000: SELECT command denied to user 'mysqltest_3'@'localhost' for table 'user'
ERROR 42000: SELECT command denied to user 'mysqltest_3'@'localhost' for table `mysql`.`user`
insert into mysql.user set host='%', user='mysqltest_B';
Warnings:
Warning 1364 Field 'ssl_cipher' doesn't have a default value
@@ -483,9 +483,9 @@ create table t1 (i int);
connect user1,localhost,mysqltest_u1,,mysqltest_1;
connection user1;
show create table mysqltest_2.t1;
ERROR 42000: SHOW command denied to user 'mysqltest_u1'@'localhost' for table 't1'
ERROR 42000: SHOW command denied to user 'mysqltest_u1'@'localhost' for table `mysqltest_2`.`t1`
create table t1 like mysqltest_2.t1;
ERROR 42000: SELECT command denied to user 'mysqltest_u1'@'localhost' for table 't1'
ERROR 42000: SELECT command denied to user 'mysqltest_u1'@'localhost' for table `mysqltest_2`.`t1`
connection default;
grant select on mysqltest_2.t1 to mysqltest_u1@localhost;
connection user1;
@@ -540,7 +540,7 @@ USE db1;
SELECT c FROM t2;
ERROR 42000: SELECT command denied to user 'mysqltest1'@'localhost' for column 'c' in table 't2'
SELECT * FROM t2;
ERROR 42000: SELECT command denied to user 'mysqltest1'@'localhost' for table 't2'
ERROR 42000: SELECT command denied to user 'mysqltest1'@'localhost' for table `db1`.`t2`
SELECT * FROM t1 JOIN t2 USING (b);
ERROR 42000: SELECT command denied to user 'mysqltest1'@'localhost' for column 'c' in table 't2'
connection default;
@@ -645,7 +645,7 @@ CREATE TEMPORARY TABLE t4 SELECT * FROM t1;
# temporary table without additional privileges.
CREATE TEMPORARY TABLE t5(a INT) ENGINE = MyISAM;
CREATE TEMPORARY TABLE t6(a INT) ENGINE = MERGE UNION = (t5);
ERROR 42000: SELECT, UPDATE, DELETE command denied to user 'mysqltest_u1'@'localhost' for table 't5'
ERROR 42000: SELECT, UPDATE, DELETE command denied to user 'mysqltest_u1'@'localhost' for table `mysqltest_db1`.`t5`
# Check that we allow creation of MERGE table with no underlying table
# without additional privileges.
CREATE TEMPORARY TABLE t6(a INT) ENGINE = MERGE UNION = ();
@@ -673,7 +673,7 @@ ALTER TABLE t6 UNION = ();
# Check that we do *not* allow altering of MERGE table with underlying
# temporary table without additional privileges.
ALTER TABLE t6 UNION = (t5);
ERROR 42000: SELECT, UPDATE, DELETE command denied to user 'mysqltest_u1'@'localhost' for table 't5'
ERROR 42000: SELECT, UPDATE, DELETE command denied to user 'mysqltest_u1'@'localhost' for table `mysqltest_db1`.`t5`
#
# Simple INSERT and INSERT ... SELECT.
#
@@ -918,7 +918,7 @@ CREATE TEMPORARY TABLE t9(a INT);
CREATE TEMPORARY TABLE t10(a INT) ENGINE = MERGE UNION = (t7, t8);
ALTER TABLE t10 UNION = (t9);
ALTER TABLE t10 UNION = (mysqltest_db2.t2_1);
ERROR 42000: SELECT, UPDATE, DELETE command denied to user 'mysqltest_u5'@'localhost' for table 't2_1'
ERROR 42000: SELECT, UPDATE, DELETE command denied to user 'mysqltest_u5'@'localhost' for table `mysqltest_db2`.`t2_1`
CREATE TEMPORARY TABLE mysqltest_db2.t2_2(a INT) ENGINE = MERGE UNION = (t7, t8);
ALTER TABLE mysqltest_db2.t2_2 UNION = (t9);
ALTER TABLE mysqltest_db2.t2_2 UNION = ();
@@ -30,23 +30,23 @@ a int(11) YES NULL
** SHOW COLUMNS
** Should fail because there are no privileges on any column combination.
show columns from mysqltest_db1.t_no_priv;
ERROR 42000: SELECT command denied to user 'mysqltest_u1'@'localhost' for table 't_no_priv'
ERROR 42000: SELECT command denied to user 'mysqltest_u1'@'localhost' for table `mysqltest_db1`.`t_no_priv`
** However, select from I_S.COLUMNS will succeed but not show anything:
select column_name as 'Field',column_type as 'Type',is_nullable as 'Null',column_key as 'Key',column_default as 'Default',extra as 'Extra' from information_schema.columns where table_schema='mysqltest_db1' and table_name='t_no_priv';
Field Type Null Key Default Extra

** CREATE TABLE ... LIKE ... require SELECT privleges and will fail.
create table test.t_no_priv like mysqltest_db1.column_priv_only;
ERROR 42000: SELECT command denied to user 'mysqltest_u1'@'localhost' for table 'column_priv_only'
ERROR 42000: SELECT command denied to user 'mysqltest_u1'@'localhost' for table `mysqltest_db1`.`column_priv_only`

** Just to be sure... SELECT also fails.
select * from mysqltest_db1.t_column_priv_only;
ERROR 42000: SELECT command denied to user 'mysqltest_u1'@'localhost' for table 't_column_priv_only'
ERROR 42000: SELECT command denied to user 'mysqltest_u1'@'localhost' for table `mysqltest_db1`.`t_column_priv_only`

** SHOW CREATE TABLE ... require any privileges on all columns (the entire table).
** First we try and fail on a table with only one column privilege.
show create table mysqltest_db1.t_column_priv_only;
ERROR 42000: SHOW command denied to user 'mysqltest_u1'@'localhost' for table 't_column_priv_only'
ERROR 42000: SHOW command denied to user 'mysqltest_u1'@'localhost' for table `mysqltest_db1`.`t_column_priv_only`

** Now we do the same on a table with SELECT privileges.

@@ -72,7 +72,7 @@ t_select_priv CREATE TABLE `t_select_priv` (

** SHOW CREATE TABLE will fail if there is no grants at all:
show create table mysqltest_db1.t_no_priv;
ERROR 42000: SHOW command denied to user 'mysqltest_u1'@'localhost' for table 't_no_priv'
ERROR 42000: SHOW command denied to user 'mysqltest_u1'@'localhost' for table `mysqltest_db1`.`t_no_priv`

connection default;
use mysqltest_db1;
@@ -97,7 +97,7 @@ SELECT * FROM INFORMATION_SCHEMA.STATISTICS WHERE table_name='t5';
TABLE_CATALOG TABLE_SCHEMA TABLE_NAME NON_UNIQUE INDEX_SCHEMA INDEX_NAME SEQ_IN_INDEX COLUMN_NAME COLLATION CARDINALITY SUB_PART PACKED NULLABLE INDEX_TYPE COMMENT INDEX_COMMENT
** SHOW INDEX FROM t5 will fail because we don't have any privileges on any column combination.
SHOW INDEX FROM t5;
ERROR 42000: SELECT command denied to user 'mysqltest_u1'@'localhost' for table 't5'
ERROR 42000: SELECT command denied to user 'mysqltest_u1'@'localhost' for table `mysqltest_db1`.`t5`
** SHOW INDEX FROM t6 will succeed because there exist a privilege on a column combination on t6.
SHOW INDEX FROM t6;
Table Non_unique Key_name Seq_in_index Column_name Collation Cardinality Sub_part Packed Null Index_type Comment Index_comment
@@ -108,20 +108,20 @@ Table Op Msg_type Msg_text
mysqltest_db1.t6 check status OK
** With no privileges access is naturally denied:
CHECK TABLE t5;
ERROR 42000: SELECT command denied to user 'mysqltest_u1'@'localhost' for table 't5'
ERROR 42000: SELECT command denied to user 'mysqltest_u1'@'localhost' for table `mysqltest_db1`.`t5`
** CHECKSUM TABLE requires SELECT privileges on the table. The following should fail:
CHECKSUM TABLE t6;
ERROR 42000: SELECT command denied to user 'mysqltest_u1'@'localhost' for table 't6'
ERROR 42000: SELECT command denied to user 'mysqltest_u1'@'localhost' for table `mysqltest_db1`.`t6`
** And this should work:
CHECKSUM TABLE t_select_priv;
Table Checksum
mysqltest_db1.t_select_priv 0
SHOW CREATE VIEW v5;
ERROR 42000: SELECT command denied to user 'mysqltest_u1'@'localhost' for table 'v5'
ERROR 42000: SELECT command denied to user 'mysqltest_u1'@'localhost' for table `mysqltest_db1`.`v5`
SHOW CREATE VIEW v6;
ERROR 42000: SELECT command denied to user 'mysqltest_u1'@'localhost' for table 'v6'
ERROR 42000: SELECT command denied to user 'mysqltest_u1'@'localhost' for table `mysqltest_db1`.`v6`
SHOW CREATE VIEW v2;
ERROR 42000: SELECT command denied to user 'mysqltest_u1'@'localhost' for table 'v2'
ERROR 42000: SELECT command denied to user 'mysqltest_u1'@'localhost' for table `mysqltest_db1`.`v2`
SHOW CREATE VIEW v3;
View Create View character_set_client collation_connection
v3 CREATE ALGORITHM=UNDEFINED DEFINER=`root`@`localhost` SQL SECURITY DEFINER VIEW `v3` AS select `t_select_priv`.`a` AS `a`,`t_select_priv`.`b` AS `b` from `t_select_priv` latin1 latin1_swedish_ci
@@ -189,10 +189,10 @@ mysqltest_db1.t1 check error Corrupt
# The below statement should fail before repairing t1.
# Otherwise info about such repair will be missing from its result-set.
repair table mysqltest_db1.t1, mysqltest_db1.t2;
ERROR 42000: SELECT, INSERT command denied to user 'mysqltest_u1'@'localhost' for table 't2'
ERROR 42000: SELECT, INSERT command denied to user 'mysqltest_u1'@'localhost' for table `mysqltest_db1`.`t2`
# The same is true for CHECK TABLE statement.
check table mysqltest_db1.t1, mysqltest_db1.t2;
ERROR 42000: SELECT command denied to user 'mysqltest_u1'@'localhost' for table 't2'
ERROR 42000: SELECT command denied to user 'mysqltest_u1'@'localhost' for table `mysqltest_db1`.`t2`
check table mysqltest_db1.t1;
Table Op Msg_type Msg_text
mysqltest_db1.t1 check warning Table is marked as crashed
@@ -181,4 +181,65 @@ GRANT USAGE ON *.* TO `test-user`@`%`
SET DEFAULT ROLE `r``o'l"e` FOR `test-user`@`%`
DROP ROLE `r``o'l"e`;
DROP USER 'test-user';
#
# MDEV-28548: ER_TABLEACCESS_DENIED_ERROR is missing information about DB
#
create database db1;
create user foo@localhost;
grant create on db1.* to foo@localhost;
connect con1,localhost,foo,,db1;
create table t(t int);
show columns in t;
ERROR 42000: SELECT command denied to user 'foo'@'localhost' for table `db1`.`t`
show columns in db1.t;
ERROR 42000: SELECT command denied to user 'foo'@'localhost' for table `db1`.`t`
create view t_v as select * from t;
ERROR 42000: CREATE VIEW command denied to user 'foo'@'localhost' for table `db1`.`t_v`
show create view t_v;
ERROR 42000: SELECT command denied to user 'foo'@'localhost' for table `db1`.`t_v`
create table t2(id int primary key, b int);
create table t3(a int, b int, CONSTRAINT `fk_db2_db1_t1`
FOREIGN KEY (a)
REFERENCES `db1 `.t1 (a)
ON DELETE CASCADE
ON UPDATE RESTRICT);
ERROR 42000: Incorrect database name 'db1 '
create table t3(a int, b int, CONSTRAINT `fk_db2_db3_t1`
FOREIGN KEY (a)
REFERENCES db3.t1 (a)
ON DELETE CASCADE
ON UPDATE RESTRICT);
ERROR 42000: REFERENCES command denied to user 'foo'@'localhost' for table `db3`.`t1`
create table t1(a int, b int, CONSTRAINT `fk_db2_db3_t1`
FOREIGN KEY (a)
REFERENCES t2 (id)
ON DELETE CASCADE
ON UPDATE RESTRICT);
ERROR 42000: REFERENCES command denied to user 'foo'@'localhost' for table `db1`.`t2`
connection default;
disconnect con1;
grant create view, select on db1.* to foo@localhost;
connect con1,localhost,foo,,db1;
create view t_v as select * from t;
show grants;
Grants for foo@localhost
GRANT USAGE ON *.* TO `foo`@`localhost`
GRANT SELECT, CREATE, CREATE VIEW ON `db1`.* TO `foo`@`localhost`
show create view t_v;
ERROR 42000: SHOW VIEW command denied to user 'foo'@'localhost' for table `db1`.`t_v`
connection default;
disconnect con1;
grant show view on db1.* to foo@localhost;
connect con1,localhost,foo,,db1;
show grants;
Grants for foo@localhost
GRANT USAGE ON *.* TO `foo`@`localhost`
GRANT SELECT, CREATE, CREATE VIEW, SHOW VIEW ON `db1`.* TO `foo`@`localhost`
show create view t_v;
View Create View character_set_client collation_connection
t_v CREATE ALGORITHM=UNDEFINED DEFINER=`foo`@`localhost` SQL SECURITY DEFINER VIEW `t_v` AS select `t`.`t` AS `t` from `t` latin1 latin1_swedish_ci
connection default;
disconnect con1;
drop database db1;
drop user foo@localhost;
# End of 10.3 tests
@@ -135,4 +135,76 @@ SHOW GRANTS FOR 'test-user';
DROP ROLE `r``o'l"e`;
DROP USER 'test-user';

--echo #
--echo # MDEV-28548: ER_TABLEACCESS_DENIED_ERROR is missing information about DB
--echo #

create database db1;
create user foo@localhost;
grant create on db1.* to foo@localhost;

--connect (con1,localhost,foo,,db1)
create table t(t int);
--error ER_TABLEACCESS_DENIED_ERROR
show columns in t;
--error ER_TABLEACCESS_DENIED_ERROR
show columns in db1.t;
# CREATE_VIEW_ACL needed
--error ER_TABLEACCESS_DENIED_ERROR
create view t_v as select * from t;
# show create view needs to have SELECT_ACL and SHOW_VIEW_ACL
--error ER_TABLEACCESS_DENIED_ERROR
show create view t_v;

create table t2(id int primary key, b int);

# Reference non existing DB with wrong DB name
--error ER_WRONG_DB_NAME
create table t3(a int, b int, CONSTRAINT `fk_db2_db1_t1`
FOREIGN KEY (a)
REFERENCES `db1 `.t1 (a)
ON DELETE CASCADE
ON UPDATE RESTRICT);

# Reference non-existing DB (with qualified DB name)
--error ER_TABLEACCESS_DENIED_ERROR
create table t3(a int, b int, CONSTRAINT `fk_db2_db3_t1`
FOREIGN KEY (a)
REFERENCES db3.t1 (a)
ON DELETE CASCADE
ON UPDATE RESTRICT);

# Reference DB (with not qualified DB name)
--error ER_TABLEACCESS_DENIED_ERROR
create table t1(a int, b int, CONSTRAINT `fk_db2_db3_t1`
FOREIGN KEY (a)
REFERENCES t2 (id)
ON DELETE CASCADE
ON UPDATE RESTRICT);

--connection default
--disconnect con1
# Add CREATE_VIEW_ACL and SELECT_ACL
grant create view, select on db1.* to foo@localhost;

--connect (con1,localhost,foo,,db1)
create view t_v as select * from t;
show grants;
--error ER_TABLEACCESS_DENIED_ERROR
show create view t_v;

--connection default
--disconnect con1
# Add SHOW_VIEW_ACL
grant show view on db1.* to foo@localhost;

--connect (con1,localhost,foo,,db1)
show grants;
show create view t_v;

--connection default
--disconnect con1
drop database db1;
drop user foo@localhost;

--echo # End of 10.3 tests

0 comments on commit 1f51d6c

Please sign in to comment.