Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
MDEV-21957 Bind BINLOG ADMIN to @@binlog_format, @@binlog_direct_.., …
…@@sql_log_bin
- Loading branch information
Showing
14 changed files
with
347 additions
and
19 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
44 changes: 44 additions & 0 deletions
44
mysql-test/suite/sys_vars/r/binlog_direct_non_transactional_updates_grant.result
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,44 @@ | ||
SET @global= @@global.binlog_direct_non_transactional_updates; | ||
SET @session= @@global.binlog_direct_non_transactional_updates; | ||
# | ||
# | ||
# | ||
# Test that "SET binlog_direct_non_transactional_updates" is not allowed without BINLOG ADMIN or SUPER | ||
CREATE USER user1@localhost; | ||
GRANT ALL PRIVILEGES ON *.* TO user1@localhost; | ||
REVOKE BINLOG ADMIN, SUPER ON *.* FROM user1@localhost; | ||
connect user1,localhost,user1,,; | ||
connection user1; | ||
SET binlog_direct_non_transactional_updates=0; | ||
ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG ADMIN privilege(s) for this operation | ||
SET GLOBAL binlog_direct_non_transactional_updates=0; | ||
ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG ADMIN privilege(s) for this operation | ||
SET SESSION binlog_direct_non_transactional_updates=0; | ||
ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG ADMIN privilege(s) for this operation | ||
disconnect user1; | ||
connection default; | ||
DROP USER user1@localhost; | ||
# Test that "SET binlog_direct_non_transactional_updates" is allowed with BINLOG ADMIN | ||
CREATE USER user1@localhost; | ||
GRANT BINLOG ADMIN ON *.* TO user1@localhost; | ||
connect user1,localhost,user1,,; | ||
connection user1; | ||
SET binlog_direct_non_transactional_updates=0; | ||
SET GLOBAL binlog_direct_non_transactional_updates=0; | ||
SET SESSION binlog_direct_non_transactional_updates=0; | ||
disconnect user1; | ||
connection default; | ||
DROP USER user1@localhost; | ||
# Test that "SET binlog_direct_non_transactional_updates" is allowed with SUPER | ||
CREATE USER user1@localhost; | ||
GRANT SUPER ON *.* TO user1@localhost; | ||
connect user1,localhost,user1,,; | ||
connection user1; | ||
SET binlog_direct_non_transactional_updates=0; | ||
SET GLOBAL binlog_direct_non_transactional_updates=0; | ||
SET SESSION binlog_direct_non_transactional_updates=0; | ||
disconnect user1; | ||
connection default; | ||
DROP USER user1@localhost; | ||
SET GLOBAL binlog_direct_non_transactional_updates=@global; | ||
SET SESSION binlog_direct_non_transactional_updates=@session; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,40 @@ | ||
# | ||
# | ||
# | ||
# Test that "SET binlog_format" is not allowed without BINLOG ADMIN or SUPER | ||
CREATE USER user1@localhost; | ||
GRANT ALL PRIVILEGES ON *.* TO user1@localhost; | ||
REVOKE BINLOG ADMIN, SUPER ON *.* FROM user1@localhost; | ||
connect user1,localhost,user1,,; | ||
connection user1; | ||
SET binlog_format=mixed; | ||
ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG ADMIN privilege(s) for this operation | ||
SET GLOBAL binlog_format=mixed; | ||
ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG ADMIN privilege(s) for this operation | ||
SET SESSION binlog_format=mixed; | ||
ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG ADMIN privilege(s) for this operation | ||
disconnect user1; | ||
connection default; | ||
DROP USER user1@localhost; | ||
# Test that "SET binlog_format" is allowed with BINLOG ADMIN | ||
CREATE USER user1@localhost; | ||
GRANT BINLOG ADMIN ON *.* TO user1@localhost; | ||
connect user1,localhost,user1,,; | ||
connection user1; | ||
SET binlog_format=mixed; | ||
SET GLOBAL binlog_format=mixed; | ||
SET SESSION binlog_format=mixed; | ||
disconnect user1; | ||
connection default; | ||
DROP USER user1@localhost; | ||
# Test that "SET binlog_format" is allowed with SUPER | ||
CREATE USER user1@localhost; | ||
GRANT SUPER ON *.* TO user1@localhost; | ||
connect user1,localhost,user1,,; | ||
connection user1; | ||
SET binlog_format=mixed; | ||
SET GLOBAL binlog_format=mixed; | ||
SET SESSION binlog_format=mixed; | ||
disconnect user1; | ||
connection default; | ||
DROP USER user1@localhost; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
# | ||
# | ||
# | ||
# Test that "SET sql_log_bin" is not allowed without BINLOG ADMIN or SUPER | ||
CREATE USER user1@localhost; | ||
GRANT ALL PRIVILEGES ON *.* TO user1@localhost; | ||
REVOKE BINLOG ADMIN, SUPER ON *.* FROM user1@localhost; | ||
connect user1,localhost,user1,,; | ||
connection user1; | ||
SET sql_log_bin=1; | ||
ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG ADMIN privilege(s) for this operation | ||
SET GLOBAL sql_log_bin=1; | ||
ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG ADMIN privilege(s) for this operation | ||
SET SESSION sql_log_bin=1; | ||
ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG ADMIN privilege(s) for this operation | ||
disconnect user1; | ||
connection default; | ||
DROP USER user1@localhost; | ||
# Test that "SET sql_log_bin" is allowed with BINLOG ADMIN | ||
CREATE USER user1@localhost; | ||
GRANT BINLOG ADMIN ON *.* TO user1@localhost; | ||
connect user1,localhost,user1,,; | ||
connection user1; | ||
SET sql_log_bin=1; | ||
SET GLOBAL sql_log_bin=1; | ||
ERROR HY000: Variable 'sql_log_bin' is a SESSION variable | ||
SET SESSION sql_log_bin=1; | ||
disconnect user1; | ||
connection default; | ||
DROP USER user1@localhost; | ||
# Test that "SET sql_log_bin" is allowed with SUPER | ||
CREATE USER user1@localhost; | ||
GRANT SUPER ON *.* TO user1@localhost; | ||
connect user1,localhost,user1,,; | ||
connection user1; | ||
SET sql_log_bin=1; | ||
SET GLOBAL sql_log_bin=1; | ||
ERROR HY000: Variable 'sql_log_bin' is a SESSION variable | ||
SET SESSION sql_log_bin=1; | ||
disconnect user1; | ||
connection default; | ||
DROP USER user1@localhost; |
56 changes: 56 additions & 0 deletions
56
mysql-test/suite/sys_vars/t/binlog_direct_non_transactional_updates_grant.test
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,56 @@ | ||
source include/have_log_bin.inc; | ||
|
||
SET @global= @@global.binlog_direct_non_transactional_updates; | ||
SET @session= @@global.binlog_direct_non_transactional_updates; | ||
|
||
|
||
--echo # | ||
--echo # | ||
--echo # | ||
|
||
--echo # Test that "SET binlog_direct_non_transactional_updates" is not allowed without BINLOG ADMIN or SUPER | ||
|
||
CREATE USER user1@localhost; | ||
GRANT ALL PRIVILEGES ON *.* TO user1@localhost; | ||
REVOKE BINLOG ADMIN, SUPER ON *.* FROM user1@localhost; | ||
--connect(user1,localhost,user1,,) | ||
--connection user1 | ||
--error ER_SPECIFIC_ACCESS_DENIED_ERROR | ||
SET binlog_direct_non_transactional_updates=0; | ||
--error ER_SPECIFIC_ACCESS_DENIED_ERROR | ||
SET GLOBAL binlog_direct_non_transactional_updates=0; | ||
--error ER_SPECIFIC_ACCESS_DENIED_ERROR | ||
SET SESSION binlog_direct_non_transactional_updates=0; | ||
--disconnect user1 | ||
--connection default | ||
DROP USER user1@localhost; | ||
|
||
--echo # Test that "SET binlog_direct_non_transactional_updates" is allowed with BINLOG ADMIN | ||
|
||
CREATE USER user1@localhost; | ||
GRANT BINLOG ADMIN ON *.* TO user1@localhost; | ||
--connect(user1,localhost,user1,,) | ||
--connection user1 | ||
SET binlog_direct_non_transactional_updates=0; | ||
SET GLOBAL binlog_direct_non_transactional_updates=0; | ||
SET SESSION binlog_direct_non_transactional_updates=0; | ||
--disconnect user1 | ||
--connection default | ||
DROP USER user1@localhost; | ||
|
||
--echo # Test that "SET binlog_direct_non_transactional_updates" is allowed with SUPER | ||
|
||
CREATE USER user1@localhost; | ||
GRANT SUPER ON *.* TO user1@localhost; | ||
--connect(user1,localhost,user1,,) | ||
--connection user1 | ||
SET binlog_direct_non_transactional_updates=0; | ||
SET GLOBAL binlog_direct_non_transactional_updates=0; | ||
SET SESSION binlog_direct_non_transactional_updates=0; | ||
--disconnect user1 | ||
--connection default | ||
DROP USER user1@localhost; | ||
|
||
|
||
SET GLOBAL binlog_direct_non_transactional_updates=@global; | ||
SET SESSION binlog_direct_non_transactional_updates=@session; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,49 @@ | ||
source include/have_log_bin.inc; | ||
|
||
|
||
--echo # | ||
--echo # | ||
--echo # | ||
|
||
--echo # Test that "SET binlog_format" is not allowed without BINLOG ADMIN or SUPER | ||
|
||
CREATE USER user1@localhost; | ||
GRANT ALL PRIVILEGES ON *.* TO user1@localhost; | ||
REVOKE BINLOG ADMIN, SUPER ON *.* FROM user1@localhost; | ||
--connect(user1,localhost,user1,,) | ||
--connection user1 | ||
--error ER_SPECIFIC_ACCESS_DENIED_ERROR | ||
SET binlog_format=mixed; | ||
--error ER_SPECIFIC_ACCESS_DENIED_ERROR | ||
SET GLOBAL binlog_format=mixed; | ||
--error ER_SPECIFIC_ACCESS_DENIED_ERROR | ||
SET SESSION binlog_format=mixed; | ||
--disconnect user1 | ||
--connection default | ||
DROP USER user1@localhost; | ||
|
||
--echo # Test that "SET binlog_format" is allowed with BINLOG ADMIN | ||
|
||
CREATE USER user1@localhost; | ||
GRANT BINLOG ADMIN ON *.* TO user1@localhost; | ||
--connect(user1,localhost,user1,,) | ||
--connection user1 | ||
SET binlog_format=mixed; | ||
SET GLOBAL binlog_format=mixed; | ||
SET SESSION binlog_format=mixed; | ||
--disconnect user1 | ||
--connection default | ||
DROP USER user1@localhost; | ||
|
||
--echo # Test that "SET binlog_format" is allowed with SUPER | ||
|
||
CREATE USER user1@localhost; | ||
GRANT SUPER ON *.* TO user1@localhost; | ||
--connect(user1,localhost,user1,,) | ||
--connection user1 | ||
SET binlog_format=mixed; | ||
SET GLOBAL binlog_format=mixed; | ||
SET SESSION binlog_format=mixed; | ||
--disconnect user1 | ||
--connection default | ||
DROP USER user1@localhost; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,51 @@ | ||
source include/have_log_bin.inc; | ||
|
||
|
||
--echo # | ||
--echo # | ||
--echo # | ||
|
||
--echo # Test that "SET sql_log_bin" is not allowed without BINLOG ADMIN or SUPER | ||
|
||
CREATE USER user1@localhost; | ||
GRANT ALL PRIVILEGES ON *.* TO user1@localhost; | ||
REVOKE BINLOG ADMIN, SUPER ON *.* FROM user1@localhost; | ||
--connect(user1,localhost,user1,,) | ||
--connection user1 | ||
--error ER_SPECIFIC_ACCESS_DENIED_ERROR | ||
SET sql_log_bin=1; | ||
--error ER_SPECIFIC_ACCESS_DENIED_ERROR | ||
SET GLOBAL sql_log_bin=1; | ||
--error ER_SPECIFIC_ACCESS_DENIED_ERROR | ||
SET SESSION sql_log_bin=1; | ||
--disconnect user1 | ||
--connection default | ||
DROP USER user1@localhost; | ||
|
||
--echo # Test that "SET sql_log_bin" is allowed with BINLOG ADMIN | ||
|
||
CREATE USER user1@localhost; | ||
GRANT BINLOG ADMIN ON *.* TO user1@localhost; | ||
--connect(user1,localhost,user1,,) | ||
--connection user1 | ||
SET sql_log_bin=1; | ||
--error ER_INCORRECT_GLOBAL_LOCAL_VAR | ||
SET GLOBAL sql_log_bin=1; | ||
SET SESSION sql_log_bin=1; | ||
--disconnect user1 | ||
--connection default | ||
DROP USER user1@localhost; | ||
|
||
--echo # Test that "SET sql_log_bin" is allowed with SUPER | ||
|
||
CREATE USER user1@localhost; | ||
GRANT SUPER ON *.* TO user1@localhost; | ||
--connect(user1,localhost,user1,,) | ||
--connection user1 | ||
SET sql_log_bin=1; | ||
--error ER_INCORRECT_GLOBAL_LOCAL_VAR | ||
SET GLOBAL sql_log_bin=1; | ||
SET SESSION sql_log_bin=1; | ||
--disconnect user1 | ||
--connection default | ||
DROP USER user1@localhost; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.