Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

privilege: add DDL and DML privilege check for system tables (#15095) #15417

Merged
merged 3 commits into from
Mar 17, 2020
Merged

privilege: add DDL and DML privilege check for system tables (#15095) #15417

merged 3 commits into from
Mar 17, 2020

Conversation

sre-bot
Copy link
Contributor

@sre-bot sre-bot commented Mar 17, 2020
edited by djshow832
Loading

cherry-pick #15095 to release-3.0
Conflicting files:
tables.go
privileges.go
privileges_test.go

What problem does this PR solve?

Add DDL and DML privilege check for system tables in performance_schema and metrics_schema.

What is changed and how it works?

Prevent users from executing ALTER, DROP, INDEX, INSERT, UPDATE, DELETE statements on predefined tables.
Privileges of those tables which are defined in these schema by users themselves are kept untouched.

Check List

Tests

  • Unit test
  • Manual test (add detailed scripts or steps below)
mysql> delete from events_statements_summary_by_digest;
ERROR 8121 (HY000): privilege check fail

Code changes

  • Has exported function/method change

Side effects

  • Breaking backward compatibility

Related changes

N/A

Release note

  • Forbid users to execute DDL and update/delete/insert predefined tables in performance_schema and metrics_schema.
  • Compatibility declaration: Executing DDL and update/delete/insert predefined tables in performance_schema and metrics_schema are not allowed any longer.

@sre-bot
Copy link
Contributor Author

sre-bot commented Mar 17, 2020

/run-all-tests

@sre-bot sre-bot mentioned this pull request Mar 17, 2020
Merged
@sre-bot sre-bot added compatibility-breaker Violation of forwards/backwards compatibility in a design-time piece. component/infoschema component/privilege type/3.0-cherry-pick labels Mar 17, 2020
@Deardrops
Copy link
Contributor

/rebuild

zimulala
zimulala reviewed Mar 17, 2020
View reviewed changes
Copy link
Contributor

@zimulala zimulala left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@djshow832
Copy link
Contributor

/run-all-tests

@djshow832
Copy link
Contributor

/run-unit-test

tangenta
tangenta approved these changes Mar 17, 2020
View reviewed changes
Copy link
Contributor

@tangenta tangenta left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@tangenta tangenta added status/all-tests-passed status/LGT2 Indicates that a PR has LGTM 2. labels Mar 17, 2020
@bb7133 bb7133 merged commit 0885f6a into pingcap:release-3.0 Mar 17, 2020
@djshow832
Copy link
Contributor

/run-cherry-picker

sre-bot added a commit to sre-bot/tidb that referenced this pull request Mar 18, 2020
@sre-bot
privilege: add DDL and DML privilege check for system tables (pingcap…
c610c93 
…#15095) (pingcap#15417)
@sre-bot sre-bot mentioned this pull request Mar 18, 2020
Merged
@sre-bot
Copy link
Contributor Author

sre-bot commented Mar 18, 2020

cherry pick to release-3.1 in PR #15445

bb7133 pushed a commit that referenced this pull request Mar 18, 2020
@sre-bot
privilege: add DDL and DML privilege check for system tables (#15095) (
19adfd7 
…#15417) (#15445)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zimulala zimulala zimulala left review comments

@tangenta tangenta tangenta approved these changes

@AilinKid AilinKid Awaiting requested review from AilinKid

@crazycs520 crazycs520 Awaiting requested review from crazycs520

@Deardrops Deardrops Awaiting requested review from Deardrops

@lonng lonng Awaiting requested review from lonng

Assignees
No one assigned
Labels
compatibility-breaker Violation of forwards/backwards compatibility in a design-time piece. component/infoschema component/privilege status/LGT2 Indicates that a PR has LGTM 2. type/3.0-cherry-pick
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@sre-bot @Deardrops @djshow832 @zimulala @tangenta @bb7133