MDEV-21972 Bind REPLICATION MASTER ADMIN to master_verify_checksum

mysql-test/suite/sys_vars/r/master_verify_checksum_grant.result

+#
+# MDEV-21972 Bind REPLICATION MASTER ADMIN to master_verify_checksum
+#
+SET @global=@@global.master_verify_checksum;
+# Test that "SET master_verify_checksum" is not allowed without REPLICATION MASTER ADMIN or SUPER
+CREATE USER user1@localhost;
+GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
+REVOKE REPLICATION MASTER ADMIN, SUPER ON *.* FROM user1@localhost;
+connect user1,localhost,user1,,;
+connection user1;
+SET GLOBAL master_verify_checksum=1;
+ERROR 42000: Access denied; you need (at least one of) the SUPER, REPLICATION MASTER ADMIN privilege(s) for this operation
+SET master_verify_checksum=1;
+ERROR HY000: Variable 'master_verify_checksum' is a GLOBAL variable and should be set with SET GLOBAL
+SET SESSION master_verify_checksum=1;
+ERROR HY000: Variable 'master_verify_checksum' is a GLOBAL variable and should be set with SET GLOBAL
+disconnect user1;
+connection default;
+DROP USER user1@localhost;
+# Test that "SET master_verify_checksum" is allowed with REPLICATION MASTER ADMIN
+CREATE USER user1@localhost;
+GRANT REPLICATION MASTER ADMIN ON *.* TO user1@localhost;
+connect user1,localhost,user1,,;
+connection user1;
+SET GLOBAL master_verify_checksum=1;
+SET master_verify_checksum=1;
+ERROR HY000: Variable 'master_verify_checksum' is a GLOBAL variable and should be set with SET GLOBAL
+SET SESSION master_verify_checksum=1;
+ERROR HY000: Variable 'master_verify_checksum' is a GLOBAL variable and should be set with SET GLOBAL
+disconnect user1;
+connection default;
+DROP USER user1@localhost;
+# Test that "SET master_verify_checksum" is allowed with SUPER
+CREATE USER user1@localhost;
+GRANT SUPER ON *.* TO user1@localhost;
+connect user1,localhost,user1,,;
+connection user1;
+SET GLOBAL master_verify_checksum=1;
+SET master_verify_checksum=1;
+ERROR HY000: Variable 'master_verify_checksum' is a GLOBAL variable and should be set with SET GLOBAL
+SET SESSION master_verify_checksum=1;
+ERROR HY000: Variable 'master_verify_checksum' is a GLOBAL variable and should be set with SET GLOBAL
+disconnect user1;
+connection default;
+DROP USER user1@localhost;
+SET @@global.master_verify_checksum=@global;

mysql-test/suite/sys_vars/t/master_verify_checksum_grant.test

+--echo #
+--echo # MDEV-21972 Bind REPLICATION MASTER ADMIN to master_verify_checksum
+--echo #
+
+--let var = master_verify_checksum
+--let grant = REPLICATION MASTER ADMIN
+--let value = 1
+
+--source suite/sys_vars/inc/sysvar_global_grant.inc

sql/privilege.h

@@ -482,6 +482,9 @@ constexpr privilege_t PRIV_SET_SYSTEM_GLOBAL_VAR_RPL_SEMI_SYNC_MASTER_TRACE_LEVE
 constexpr privilege_t PRIV_SET_SYSTEM_GLOBAL_VAR_RPL_SEMI_SYNC_MASTER_WAIT_POINT=
   REPL_MASTER_ADMIN_ACL | SUPER_ACL;
 
+constexpr privilege_t PRIV_SET_SYSTEM_GLOBAL_VAR_MASTER_VERIFY_CHECKSUM=
+  REPL_MASTER_ADMIN_ACL | SUPER_ACL;
+
 
 /* Privileges for statements that are executed on the slave */
 // Was SUPER_ACL prior to 10.5.2

sql/sys_vars.cc

@@ -3294,7 +3294,9 @@ Sys_slave_sql_verify_checksum(
        GLOBAL_VAR(opt_slave_sql_verify_checksum), CMD_LINE(OPT_ARG),
        DEFAULT(TRUE));
 
-static Sys_var_mybool Sys_master_verify_checksum(
+static Sys_var_on_access_global<Sys_var_mybool,
+                              PRIV_SET_SYSTEM_GLOBAL_VAR_MASTER_VERIFY_CHECKSUM>
+Sys_master_verify_checksum(
        "master_verify_checksum",
        "Force checksum verification of logged events in the binary log before "
        "sending them to slaves or printing them in the output of "