Skip to content

M
MariaDB
Commit d6e3d89c authored by Sergei Golubchik's avatar Sergei Golubchik
Browse files
Options

MDEV-29668 SUPER should not allow actions that have fine-grained dedicated privileges 

SUPER privilege used to allow various actions that were alternatively
allowed by one of BINLOG ADMIN, BINLOG MONITOR, BINLOG REPLAY,
CONNECTION ADMIN, FEDERATED ADMIN, REPL MASTER ADMIN, REPL SLAVE ADMIN,
SET USER, SLAVE MONITOR.

Now SUPER no longer does that, one has to grant one of the fine-grained
privileges above to be to perform corresponding actions.

On upgrade from MariaDB versions 10.11 and below all the privileges
above are granted automatically if the user has SUPER.

As a side-effect, such an upgrade will allow SUPER-user to run SHOW
BINLOG EVENTS, SHOW RELAYLOG EVENTS, SHOW SLAVE HOSTS, even if he wasn't
able to do it before the upgrade.
parent 0ac51325
Expand all Hide whitespace changes
Inline Side-by-side
Showing with 551 additions and 2145 deletions
mysql-test/main/events_bugs.result
View file @ d6e3d89c
......@@ -405,7 +405,7 @@ SELECT event_name, definer FROM INFORMATION_SCHEMA.EVENTS;
event_name definer
e1 mysqltest_u1@localhost
ALTER DEFINER=root@localhost EVENT e1 ON SCHEDULE EVERY 1 HOUR;
ERROR 42000: Access denied; you need (at least one of) the SUPER, SET USER privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the SET USER privilege(s) for this operation
SELECT event_name, definer FROM INFORMATION_SCHEMA.EVENTS;
event_name definer
e1 mysqltest_u1@localhost
......@@ -418,7 +418,7 @@ event_name definer
e1 mysqltest_u1@localhost
DROP EVENT e1;
CREATE DEFINER=root@localhost EVENT e1 ON SCHEDULE EVERY 1 DAY DO SELECT 1;
ERROR 42000: Access denied; you need (at least one of) the SUPER, SET USER privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the SET USER privilege(s) for this operation
DROP EVENT e1;
ERROR HY000: Unknown event 'e1'
disconnect conn1;
......
mysql-test/main/grant.result
View file @ d6e3d89c
......@@ -630,7 +630,7 @@ Select Tables To retrieve rows from table
Show databases Server Admin To see all databases with SHOW DATABASES
Show view Tables To see views with SHOW CREATE VIEW
Shutdown Server Admin To shut down the server
Super Server Admin To use KILL thread, SET GLOBAL, CHANGE MASTER, etc.
Super Server Admin To set few server variables
Trigger Tables To use triggers
Create tablespace Server Admin To create/alter/drop tablespaces
Update Tables To update existing rows
......
mysql-test/main/grant2.result
View file @ d6e3d89c
......@@ -161,7 +161,7 @@ connection con10;
set sql_log_off = 1;
ERROR 42000: Access denied; you need (at least one of) the SUPER privilege(s) for this operation
set sql_log_bin = 0;
ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG ADMIN privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the BINLOG ADMIN privilege(s) for this operation
disconnect con10;
connection default;
delete from mysql.user where user like 'mysqltest\_1';
......
mysql-test/main/grant_binlog_replay.result
View file @ d6e3d89c
......@@ -5,15 +5,15 @@
# MDEV-21975 Add BINLOG REPLAY privilege and bind new privileges to gtid_seq_no, preudo_thread_id, server_id, gtid_domain_id
#
#
# Test that binlog replay statements are not allowed without BINLOG REPLAY or SUPER
# Test that binlog replay statements are not allowed without BINLOG REPLAY
#
CREATE USER user1@localhost IDENTIFIED BY '';
GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
REVOKE BINLOG REPLAY, SUPER ON *.* FROM user1@localhost;
REVOKE BINLOG REPLAY ON *.* FROM user1@localhost;
connect con1,localhost,user1,,;
connection con1;
BINLOG '';
ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG REPLAY privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the BINLOG REPLAY privilege(s) for this operation
disconnect con1;
connection default;
DROP USER user1@localhost;
......@@ -33,20 +33,5 @@ disconnect con1;
connection default;
DROP USER user1@localhost;
#
# Test that binlog replay statements are allowed with SUPER
#
CREATE USER user1@localhost IDENTIFIED BY '';
GRANT SUPER ON *.* TO user1@localhost;
SHOW GRANTS FOR user1@localhost;
Grants for user1@localhost
GRANT SUPER ON *.* TO `user1`@`localhost`
connect con1,localhost,user1,,;
connection con1;
BINLOG '';
ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use
disconnect con1;
connection default;
DROP USER user1@localhost;
#
# End of 10.5 tests
#
mysql-test/main/grant_binlog_replay.test
View file @ d6e3d89c
......@@ -9,12 +9,12 @@
--echo #
--echo #
--echo # Test that binlog replay statements are not allowed without BINLOG REPLAY or SUPER
--echo # Test that binlog replay statements are not allowed without BINLOG REPLAY
--echo #
CREATE USER user1@localhost IDENTIFIED BY '';
GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
REVOKE BINLOG REPLAY, SUPER ON *.* FROM user1@localhost;
REVOKE BINLOG REPLAY ON *.* FROM user1@localhost;
connect (con1,localhost,user1,,);
connection con1;
......@@ -25,7 +25,6 @@ disconnect con1;
connection default;
DROP USER user1@localhost;
--echo #
--echo # Test that binlog replay statements are allowed with BINLOG REPLAY
--echo #
......@@ -46,28 +45,6 @@ disconnect con1;
connection default;
DROP USER user1@localhost;
--echo #
--echo # Test that binlog replay statements are allowed with SUPER
--echo #
CREATE USER user1@localhost IDENTIFIED BY '';
GRANT SUPER ON *.* TO user1@localhost;
SHOW GRANTS FOR user1@localhost;
connect (con1,localhost,user1,,);
connection con1;
--error ER_BAD_SLAVE
# The below fails with a syntax error.
# This is fine. It's only important that it does not fail on "access denied".
--error ER_SYNTAX_ERROR
BINLOG '';
--enable_result_log
disconnect con1;
connection default;
DROP USER user1@localhost;
--echo #
--echo # End of 10.5 tests
--echo #
mysql-test/main/grant_kill.result
View file @ d6e3d89c
......@@ -5,13 +5,13 @@
# MDEV-21743 Split up SUPER privilege to smaller privileges
#
#
# Test that KILL is not allowed without CONNECTION ADMIN or SUPER
# Test that KILL is not allowed without CONNECTION ADMIN
#
CREATE USER foo@localhost;
GRANT SELECT ON *.* TO foo@localhost;
CREATE USER bar@localhost;
GRANT ALL PRIVILEGES ON *.* TO bar@localhost;
REVOKE CONNECTION ADMIN, SUPER ON *.* FROM bar@localhost;
REVOKE CONNECTION ADMIN ON *.* FROM bar@localhost;
connect foo,localhost,foo,,;
connect bar,localhost,bar,,;
SELECT user FROM information_schema.processlist ORDER BY user;
......@@ -47,25 +47,5 @@ disconnect bar;
DROP USER foo@localhost;
DROP USER bar@localhost;
#
# Test that KILL is allowed with SUPER
#
CREATE USER foo@localhost;
GRANT SELECT ON *.* TO foo@localhost;
CREATE USER bar@localhost;
GRANT PROCESS, SUPER ON *.* TO bar@localhost;
connect foo,localhost,foo,,;
connect bar,localhost,bar,,;
SELECT user FROM information_schema.processlist ORDER BY user;
user
bar
foo
root
KILL ID;
connection default;
disconnect foo;
disconnect bar;
DROP USER foo@localhost;
DROP USER bar@localhost;
#
# End of 10.5 tests
#
mysql-test/main/grant_kill.test
View file @ d6e3d89c
......@@ -12,14 +12,14 @@
--let $count_sessions=1
--echo #
--echo # Test that KILL is not allowed without CONNECTION ADMIN or SUPER
--echo # Test that KILL is not allowed without CONNECTION ADMIN
--echo #
CREATE USER foo@localhost;
GRANT SELECT ON *.* TO foo@localhost;
CREATE USER bar@localhost;
GRANT ALL PRIVILEGES ON *.* TO bar@localhost;
REVOKE CONNECTION ADMIN, SUPER ON *.* FROM bar@localhost;
REVOKE CONNECTION ADMIN ON *.* FROM bar@localhost;
--connect (foo,localhost,foo,,)
let $id=`(SELECT id FROM INFORMATION_SCHEMA.PROCESSLIST WHERE user='foo')`;
--connect (bar,localhost,bar,,)
......@@ -59,31 +59,6 @@ let $wait_condition=
DROP USER foo@localhost;
DROP USER bar@localhost;
--echo #
--echo # Test that KILL is allowed with SUPER
--echo #
CREATE USER foo@localhost;
GRANT SELECT ON *.* TO foo@localhost;
CREATE USER bar@localhost;
GRANT PROCESS, SUPER ON *.* TO bar@localhost;
--connect (foo,localhost,foo,,)
let $id=`(SELECT id FROM INFORMATION_SCHEMA.PROCESSLIST WHERE user='foo')`;
--connect (bar,localhost,bar,,)
SELECT user FROM information_schema.processlist ORDER BY user;
--replace_result $id ID
--eval KILL $id
--connection default
let $wait_condition=
select count(*) = 0 from information_schema.processlist
where user = "foo";
--source include/wait_condition.inc
--disconnect foo
--disconnect bar
--source include/wait_until_count_sessions.inc
DROP USER foo@localhost;
DROP USER bar@localhost;
--enable_service_connection
--echo #
......
mysql-test/main/grant_server.result
View file @ d6e3d89c
......@@ -12,11 +12,11 @@ connection con1;
CREATE SERVER IF NOT EXISTS server_1
FOREIGN DATA WRAPPER mysql
OPTIONS (USER 'mysqltest_1', HOST 'localhost', DATABASE 'test2');
ERROR 42000: Access denied; you need (at least one of) the SUPER, FEDERATED ADMIN privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the FEDERATED ADMIN privilege(s) for this operation
ALTER SERVER server_1 OPTIONS(HOST 'Server.Example.Org');
ERROR 42000: Access denied; you need (at least one of) the SUPER, FEDERATED ADMIN privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the FEDERATED ADMIN privilege(s) for this operation
DROP SERVER server_1;
ERROR 42000: Access denied; you need (at least one of) the SUPER, FEDERATED ADMIN privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the FEDERATED ADMIN privilege(s) for this operation
disconnect con1;
connection default;
DROP USER user1@localhost;
......@@ -39,7 +39,8 @@ disconnect con1;
connection default;
DROP USER user1@localhost;
#
# Test that SERVER DDL statements are allowed with SUPER
# Test that SERVER DDL statements are not allowed with SUPER
# but only with FEDERATED ADMIN
#
CREATE USER user1@localhost IDENTIFIED BY '';
GRANT SUPER ON *.* TO user1@localhost;
......@@ -51,6 +52,15 @@ connection con1;
CREATE SERVER IF NOT EXISTS server_1
FOREIGN DATA WRAPPER mysql
OPTIONS (USER 'mysqltest_1', HOST 'localhost', DATABASE 'test2');
ERROR 42000: Access denied; you need (at least one of) the FEDERATED ADMIN privilege(s) for this operation
disconnect con1;
connection default;
REVOKE SUPER ON *.* FROM user1@localhost;
GRANT FEDERATED ADMIN ON *.* TO user1@localhost;
connect con1,localhost,user1,,;
CREATE SERVER IF NOT EXISTS server_1
FOREIGN DATA WRAPPER mysql
OPTIONS (USER 'mysqltest_1', HOST 'localhost', DATABASE 'test2');
ALTER SERVER server_1 OPTIONS(HOST 'Server.Example.Org');
DROP SERVER server_1;
disconnect con1;
......
mysql-test/main/grant_server.test
View file @ d6e3d89c
......@@ -27,7 +27,6 @@ disconnect con1;
connection default;
DROP USER user1@localhost;
--echo #
--echo # Test that SERVER DDL statements are allowed with FEDERATED ADMIN
--echo #
......@@ -48,9 +47,9 @@ disconnect con1;
connection default;
DROP USER user1@localhost;
--echo #
--echo # Test that SERVER DDL statements are allowed with SUPER
--echo # Test that SERVER DDL statements are not allowed with SUPER
--echo # but only with FEDERATED ADMIN
--echo #
CREATE USER user1@localhost IDENTIFIED BY '';
......@@ -59,6 +58,15 @@ SHOW GRANTS FOR user1@localhost;
connect (con1,localhost,user1,,);
connection con1;
--error ER_SPECIFIC_ACCESS_DENIED_ERROR
CREATE SERVER IF NOT EXISTS server_1
FOREIGN DATA WRAPPER mysql
OPTIONS (USER 'mysqltest_1', HOST 'localhost', DATABASE 'test2');
disconnect con1;
connection default;
REVOKE SUPER ON *.* FROM user1@localhost;
GRANT FEDERATED ADMIN ON *.* TO user1@localhost;
connect (con1,localhost,user1,,);
CREATE SERVER IF NOT EXISTS server_1
FOREIGN DATA WRAPPER mysql
OPTIONS (USER 'mysqltest_1', HOST 'localhost', DATABASE 'test2');
......@@ -69,7 +77,6 @@ disconnect con1;
connection default;
DROP USER user1@localhost;
--echo #
--echo # End of 10.5 tests
--echo #
mysql-test/main/grant_slave_admin.result
View file @ d6e3d89c
......@@ -5,19 +5,19 @@
# MDEV-21743 Split up SUPER privilege to smaller privileges
#
#
# Test that slave admin statements are not allowed without REPLICATION SLAVE ADMIN or SUPER
# Test that slave admin statements are not allowed without REPLICATION SLAVE ADMIN
#
CREATE USER user1@localhost IDENTIFIED BY '';
GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
REVOKE REPLICATION SLAVE ADMIN, SUPER ON *.* FROM user1@localhost;
REVOKE REPLICATION SLAVE ADMIN ON *.* FROM user1@localhost;
connect con1,localhost,user1,,;
connection con1;
START SLAVE;
ERROR 42000: Access denied; you need (at least one of) the SUPER, REPLICATION SLAVE ADMIN privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the REPLICATION SLAVE ADMIN privilege(s) for this operation
CHANGE MASTER TO MASTER_HOST='127.0.0.1';
ERROR 42000: Access denied; you need (at least one of) the SUPER, REPLICATION SLAVE ADMIN privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the REPLICATION SLAVE ADMIN privilege(s) for this operation
STOP SLAVE;
ERROR 42000: Access denied; you need (at least one of) the SUPER, REPLICATION SLAVE ADMIN privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the REPLICATION SLAVE ADMIN privilege(s) for this operation
disconnect con1;
connection default;
DROP USER user1@localhost;
......@@ -41,24 +41,5 @@ disconnect con1;
connection default;
DROP USER user1@localhost;
#
# Test that slave admin statements are allowed with SUPER
#
CREATE USER user1@localhost IDENTIFIED BY '';
GRANT SUPER ON *.* TO user1@localhost;
SHOW GRANTS FOR user1@localhost;
Grants for user1@localhost
GRANT SUPER ON *.* TO `user1`@`localhost`
connect con1,localhost,user1,,;
connection con1;
START SLAVE;
ERROR HY000: Misconfigured slave: MASTER_HOST was not set; Fix in config file or with CHANGE MASTER TO
CHANGE MASTER TO MASTER_USER='root';
STOP SLAVE;
Warnings:
Note 1255 Slave already has been stopped
disconnect con1;
connection default;
DROP USER user1@localhost;
#
# End of 10.5 tests
#
mysql-test/main/grant_slave_admin.test
View file @ d6e3d89c
......@@ -9,12 +9,12 @@
--echo #
--echo #
--echo # Test that slave admin statements are not allowed without REPLICATION SLAVE ADMIN or SUPER
--echo # Test that slave admin statements are not allowed without REPLICATION SLAVE ADMIN
--echo #
CREATE USER user1@localhost IDENTIFIED BY '';
GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
REVOKE REPLICATION SLAVE ADMIN, SUPER ON *.* FROM user1@localhost;
REVOKE REPLICATION SLAVE ADMIN ON *.* FROM user1@localhost;
connect (con1,localhost,user1,,);
connection con1;
......@@ -29,7 +29,6 @@ disconnect con1;
connection default;
DROP USER user1@localhost;
--echo #
--echo # Test that slave admin statements are allowed with REPLICATION SLAVE ADMIN
--echo #
......@@ -49,26 +48,6 @@ disconnect con1;
connection default;
DROP USER user1@localhost;
--echo #
--echo # Test that slave admin statements are allowed with SUPER
--echo #
CREATE USER user1@localhost IDENTIFIED BY '';
GRANT SUPER ON *.* TO user1@localhost;
SHOW GRANTS FOR user1@localhost;
connect (con1,localhost,user1,,);
connection con1;
--error ER_BAD_SLAVE
START SLAVE;
CHANGE MASTER TO MASTER_USER='root';
STOP SLAVE;
disconnect con1;
connection default;
DROP USER user1@localhost;
--echo #
--echo # End of 10.5 tests
--echo #
mysql-test/main/grant_slave_monitor.result
View file @ d6e3d89c
CREATE USER user1@localhost IDENTIFIED BY '';
GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
REVOKE SLAVE MONITOR, SUPER ON *.* FROM user1@localhost;
REVOKE SLAVE MONITOR ON *.* FROM user1@localhost;
FLUSH PRIVILEGES;
connect con1,localhost,user1,,;
connection con1;
SHOW GRANTS;
Grants for user1@localhost
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY ON *.* TO `user1`@`localhost`
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY ON *.* TO `user1`@`localhost`
#
# Verify that having REPLICATION SLAVE ADMIN doesn't allow SHOW SLAVE STATUS
# Expected error: Access denied; you need (at least one of) the SUPER, SLAVE
# MONITOR privilege(s) for this operation
# Expected error: Access denied; you need (at least one of) the SLAVE MONITOR privilege(s) for this operation
#
SHOW SLAVE STATUS;
ERROR 42000: Access denied; you need (at least one of) the SUPER, SLAVE MONITOR privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the SLAVE MONITOR privilege(s) for this operation
#
# Verify that having REPLICATION SLAVE ADMIN doesn't allow SHOW RELAYLOG EVENTS
# Expected error: Access denied; you need (at least one of) the REPLICA MONITOR
......@@ -32,28 +31,13 @@ connect con1,localhost,user1,,;
connection con1;
SHOW GRANTS;
Grants for user1@localhost
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY, SLAVE MONITOR ON *.* TO `user1`@`localhost`
GRANT ALL PRIVILEGES ON *.* TO `user1`@`localhost`
SHOW SLAVE STATUS;
SHOW RELAYLOG EVENTS;
disconnect con1;
connection default;
DROP USER user1@localhost;
#
# SHOW SLAVE STATUS command is allowed with SUPER privilege
#
CREATE USER user1@localhost IDENTIFIED BY '';
GRANT SUPER ON *.* TO user1@localhost;
connect con1,localhost,user1,,;
SHOW SLAVE STATUS;
#
# SHOW RELAYLOG EVENTS is not allowed with SUPER privilege, it requires SLAVE MONITOR
#
SHOW RELAYLOG EVENTS;
ERROR 42000: Access denied; you need (at least one of) the SLAVE MONITOR privilege(s) for this operation
disconnect con1;
connection default;
DROP USER user1@localhost;
#
# MDEV-25030 Upgrade to 10.5.9 breaks root's ability to grant
#
insert mysql.global_priv values ('bar', 'foo7', '{"access":274877906943,"version_id":100507,"plugin":"mysql_native_password","authentication_string":""}'),
......@@ -68,7 +52,7 @@ Grants for foo8@bar
GRANT ALL PRIVILEGES ON *.* TO `foo8`@`bar` WITH GRANT OPTION
show grants for foo9@bar;
Grants for foo9@bar
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY ON *.* TO `foo9`@`bar` WITH GRANT OPTION
GRANT ALL PRIVILEGES ON *.* TO `foo9`@`bar` WITH GRANT OPTION
drop user foo7@bar, foo8@bar, foo9@bar;
#
# End of 10.5 tests
......
mysql-test/main/grant_slave_monitor.test
View file @ d6e3d89c
......@@ -7,14 +7,12 @@
# ==== Implementation ====
#
# Step1: GRANT ALL privileges for a new user 'user1' and then REVOKE
# SLAVE MONITOR and SUPER privileges.
# SLAVE MONITOR privileges.
# Step2: Execute SHOW SLAVE STAUTS/SHOW RELAYLOG EVENTS commands and expect
# ER_SPECIFIC_ACCESS_DENIED_ERROR. This also verifies that REPLICATION
# SLAVE ADMIN privilege is not required for these two commands.
# Step3: GRANT SLAVE MONITOR privilege and observe that both commands are
# allowd to execute.
# Step4: GRANT SUPER privilege and observe that only SHOW SLAVE STATUS command
# is allowed.
#
# ==== References ====
#
......@@ -27,7 +25,7 @@
CREATE USER user1@localhost IDENTIFIED BY '';
GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
REVOKE SLAVE MONITOR, SUPER ON *.* FROM user1@localhost;
REVOKE SLAVE MONITOR ON *.* FROM user1@localhost;
FLUSH PRIVILEGES;
--connect(con1,localhost,user1,,)
......@@ -36,8 +34,7 @@ SHOW GRANTS;
--echo #
--echo # Verify that having REPLICATION SLAVE ADMIN doesn't allow SHOW SLAVE STATUS
--echo # Expected error: Access denied; you need (at least one of) the SUPER, SLAVE
--echo # MONITOR privilege(s) for this operation
--echo # Expected error: Access denied; you need (at least one of) the SLAVE MONITOR privilege(s) for this operation
--echo #
--error ER_SPECIFIC_ACCESS_DENIED_ERROR
SHOW SLAVE STATUS;
......@@ -76,30 +73,6 @@ SHOW RELAYLOG EVENTS;
--connection default
DROP USER user1@localhost;
--echo #
--echo # SHOW SLAVE STATUS command is allowed with SUPER privilege
--echo #
CREATE USER user1@localhost IDENTIFIED BY '';
GRANT SUPER ON *.* TO user1@localhost;
--connect(con1,localhost,user1,,)
--disable_result_log
SHOW SLAVE STATUS;
--enable_result_log
--echo #
--echo # SHOW RELAYLOG EVENTS is not allowed with SUPER privilege, it requires SLAVE MONITOR
--echo #
--disable_ps_protocol
--error ER_SPECIFIC_ACCESS_DENIED_ERROR
SHOW RELAYLOG EVENTS;
--enable_ps_protocol
--disconnect con1
--connection default
DROP USER user1@localhost;
--echo #
--echo # MDEV-25030 Upgrade to 10.5.9 breaks root's ability to grant
--echo #
......
mysql-test/main/information_schema_db.result
View file @ d6e3d89c
......@@ -100,7 +100,7 @@ grant insert on v1 to testdb_2@localhost;
create view v5 as select f1 from t1;
grant select, show view on v5 to testdb_2@localhost;
create definer=`no_such_user`@`no_such_host` view v6 as select f1 from t1;
ERROR 42000: Access denied; you need (at least one of) the SUPER, SET USER privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the SET USER privilege(s) for this operation
connection default;
use testdb_1;
create view v6 as select f1 from t1;
......
mysql-test/main/mysql_upgrade_to_100502.result
View file @ d6e3d89c
......@@ -13,12 +13,12 @@ CREATE USER user_super@localhost;
GRANT SUPER ON *.* TO user_super@localhost;
SHOW GRANTS FOR user_super@localhost;
Grants for user_super@localhost
GRANT SUPER, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, BINLOG ADMIN, BINLOG REPLAY ON *.* TO `user_super`@`localhost`
GRANT SUPER, BINLOG MONITOR, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY, SLAVE MONITOR ON *.* TO `user_super`@`localhost`
CREATE USER user_super_replslave@localhost;
GRANT SUPER, REPLICATION SLAVE ON *.* TO user_super_replslave@localhost;
SHOW GRANTS FOR user_super_replslave@localhost;
Grants for user_super_replslave@localhost
GRANT SUPER, REPLICATION SLAVE, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY, SLAVE MONITOR ON *.* TO `user_super_replslave`@`localhost`
GRANT SUPER, REPLICATION SLAVE, BINLOG MONITOR, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY, SLAVE MONITOR ON *.* TO `user_super_replslave`@`localhost`
#
# MDEV-23610: Slave user can't run "SHOW SLAVE STATUS" anymore after upgrade to 10.5, mysql_upgrade should take of that
#
......@@ -30,7 +30,7 @@ CREATE USER user_replsuper@localhost;
GRANT SUPER ON *.* TO user_replsuper@localhost;
SHOW GRANTS FOR user_replsuper@localhost;
Grants for user_replsuper@localhost
GRANT SUPER, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, BINLOG ADMIN, BINLOG REPLAY ON *.* TO `user_replsuper`@`localhost`
GRANT SUPER, BINLOG MONITOR, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY, SLAVE MONITOR ON *.* TO `user_replsuper`@`localhost`
#
# Users with privilege REPLICATION CLIENT prior to 10.5 should successfully execute
# SHOW SLAVE STATUS command
......@@ -62,13 +62,13 @@ GRANT ALL PRIVILEGES ON *.* TO `user_all`@`localhost` WITH GRANT OPTION
#
SHOW GRANTS FOR user_super@localhost;
Grants for user_super@localhost
GRANT SUPER, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, BINLOG ADMIN, BINLOG REPLAY ON *.* TO `user_super`@`localhost`
GRANT SUPER, BINLOG MONITOR, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY, SLAVE MONITOR ON *.* TO `user_super`@`localhost`
#
# Should automatically get all new 10.5.2 priveleges that were splitted from SUPER, plus REPLICATION MASTER ADMIN
#
SHOW GRANTS FOR user_super_replslave@localhost;
Grants for user_super_replslave@localhost
GRANT SUPER, REPLICATION SLAVE, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY, SLAVE MONITOR ON *.* TO `user_super_replslave`@`localhost`
GRANT SUPER, REPLICATION SLAVE, BINLOG MONITOR, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY, SLAVE MONITOR ON *.* TO `user_super_replslave`@`localhost`
#
# MDEV-23610: Slave user can't run "SHOW SLAVE STATUS" anymore after upgrade to 10.5, mysql_upgrade should take of that
#
......
mysql-test/main/mysqldump.result
View file @ d6e3d89c
......@@ -3733,8 +3733,8 @@ reset master;
mariadb-dump: Couldn't execute 'FLUSH /*!40101 LOCAL */ TABLES': Access denied; you need (at least one of) the RELOAD privilege(s) for this operation (1227)
mariadb-dump: Couldn't execute 'FLUSH /*!40101 LOCAL */ TABLES': Access denied; you need (at least one of) the RELOAD privilege(s) for this operation (1227)
grant RELOAD on *.* to mysqltest_1@localhost;
mariadb-dump: Couldn't execute 'SHOW MASTER STATUS': Access denied; you need (at least one of) the SUPER, BINLOG MONITOR privilege(s) for this operation (1227)
mariadb-dump: Couldn't execute 'SHOW MASTER STATUS': Access denied; you need (at least one of) the SUPER, BINLOG MONITOR privilege(s) for this operation (1227)
mariadb-dump: Couldn't execute 'SHOW MASTER STATUS': Access denied; you need (at least one of) the BINLOG MONITOR privilege(s) for this operation (1227)
mariadb-dump: Couldn't execute 'SHOW MASTER STATUS': Access denied; you need (at least one of) the BINLOG MONITOR privilege(s) for this operation (1227)
grant REPLICATION CLIENT on *.* to mysqltest_1@localhost;
drop table t1;
drop user mysqltest_1@localhost;
......
mysql-test/main/sp-security.result
View file @ d6e3d89c
......@@ -432,9 +432,9 @@ CREATE FUNCTION wl2897_f1() RETURNS INT RETURN 1;
connection mysqltest_1_con;
USE mysqltest;
CREATE DEFINER=root@localhost PROCEDURE wl2897_p2() SELECT 2;
ERROR 42000: Access denied; you need (at least one of) the SUPER, SET USER privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the SET USER privilege(s) for this operation
CREATE DEFINER=root@localhost FUNCTION wl2897_f2() RETURNS INT RETURN 2;
ERROR 42000: Access denied; you need (at least one of) the SUPER, SET USER privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the SET USER privilege(s) for this operation
connection mysqltest_2_con;
use mysqltest;
CREATE DEFINER='a @ b @ c'@localhost PROCEDURE wl2897_p3() SELECT 3;
......
mysql-test/main/system_mysql_db_error_log.result
View file @ d6e3d89c
......@@ -110,7 +110,7 @@ host='localhost' and user='good_version_id_100500';
FLUSH PRIVILEGES;
SHOW GRANTS FOR good_version_id_100500@localhost;
Grants for good_version_id_100500@localhost
GRANT SUPER, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, BINLOG ADMIN, BINLOG REPLAY ON *.* TO `good_version_id_100500`@`localhost`
GRANT SUPER, BINLOG MONITOR, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY, SLAVE MONITOR ON *.* TO `good_version_id_100500`@`localhost`
DROP USER good_version_id_100500@localhost;
FOUND 1 /Warning.*'user' entry 'bad_access1@localhost' has a wrong 'access' value.*version_id=/ in system_mysql_db_error_log.err
FOUND 1 /Warning.*'user' entry 'bad_version_id_1000000@localhost' has a wrong 'version_id' value 1000000/ in system_mysql_db_error_log.err
......
mysql-test/main/trigger_notembedded.result
View file @ d6e3d89c
......@@ -112,7 +112,7 @@ CREATE DEFINER='mysqltest_inv'@'localhost'
TRIGGER trg1 BEFORE INSERT ON t1
FOR EACH ROW
SET @new_sum = 0;
ERROR 42000: Access denied; you need (at least one of) the SUPER, SET USER privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the SET USER privilege(s) for this operation
connection default;
use mysqltest_db1;
GRANT SET USER ON *.* TO mysqltest_dfn@localhost;
......
mysql-test/main/view_grant.result
View file @ d6e3d89c
......@@ -22,7 +22,7 @@ grant create view,select on test.* to mysqltest_1@localhost;
connect user1,localhost,mysqltest_1,,test;
connection user1;
create definer=root@localhost view v1 as select * from mysqltest.t1;
ERROR 42000: Access denied; you need (at least one of) the SUPER, SET USER privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the SET USER privilege(s) for this operation
create view v1 as select * from mysqltest.t1;
alter view v1 as select * from mysqltest.t1;
ERROR 42000: DROP command denied to user 'mysqltest_1'@'localhost' for table `test`.`v1`
......@@ -931,7 +931,7 @@ ERROR 42000: CREATE VIEW command denied to user 'u26813'@'localhost' for table `
ALTER VIEW v2 AS SELECT f2 FROM t1;
ERROR 42000: DROP command denied to user 'u26813'@'localhost' for table `db26813`.`v2`
ALTER VIEW v3 AS SELECT f2 FROM t1;
ERROR 42000: Access denied; you need (at least one of) the SUPER, SET USER privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the SET USER privilege(s) for this operation
connection root;
SHOW CREATE VIEW v3;
View Create View character_set_client collation_connection
......@@ -959,9 +959,9 @@ GRANT SELECT, DROP, CREATE VIEW, SHOW VIEW ON mysqltest_29908.v2 TO u29908_2@loc
GRANT SELECT ON mysqltest_29908.t1 TO u29908_2@localhost;
connect u2,localhost,u29908_2,,mysqltest_29908;
ALTER VIEW v1 AS SELECT f2 FROM t1;
ERROR 42000: Access denied; you need (at least one of) the SUPER, SET USER privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the SET USER privilege(s) for this operation
ALTER VIEW v2 AS SELECT f2 FROM t1;
ERROR 42000: Access denied; you need (at least one of) the SUPER, SET USER privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the SET USER privilege(s) for this operation
SHOW CREATE VIEW v2;
View Create View character_set_client collation_connection
v2 CREATE ALGORITHM=UNDEFINED DEFINER=`u29908_1`@`localhost` SQL SECURITY INVOKER VIEW `v2` AS select `t1`.`f1` AS `f1` from `t1` latin1 latin1_swedish_ci
......
mysql-test/suite/binlog/r/binlog_grant.result
View file @ d6e3d89c
......@@ -16,7 +16,7 @@ set session sql_log_bin = 1;
connection plain;
[plain]
set session sql_log_bin = 1;
ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG ADMIN privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the BINLOG ADMIN privilege(s) for this operation
**** Variable BINLOG_FORMAT ****
connection root;
[root]
......@@ -25,9 +25,9 @@ set session binlog_format = row;
connection plain;
[plain]
set global binlog_format = row;
ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG ADMIN privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the BINLOG ADMIN privilege(s) for this operation
set session binlog_format = row;
ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG ADMIN privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the BINLOG ADMIN privilege(s) for this operation
**** Clean up ****
disconnect plain;
disconnect root;
......@@ -45,7 +45,10 @@ disconnect rpl;
connection default;
DROP USER 'mysqltest_1'@'localhost';
#
# Start of 10.5 test
# End of 10.4 tests
#
#
# Start of 10.5 tests
#
#
# MDEV-21743 Split up SUPER privilege to smaller privileges
......@@ -61,29 +64,29 @@ SHOW GRANTS FOR user1@localhost;
Grants for user1@localhost
GRANT USAGE ON *.* TO `user1`@`localhost`
DROP USER user1@localhost;
# Test if SHOW BINARY LOGS and SHOW BINGLOG STATUS are not allowed without REPLICATION CLIENT or SUPER
# Test if SHOW BINARY LOGS and SHOW BINGLOG STATUS are not allowed without REPLICATION CLIENT
CREATE USER user1@localhost;
GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
REVOKE REPLICATION CLIENT, SUPER ON *.* FROM user1@localhost;
REVOKE REPLICATION CLIENT ON *.* FROM user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SHOW MASTER LOGS;
ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG MONITOR privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the BINLOG MONITOR privilege(s) for this operation
SHOW BINARY LOGS;
ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG MONITOR privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the BINLOG MONITOR privilege(s) for this operation
SHOW BINLOG STATUS;
ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG MONITOR privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the BINLOG MONITOR privilege(s) for this operation
disconnect user1;
connection default;
DROP USER user1@localhost;
# Test if PURGE BINARY LOGS is not allowed without BINLOG ADMIN or SUPER
# Test if PURGE BINARY LOGS is not allowed without BINLOG ADMIN
CREATE USER user1@localhost;
GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
REVOKE BINLOG ADMIN, SUPER ON *.* FROM user1@localhost;
REVOKE BINLOG ADMIN ON *.* FROM user1@localhost;
connect user1,localhost,user1,,;
connection user1;
PURGE BINARY LOGS BEFORE '2001-01-01 00:00:00';
ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG ADMIN privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the BINLOG ADMIN privilege(s) for this operation
disconnect user1;
connection default;
DROP USER user1@localhost;
......@@ -96,15 +99,6 @@ PURGE BINARY LOGS BEFORE '2001-01-01 00:00:00';
disconnect user1;
connection default;
DROP USER user1@localhost;
# Test if PURGE BINLOG is allowed with SUPER
CREATE USER user1@localhost;
GRANT SUPER ON *.* TO user1@localhost;
connect user1,localhost,user1,,"*NO-ONE*";
connection user1;
PURGE BINARY LOGS BEFORE '2001-01-01 00:00:00';
disconnect user1;
connection default;
DROP USER user1@localhost;
# Test if SHOW BINLOG EVENTS is not allowed without BINLOG MONITOR
CREATE USER user1@localhost;
GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
......@@ -142,7 +136,7 @@ connect user1,localhost,user1,,;
RENAME TABLE t1 to t2;
connection default;
REVOKE BINLOG REPLAY ON *.* FROM user1@localhost;
call mtr.add_suppression("Access denied; you need (at least one of) the SUPER, BINLOG REPLAY privilege(s) for this operation");
call mtr.add_suppression("Access denied; you need (at least one of) the BINLOG REPLAY privilege(s) for this operation");
# Privilege errors are expected now:
connection user1;
connection default;
......
mysql-test/suite/binlog/t/binlog_grant.test
View file @ d6e3d89c
......@@ -30,7 +30,6 @@ connection plain;
--error ER_SPECIFIC_ACCESS_DENIED_ERROR
set session sql_log_bin = 1;
# Testing setting both session and global BINLOG_FORMAT variable both
# as root and as plain user.
......@@ -56,7 +55,6 @@ connection default;
set global binlog_format = @saved_binlog_format;
drop user mysqltest_1@localhost;
# Testing if REPLICATION CLIENT privilege is enough to execute
# SHOW MASTER LOGS and SHOW BINARY.
CREATE USER 'mysqltest_1'@'localhost';
......@@ -77,9 +75,12 @@ SHOW BINLOG STATUS;
connection default;
DROP USER 'mysqltest_1'@'localhost';
--echo #
--echo # End of 10.4 tests
--echo #
--echo #
--echo # Start of 10.5 test
--echo # Start of 10.5 tests
--echo #
--echo #
......@@ -95,11 +96,10 @@ REVOKE REPLICATION CLIENT ON *.* FROM user1@localhost;
SHOW GRANTS FOR user1@localhost;
DROP USER user1@localhost;
--echo # Test if SHOW BINARY LOGS and SHOW BINGLOG STATUS are not allowed without REPLICATION CLIENT or SUPER
--echo # Test if SHOW BINARY LOGS and SHOW BINGLOG STATUS are not allowed without REPLICATION CLIENT
CREATE USER user1@localhost;
GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
REVOKE REPLICATION CLIENT, SUPER ON *.* FROM user1@localhost;
REVOKE REPLICATION CLIENT ON *.* FROM user1@localhost;
--connect(user1,localhost,user1,,)
--connection user1
--error ER_SPECIFIC_ACCESS_DENIED_ERROR
......@@ -112,11 +112,10 @@ SHOW BINLOG STATUS;
--connection default
DROP USER user1@localhost;
--echo # Test if PURGE BINARY LOGS is not allowed without BINLOG ADMIN or SUPER
--echo # Test if PURGE BINARY LOGS is not allowed without BINLOG ADMIN
CREATE USER user1@localhost;
GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
REVOKE BINLOG ADMIN, SUPER ON *.* FROM user1@localhost;
REVOKE BINLOG ADMIN ON *.* FROM user1@localhost;
--connect(user1,localhost,user1,,)
--connection user1
--error ER_SPECIFIC_ACCESS_DENIED_ERROR
......@@ -125,7 +124,6 @@ PURGE BINARY LOGS BEFORE '2001-01-01 00:00:00';
--connection default
DROP USER user1@localhost;
--echo # Test if PURGE BINLOG is allowed with BINLOG ADMIN
CREATE USER user1@localhost;
GRANT BINLOG ADMIN ON *.* TO user1@localhost;
......@@ -136,18 +134,6 @@ PURGE BINARY LOGS BEFORE '2001-01-01 00:00:00';
connection default;
DROP USER user1@localhost;
--echo # Test if PURGE BINLOG is allowed with SUPER
CREATE USER user1@localhost;
GRANT SUPER ON *.* TO user1@localhost;
--connect(user1,localhost,user1,,"*NO-ONE*")
--connection user1
PURGE BINARY LOGS BEFORE '2001-01-01 00:00:00';
--disconnect user1
connection default;
DROP USER user1@localhost;
--echo # Test if SHOW BINLOG EVENTS is not allowed without BINLOG MONITOR
CREATE USER user1@localhost;
GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
......@@ -160,7 +146,6 @@ SHOW BINLOG EVENTS;
--connection default
DROP USER user1@localhost;
--echo # Test if SHOW BINLOG EVENTS is allowed with BINLOG MONITOR
CREATE USER user1@localhost;
GRANT BINLOG MONITOR ON *.* TO user1@localhost;
......@@ -196,7 +181,7 @@ RENAME TABLE t1 to t2;
--connection default
REVOKE BINLOG REPLAY ON *.* FROM user1@localhost;
call mtr.add_suppression("Access denied; you need (at least one of) the SUPER, BINLOG REPLAY privilege(s) for this operation");
call mtr.add_suppression("Access denied; you need (at least one of) the BINLOG REPLAY privilege(s) for this operation");
--echo # Privilege errors are expected now:
--connection user1
--error 1
......
mysql-test/suite/binlog_encryption/rpl_skip_replication.result
View file @ d6e3d89c
......@@ -12,7 +12,7 @@ SELECT,UPDATE ON *.* TO 'nonsuperuser'@'127.0.0.1';
connect nonpriv, 127.0.0.1, nonsuperuser,, test, $SLAVE_MYPORT,;
connection nonpriv;
SET GLOBAL replicate_events_marked_for_skip=FILTER_ON_MASTER;
ERROR 42000: Access denied; you need (at least one of) the SUPER, REPLICATION SLAVE ADMIN privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the REPLICATION SLAVE ADMIN privilege(s) for this operation
disconnect nonpriv;
connection slave;
DROP USER'nonsuperuser'@'127.0.0.1';
......
mysql-test/suite/engines/funcs/r/rpl_temporary.result
View file @ d6e3d89c
......@@ -42,12 +42,12 @@ connect con3,localhost,zedjzlcsjhd,,;
connection con3;
SET @save_select_limit=@@session.sql_select_limit;
SET @@session.sql_select_limit=10, @@session.pseudo_thread_id=100;
ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG REPLAY privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the BINLOG REPLAY privilege(s) for this operation
SELECT @@session.sql_select_limit = @save_select_limit;
@@session.sql_select_limit = @save_select_limit
1
SET @@session.sql_select_limit=10, @@session.sql_log_bin=0;
ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG ADMIN privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the BINLOG ADMIN privilege(s) for this operation
SELECT @@session.sql_select_limit = @save_select_limit;
@@session.sql_select_limit = @save_select_limit
1
......
mysql-test/suite/federated/federated_server.result
View file @ d6e3d89c
......@@ -197,7 +197,7 @@ OWNER 'root');
create user guest_select@localhost;
grant select on federated.* to guest_select@localhost;
create user guest_super@localhost;
grant select,SUPER,RELOAD on *.* to guest_super@localhost;
grant select,FEDERATED ADMIN,RELOAD on *.* to guest_super@localhost;
create user guest_usage@localhost;
grant usage on *.* to guest_usage@localhost;
CREATE TABLE federated.t1 (
......@@ -212,7 +212,7 @@ connect conn_usage,127.0.0.1,guest_usage,,,$MASTER_MYPORT;
connect conn_super,127.0.0.1,guest_super,,,$MASTER_MYPORT;
connection conn_select;
alter server s1 options (database 'db_bogus');
ERROR 42000: Access denied; you need (at least one of) the SUPER, FEDERATED ADMIN privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the FEDERATED ADMIN privilege(s) for this operation
connection master;
flush tables;
select * from federated.t1;
......@@ -220,7 +220,7 @@ id name
1 this is legitimate
connection conn_usage;
alter server s1 options (database 'db_bogus');
ERROR 42000: Access denied; you need (at least one of) the SUPER, FEDERATED ADMIN privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the FEDERATED ADMIN privilege(s) for this operation
connection master;
flush tables;
select * from federated.t1;
......@@ -234,7 +234,7 @@ select * from federated.t1;
Got one of the listed errors
connection conn_select;
drop server if exists 's1';
ERROR 42000: Access denied; you need (at least one of) the SUPER, FEDERATED ADMIN privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the FEDERATED ADMIN privilege(s) for this operation
create server 's1' foreign data wrapper 'mysql' options
(HOST '127.0.0.1',
DATABASE 'db_legitimate',
......@@ -243,7 +243,7 @@ PASSWORD 'foo',
PORT SLAVE_PORT,
SOCKET '',
OWNER 'root');
ERROR 42000: Access denied; you need (at least one of) the SUPER, FEDERATED ADMIN privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the FEDERATED ADMIN privilege(s) for this operation
connection conn_super;
drop server 's1';
create server 's1' foreign data wrapper 'mysql' options
......
mysql-test/suite/federated/federated_server.test
View file @ d6e3d89c
......@@ -162,7 +162,7 @@ drop database second_db;
#
# Bug#25671 - CREATE/DROP/ALTER SERVER should require privileges
#
# Changes to SERVER declarations should require SUPER privilege.
# Changes to SERVER declarations should require FEDERATED ADMIN privilege.
# Based upon test case by Giuseppe Maxia
create database db_legitimate;
......@@ -202,7 +202,7 @@ create user guest_select@localhost;
grant select on federated.* to guest_select@localhost;
create user guest_super@localhost;
grant select,SUPER,RELOAD on *.* to guest_super@localhost;
grant select,FEDERATED ADMIN,RELOAD on *.* to guest_super@localhost;
create user guest_usage@localhost;
grant usage on *.* to guest_usage@localhost;
......
mysql-test/suite/funcs_1/r/innodb_trig_03e.result
View file @ d6e3d89c
......@@ -1353,7 +1353,7 @@ drop trigger trg1_0;
create definer=not_ex_user@localhost trigger trg1_0
before INSERT on t1 for each row
set new.f1 = 'trig 1_0-yes';
ERROR 42000: Access denied; you need (at least one of) the SUPER, SET USER privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the SET USER privilege(s) for this operation
create definer=current_user trigger trg1_1
before INSERT on t1 for each row
set new.f1 = 'trig 1_1-yes';
......@@ -1388,7 +1388,7 @@ GRANT SELECT, INSERT, UPDATE, TRIGGER ON `priv_db`.`t1` TO `test_yesprivs`@`loca
create definer=not_ex_user@localhost trigger trg1_3
after UPDATE on t1 for each row
set @var1 = 'trig 1_3-yes';
ERROR 42000: Access denied; you need (at least one of) the SUPER, SET USER privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the SET USER privilege(s) for this operation
connection default;
select current_user;
current_user
......
mysql-test/suite/funcs_1/r/memory_trig_03e.result
View file @ d6e3d89c
......@@ -1354,7 +1354,7 @@ drop trigger trg1_0;
create definer=not_ex_user@localhost trigger trg1_0
before INSERT on t1 for each row
set new.f1 = 'trig 1_0-yes';
ERROR 42000: Access denied; you need (at least one of) the SUPER, SET USER privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the SET USER privilege(s) for this operation
create definer=current_user trigger trg1_1
before INSERT on t1 for each row
set new.f1 = 'trig 1_1-yes';
......@@ -1389,7 +1389,7 @@ GRANT SELECT, INSERT, UPDATE, TRIGGER ON `priv_db`.`t1` TO `test_yesprivs`@`loca
create definer=not_ex_user@localhost trigger trg1_3
after UPDATE on t1 for each row
set @var1 = 'trig 1_3-yes';
ERROR 42000: Access denied; you need (at least one of) the SUPER, SET USER privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the SET USER privilege(s) for this operation
connection default;
select current_user;
current_user
......
mysql-test/suite/funcs_1/r/myisam_trig_03e.result
View file @ d6e3d89c
......@@ -1354,7 +1354,7 @@ drop trigger trg1_0;
create definer=not_ex_user@localhost trigger trg1_0
before INSERT on t1 for each row
set new.f1 = 'trig 1_0-yes';
ERROR 42000: Access denied; you need (at least one of) the SUPER, SET USER privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the SET USER privilege(s) for this operation
create definer=current_user trigger trg1_1
before INSERT on t1 for each row
set new.f1 = 'trig 1_1-yes';
......@@ -1389,7 +1389,7 @@ GRANT SELECT, INSERT, UPDATE, TRIGGER ON `priv_db`.`t1` TO `test_yesprivs`@`loca
create definer=not_ex_user@localhost trigger trg1_3
after UPDATE on t1 for each row
set @var1 = 'trig 1_3-yes';
ERROR 42000: Access denied; you need (at least one of) the SUPER, SET USER privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the SET USER privilege(s) for this operation
connection default;
select current_user;
current_user
......
mysql-test/suite/roles/admin.result
View file @ d6e3d89c
......@@ -8,9 +8,9 @@ create role role3 with admin role1;
create role role4 with admin root@localhost;
connect c1, localhost, foo,,;
create role role5 with admin root@localhost;
ERROR 42000: Access denied; you need (at least one of) the SUPER, SET USER privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the SET USER privilege(s) for this operation
create role role5 with admin role3;
ERROR 42000: Access denied; you need (at least one of) the SUPER, SET USER privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the SET USER privilege(s) for this operation
create role role5 with admin foo@localhost;
connection default;
call mtr.add_suppression("Invalid roles_mapping table entry user:'foo@bar', rolename:'role6'");
......
mysql-test/suite/roles/definer.result
View file @ d6e3d89c
......@@ -669,7 +669,7 @@ CREATE DEFINER='r1' PROCEDURE user1_proc2() SQL SECURITY INVOKER
BEGIN
SELECT NOW(), VERSION();
END;//
ERROR 42000: Access denied; you need (at least one of) the SUPER, SET USER privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the SET USER privilege(s) for this operation
set role r1;
CREATE DEFINER='r1' PROCEDURE user1_proc2() SQL SECURITY INVOKER
BEGIN
......
mysql-test/suite/rpl/r/rpl_skip_replication.result
View file @ d6e3d89c
......@@ -12,7 +12,7 @@ SELECT,UPDATE ON *.* TO 'nonsuperuser'@'127.0.0.1';
connect nonpriv, 127.0.0.1, nonsuperuser,, test, $SLAVE_MYPORT,;
connection nonpriv;
SET GLOBAL replicate_events_marked_for_skip=FILTER_ON_MASTER;
ERROR 42000: Access denied; you need (at least one of) the SUPER, REPLICATION SLAVE ADMIN privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the REPLICATION SLAVE ADMIN privilege(s) for this operation
disconnect nonpriv;
connection slave;
DROP USER'nonsuperuser'@'127.0.0.1';
......
mysql-test/suite/rpl/r/rpl_temporary.result
View file @ d6e3d89c
......@@ -42,12 +42,12 @@ connect con3,localhost,zedjzlcsjhd,,;
connection con3;
SET @save_select_limit=@@session.sql_select_limit;
SET @@session.sql_select_limit=10, @@session.pseudo_thread_id=100;
ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG REPLAY privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the BINLOG REPLAY privilege(s) for this operation
SELECT @@session.sql_select_limit = @save_select_limit;
@@session.sql_select_limit = @save_select_limit
1
SET @@session.sql_select_limit=10, @@session.sql_log_bin=0;
ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG ADMIN privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the BINLOG ADMIN privilege(s) for this operation
SELECT @@session.sql_select_limit = @save_select_limit;
@@session.sql_select_limit = @save_select_limit
1
......
mysql-test/suite/sys_vars/inc/sysvar_global_and_session_grant.inc
View file @ d6e3d89c
......@@ -3,11 +3,11 @@
--eval SET @global=@@global.$var
--echo # Test that "SET $var" is not allowed without $grant or SUPER
--echo # Test that "SET $var" is not allowed without $grant
CREATE USER user1@localhost;
GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
--eval REVOKE $grant, SUPER ON *.* FROM user1@localhost
--eval REVOKE $grant ON *.* FROM user1@localhost
--connect(user1,localhost,user1,,)
--connection user1
--error ER_SPECIFIC_ACCESS_DENIED_ERROR
......@@ -33,17 +33,4 @@ CREATE USER user1@localhost;
--connection default
DROP USER user1@localhost;
--echo # Test that "SET $var" is allowed with SUPER
CREATE USER user1@localhost;
GRANT SUPER ON *.* TO user1@localhost;
--connect(user1,localhost,user1,,)
--connection user1
--eval SET GLOBAL $var=$value
--eval SET $var=$value
--eval SET SESSION $var=$value
--disconnect user1
--connection default
DROP USER user1@localhost;
--eval SET @@global.$var=@global
mysql-test/suite/sys_vars/inc/sysvar_global_grant.inc
View file @ d6e3d89c
--source include/not_embedded.inc
--eval SET @global=@@global.$var
--echo # Test that "SET $var" is not allowed without $grant or SUPER
--echo # Test that "SET $var" is not allowed without $grant
CREATE USER user1@localhost;
GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
--eval REVOKE $grant, SUPER ON *.* FROM user1@localhost
--eval REVOKE $grant ON *.* FROM user1@localhost
--connect(user1,localhost,user1,,)
--connection user1
--error ER_SPECIFIC_ACCESS_DENIED_ERROR
......@@ -35,19 +34,4 @@ CREATE USER user1@localhost;
--connection default
DROP USER user1@localhost;
--echo # Test that "SET $var" is allowed with SUPER
CREATE USER user1@localhost;
GRANT SUPER ON *.* TO user1@localhost;
--connect(user1,localhost,user1,,)
--connection user1
--eval SET GLOBAL $var=$value
--error ER_GLOBAL_VARIABLE
--eval SET $var=$value
--error ER_GLOBAL_VARIABLE
--eval SET SESSION $var=$value
--disconnect user1
--connection default
DROP USER user1@localhost;
--eval SET @@global.$var=@global
mysql-test/suite/sys_vars/inc/sysvar_global_grant_alone.inc
View file @ d6e3d89c
--source include/not_embedded.inc
--eval SET @global=@@global.$var
--echo # Test that "SET GLOBAL $var" is not allowed without $grant or SUPER
--echo # Test that "SET GLOBAL $var" is not allowed without $grant
CREATE USER user1@localhost;
GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
--eval REVOKE $grant, SUPER ON *.* FROM user1@localhost
--eval REVOKE $grant ON *.* FROM user1@localhost
--connect(user1,localhost,user1,,)
--connection user1
--error ER_SPECIFIC_ACCESS_DENIED_ERROR
......@@ -27,15 +26,4 @@ CREATE USER user1@localhost;
--connection default
DROP USER user1@localhost;
--echo # Test that "SET GLOBAL $var" is allowed with SUPER
CREATE USER user1@localhost;
GRANT SUPER ON *.* TO user1@localhost;
--connect(user1,localhost,user1,,)
--connection user1
--eval SET GLOBAL $var=$value
--disconnect user1
--connection default
DROP USER user1@localhost;
--eval SET @@global.$var=@global
mysql-test/suite/sys_vars/inc/sysvar_session_grant.inc
View file @ d6e3d89c
......@@ -3,11 +3,11 @@
--eval SET @session=@@session.$var
--echo # Test that "SET $var" is not allowed without $grant or SUPER
--echo # Test that "SET $var" is not allowed without $grant
CREATE USER user1@localhost;
GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
--eval REVOKE $grant, SUPER ON *.* FROM user1@localhost
--eval REVOKE $grant ON *.* FROM user1@localhost
--connect(user1,localhost,user1,,)
--connection user1
--error ER_LOCAL_VARIABLE
......@@ -34,18 +34,4 @@ CREATE USER user1@localhost;
--connection default
DROP USER user1@localhost;
--echo # Test that "SET $var" is allowed with SUPER
CREATE USER user1@localhost;
GRANT SUPER ON *.* TO user1@localhost;
--connect(user1,localhost,user1,,)
--connection user1
--error ER_LOCAL_VARIABLE
--eval SET GLOBAL $var=$value
--eval SET $var=$value
--eval SET SESSION $var=$value
--disconnect user1
--connection default
DROP USER user1@localhost;
--eval SET @@session.$var=@session
mysql-test/suite/sys_vars/inc/sysvar_session_grant_alone.inc
View file @ d6e3d89c
......@@ -3,11 +3,11 @@
--eval SET @session=@@session.$var
--echo # Test that "SET $var" is not allowed without $grant or SUPER
--echo # Test that "SET $var" is not allowed without $grant
CREATE USER user1@localhost;
GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
--eval REVOKE $grant, SUPER ON *.* FROM user1@localhost
--eval REVOKE $grant ON *.* FROM user1@localhost
--connect(user1,localhost,user1,,)
--connection user1
--error ER_SPECIFIC_ACCESS_DENIED_ERROR
......@@ -30,16 +30,4 @@ CREATE USER user1@localhost;
--connection default
DROP USER user1@localhost;
--echo # Test that "SET $var" is allowed with SUPER
CREATE USER user1@localhost;
GRANT SUPER ON *.* TO user1@localhost;
--connect(user1,localhost,user1,,)
--connection user1
--eval SET $var=$value
--eval SET SESSION $var=$value
--disconnect user1
--connection default
DROP USER user1@localhost;
--eval SET @@session.$var=@session
mysql-test/suite/sys_vars/r/binlog_annotate_row_events_grant.result
View file @ d6e3d89c
......@@ -2,18 +2,18 @@
# MDEV-21971 Bind BINLOG ADMIN to binlog_annotate_row_events and binlog_row_image global and session variables
#
SET @global=@@global.binlog_annotate_row_events;
# Test that "SET binlog_annotate_row_events" is not allowed without BINLOG ADMIN or SUPER
# Test that "SET binlog_annotate_row_events" is not allowed without BINLOG ADMIN
CREATE USER user1@localhost;
GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
REVOKE BINLOG ADMIN, SUPER ON *.* FROM user1@localhost;
REVOKE BINLOG ADMIN ON *.* FROM user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL binlog_annotate_row_events=1;
ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG ADMIN privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the BINLOG ADMIN privilege(s) for this operation
SET binlog_annotate_row_events=1;
ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG ADMIN privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the BINLOG ADMIN privilege(s) for this operation
SET SESSION binlog_annotate_row_events=1;
ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG ADMIN privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the BINLOG ADMIN privilege(s) for this operation
disconnect user1;
connection default;
DROP USER user1@localhost;
......@@ -28,15 +28,4 @@ SET SESSION binlog_annotate_row_events=1;
disconnect user1;
connection default;
DROP USER user1@localhost;
# Test that "SET binlog_annotate_row_events" is allowed with SUPER
CREATE USER user1@localhost;
GRANT SUPER ON *.* TO user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL binlog_annotate_row_events=1;
SET binlog_annotate_row_events=1;
SET SESSION binlog_annotate_row_events=1;
disconnect user1;
connection default;
DROP USER user1@localhost;
SET @@global.binlog_annotate_row_events=@global;
mysql-test/suite/sys_vars/r/binlog_cache_size_grant.result
View file @ d6e3d89c
......@@ -2,14 +2,14 @@
# MDEV-21963 Bind BINLOG ADMIN to a number of global system variables
#
SET @global=@@global.binlog_cache_size;
# Test that "SET binlog_cache_size" is not allowed without BINLOG ADMIN or SUPER
# Test that "SET binlog_cache_size" is not allowed without BINLOG ADMIN
CREATE USER user1@localhost;
GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
REVOKE BINLOG ADMIN, SUPER ON *.* FROM user1@localhost;
REVOKE BINLOG ADMIN ON *.* FROM user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL binlog_cache_size=65536;
ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG ADMIN privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the BINLOG ADMIN privilege(s) for this operation
SET binlog_cache_size=65536;
ERROR HY000: Variable 'binlog_cache_size' is a GLOBAL variable and should be set with SET GLOBAL
SET SESSION binlog_cache_size=65536;
......@@ -30,17 +30,4 @@ ERROR HY000: Variable 'binlog_cache_size' is a GLOBAL variable and should be set
disconnect user1;
connection default;
DROP USER user1@localhost;
# Test that "SET binlog_cache_size" is allowed with SUPER
CREATE USER user1@localhost;
GRANT SUPER ON *.* TO user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL binlog_cache_size=65536;
SET binlog_cache_size=65536;
ERROR HY000: Variable 'binlog_cache_size' is a GLOBAL variable and should be set with SET GLOBAL
SET SESSION binlog_cache_size=65536;
ERROR HY000: Variable 'binlog_cache_size' is a GLOBAL variable and should be set with SET GLOBAL
disconnect user1;
connection default;
DROP USER user1@localhost;
SET @@global.binlog_cache_size=@global;
mysql-test/suite/sys_vars/r/binlog_commit_wait_count_grant.result
View file @ d6e3d89c
......@@ -2,14 +2,14 @@
# MDEV-21963 Bind BINLOG ADMIN to a number of global system variables
#
SET @global=@@global.binlog_commit_wait_count;
# Test that "SET binlog_commit_wait_count" is not allowed without BINLOG ADMIN or SUPER
# Test that "SET binlog_commit_wait_count" is not allowed without BINLOG ADMIN
CREATE USER user1@localhost;
GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
REVOKE BINLOG ADMIN, SUPER ON *.* FROM user1@localhost;
REVOKE BINLOG ADMIN ON *.* FROM user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL binlog_commit_wait_count=65536;
ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG ADMIN privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the BINLOG ADMIN privilege(s) for this operation
SET binlog_commit_wait_count=65536;
ERROR HY000: Variable 'binlog_commit_wait_count' is a GLOBAL variable and should be set with SET GLOBAL
SET SESSION binlog_commit_wait_count=65536;
......@@ -30,17 +30,4 @@ ERROR HY000: Variable 'binlog_commit_wait_count' is a GLOBAL variable and should
disconnect user1;
connection default;
DROP USER user1@localhost;
# Test that "SET binlog_commit_wait_count" is allowed with SUPER
CREATE USER user1@localhost;
GRANT SUPER ON *.* TO user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL binlog_commit_wait_count=65536;
SET binlog_commit_wait_count=65536;
ERROR HY000: Variable 'binlog_commit_wait_count' is a GLOBAL variable and should be set with SET GLOBAL
SET SESSION binlog_commit_wait_count=65536;
ERROR HY000: Variable 'binlog_commit_wait_count' is a GLOBAL variable and should be set with SET GLOBAL
disconnect user1;
connection default;
DROP USER user1@localhost;
SET @@global.binlog_commit_wait_count=@global;
mysql-test/suite/sys_vars/r/binlog_commit_wait_usec_grant.result
View file @ d6e3d89c
......@@ -2,14 +2,14 @@
# MDEV-21963 Bind BINLOG ADMIN to a number of global system variables
#
SET @global=@@global.binlog_commit_wait_usec;
# Test that "SET binlog_commit_wait_usec" is not allowed without BINLOG ADMIN or SUPER
# Test that "SET binlog_commit_wait_usec" is not allowed without BINLOG ADMIN
CREATE USER user1@localhost;
GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
REVOKE BINLOG ADMIN, SUPER ON *.* FROM user1@localhost;
REVOKE BINLOG ADMIN ON *.* FROM user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL binlog_commit_wait_usec=65536;
ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG ADMIN privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the BINLOG ADMIN privilege(s) for this operation
SET binlog_commit_wait_usec=65536;
ERROR HY000: Variable 'binlog_commit_wait_usec' is a GLOBAL variable and should be set with SET GLOBAL
SET SESSION binlog_commit_wait_usec=65536;
......@@ -30,17 +30,4 @@ ERROR HY000: Variable 'binlog_commit_wait_usec' is a GLOBAL variable and should
disconnect user1;
connection default;
DROP USER user1@localhost;
# Test that "SET binlog_commit_wait_usec" is allowed with SUPER
CREATE USER user1@localhost;
GRANT SUPER ON *.* TO user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL binlog_commit_wait_usec=65536;
SET binlog_commit_wait_usec=65536;
ERROR HY000: Variable 'binlog_commit_wait_usec' is a GLOBAL variable and should be set with SET GLOBAL
SET SESSION binlog_commit_wait_usec=65536;
ERROR HY000: Variable 'binlog_commit_wait_usec' is a GLOBAL variable and should be set with SET GLOBAL
disconnect user1;
connection default;
DROP USER user1@localhost;
SET @@global.binlog_commit_wait_usec=@global;
mysql-test/suite/sys_vars/r/binlog_direct_non_transactional_updates_grant.result
View file @ d6e3d89c
......@@ -3,18 +3,18 @@ SET @session= @@global.binlog_direct_non_transactional_updates;
#
#
#
# Test that "SET binlog_direct_non_transactional_updates" is not allowed without BINLOG ADMIN or SUPER
# Test that "SET binlog_direct_non_transactional_updates" is not allowed without BINLOG ADMIN
CREATE USER user1@localhost;
GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
REVOKE BINLOG ADMIN, SUPER ON *.* FROM user1@localhost;
REVOKE BINLOG ADMIN ON *.* FROM user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET binlog_direct_non_transactional_updates=0;
ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG ADMIN privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the BINLOG ADMIN privilege(s) for this operation
SET GLOBAL binlog_direct_non_transactional_updates=0;
ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG ADMIN privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the BINLOG ADMIN privilege(s) for this operation
SET SESSION binlog_direct_non_transactional_updates=0;
ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG ADMIN privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the BINLOG ADMIN privilege(s) for this operation
disconnect user1;
connection default;
DROP USER user1@localhost;
......@@ -29,16 +29,5 @@ SET SESSION binlog_direct_non_transactional_updates=0;
disconnect user1;
connection default;
DROP USER user1@localhost;
# Test that "SET binlog_direct_non_transactional_updates" is allowed with SUPER
CREATE USER user1@localhost;
GRANT SUPER ON *.* TO user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET binlog_direct_non_transactional_updates=0;
SET GLOBAL binlog_direct_non_transactional_updates=0;
SET SESSION binlog_direct_non_transactional_updates=0;
disconnect user1;
connection default;
DROP USER user1@localhost;
SET GLOBAL binlog_direct_non_transactional_updates=@global;
SET SESSION binlog_direct_non_transactional_updates=@session;
mysql-test/suite/sys_vars/r/binlog_expire_logs_seconds_grant.result
View file @ d6e3d89c
......@@ -3,14 +3,14 @@
# Test that "SET binlog_expire_logs_seconds" is not allowed without BINLOG ADMIN or SUPER
#
SET @global=@@global.binlog_expire_logs_seconds;
# Test that "SET binlog_expire_logs_seconds" is not allowed without BINLOG ADMIN or SUPER
# Test that "SET binlog_expire_logs_seconds" is not allowed without BINLOG ADMIN
CREATE USER user1@localhost;
GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
REVOKE BINLOG ADMIN, SUPER ON *.* FROM user1@localhost;
REVOKE BINLOG ADMIN ON *.* FROM user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL binlog_expire_logs_seconds=10;
ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG ADMIN privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the BINLOG ADMIN privilege(s) for this operation
SET binlog_expire_logs_seconds=10;
ERROR HY000: Variable 'binlog_expire_logs_seconds' is a GLOBAL variable and should be set with SET GLOBAL
SET SESSION binlog_expire_logs_seconds=10;
......@@ -31,17 +31,4 @@ ERROR HY000: Variable 'binlog_expire_logs_seconds' is a GLOBAL variable and shou
disconnect user1;
connection default;
DROP USER user1@localhost;
# Test that "SET binlog_expire_logs_seconds" is allowed with SUPER
CREATE USER user1@localhost;
GRANT SUPER ON *.* TO user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL binlog_expire_logs_seconds=10;
SET binlog_expire_logs_seconds=10;
ERROR HY000: Variable 'binlog_expire_logs_seconds' is a GLOBAL variable and should be set with SET GLOBAL
SET SESSION binlog_expire_logs_seconds=10;
ERROR HY000: Variable 'binlog_expire_logs_seconds' is a GLOBAL variable and should be set with SET GLOBAL
disconnect user1;
connection default;
DROP USER user1@localhost;
SET @@global.binlog_expire_logs_seconds=@global;
mysql-test/suite/sys_vars/r/binlog_file_cache_size_grant.result
View file @ d6e3d89c
......@@ -2,14 +2,14 @@
# MDEV-21963 Bind BINLOG ADMIN to a number of global system variables
#
SET @global=@@global.binlog_file_cache_size;
# Test that "SET binlog_file_cache_size" is not allowed without BINLOG ADMIN or SUPER
# Test that "SET binlog_file_cache_size" is not allowed without BINLOG ADMIN
CREATE USER user1@localhost;
GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
REVOKE BINLOG ADMIN, SUPER ON *.* FROM user1@localhost;
REVOKE BINLOG ADMIN ON *.* FROM user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL binlog_file_cache_size=65536;
ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG ADMIN privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the BINLOG ADMIN privilege(s) for this operation
SET binlog_file_cache_size=65536;
ERROR HY000: Variable 'binlog_file_cache_size' is a GLOBAL variable and should be set with SET GLOBAL
SET SESSION binlog_file_cache_size=65536;
......@@ -30,17 +30,4 @@ ERROR HY000: Variable 'binlog_file_cache_size' is a GLOBAL variable and should b
disconnect user1;
connection default;
DROP USER user1@localhost;
# Test that "SET binlog_file_cache_size" is allowed with SUPER
CREATE USER user1@localhost;
GRANT SUPER ON *.* TO user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL binlog_file_cache_size=65536;
SET binlog_file_cache_size=65536;
ERROR HY000: Variable 'binlog_file_cache_size' is a GLOBAL variable and should be set with SET GLOBAL
SET SESSION binlog_file_cache_size=65536;
ERROR HY000: Variable 'binlog_file_cache_size' is a GLOBAL variable and should be set with SET GLOBAL
disconnect user1;
connection default;
DROP USER user1@localhost;
SET @@global.binlog_file_cache_size=@global;
mysql-test/suite/sys_vars/r/binlog_format_grant.result
View file @ d6e3d89c
#
#
#
# Test that "SET binlog_format" is not allowed without BINLOG ADMIN or SUPER
# Test that "SET binlog_format" is not allowed without BINLOG ADMIN
CREATE USER user1@localhost;
GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
REVOKE BINLOG ADMIN, SUPER ON *.* FROM user1@localhost;
REVOKE BINLOG ADMIN ON *.* FROM user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET binlog_format=mixed;
ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG ADMIN privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the BINLOG ADMIN privilege(s) for this operation
SET GLOBAL binlog_format=mixed;
ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG ADMIN privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the BINLOG ADMIN privilege(s) for this operation
SET SESSION binlog_format=mixed;
ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG ADMIN privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the BINLOG ADMIN privilege(s) for this operation
disconnect user1;
connection default;
DROP USER user1@localhost;
......@@ -27,14 +27,3 @@ SET SESSION binlog_format=mixed;
disconnect user1;
connection default;
DROP USER user1@localhost;
# Test that "SET binlog_format" is allowed with SUPER
CREATE USER user1@localhost;
GRANT SUPER ON *.* TO user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET binlog_format=mixed;
SET GLOBAL binlog_format=mixed;
SET SESSION binlog_format=mixed;
disconnect user1;
connection default;
DROP USER user1@localhost;
mysql-test/suite/sys_vars/r/binlog_row_image_grant.result
View file @ d6e3d89c
......@@ -2,18 +2,18 @@
# MDEV-21971 Bind BINLOG ADMIN to binlog_annotate_row_events and binlog_row_image global and session variables
#
SET @global=@@global.binlog_row_image;
# Test that "SET binlog_row_image" is not allowed without BINLOG ADMIN or SUPER
# Test that "SET binlog_row_image" is not allowed without BINLOG ADMIN
CREATE USER user1@localhost;
GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
REVOKE BINLOG ADMIN, SUPER ON *.* FROM user1@localhost;
REVOKE BINLOG ADMIN ON *.* FROM user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL binlog_row_image=1;
ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG ADMIN privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the BINLOG ADMIN privilege(s) for this operation
SET binlog_row_image=1;
ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG ADMIN privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the BINLOG ADMIN privilege(s) for this operation
SET SESSION binlog_row_image=1;
ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG ADMIN privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the BINLOG ADMIN privilege(s) for this operation
disconnect user1;
connection default;
DROP USER user1@localhost;
......@@ -28,15 +28,4 @@ SET SESSION binlog_row_image=1;
disconnect user1;
connection default;
DROP USER user1@localhost;
# Test that "SET binlog_row_image" is allowed with SUPER
CREATE USER user1@localhost;
GRANT SUPER ON *.* TO user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL binlog_row_image=1;
SET binlog_row_image=1;
SET SESSION binlog_row_image=1;
disconnect user1;
connection default;
DROP USER user1@localhost;
SET @@global.binlog_row_image=@global;
mysql-test/suite/sys_vars/r/binlog_row_metadata_grant.result
View file @ d6e3d89c
......@@ -2,14 +2,14 @@
# MDEV-21963 Bind BINLOG ADMIN to a number of global system variables
#
SET @global=@@global.binlog_row_metadata;
# Test that "SET binlog_row_metadata" is not allowed without BINLOG ADMIN or SUPER
# Test that "SET binlog_row_metadata" is not allowed without BINLOG ADMIN
CREATE USER user1@localhost;
GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
REVOKE BINLOG ADMIN, SUPER ON *.* FROM user1@localhost;
REVOKE BINLOG ADMIN ON *.* FROM user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL binlog_row_metadata=NO_LOG;
ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG ADMIN privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the BINLOG ADMIN privilege(s) for this operation
SET binlog_row_metadata=NO_LOG;
ERROR HY000: Variable 'binlog_row_metadata' is a GLOBAL variable and should be set with SET GLOBAL
SET SESSION binlog_row_metadata=NO_LOG;
......@@ -30,17 +30,4 @@ ERROR HY000: Variable 'binlog_row_metadata' is a GLOBAL variable and should be s
disconnect user1;
connection default;
DROP USER user1@localhost;
# Test that "SET binlog_row_metadata" is allowed with SUPER
CREATE USER user1@localhost;
GRANT SUPER ON *.* TO user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL binlog_row_metadata=NO_LOG;
SET binlog_row_metadata=NO_LOG;
ERROR HY000: Variable 'binlog_row_metadata' is a GLOBAL variable and should be set with SET GLOBAL
SET SESSION binlog_row_metadata=NO_LOG;
ERROR HY000: Variable 'binlog_row_metadata' is a GLOBAL variable and should be set with SET GLOBAL
disconnect user1;
connection default;
DROP USER user1@localhost;
SET @@global.binlog_row_metadata=@global;
mysql-test/suite/sys_vars/r/binlog_stmt_cache_size_grant.result
View file @ d6e3d89c
......@@ -2,14 +2,14 @@
# MDEV-21963 Bind BINLOG ADMIN to a number of global system variables
#
SET @global=@@global.binlog_stmt_cache_size;
# Test that "SET binlog_stmt_cache_size" is not allowed without BINLOG ADMIN or SUPER
# Test that "SET binlog_stmt_cache_size" is not allowed without BINLOG ADMIN
CREATE USER user1@localhost;
GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
REVOKE BINLOG ADMIN, SUPER ON *.* FROM user1@localhost;
REVOKE BINLOG ADMIN ON *.* FROM user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL binlog_stmt_cache_size=65536;
ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG ADMIN privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the BINLOG ADMIN privilege(s) for this operation
SET binlog_stmt_cache_size=65536;
ERROR HY000: Variable 'binlog_stmt_cache_size' is a GLOBAL variable and should be set with SET GLOBAL
SET SESSION binlog_stmt_cache_size=65536;
......@@ -30,17 +30,4 @@ ERROR HY000: Variable 'binlog_stmt_cache_size' is a GLOBAL variable and should b
disconnect user1;
connection default;
DROP USER user1@localhost;
# Test that "SET binlog_stmt_cache_size" is allowed with SUPER
CREATE USER user1@localhost;
GRANT SUPER ON *.* TO user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL binlog_stmt_cache_size=65536;
SET binlog_stmt_cache_size=65536;
ERROR HY000: Variable 'binlog_stmt_cache_size' is a GLOBAL variable and should be set with SET GLOBAL
SET SESSION binlog_stmt_cache_size=65536;
ERROR HY000: Variable 'binlog_stmt_cache_size' is a GLOBAL variable and should be set with SET GLOBAL
disconnect user1;
connection default;
DROP USER user1@localhost;
SET @@global.binlog_stmt_cache_size=@global;
mysql-test/suite/sys_vars/r/connect_timeout_grant.result
View file @ d6e3d89c
......@@ -2,14 +2,14 @@ SET @global=@@global.connect_timeout;
#
# MDEV-21961 Bind CONNECTION ADMIN to a number of global system variables
#
# Test that "SET connect_timeout" is not allowed without CONNECTION ADMIN or SUPER
# Test that "SET connect_timeout" is not allowed without CONNECTION ADMIN
CREATE USER user1@localhost;
GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
REVOKE CONNECTION ADMIN, SUPER ON *.* FROM user1@localhost;
REVOKE CONNECTION ADMIN ON *.* FROM user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL connect_timeout=10;
ERROR 42000: Access denied; you need (at least one of) the SUPER, CONNECTION ADMIN privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the CONNECTION ADMIN privilege(s) for this operation
SET connect_timeout=10;
ERROR HY000: Variable 'connect_timeout' is a GLOBAL variable and should be set with SET GLOBAL
SET SESSION connect_timeout=10;
......@@ -30,17 +30,4 @@ ERROR HY000: Variable 'connect_timeout' is a GLOBAL variable and should be set w
disconnect user1;
connection default;
DROP USER user1@localhost;
# Test that "SET connect_timeout" is allowed with SUPER
CREATE USER user1@localhost;
GRANT SUPER ON *.* TO user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL connect_timeout=10;
SET connect_timeout=10;
ERROR HY000: Variable 'connect_timeout' is a GLOBAL variable and should be set with SET GLOBAL
SET SESSION connect_timeout=10;
ERROR HY000: Variable 'connect_timeout' is a GLOBAL variable and should be set with SET GLOBAL
disconnect user1;
connection default;
DROP USER user1@localhost;
SET @@global.connect_timeout=@global;
mysql-test/suite/sys_vars/r/disconnect_on_expired_password_grant.result
View file @ d6e3d89c
......@@ -2,14 +2,14 @@ SET @global=@@global.disconnect_on_expired_password;
#
# MDEV-21961 Bind CONNECTION ADMIN to a number of global system variables
#
# Test that "SET disconnect_on_expired_password" is not allowed without CONNECTION ADMIN or SUPER
# Test that "SET disconnect_on_expired_password" is not allowed without CONNECTION ADMIN
CREATE USER user1@localhost;
GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
REVOKE CONNECTION ADMIN, SUPER ON *.* FROM user1@localhost;
REVOKE CONNECTION ADMIN ON *.* FROM user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL disconnect_on_expired_password=1;
ERROR 42000: Access denied; you need (at least one of) the SUPER, CONNECTION ADMIN privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the CONNECTION ADMIN privilege(s) for this operation
SET disconnect_on_expired_password=1;
ERROR HY000: Variable 'disconnect_on_expired_password' is a GLOBAL variable and should be set with SET GLOBAL
SET SESSION disconnect_on_expired_password=1;
......@@ -30,17 +30,4 @@ ERROR HY000: Variable 'disconnect_on_expired_password' is a GLOBAL variable and
disconnect user1;
connection default;
DROP USER user1@localhost;
# Test that "SET disconnect_on_expired_password" is allowed with SUPER
CREATE USER user1@localhost;
GRANT SUPER ON *.* TO user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL disconnect_on_expired_password=1;
SET disconnect_on_expired_password=1;
ERROR HY000: Variable 'disconnect_on_expired_password' is a GLOBAL variable and should be set with SET GLOBAL
SET SESSION disconnect_on_expired_password=1;
ERROR HY000: Variable 'disconnect_on_expired_password' is a GLOBAL variable and should be set with SET GLOBAL
disconnect user1;
connection default;
DROP USER user1@localhost;
SET @@global.disconnect_on_expired_password=@global;
mysql-test/suite/sys_vars/r/expire_logs_days_grant.result
View file @ d6e3d89c
......@@ -2,14 +2,14 @@
# MDEV-21963 Bind BINLOG ADMIN to a number of global system variables
#
SET @global=@@global.expire_logs_days;
# Test that "SET expire_logs_days" is not allowed without BINLOG ADMIN or SUPER
# Test that "SET expire_logs_days" is not allowed without BINLOG ADMIN
CREATE USER user1@localhost;
GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
REVOKE BINLOG ADMIN, SUPER ON *.* FROM user1@localhost;
REVOKE BINLOG ADMIN ON *.* FROM user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL expire_logs_days=33;
ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG ADMIN privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the BINLOG ADMIN privilege(s) for this operation
SET expire_logs_days=33;
ERROR HY000: Variable 'expire_logs_days' is a GLOBAL variable and should be set with SET GLOBAL
SET SESSION expire_logs_days=33;
......@@ -30,17 +30,4 @@ ERROR HY000: Variable 'expire_logs_days' is a GLOBAL variable and should be set
disconnect user1;
connection default;
DROP USER user1@localhost;
# Test that "SET expire_logs_days" is allowed with SUPER
CREATE USER user1@localhost;
GRANT SUPER ON *.* TO user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL expire_logs_days=33;
SET expire_logs_days=33;
ERROR HY000: Variable 'expire_logs_days' is a GLOBAL variable and should be set with SET GLOBAL
SET SESSION expire_logs_days=33;
ERROR HY000: Variable 'expire_logs_days' is a GLOBAL variable and should be set with SET GLOBAL
disconnect user1;
connection default;
DROP USER user1@localhost;
SET @@global.expire_logs_days=@global;
mysql-test/suite/sys_vars/r/extra_max_connections_grant.result
View file @ d6e3d89c
......@@ -2,14 +2,14 @@ SET @global=@@global.extra_max_connections;
#
# MDEV-21961 Bind CONNECTION ADMIN to a number of global system variables
#
# Test that "SET extra_max_connections" is not allowed without CONNECTION ADMIN or SUPER
# Test that "SET extra_max_connections" is not allowed without CONNECTION ADMIN
CREATE USER user1@localhost;
GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
REVOKE CONNECTION ADMIN, SUPER ON *.* FROM user1@localhost;
REVOKE CONNECTION ADMIN ON *.* FROM user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL extra_max_connections=10;
ERROR 42000: Access denied; you need (at least one of) the SUPER, CONNECTION ADMIN privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the CONNECTION ADMIN privilege(s) for this operation
SET extra_max_connections=10;
ERROR HY000: Variable 'extra_max_connections' is a GLOBAL variable and should be set with SET GLOBAL
SET SESSION extra_max_connections=10;
......@@ -30,17 +30,4 @@ ERROR HY000: Variable 'extra_max_connections' is a GLOBAL variable and should be
disconnect user1;
connection default;
DROP USER user1@localhost;
# Test that "SET extra_max_connections" is allowed with SUPER
CREATE USER user1@localhost;
GRANT SUPER ON *.* TO user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL extra_max_connections=10;
SET extra_max_connections=10;
ERROR HY000: Variable 'extra_max_connections' is a GLOBAL variable and should be set with SET GLOBAL
SET SESSION extra_max_connections=10;
ERROR HY000: Variable 'extra_max_connections' is a GLOBAL variable and should be set with SET GLOBAL
disconnect user1;
connection default;
DROP USER user1@localhost;
SET @@global.extra_max_connections=@global;
mysql-test/suite/sys_vars/r/gtid_binlog_state_grant.result
View file @ d6e3d89c
#
# MDEV-21973 Bind REPLICATION {MASTER|SLAVE} ADMIN to gtid_* GLOBAL-only system variables
#
# Test that "SET gtid_binlog_state" is not allowed without REPLICATION MASTER ADMIN or SUPER
# Test that "SET gtid_binlog_state" is not allowed without REPLICATION MASTER ADMIN
CREATE USER user1@localhost;
GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
REVOKE REPLICATION MASTER ADMIN, SUPER ON *.* FROM user1@localhost;
REVOKE REPLICATION MASTER ADMIN ON *.* FROM user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL gtid_binlog_state='0-1-10';
ERROR 42000: Access denied; you need (at least one of) the SUPER, REPLICATION MASTER ADMIN privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the REPLICATION MASTER ADMIN privilege(s) for this operation
SET gtid_binlog_state='0-1-10';
ERROR HY000: Variable 'gtid_binlog_state' is a GLOBAL variable and should be set with SET GLOBAL
SET SESSION gtid_binlog_state='0-1-10';
......@@ -30,17 +30,3 @@ ERROR HY000: Variable 'gtid_binlog_state' is a GLOBAL variable and should be set
disconnect user1;
connection default;
DROP USER user1@localhost;
# Test that "SET gtid_binlog_state" is allowed with SUPER
CREATE USER user1@localhost;
GRANT SUPER ON *.* TO user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL gtid_binlog_state='0-1-10';
ERROR HY000: Binlog closed, cannot RESET MASTER
SET gtid_binlog_state='0-1-10';
ERROR HY000: Variable 'gtid_binlog_state' is a GLOBAL variable and should be set with SET GLOBAL
SET SESSION gtid_binlog_state='0-1-10';
ERROR HY000: Variable 'gtid_binlog_state' is a GLOBAL variable and should be set with SET GLOBAL
disconnect user1;
connection default;
DROP USER user1@localhost;
mysql-test/suite/sys_vars/r/gtid_cleanup_batch_size_grant.result
View file @ d6e3d89c
......@@ -2,14 +2,14 @@
# MDEV-21973 Bind REPLICATION {MASTER|SLAVE} ADMIN to gtid_* GLOBAL-only system variables
#
SET @global=@@global.gtid_cleanup_batch_size;
# Test that "SET gtid_cleanup_batch_size" is not allowed without REPLICATION SLAVE ADMIN or SUPER
# Test that "SET gtid_cleanup_batch_size" is not allowed without REPLICATION SLAVE ADMIN
CREATE USER user1@localhost;
GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
REVOKE REPLICATION SLAVE ADMIN, SUPER ON *.* FROM user1@localhost;
REVOKE REPLICATION SLAVE ADMIN ON *.* FROM user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL gtid_cleanup_batch_size=1;
ERROR 42000: Access denied; you need (at least one of) the SUPER, REPLICATION SLAVE ADMIN privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the REPLICATION SLAVE ADMIN privilege(s) for this operation
SET gtid_cleanup_batch_size=1;
ERROR HY000: Variable 'gtid_cleanup_batch_size' is a GLOBAL variable and should be set with SET GLOBAL
SET SESSION gtid_cleanup_batch_size=1;
......@@ -30,17 +30,4 @@ ERROR HY000: Variable 'gtid_cleanup_batch_size' is a GLOBAL variable and should
disconnect user1;
connection default;
DROP USER user1@localhost;
# Test that "SET gtid_cleanup_batch_size" is allowed with SUPER
CREATE USER user1@localhost;
GRANT SUPER ON *.* TO user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL gtid_cleanup_batch_size=1;
SET gtid_cleanup_batch_size=1;
ERROR HY000: Variable 'gtid_cleanup_batch_size' is a GLOBAL variable and should be set with SET GLOBAL
SET SESSION gtid_cleanup_batch_size=1;
ERROR HY000: Variable 'gtid_cleanup_batch_size' is a GLOBAL variable and should be set with SET GLOBAL
disconnect user1;
connection default;
DROP USER user1@localhost;
SET @@global.gtid_cleanup_batch_size=@global;
mysql-test/suite/sys_vars/r/gtid_domain_id_grant.result
View file @ d6e3d89c
......@@ -2,14 +2,14 @@
# MDEV-21975 Add BINLOG REPLAY privilege and bind new privileges to gtid_seq_no, preudo_thread_id, server_id, gtid_domain_id
#
SET @global=@@global.gtid_domain_id;
# Test that "SET GLOBAL gtid_domain_id" is not allowed without REPLICATION MASTER ADMIN or SUPER
# Test that "SET GLOBAL gtid_domain_id" is not allowed without REPLICATION MASTER ADMIN
CREATE USER user1@localhost;
GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
REVOKE REPLICATION MASTER ADMIN, SUPER ON *.* FROM user1@localhost;
REVOKE REPLICATION MASTER ADMIN ON *.* FROM user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL gtid_domain_id=1;
ERROR 42000: Access denied; you need (at least one of) the SUPER, REPLICATION MASTER ADMIN privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the REPLICATION MASTER ADMIN privilege(s) for this operation
disconnect user1;
connection default;
DROP USER user1@localhost;
......@@ -22,27 +22,18 @@ SET GLOBAL gtid_domain_id=1;
disconnect user1;
connection default;
DROP USER user1@localhost;
# Test that "SET GLOBAL gtid_domain_id" is allowed with SUPER
CREATE USER user1@localhost;
GRANT SUPER ON *.* TO user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL gtid_domain_id=1;
disconnect user1;
connection default;
DROP USER user1@localhost;
SET @@global.gtid_domain_id=@global;
SET @session=@@session.gtid_domain_id;
# Test that "SET gtid_domain_id" is not allowed without BINLOG REPLAY or SUPER
# Test that "SET gtid_domain_id" is not allowed without BINLOG REPLAY
CREATE USER user1@localhost;
GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
REVOKE BINLOG REPLAY, SUPER ON *.* FROM user1@localhost;
REVOKE BINLOG REPLAY ON *.* FROM user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET gtid_domain_id=1;
ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG REPLAY privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the BINLOG REPLAY privilege(s) for this operation
SET SESSION gtid_domain_id=1;
ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG REPLAY privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the BINLOG REPLAY privilege(s) for this operation
disconnect user1;
connection default;
DROP USER user1@localhost;
......@@ -56,14 +47,4 @@ SET SESSION gtid_domain_id=1;
disconnect user1;
connection default;
DROP USER user1@localhost;
# Test that "SET gtid_domain_id" is allowed with SUPER
CREATE USER user1@localhost;
GRANT SUPER ON *.* TO user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET gtid_domain_id=1;
SET SESSION gtid_domain_id=1;
disconnect user1;
connection default;
DROP USER user1@localhost;
SET @@session.gtid_domain_id=@session;
mysql-test/suite/sys_vars/r/gtid_ignore_duplicates_grant.result
View file @ d6e3d89c
......@@ -2,14 +2,14 @@
# MDEV-21973 Bind REPLICATION {MASTER|SLAVE} ADMIN to gtid_* GLOBAL-only system variables
#
SET @global=@@global.gtid_ignore_duplicates;
# Test that "SET gtid_ignore_duplicates" is not allowed without REPLICATION SLAVE ADMIN or SUPER
# Test that "SET gtid_ignore_duplicates" is not allowed without REPLICATION SLAVE ADMIN
CREATE USER user1@localhost;
GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
REVOKE REPLICATION SLAVE ADMIN, SUPER ON *.* FROM user1@localhost;
REVOKE REPLICATION SLAVE ADMIN ON *.* FROM user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL gtid_ignore_duplicates=1;
ERROR 42000: Access denied; you need (at least one of) the SUPER, REPLICATION SLAVE ADMIN privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the REPLICATION SLAVE ADMIN privilege(s) for this operation
SET gtid_ignore_duplicates=1;
ERROR HY000: Variable 'gtid_ignore_duplicates' is a GLOBAL variable and should be set with SET GLOBAL
SET SESSION gtid_ignore_duplicates=1;
......@@ -30,17 +30,4 @@ ERROR HY000: Variable 'gtid_ignore_duplicates' is a GLOBAL variable and should b
disconnect user1;
connection default;
DROP USER user1@localhost;
# Test that "SET gtid_ignore_duplicates" is allowed with SUPER
CREATE USER user1@localhost;
GRANT SUPER ON *.* TO user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL gtid_ignore_duplicates=1;
SET gtid_ignore_duplicates=1;
ERROR HY000: Variable 'gtid_ignore_duplicates' is a GLOBAL variable and should be set with SET GLOBAL
SET SESSION gtid_ignore_duplicates=1;
ERROR HY000: Variable 'gtid_ignore_duplicates' is a GLOBAL variable and should be set with SET GLOBAL
disconnect user1;
connection default;
DROP USER user1@localhost;
SET @@global.gtid_ignore_duplicates=@global;
mysql-test/suite/sys_vars/r/gtid_pos_auto_engines_grant.result
View file @ d6e3d89c
......@@ -2,14 +2,14 @@
# MDEV-21973 Bind REPLICATION {MASTER|SLAVE} ADMIN to gtid_* GLOBAL-only system variables
#
SET @global=@@global.gtid_pos_auto_engines;
# Test that "SET gtid_pos_auto_engines" is not allowed without REPLICATION SLAVE ADMIN or SUPER
# Test that "SET gtid_pos_auto_engines" is not allowed without REPLICATION SLAVE ADMIN
CREATE USER user1@localhost;
GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
REVOKE REPLICATION SLAVE ADMIN, SUPER ON *.* FROM user1@localhost;
REVOKE REPLICATION SLAVE ADMIN ON *.* FROM user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL gtid_pos_auto_engines='';
ERROR 42000: Access denied; you need (at least one of) the SUPER, REPLICATION SLAVE ADMIN privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the REPLICATION SLAVE ADMIN privilege(s) for this operation
SET gtid_pos_auto_engines='';
ERROR HY000: Variable 'gtid_pos_auto_engines' is a GLOBAL variable and should be set with SET GLOBAL
SET SESSION gtid_pos_auto_engines='';
......@@ -30,17 +30,4 @@ ERROR HY000: Variable 'gtid_pos_auto_engines' is a GLOBAL variable and should be
disconnect user1;
connection default;
DROP USER user1@localhost;
# Test that "SET gtid_pos_auto_engines" is allowed with SUPER
CREATE USER user1@localhost;
GRANT SUPER ON *.* TO user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL gtid_pos_auto_engines='';
SET gtid_pos_auto_engines='';
ERROR HY000: Variable 'gtid_pos_auto_engines' is a GLOBAL variable and should be set with SET GLOBAL
SET SESSION gtid_pos_auto_engines='';
ERROR HY000: Variable 'gtid_pos_auto_engines' is a GLOBAL variable and should be set with SET GLOBAL
disconnect user1;
connection default;
DROP USER user1@localhost;
SET @@global.gtid_pos_auto_engines=@global;
mysql-test/suite/sys_vars/r/gtid_seq_no_grant.result
View file @ d6e3d89c
......@@ -2,18 +2,18 @@
# MDEV-21975 Add BINLOG REPLAY privilege and bind new privileges to gtid_seq_no, preudo_thread_id, server_id, gtid_domain_id
#
SET @session=@@session.gtid_seq_no;
# Test that "SET gtid_seq_no" is not allowed without BINLOG REPLAY or SUPER
# Test that "SET gtid_seq_no" is not allowed without BINLOG REPLAY
CREATE USER user1@localhost;
GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
REVOKE BINLOG REPLAY, SUPER ON *.* FROM user1@localhost;
REVOKE BINLOG REPLAY ON *.* FROM user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL gtid_seq_no=1;
ERROR HY000: Variable 'gtid_seq_no' is a SESSION variable and can't be used with SET GLOBAL
SET gtid_seq_no=1;
ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG REPLAY privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the BINLOG REPLAY privilege(s) for this operation
SET SESSION gtid_seq_no=1;
ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG REPLAY privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the BINLOG REPLAY privilege(s) for this operation
disconnect user1;
connection default;
DROP USER user1@localhost;
......@@ -29,16 +29,4 @@ SET SESSION gtid_seq_no=1;
disconnect user1;
connection default;
DROP USER user1@localhost;
# Test that "SET gtid_seq_no" is allowed with SUPER
CREATE USER user1@localhost;
GRANT SUPER ON *.* TO user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL gtid_seq_no=1;
ERROR HY000: Variable 'gtid_seq_no' is a SESSION variable and can't be used with SET GLOBAL
SET gtid_seq_no=1;
SET SESSION gtid_seq_no=1;
disconnect user1;
connection default;
DROP USER user1@localhost;
SET @@session.gtid_seq_no=@session;
mysql-test/suite/sys_vars/r/gtid_slave_pos_grant.result
View file @ d6e3d89c
......@@ -2,14 +2,14 @@
# MDEV-21973 Bind REPLICATION {MASTER|SLAVE} ADMIN to gtid_* GLOBAL-only system variables
#
SET @global=@@global.gtid_slave_pos;
# Test that "SET gtid_slave_pos" is not allowed without REPLICATION SLAVE ADMIN or SUPER
# Test that "SET gtid_slave_pos" is not allowed without REPLICATION SLAVE ADMIN
CREATE USER user1@localhost;
GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
REVOKE REPLICATION SLAVE ADMIN, SUPER ON *.* FROM user1@localhost;
REVOKE REPLICATION SLAVE ADMIN ON *.* FROM user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL gtid_slave_pos='';
ERROR 42000: Access denied; you need (at least one of) the SUPER, REPLICATION SLAVE ADMIN privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the REPLICATION SLAVE ADMIN privilege(s) for this operation
SET gtid_slave_pos='';
ERROR HY000: Variable 'gtid_slave_pos' is a GLOBAL variable and should be set with SET GLOBAL
SET SESSION gtid_slave_pos='';
......@@ -30,17 +30,4 @@ ERROR HY000: Variable 'gtid_slave_pos' is a GLOBAL variable and should be set wi
disconnect user1;
connection default;
DROP USER user1@localhost;
# Test that "SET gtid_slave_pos" is allowed with SUPER
CREATE USER user1@localhost;
GRANT SUPER ON *.* TO user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL gtid_slave_pos='';
SET gtid_slave_pos='';
ERROR HY000: Variable 'gtid_slave_pos' is a GLOBAL variable and should be set with SET GLOBAL
SET SESSION gtid_slave_pos='';
ERROR HY000: Variable 'gtid_slave_pos' is a GLOBAL variable and should be set with SET GLOBAL
disconnect user1;
connection default;
DROP USER user1@localhost;
SET @@global.gtid_slave_pos=@global;
mysql-test/suite/sys_vars/r/gtid_strict_mode_grant.result
View file @ d6e3d89c
......@@ -2,14 +2,14 @@
# MDEV-21973 Bind REPLICATION {MASTER|SLAVE} ADMIN to gtid_* GLOBAL-only system variables
#
SET @global=@@global.gtid_strict_mode;
# Test that "SET gtid_strict_mode" is not allowed without REPLICATION SLAVE ADMIN or SUPER
# Test that "SET gtid_strict_mode" is not allowed without REPLICATION SLAVE ADMIN
CREATE USER user1@localhost;
GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
REVOKE REPLICATION SLAVE ADMIN, SUPER ON *.* FROM user1@localhost;
REVOKE REPLICATION SLAVE ADMIN ON *.* FROM user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL gtid_strict_mode=1;
ERROR 42000: Access denied; you need (at least one of) the SUPER, REPLICATION SLAVE ADMIN privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the REPLICATION SLAVE ADMIN privilege(s) for this operation
SET gtid_strict_mode=1;
ERROR HY000: Variable 'gtid_strict_mode' is a GLOBAL variable and should be set with SET GLOBAL
SET SESSION gtid_strict_mode=1;
......@@ -30,17 +30,4 @@ ERROR HY000: Variable 'gtid_strict_mode' is a GLOBAL variable and should be set
disconnect user1;
connection default;
DROP USER user1@localhost;
# Test that "SET gtid_strict_mode" is allowed with SUPER
CREATE USER user1@localhost;
GRANT SUPER ON *.* TO user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL gtid_strict_mode=1;
SET gtid_strict_mode=1;
ERROR HY000: Variable 'gtid_strict_mode' is a GLOBAL variable and should be set with SET GLOBAL
SET SESSION gtid_strict_mode=1;
ERROR HY000: Variable 'gtid_strict_mode' is a GLOBAL variable and should be set with SET GLOBAL
disconnect user1;
connection default;
DROP USER user1@localhost;
SET @@global.gtid_strict_mode=@global;
mysql-test/suite/sys_vars/r/init_connect_grant.result
View file @ d6e3d89c
......@@ -2,14 +2,14 @@ SET @global=@@global.init_connect;
#
# MDEV-21961 Bind CONNECTION ADMIN to a number of global system variables
#
# Test that "SET init_connect" is not allowed without CONNECTION ADMIN or SUPER
# Test that "SET init_connect" is not allowed without CONNECTION ADMIN
CREATE USER user1@localhost;
GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
REVOKE CONNECTION ADMIN, SUPER ON *.* FROM user1@localhost;
REVOKE CONNECTION ADMIN ON *.* FROM user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL init_connect="SET @xxx=1";
ERROR 42000: Access denied; you need (at least one of) the SUPER, CONNECTION ADMIN privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the CONNECTION ADMIN privilege(s) for this operation
SET init_connect="SET @xxx=1";
ERROR HY000: Variable 'init_connect' is a GLOBAL variable and should be set with SET GLOBAL
SET SESSION init_connect="SET @xxx=1";
......@@ -30,17 +30,4 @@ ERROR HY000: Variable 'init_connect' is a GLOBAL variable and should be set with
disconnect user1;
connection default;
DROP USER user1@localhost;
# Test that "SET init_connect" is allowed with SUPER
CREATE USER user1@localhost;
GRANT SUPER ON *.* TO user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL init_connect="SET @xxx=1";
SET init_connect="SET @xxx=1";
ERROR HY000: Variable 'init_connect' is a GLOBAL variable and should be set with SET GLOBAL
SET SESSION init_connect="SET @xxx=1";
ERROR HY000: Variable 'init_connect' is a GLOBAL variable and should be set with SET GLOBAL
disconnect user1;
connection default;
DROP USER user1@localhost;
SET @@global.init_connect=@global;
mysql-test/suite/sys_vars/r/init_slave_grant.result
View file @ d6e3d89c
......@@ -2,14 +2,14 @@
# MDEV-21966 Bind REPLICATION SLAVE ADMIN to a number of global system variables
#
SET @global=@@global.init_slave;
# Test that "SET init_slave" is not allowed without REPLICATION SLAVE ADMIN or SUPER
# Test that "SET init_slave" is not allowed without REPLICATION SLAVE ADMIN
CREATE USER user1@localhost;
GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
REVOKE REPLICATION SLAVE ADMIN, SUPER ON *.* FROM user1@localhost;
REVOKE REPLICATION SLAVE ADMIN ON *.* FROM user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL init_slave='SET @x=1';
ERROR 42000: Access denied; you need (at least one of) the SUPER, REPLICATION SLAVE ADMIN privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the REPLICATION SLAVE ADMIN privilege(s) for this operation
SET init_slave='SET @x=1';
ERROR HY000: Variable 'init_slave' is a GLOBAL variable and should be set with SET GLOBAL
SET SESSION init_slave='SET @x=1';
......@@ -30,17 +30,4 @@ ERROR HY000: Variable 'init_slave' is a GLOBAL variable and should be set with S
disconnect user1;
connection default;
DROP USER user1@localhost;
# Test that "SET init_slave" is allowed with SUPER
CREATE USER user1@localhost;
GRANT SUPER ON *.* TO user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL init_slave='SET @x=1';
SET init_slave='SET @x=1';
ERROR HY000: Variable 'init_slave' is a GLOBAL variable and should be set with SET GLOBAL
SET SESSION init_slave='SET @x=1';
ERROR HY000: Variable 'init_slave' is a GLOBAL variable and should be set with SET GLOBAL
disconnect user1;
connection default;
DROP USER user1@localhost;
SET @@global.init_slave=@global;
mysql-test/suite/sys_vars/r/log_bin_compress_grant.result
View file @ d6e3d89c
......@@ -2,14 +2,14 @@
# MDEV-21963 Bind BINLOG ADMIN to a number of global system variables
#
SET @global=@@global.log_bin_compress;
# Test that "SET log_bin_compress" is not allowed without BINLOG ADMIN or SUPER
# Test that "SET log_bin_compress" is not allowed without BINLOG ADMIN
CREATE USER user1@localhost;
GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
REVOKE BINLOG ADMIN, SUPER ON *.* FROM user1@localhost;
REVOKE BINLOG ADMIN ON *.* FROM user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL log_bin_compress=1;
ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG ADMIN privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the BINLOG ADMIN privilege(s) for this operation
SET log_bin_compress=1;
ERROR HY000: Variable 'log_bin_compress' is a GLOBAL variable and should be set with SET GLOBAL
SET SESSION log_bin_compress=1;
......@@ -30,17 +30,4 @@ ERROR HY000: Variable 'log_bin_compress' is a GLOBAL variable and should be set
disconnect user1;
connection default;
DROP USER user1@localhost;
# Test that "SET log_bin_compress" is allowed with SUPER
CREATE USER user1@localhost;
GRANT SUPER ON *.* TO user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL log_bin_compress=1;
SET log_bin_compress=1;
ERROR HY000: Variable 'log_bin_compress' is a GLOBAL variable and should be set with SET GLOBAL
SET SESSION log_bin_compress=1;
ERROR HY000: Variable 'log_bin_compress' is a GLOBAL variable and should be set with SET GLOBAL
disconnect user1;
connection default;
DROP USER user1@localhost;
SET @@global.log_bin_compress=@global;
mysql-test/suite/sys_vars/r/log_bin_compress_min_len_grant.result
View file @ d6e3d89c
......@@ -2,14 +2,14 @@
# MDEV-21963 Bind BINLOG ADMIN to a number of global system variables
#
SET @global=@@global.log_bin_compress_min_len;
# Test that "SET log_bin_compress_min_len" is not allowed without BINLOG ADMIN or SUPER
# Test that "SET log_bin_compress_min_len" is not allowed without BINLOG ADMIN
CREATE USER user1@localhost;
GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
REVOKE BINLOG ADMIN, SUPER ON *.* FROM user1@localhost;
REVOKE BINLOG ADMIN ON *.* FROM user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL log_bin_compress_min_len=512;
ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG ADMIN privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the BINLOG ADMIN privilege(s) for this operation
SET log_bin_compress_min_len=512;
ERROR HY000: Variable 'log_bin_compress_min_len' is a GLOBAL variable and should be set with SET GLOBAL
SET SESSION log_bin_compress_min_len=512;
......@@ -30,17 +30,4 @@ ERROR HY000: Variable 'log_bin_compress_min_len' is a GLOBAL variable and should
disconnect user1;
connection default;
DROP USER user1@localhost;
# Test that "SET log_bin_compress_min_len" is allowed with SUPER
CREATE USER user1@localhost;
GRANT SUPER ON *.* TO user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL log_bin_compress_min_len=512;
SET log_bin_compress_min_len=512;
ERROR HY000: Variable 'log_bin_compress_min_len' is a GLOBAL variable and should be set with SET GLOBAL
SET SESSION log_bin_compress_min_len=512;
ERROR HY000: Variable 'log_bin_compress_min_len' is a GLOBAL variable and should be set with SET GLOBAL
disconnect user1;
connection default;
DROP USER user1@localhost;
SET @@global.log_bin_compress_min_len=@global;
mysql-test/suite/sys_vars/r/log_bin_trust_function_creators_grant.result
View file @ d6e3d89c
......@@ -2,14 +2,14 @@
# MDEV-21963 Bind BINLOG ADMIN to a number of global system variables
#
SET @global=@@global.log_bin_trust_function_creators;
# Test that "SET log_bin_trust_function_creators" is not allowed without BINLOG ADMIN or SUPER
# Test that "SET log_bin_trust_function_creators" is not allowed without BINLOG ADMIN
CREATE USER user1@localhost;
GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
REVOKE BINLOG ADMIN, SUPER ON *.* FROM user1@localhost;
REVOKE BINLOG ADMIN ON *.* FROM user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL log_bin_trust_function_creators=1;
ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG ADMIN privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the BINLOG ADMIN privilege(s) for this operation
SET log_bin_trust_function_creators=1;
ERROR HY000: Variable 'log_bin_trust_function_creators' is a GLOBAL variable and should be set with SET GLOBAL
SET SESSION log_bin_trust_function_creators=1;
......@@ -30,17 +30,4 @@ ERROR HY000: Variable 'log_bin_trust_function_creators' is a GLOBAL variable and
disconnect user1;
connection default;
DROP USER user1@localhost;
# Test that "SET log_bin_trust_function_creators" is allowed with SUPER
CREATE USER user1@localhost;
GRANT SUPER ON *.* TO user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL log_bin_trust_function_creators=1;
SET log_bin_trust_function_creators=1;
ERROR HY000: Variable 'log_bin_trust_function_creators' is a GLOBAL variable and should be set with SET GLOBAL
SET SESSION log_bin_trust_function_creators=1;
ERROR HY000: Variable 'log_bin_trust_function_creators' is a GLOBAL variable and should be set with SET GLOBAL
disconnect user1;
connection default;
DROP USER user1@localhost;
SET @@global.log_bin_trust_function_creators=@global;
mysql-test/suite/sys_vars/r/master_verify_checksum_grant.result
View file @ d6e3d89c
......@@ -2,14 +2,14 @@
# MDEV-21972 Bind REPLICATION MASTER ADMIN to master_verify_checksum
#
SET @global=@@global.master_verify_checksum;
# Test that "SET master_verify_checksum" is not allowed without REPLICATION MASTER ADMIN or SUPER
# Test that "SET master_verify_checksum" is not allowed without REPLICATION MASTER ADMIN
CREATE USER user1@localhost;
GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
REVOKE REPLICATION MASTER ADMIN, SUPER ON *.* FROM user1@localhost;
REVOKE REPLICATION MASTER ADMIN ON *.* FROM user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL master_verify_checksum=1;
ERROR 42000: Access denied; you need (at least one of) the SUPER, REPLICATION MASTER ADMIN privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the REPLICATION MASTER ADMIN privilege(s) for this operation
SET master_verify_checksum=1;
ERROR HY000: Variable 'master_verify_checksum' is a GLOBAL variable and should be set with SET GLOBAL
SET SESSION master_verify_checksum=1;
......@@ -30,17 +30,4 @@ ERROR HY000: Variable 'master_verify_checksum' is a GLOBAL variable and should b
disconnect user1;
connection default;
DROP USER user1@localhost;
# Test that "SET master_verify_checksum" is allowed with SUPER
CREATE USER user1@localhost;
GRANT SUPER ON *.* TO user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL master_verify_checksum=1;
SET master_verify_checksum=1;
ERROR HY000: Variable 'master_verify_checksum' is a GLOBAL variable and should be set with SET GLOBAL
SET SESSION master_verify_checksum=1;
ERROR HY000: Variable 'master_verify_checksum' is a GLOBAL variable and should be set with SET GLOBAL
disconnect user1;
connection default;
DROP USER user1@localhost;
SET @@global.master_verify_checksum=@global;
mysql-test/suite/sys_vars/r/max_binlog_cache_size_grant.result
View file @ d6e3d89c
......@@ -2,14 +2,14 @@
# MDEV-21963 Bind BINLOG ADMIN to a number of global system variables
#
SET @global=@@global.max_binlog_cache_size;
# Test that "SET max_binlog_cache_size" is not allowed without BINLOG ADMIN or SUPER
# Test that "SET max_binlog_cache_size" is not allowed without BINLOG ADMIN
CREATE USER user1@localhost;
GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
REVOKE BINLOG ADMIN, SUPER ON *.* FROM user1@localhost;
REVOKE BINLOG ADMIN ON *.* FROM user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL max_binlog_cache_size=4096;
ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG ADMIN privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the BINLOG ADMIN privilege(s) for this operation
SET max_binlog_cache_size=4096;
ERROR HY000: Variable 'max_binlog_cache_size' is a GLOBAL variable and should be set with SET GLOBAL
SET SESSION max_binlog_cache_size=4096;
......@@ -30,17 +30,4 @@ ERROR HY000: Variable 'max_binlog_cache_size' is a GLOBAL variable and should be
disconnect user1;
connection default;
DROP USER user1@localhost;
# Test that "SET max_binlog_cache_size" is allowed with SUPER
CREATE USER user1@localhost;
GRANT SUPER ON *.* TO user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL max_binlog_cache_size=4096;
SET max_binlog_cache_size=4096;
ERROR HY000: Variable 'max_binlog_cache_size' is a GLOBAL variable and should be set with SET GLOBAL
SET SESSION max_binlog_cache_size=4096;
ERROR HY000: Variable 'max_binlog_cache_size' is a GLOBAL variable and should be set with SET GLOBAL
disconnect user1;
connection default;
DROP USER user1@localhost;
SET @@global.max_binlog_cache_size=@global;
mysql-test/suite/sys_vars/r/max_binlog_size_grant.result
View file @ d6e3d89c
......@@ -2,14 +2,14 @@
# MDEV-21963 Bind BINLOG ADMIN to a number of global system variables
#
SET @global=@@global.max_binlog_size;
# Test that "SET max_binlog_size" is not allowed without BINLOG ADMIN or SUPER
# Test that "SET max_binlog_size" is not allowed without BINLOG ADMIN
CREATE USER user1@localhost;
GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
REVOKE BINLOG ADMIN, SUPER ON *.* FROM user1@localhost;
REVOKE BINLOG ADMIN ON *.* FROM user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL max_binlog_size=4096;
ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG ADMIN privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the BINLOG ADMIN privilege(s) for this operation
SET max_binlog_size=4096;
ERROR HY000: Variable 'max_binlog_size' is a GLOBAL variable and should be set with SET GLOBAL
SET SESSION max_binlog_size=4096;
......@@ -30,17 +30,4 @@ ERROR HY000: Variable 'max_binlog_size' is a GLOBAL variable and should be set w
disconnect user1;
connection default;
DROP USER user1@localhost;
# Test that "SET max_binlog_size" is allowed with SUPER
CREATE USER user1@localhost;
GRANT SUPER ON *.* TO user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL max_binlog_size=4096;
SET max_binlog_size=4096;
ERROR HY000: Variable 'max_binlog_size' is a GLOBAL variable and should be set with SET GLOBAL
SET SESSION max_binlog_size=4096;
ERROR HY000: Variable 'max_binlog_size' is a GLOBAL variable and should be set with SET GLOBAL
disconnect user1;
connection default;
DROP USER user1@localhost;
SET @@global.max_binlog_size=@global;
mysql-test/suite/sys_vars/r/max_binlog_stmt_cache_size_grant.result
View file @ d6e3d89c
......@@ -2,14 +2,14 @@
# MDEV-21963 Bind BINLOG ADMIN to a number of global system variables
#
SET @global=@@global.max_binlog_stmt_cache_size;
# Test that "SET max_binlog_stmt_cache_size" is not allowed without BINLOG ADMIN or SUPER
# Test that "SET max_binlog_stmt_cache_size" is not allowed without BINLOG ADMIN
CREATE USER user1@localhost;
GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
REVOKE BINLOG ADMIN, SUPER ON *.* FROM user1@localhost;
REVOKE BINLOG ADMIN ON *.* FROM user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL max_binlog_stmt_cache_size=4096;
ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG ADMIN privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the BINLOG ADMIN privilege(s) for this operation
SET max_binlog_stmt_cache_size=4096;
ERROR HY000: Variable 'max_binlog_stmt_cache_size' is a GLOBAL variable and should be set with SET GLOBAL
SET SESSION max_binlog_stmt_cache_size=4096;
......@@ -30,17 +30,4 @@ ERROR HY000: Variable 'max_binlog_stmt_cache_size' is a GLOBAL variable and shou
disconnect user1;
connection default;
DROP USER user1@localhost;
# Test that "SET max_binlog_stmt_cache_size" is allowed with SUPER
CREATE USER user1@localhost;
GRANT SUPER ON *.* TO user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL max_binlog_stmt_cache_size=4096;
SET max_binlog_stmt_cache_size=4096;
ERROR HY000: Variable 'max_binlog_stmt_cache_size' is a GLOBAL variable and should be set with SET GLOBAL
SET SESSION max_binlog_stmt_cache_size=4096;
ERROR HY000: Variable 'max_binlog_stmt_cache_size' is a GLOBAL variable and should be set with SET GLOBAL
disconnect user1;
connection default;
DROP USER user1@localhost;
SET @@global.max_binlog_stmt_cache_size=@global;
mysql-test/suite/sys_vars/r/max_connect_errors_grant.result
View file @ d6e3d89c
......@@ -2,14 +2,14 @@ SET @global=@@global.max_connect_errors;
#
# MDEV-21961 Bind CONNECTION ADMIN to a number of global system variables
#
# Test that "SET max_connect_errors" is not allowed without CONNECTION ADMIN or SUPER
# Test that "SET max_connect_errors" is not allowed without CONNECTION ADMIN
CREATE USER user1@localhost;
GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
REVOKE CONNECTION ADMIN, SUPER ON *.* FROM user1@localhost;
REVOKE CONNECTION ADMIN ON *.* FROM user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL max_connect_errors=10;
ERROR 42000: Access denied; you need (at least one of) the SUPER, CONNECTION ADMIN privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the CONNECTION ADMIN privilege(s) for this operation
SET max_connect_errors=10;
ERROR HY000: Variable 'max_connect_errors' is a GLOBAL variable and should be set with SET GLOBAL
SET SESSION max_connect_errors=10;
......@@ -30,17 +30,4 @@ ERROR HY000: Variable 'max_connect_errors' is a GLOBAL variable and should be se
disconnect user1;
connection default;
DROP USER user1@localhost;
# Test that "SET max_connect_errors" is allowed with SUPER
CREATE USER user1@localhost;
GRANT SUPER ON *.* TO user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL max_connect_errors=10;
SET max_connect_errors=10;
ERROR HY000: Variable 'max_connect_errors' is a GLOBAL variable and should be set with SET GLOBAL
SET SESSION max_connect_errors=10;
ERROR HY000: Variable 'max_connect_errors' is a GLOBAL variable and should be set with SET GLOBAL
disconnect user1;
connection default;
DROP USER user1@localhost;
SET @@global.max_connect_errors=@global;
mysql-test/suite/sys_vars/r/max_connections_grant.result
View file @ d6e3d89c
......@@ -2,14 +2,14 @@ SET @global=@@global.max_connections;
#
# MDEV-21961 Bind CONNECTION ADMIN to a number of global system variables
#
# Test that "SET max_connections" is not allowed without CONNECTION ADMIN or SUPER
# Test that "SET max_connections" is not allowed without CONNECTION ADMIN
CREATE USER user1@localhost;
GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
REVOKE CONNECTION ADMIN, SUPER ON *.* FROM user1@localhost;
REVOKE CONNECTION ADMIN ON *.* FROM user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL max_connections=10;
ERROR 42000: Access denied; you need (at least one of) the SUPER, CONNECTION ADMIN privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the CONNECTION ADMIN privilege(s) for this operation
SET max_connections=10;
ERROR HY000: Variable 'max_connections' is a GLOBAL variable and should be set with SET GLOBAL
SET SESSION max_connections=10;
......@@ -30,17 +30,4 @@ ERROR HY000: Variable 'max_connections' is a GLOBAL variable and should be set w
disconnect user1;
connection default;
DROP USER user1@localhost;
# Test that "SET max_connections" is allowed with SUPER
CREATE USER user1@localhost;
GRANT SUPER ON *.* TO user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL max_connections=10;
SET max_connections=10;
ERROR HY000: Variable 'max_connections' is a GLOBAL variable and should be set with SET GLOBAL
SET SESSION max_connections=10;
ERROR HY000: Variable 'max_connections' is a GLOBAL variable and should be set with SET GLOBAL
disconnect user1;
connection default;
DROP USER user1@localhost;
SET @@global.max_connections=@global;
mysql-test/suite/sys_vars/r/max_password_errors_grant.result
View file @ d6e3d89c
......@@ -2,14 +2,14 @@ SET @global=@@global.max_password_errors;
#
# MDEV-21961 Bind CONNECTION ADMIN to a number of global system variables
#
# Test that "SET max_password_errors" is not allowed without CONNECTION ADMIN or SUPER
# Test that "SET max_password_errors" is not allowed without CONNECTION ADMIN
CREATE USER user1@localhost;
GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
REVOKE CONNECTION ADMIN, SUPER ON *.* FROM user1@localhost;
REVOKE CONNECTION ADMIN ON *.* FROM user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL max_password_errors=10;
ERROR 42000: Access denied; you need (at least one of) the SUPER, CONNECTION ADMIN privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the CONNECTION ADMIN privilege(s) for this operation
SET max_password_errors=10;
ERROR HY000: Variable 'max_password_errors' is a GLOBAL variable and should be set with SET GLOBAL
SET SESSION max_password_errors=10;
......@@ -30,17 +30,4 @@ ERROR HY000: Variable 'max_password_errors' is a GLOBAL variable and should be s
disconnect user1;
connection default;
DROP USER user1@localhost;
# Test that "SET max_password_errors" is allowed with SUPER
CREATE USER user1@localhost;
GRANT SUPER ON *.* TO user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL max_password_errors=10;
SET max_password_errors=10;
ERROR HY000: Variable 'max_password_errors' is a GLOBAL variable and should be set with SET GLOBAL
SET SESSION max_password_errors=10;
ERROR HY000: Variable 'max_password_errors' is a GLOBAL variable and should be set with SET GLOBAL
disconnect user1;
connection default;
DROP USER user1@localhost;
SET @@global.max_password_errors=@global;
mysql-test/suite/sys_vars/r/preudo_thread_id_grant.result
View file @ d6e3d89c
......@@ -2,18 +2,18 @@
# MDEV-21975 Add BINLOG REPLAY privilege and bind new privileges to gtid_seq_no, preudo_thread_id, server_id, gtid_domain_id
#
SET @session=@@session.pseudo_thread_id;
# Test that "SET pseudo_thread_id" is not allowed without BINLOG REPLAY or SUPER
# Test that "SET pseudo_thread_id" is not allowed without BINLOG REPLAY
CREATE USER user1@localhost;
GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
REVOKE BINLOG REPLAY, SUPER ON *.* FROM user1@localhost;
REVOKE BINLOG REPLAY ON *.* FROM user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL pseudo_thread_id=1;
ERROR HY000: Variable 'pseudo_thread_id' is a SESSION variable and can't be used with SET GLOBAL
SET pseudo_thread_id=1;
ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG REPLAY privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the BINLOG REPLAY privilege(s) for this operation
SET SESSION pseudo_thread_id=1;
ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG REPLAY privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the BINLOG REPLAY privilege(s) for this operation
disconnect user1;
connection default;
DROP USER user1@localhost;
......@@ -29,16 +29,4 @@ SET SESSION pseudo_thread_id=1;
disconnect user1;
connection default;
DROP USER user1@localhost;
# Test that "SET pseudo_thread_id" is allowed with SUPER
CREATE USER user1@localhost;
GRANT SUPER ON *.* TO user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL pseudo_thread_id=1;
ERROR HY000: Variable 'pseudo_thread_id' is a SESSION variable and can't be used with SET GLOBAL
SET pseudo_thread_id=1;
SET SESSION pseudo_thread_id=1;
disconnect user1;
connection default;
DROP USER user1@localhost;
SET @@session.pseudo_thread_id=@session;
mysql-test/suite/sys_vars/r/proxy_protocol_networks_grant.result
View file @ d6e3d89c
......@@ -2,14 +2,14 @@ SET @global=@@global.proxy_protocol_networks;
#
# MDEV-21961 Bind CONNECTION ADMIN to a number of global system variables
#
# Test that "SET proxy_protocol_networks" is not allowed without CONNECTION ADMIN or SUPER
# Test that "SET proxy_protocol_networks" is not allowed without CONNECTION ADMIN
CREATE USER user1@localhost;
GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
REVOKE CONNECTION ADMIN, SUPER ON *.* FROM user1@localhost;
REVOKE CONNECTION ADMIN ON *.* FROM user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL proxy_protocol_networks="";
ERROR 42000: Access denied; you need (at least one of) the SUPER, CONNECTION ADMIN privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the CONNECTION ADMIN privilege(s) for this operation
SET proxy_protocol_networks="";
ERROR HY000: Variable 'proxy_protocol_networks' is a GLOBAL variable and should be set with SET GLOBAL
SET SESSION proxy_protocol_networks="";
......@@ -30,17 +30,4 @@ ERROR HY000: Variable 'proxy_protocol_networks' is a GLOBAL variable and should
disconnect user1;
connection default;
DROP USER user1@localhost;
# Test that "SET proxy_protocol_networks" is allowed with SUPER
CREATE USER user1@localhost;
GRANT SUPER ON *.* TO user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL proxy_protocol_networks="";
SET proxy_protocol_networks="";
ERROR HY000: Variable 'proxy_protocol_networks' is a GLOBAL variable and should be set with SET GLOBAL
SET SESSION proxy_protocol_networks="";
ERROR HY000: Variable 'proxy_protocol_networks' is a GLOBAL variable and should be set with SET GLOBAL
disconnect user1;
connection default;
DROP USER user1@localhost;
SET @@global.proxy_protocol_networks=@global;
mysql-test/suite/sys_vars/r/read_binlog_speed_limit_grant.result
View file @ d6e3d89c
......@@ -2,14 +2,14 @@
# MDEV-21966 Bind REPLICATION SLAVE ADMIN to a number of global system variables
#
SET @global=@@global.read_binlog_speed_limit;
# Test that "SET read_binlog_speed_limit" is not allowed without REPLICATION SLAVE ADMIN or SUPER
# Test that "SET read_binlog_speed_limit" is not allowed without REPLICATION SLAVE ADMIN
CREATE USER user1@localhost;
GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
REVOKE REPLICATION SLAVE ADMIN, SUPER ON *.* FROM user1@localhost;
REVOKE REPLICATION SLAVE ADMIN ON *.* FROM user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL read_binlog_speed_limit=65536;
ERROR 42000: Access denied; you need (at least one of) the SUPER, REPLICATION SLAVE ADMIN privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the REPLICATION SLAVE ADMIN privilege(s) for this operation
SET read_binlog_speed_limit=65536;
ERROR HY000: Variable 'read_binlog_speed_limit' is a GLOBAL variable and should be set with SET GLOBAL
SET SESSION read_binlog_speed_limit=65536;
......@@ -30,17 +30,4 @@ ERROR HY000: Variable 'read_binlog_speed_limit' is a GLOBAL variable and should
disconnect user1;
connection default;
DROP USER user1@localhost;
# Test that "SET read_binlog_speed_limit" is allowed with SUPER
CREATE USER user1@localhost;
GRANT SUPER ON *.* TO user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL read_binlog_speed_limit=65536;
SET read_binlog_speed_limit=65536;
ERROR HY000: Variable 'read_binlog_speed_limit' is a GLOBAL variable and should be set with SET GLOBAL
SET SESSION read_binlog_speed_limit=65536;
ERROR HY000: Variable 'read_binlog_speed_limit' is a GLOBAL variable and should be set with SET GLOBAL
disconnect user1;
connection default;
DROP USER user1@localhost;
SET @@global.read_binlog_speed_limit=@global;
mysql-test/suite/sys_vars/r/read_only_grant.result
View file @ d6e3d89c
......@@ -36,5 +36,5 @@ insert mysql.global_priv values ('bar', 'foo', '{"access":32768,"version_id":101
flush privileges;
show grants for foo@bar;
Grants for foo@bar
GRANT SUPER, READ_ONLY ADMIN ON *.* TO `foo`@`bar`
GRANT SUPER, BINLOG MONITOR, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY, SLAVE MONITOR ON *.* TO `foo`@`bar`
drop user foo@bar;
mysql-test/suite/sys_vars/r/relay_log_purge_grant.result
View file @ d6e3d89c
......@@ -2,14 +2,14 @@
# MDEV-21969 Bind REPLICATION SLAVE ADMIN to relay_log_*, sync_master_info, sync_relay_log, sync_relay_log_info
#
SET @global=@@global.relay_log_purge;
# Test that "SET relay_log_purge" is not allowed without REPLICATION SLAVE ADMIN or SUPER
# Test that "SET relay_log_purge" is not allowed without REPLICATION SLAVE ADMIN
CREATE USER user1@localhost;
GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
REVOKE REPLICATION SLAVE ADMIN, SUPER ON *.* FROM user1@localhost;
REVOKE REPLICATION SLAVE ADMIN ON *.* FROM user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL relay_log_purge=1;
ERROR 42000: Access denied; you need (at least one of) the SUPER, REPLICATION SLAVE ADMIN privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the REPLICATION SLAVE ADMIN privilege(s) for this operation
SET relay_log_purge=1;
ERROR HY000: Variable 'relay_log_purge' is a GLOBAL variable and should be set with SET GLOBAL
SET SESSION relay_log_purge=1;
......@@ -30,17 +30,4 @@ ERROR HY000: Variable 'relay_log_purge' is a GLOBAL variable and should be set w
disconnect user1;
connection default;
DROP USER user1@localhost;
# Test that "SET relay_log_purge" is allowed with SUPER
CREATE USER user1@localhost;
GRANT SUPER ON *.* TO user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL relay_log_purge=1;
SET relay_log_purge=1;
ERROR HY000: Variable 'relay_log_purge' is a GLOBAL variable and should be set with SET GLOBAL
SET SESSION relay_log_purge=1;
ERROR HY000: Variable 'relay_log_purge' is a GLOBAL variable and should be set with SET GLOBAL
disconnect user1;
connection default;
DROP USER user1@localhost;
SET @@global.relay_log_purge=@global;
mysql-test/suite/sys_vars/r/relay_log_recovery_grant.result
View file @ d6e3d89c
......@@ -2,14 +2,14 @@
# MDEV-21969 Bind REPLICATION SLAVE ADMIN to relay_log_*, sync_master_info, sync_relay_log, sync_relay_log_info
#
SET @global=@@global.relay_log_recovery;
# Test that "SET relay_log_recovery" is not allowed without REPLICATION SLAVE ADMIN or SUPER
# Test that "SET relay_log_recovery" is not allowed without REPLICATION SLAVE ADMIN
CREATE USER user1@localhost;
GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
REVOKE REPLICATION SLAVE ADMIN, SUPER ON *.* FROM user1@localhost;
REVOKE REPLICATION SLAVE ADMIN ON *.* FROM user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL relay_log_recovery=1;
ERROR 42000: Access denied; you need (at least one of) the SUPER, REPLICATION SLAVE ADMIN privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the REPLICATION SLAVE ADMIN privilege(s) for this operation
SET relay_log_recovery=1;
ERROR HY000: Variable 'relay_log_recovery' is a GLOBAL variable and should be set with SET GLOBAL
SET SESSION relay_log_recovery=1;
......@@ -30,17 +30,4 @@ ERROR HY000: Variable 'relay_log_recovery' is a GLOBAL variable and should be se
disconnect user1;
connection default;
DROP USER user1@localhost;
# Test that "SET relay_log_recovery" is allowed with SUPER
CREATE USER user1@localhost;
GRANT SUPER ON *.* TO user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL relay_log_recovery=1;
SET relay_log_recovery=1;
ERROR HY000: Variable 'relay_log_recovery' is a GLOBAL variable and should be set with SET GLOBAL
SET SESSION relay_log_recovery=1;
ERROR HY000: Variable 'relay_log_recovery' is a GLOBAL variable and should be set with SET GLOBAL
disconnect user1;
connection default;
DROP USER user1@localhost;
SET @@global.relay_log_recovery=@global;
mysql-test/suite/sys_vars/r/replicate_do_db_grant.result
View file @ d6e3d89c
......@@ -2,14 +2,14 @@
# MDEV-21966 Bind REPLICATION SLAVE ADMIN to a number of global system variables
#
SET @global=@@global.replicate_do_db;
# Test that "SET replicate_do_db" is not allowed without REPLICATION SLAVE ADMIN or SUPER
# Test that "SET replicate_do_db" is not allowed without REPLICATION SLAVE ADMIN
CREATE USER user1@localhost;
GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
REVOKE REPLICATION SLAVE ADMIN, SUPER ON *.* FROM user1@localhost;
REVOKE REPLICATION SLAVE ADMIN ON *.* FROM user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL replicate_do_db='';
ERROR 42000: Access denied; you need (at least one of) the SUPER, REPLICATION SLAVE ADMIN privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the REPLICATION SLAVE ADMIN privilege(s) for this operation
SET replicate_do_db='';
ERROR HY000: Variable 'replicate_do_db' is a GLOBAL variable and should be set with SET GLOBAL
SET SESSION replicate_do_db='';
......@@ -30,17 +30,4 @@ ERROR HY000: Variable 'replicate_do_db' is a GLOBAL variable and should be set w
disconnect user1;
connection default;
DROP USER user1@localhost;
# Test that "SET replicate_do_db" is allowed with SUPER
CREATE USER user1@localhost;
GRANT SUPER ON *.* TO user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL replicate_do_db='';
SET replicate_do_db='';
ERROR HY000: Variable 'replicate_do_db' is a GLOBAL variable and should be set with SET GLOBAL
SET SESSION replicate_do_db='';
ERROR HY000: Variable 'replicate_do_db' is a GLOBAL variable and should be set with SET GLOBAL
disconnect user1;
connection default;
DROP USER user1@localhost;
SET @@global.replicate_do_db=@global;
mysql-test/suite/sys_vars/r/replicate_do_table_grant.result
View file @ d6e3d89c
......@@ -2,14 +2,14 @@
# MDEV-21966 Bind REPLICATION SLAVE ADMIN to a number of global system variables
#
SET @global=@@global.replicate_do_table;
# Test that "SET replicate_do_table" is not allowed without REPLICATION SLAVE ADMIN or SUPER
# Test that "SET replicate_do_table" is not allowed without REPLICATION SLAVE ADMIN
CREATE USER user1@localhost;
GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
REVOKE REPLICATION SLAVE ADMIN, SUPER ON *.* FROM user1@localhost;
REVOKE REPLICATION SLAVE ADMIN ON *.* FROM user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL replicate_do_table='';
ERROR 42000: Access denied; you need (at least one of) the SUPER, REPLICATION SLAVE ADMIN privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the REPLICATION SLAVE ADMIN privilege(s) for this operation
SET replicate_do_table='';
ERROR HY000: Variable 'replicate_do_table' is a GLOBAL variable and should be set with SET GLOBAL
SET SESSION replicate_do_table='';
......@@ -30,17 +30,4 @@ ERROR HY000: Variable 'replicate_do_table' is a GLOBAL variable and should be se
disconnect user1;
connection default;
DROP USER user1@localhost;
# Test that "SET replicate_do_table" is allowed with SUPER
CREATE USER user1@localhost;
GRANT SUPER ON *.* TO user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL replicate_do_table='';
SET replicate_do_table='';
ERROR HY000: Variable 'replicate_do_table' is a GLOBAL variable and should be set with SET GLOBAL
SET SESSION replicate_do_table='';
ERROR HY000: Variable 'replicate_do_table' is a GLOBAL variable and should be set with SET GLOBAL
disconnect user1;
connection default;
DROP USER user1@localhost;
SET @@global.replicate_do_table=@global;
mysql-test/suite/sys_vars/r/replicate_events_marked_for_skip_grant.result
View file @ d6e3d89c
......@@ -2,14 +2,14 @@
# MDEV-21966 Bind REPLICATION SLAVE ADMIN to a number of global system variables
#
SET @global=@@global.replicate_events_marked_for_skip;
# Test that "SET replicate_events_marked_for_skip" is not allowed without REPLICATION SLAVE ADMIN or SUPER
# Test that "SET replicate_events_marked_for_skip" is not allowed without REPLICATION SLAVE ADMIN
CREATE USER user1@localhost;
GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
REVOKE REPLICATION SLAVE ADMIN, SUPER ON *.* FROM user1@localhost;
REVOKE REPLICATION SLAVE ADMIN ON *.* FROM user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL replicate_events_marked_for_skip=REPLICATE;
ERROR 42000: Access denied; you need (at least one of) the SUPER, REPLICATION SLAVE ADMIN privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the REPLICATION SLAVE ADMIN privilege(s) for this operation
SET replicate_events_marked_for_skip=REPLICATE;
ERROR HY000: Variable 'replicate_events_marked_for_skip' is a GLOBAL variable and should be set with SET GLOBAL
SET SESSION replicate_events_marked_for_skip=REPLICATE;
......@@ -30,17 +30,4 @@ ERROR HY000: Variable 'replicate_events_marked_for_skip' is a GLOBAL variable an
disconnect user1;
connection default;
DROP USER user1@localhost;
# Test that "SET replicate_events_marked_for_skip" is allowed with SUPER
CREATE USER user1@localhost;
GRANT SUPER ON *.* TO user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL replicate_events_marked_for_skip=REPLICATE;
SET replicate_events_marked_for_skip=REPLICATE;
ERROR HY000: Variable 'replicate_events_marked_for_skip' is a GLOBAL variable and should be set with SET GLOBAL
SET SESSION replicate_events_marked_for_skip=REPLICATE;
ERROR HY000: Variable 'replicate_events_marked_for_skip' is a GLOBAL variable and should be set with SET GLOBAL
disconnect user1;
connection default;
DROP USER user1@localhost;
SET @@global.replicate_events_marked_for_skip=@global;
mysql-test/suite/sys_vars/r/replicate_ignore_db_grant.result
View file @ d6e3d89c
......@@ -2,14 +2,14 @@
# MDEV-21966 Bind REPLICATION SLAVE ADMIN to a number of global system variables
#
SET @global=@@global.replicate_ignore_db;
# Test that "SET replicate_ignore_db" is not allowed without REPLICATION SLAVE ADMIN or SUPER
# Test that "SET replicate_ignore_db" is not allowed without REPLICATION SLAVE ADMIN
CREATE USER user1@localhost;
GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
REVOKE REPLICATION SLAVE ADMIN, SUPER ON *.* FROM user1@localhost;
REVOKE REPLICATION SLAVE ADMIN ON *.* FROM user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL replicate_ignore_db='';
ERROR 42000: Access denied; you need (at least one of) the SUPER, REPLICATION SLAVE ADMIN privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the REPLICATION SLAVE ADMIN privilege(s) for this operation
SET replicate_ignore_db='';
ERROR HY000: Variable 'replicate_ignore_db' is a GLOBAL variable and should be set with SET GLOBAL
SET SESSION replicate_ignore_db='';
......@@ -30,17 +30,4 @@ ERROR HY000: Variable 'replicate_ignore_db' is a GLOBAL variable and should be s
disconnect user1;
connection default;
DROP USER user1@localhost;
# Test that "SET replicate_ignore_db" is allowed with SUPER
CREATE USER user1@localhost;
GRANT SUPER ON *.* TO user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL replicate_ignore_db='';
SET replicate_ignore_db='';
ERROR HY000: Variable 'replicate_ignore_db' is a GLOBAL variable and should be set with SET GLOBAL
SET SESSION replicate_ignore_db='';
ERROR HY000: Variable 'replicate_ignore_db' is a GLOBAL variable and should be set with SET GLOBAL
disconnect user1;
connection default;
DROP USER user1@localhost;
SET @@global.replicate_ignore_db=@global;
mysql-test/suite/sys_vars/r/replicate_ignore_table_grant.result
View file @ d6e3d89c
......@@ -2,14 +2,14 @@
# MDEV-21966 Bind REPLICATION SLAVE ADMIN to a number of global system variables
#
SET @global=@@global.replicate_ignore_table;
# Test that "SET replicate_ignore_table" is not allowed without REPLICATION SLAVE ADMIN or SUPER
# Test that "SET replicate_ignore_table" is not allowed without REPLICATION SLAVE ADMIN
CREATE USER user1@localhost;
GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
REVOKE REPLICATION SLAVE ADMIN, SUPER ON *.* FROM user1@localhost;
REVOKE REPLICATION SLAVE ADMIN ON *.* FROM user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL replicate_ignore_table='';
ERROR 42000: Access denied; you need (at least one of) the SUPER, REPLICATION SLAVE ADMIN privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the REPLICATION SLAVE ADMIN privilege(s) for this operation
SET replicate_ignore_table='';
ERROR HY000: Variable 'replicate_ignore_table' is a GLOBAL variable and should be set with SET GLOBAL
SET SESSION replicate_ignore_table='';
......@@ -30,17 +30,4 @@ ERROR HY000: Variable 'replicate_ignore_table' is a GLOBAL variable and should b
disconnect user1;
connection default;
DROP USER user1@localhost;
# Test that "SET replicate_ignore_table" is allowed with SUPER
CREATE USER user1@localhost;
GRANT SUPER ON *.* TO user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL replicate_ignore_table='';
SET replicate_ignore_table='';
ERROR HY000: Variable 'replicate_ignore_table' is a GLOBAL variable and should be set with SET GLOBAL
SET SESSION replicate_ignore_table='';
ERROR HY000: Variable 'replicate_ignore_table' is a GLOBAL variable and should be set with SET GLOBAL
disconnect user1;
connection default;
DROP USER user1@localhost;
SET @@global.replicate_ignore_table=@global;
mysql-test/suite/sys_vars/r/replicate_wild_do_table_grant.result
View file @ d6e3d89c
......@@ -2,14 +2,14 @@
# MDEV-21966 Bind REPLICATION SLAVE ADMIN to a number of global system variables
#
SET @global=@@global.replicate_wild_do_table;
# Test that "SET replicate_wild_do_table" is not allowed without REPLICATION SLAVE ADMIN or SUPER
# Test that "SET replicate_wild_do_table" is not allowed without REPLICATION SLAVE ADMIN
CREATE USER user1@localhost;
GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
REVOKE REPLICATION SLAVE ADMIN, SUPER ON *.* FROM user1@localhost;
REVOKE REPLICATION SLAVE ADMIN ON *.* FROM user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL replicate_wild_do_table='';
ERROR 42000: Access denied; you need (at least one of) the SUPER, REPLICATION SLAVE ADMIN privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the REPLICATION SLAVE ADMIN privilege(s) for this operation
SET replicate_wild_do_table='';
ERROR HY000: Variable 'replicate_wild_do_table' is a GLOBAL variable and should be set with SET GLOBAL
SET SESSION replicate_wild_do_table='';
......@@ -30,17 +30,4 @@ ERROR HY000: Variable 'replicate_wild_do_table' is a GLOBAL variable and should
disconnect user1;
connection default;
DROP USER user1@localhost;
# Test that "SET replicate_wild_do_table" is allowed with SUPER
CREATE USER user1@localhost;
GRANT SUPER ON *.* TO user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL replicate_wild_do_table='';
SET replicate_wild_do_table='';
ERROR HY000: Variable 'replicate_wild_do_table' is a GLOBAL variable and should be set with SET GLOBAL
SET SESSION replicate_wild_do_table='';
ERROR HY000: Variable 'replicate_wild_do_table' is a GLOBAL variable and should be set with SET GLOBAL
disconnect user1;
connection default;
DROP USER user1@localhost;
SET @@global.replicate_wild_do_table=@global;
mysql-test/suite/sys_vars/r/replicate_wild_ignore_table_grant.result
View file @ d6e3d89c
......@@ -2,14 +2,14 @@
# MDEV-21966 Bind REPLICATION SLAVE ADMIN to a number of global system variables
#
SET @global=@@global.replicate_wild_ignore_table;
# Test that "SET replicate_wild_ignore_table" is not allowed without REPLICATION SLAVE ADMIN or SUPER
# Test that "SET replicate_wild_ignore_table" is not allowed without REPLICATION SLAVE ADMIN
CREATE USER user1@localhost;
GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
REVOKE REPLICATION SLAVE ADMIN, SUPER ON *.* FROM user1@localhost;
REVOKE REPLICATION SLAVE ADMIN ON *.* FROM user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL replicate_wild_ignore_table='';
ERROR 42000: Access denied; you need (at least one of) the SUPER, REPLICATION SLAVE ADMIN privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the REPLICATION SLAVE ADMIN privilege(s) for this operation
SET replicate_wild_ignore_table='';
ERROR HY000: Variable 'replicate_wild_ignore_table' is a GLOBAL variable and should be set with SET GLOBAL
SET SESSION replicate_wild_ignore_table='';
......@@ -30,17 +30,4 @@ ERROR HY000: Variable 'replicate_wild_ignore_table' is a GLOBAL variable and sho
disconnect user1;
connection default;
DROP USER user1@localhost;
# Test that "SET replicate_wild_ignore_table" is allowed with SUPER
CREATE USER user1@localhost;
GRANT SUPER ON *.* TO user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL replicate_wild_ignore_table='';
SET replicate_wild_ignore_table='';
ERROR HY000: Variable 'replicate_wild_ignore_table' is a GLOBAL variable and should be set with SET GLOBAL
SET SESSION replicate_wild_ignore_table='';
ERROR HY000: Variable 'replicate_wild_ignore_table' is a GLOBAL variable and should be set with SET GLOBAL
disconnect user1;
connection default;
DROP USER user1@localhost;
SET @@global.replicate_wild_ignore_table=@global;
mysql-test/suite/sys_vars/r/rpl_semi_sync_master_enabled_grant.result
View file @ d6e3d89c
......@@ -2,14 +2,14 @@
# MDEV-21967 Bind REPLICATION {MASTER|SLAVE} ADMIN to rpl_semi_sync_* variables
#
SET @global=@@global.rpl_semi_sync_master_enabled;
# Test that "SET rpl_semi_sync_master_enabled" is not allowed without REPLICATION MASTER ADMIN or SUPER
# Test that "SET rpl_semi_sync_master_enabled" is not allowed without REPLICATION MASTER ADMIN
CREATE USER user1@localhost;
GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
REVOKE REPLICATION MASTER ADMIN, SUPER ON *.* FROM user1@localhost;
REVOKE REPLICATION MASTER ADMIN ON *.* FROM user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL rpl_semi_sync_master_enabled=1;
ERROR 42000: Access denied; you need (at least one of) the SUPER, REPLICATION MASTER ADMIN privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the REPLICATION MASTER ADMIN privilege(s) for this operation
SET rpl_semi_sync_master_enabled=1;
ERROR HY000: Variable 'rpl_semi_sync_master_enabled' is a GLOBAL variable and should be set with SET GLOBAL
SET SESSION rpl_semi_sync_master_enabled=1;
......@@ -30,17 +30,4 @@ ERROR HY000: Variable 'rpl_semi_sync_master_enabled' is a GLOBAL variable and sh
disconnect user1;
connection default;
DROP USER user1@localhost;
# Test that "SET rpl_semi_sync_master_enabled" is allowed with SUPER
CREATE USER user1@localhost;
GRANT SUPER ON *.* TO user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL rpl_semi_sync_master_enabled=1;
SET rpl_semi_sync_master_enabled=1;
ERROR HY000: Variable 'rpl_semi_sync_master_enabled' is a GLOBAL variable and should be set with SET GLOBAL
SET SESSION rpl_semi_sync_master_enabled=1;
ERROR HY000: Variable 'rpl_semi_sync_master_enabled' is a GLOBAL variable and should be set with SET GLOBAL
disconnect user1;
connection default;
DROP USER user1@localhost;
SET @@global.rpl_semi_sync_master_enabled=@global;
mysql-test/suite/sys_vars/r/rpl_semi_sync_master_timeout_grant.result
View file @ d6e3d89c
......@@ -2,14 +2,14 @@
# MDEV-21967 Bind REPLICATION {MASTER|SLAVE} ADMIN to rpl_semi_sync_* variables
#
SET @global=@@global.rpl_semi_sync_master_timeout;
# Test that "SET rpl_semi_sync_master_timeout" is not allowed without REPLICATION MASTER ADMIN or SUPER
# Test that "SET rpl_semi_sync_master_timeout" is not allowed without REPLICATION MASTER ADMIN
CREATE USER user1@localhost;
GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
REVOKE REPLICATION MASTER ADMIN, SUPER ON *.* FROM user1@localhost;
REVOKE REPLICATION MASTER ADMIN ON *.* FROM user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL rpl_semi_sync_master_timeout=20000;
ERROR 42000: Access denied; you need (at least one of) the SUPER, REPLICATION MASTER ADMIN privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the REPLICATION MASTER ADMIN privilege(s) for this operation
SET rpl_semi_sync_master_timeout=20000;
ERROR HY000: Variable 'rpl_semi_sync_master_timeout' is a GLOBAL variable and should be set with SET GLOBAL
SET SESSION rpl_semi_sync_master_timeout=20000;
......@@ -30,17 +30,4 @@ ERROR HY000: Variable 'rpl_semi_sync_master_timeout' is a GLOBAL variable and sh
disconnect user1;
connection default;
DROP USER user1@localhost;
# Test that "SET rpl_semi_sync_master_timeout" is allowed with SUPER
CREATE USER user1@localhost;
GRANT SUPER ON *.* TO user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL rpl_semi_sync_master_timeout=20000;
SET rpl_semi_sync_master_timeout=20000;
ERROR HY000: Variable 'rpl_semi_sync_master_timeout' is a GLOBAL variable and should be set with SET GLOBAL
SET SESSION rpl_semi_sync_master_timeout=20000;
ERROR HY000: Variable 'rpl_semi_sync_master_timeout' is a GLOBAL variable and should be set with SET GLOBAL
disconnect user1;
connection default;
DROP USER user1@localhost;
SET @@global.rpl_semi_sync_master_timeout=@global;
mysql-test/suite/sys_vars/r/rpl_semi_sync_master_trace_level_grant.result
View file @ d6e3d89c
......@@ -2,14 +2,14 @@
# MDEV-21967 Bind REPLICATION {MASTER|SLAVE} ADMIN to rpl_semi_sync_* variables
#
SET @global=@@global.rpl_semi_sync_master_trace_level;
# Test that "SET rpl_semi_sync_master_trace_level" is not allowed without REPLICATION MASTER ADMIN or SUPER
# Test that "SET rpl_semi_sync_master_trace_level" is not allowed without REPLICATION MASTER ADMIN
CREATE USER user1@localhost;
GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
REVOKE REPLICATION MASTER ADMIN, SUPER ON *.* FROM user1@localhost;
REVOKE REPLICATION MASTER ADMIN ON *.* FROM user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL rpl_semi_sync_master_trace_level=64;
ERROR 42000: Access denied; you need (at least one of) the SUPER, REPLICATION MASTER ADMIN privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the REPLICATION MASTER ADMIN privilege(s) for this operation
SET rpl_semi_sync_master_trace_level=64;
ERROR HY000: Variable 'rpl_semi_sync_master_trace_level' is a GLOBAL variable and should be set with SET GLOBAL
SET SESSION rpl_semi_sync_master_trace_level=64;
......@@ -30,17 +30,4 @@ ERROR HY000: Variable 'rpl_semi_sync_master_trace_level' is a GLOBAL variable an
disconnect user1;
connection default;
DROP USER user1@localhost;
# Test that "SET rpl_semi_sync_master_trace_level" is allowed with SUPER
CREATE USER user1@localhost;
GRANT SUPER ON *.* TO user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL rpl_semi_sync_master_trace_level=64;
SET rpl_semi_sync_master_trace_level=64;
ERROR HY000: Variable 'rpl_semi_sync_master_trace_level' is a GLOBAL variable and should be set with SET GLOBAL
SET SESSION rpl_semi_sync_master_trace_level=64;
ERROR HY000: Variable 'rpl_semi_sync_master_trace_level' is a GLOBAL variable and should be set with SET GLOBAL
disconnect user1;
connection default;
DROP USER user1@localhost;
SET @@global.rpl_semi_sync_master_trace_level=@global;
mysql-test/suite/sys_vars/r/rpl_semi_sync_master_wait_no_slave_grant.result
View file @ d6e3d89c
......@@ -2,14 +2,14 @@
# MDEV-21967 Bind REPLICATION {MASTER|SLAVE} ADMIN to rpl_semi_sync_* variables
#
SET @global=@@global.rpl_semi_sync_master_wait_no_slave;
# Test that "SET rpl_semi_sync_master_wait_no_slave" is not allowed without REPLICATION MASTER ADMIN or SUPER
# Test that "SET rpl_semi_sync_master_wait_no_slave" is not allowed without REPLICATION MASTER ADMIN
CREATE USER user1@localhost;
GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
REVOKE REPLICATION MASTER ADMIN, SUPER ON *.* FROM user1@localhost;
REVOKE REPLICATION MASTER ADMIN ON *.* FROM user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL rpl_semi_sync_master_wait_no_slave=1;
ERROR 42000: Access denied; you need (at least one of) the SUPER, REPLICATION MASTER ADMIN privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the REPLICATION MASTER ADMIN privilege(s) for this operation
SET rpl_semi_sync_master_wait_no_slave=1;
ERROR HY000: Variable 'rpl_semi_sync_master_wait_no_slave' is a GLOBAL variable and should be set with SET GLOBAL
SET SESSION rpl_semi_sync_master_wait_no_slave=1;
......@@ -30,17 +30,4 @@ ERROR HY000: Variable 'rpl_semi_sync_master_wait_no_slave' is a GLOBAL variable
disconnect user1;
connection default;
DROP USER user1@localhost;
# Test that "SET rpl_semi_sync_master_wait_no_slave" is allowed with SUPER
CREATE USER user1@localhost;
GRANT SUPER ON *.* TO user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL rpl_semi_sync_master_wait_no_slave=1;
SET rpl_semi_sync_master_wait_no_slave=1;
ERROR HY000: Variable 'rpl_semi_sync_master_wait_no_slave' is a GLOBAL variable and should be set with SET GLOBAL
SET SESSION rpl_semi_sync_master_wait_no_slave=1;
ERROR HY000: Variable 'rpl_semi_sync_master_wait_no_slave' is a GLOBAL variable and should be set with SET GLOBAL
disconnect user1;
connection default;
DROP USER user1@localhost;
SET @@global.rpl_semi_sync_master_wait_no_slave=@global;
mysql-test/suite/sys_vars/r/rpl_semi_sync_master_wait_point_grant.result
View file @ d6e3d89c
......@@ -2,14 +2,14 @@
# MDEV-21967 Bind REPLICATION {MASTER|SLAVE} ADMIN to rpl_semi_sync_* variables
#
SET @global=@@global.rpl_semi_sync_master_wait_point;
# Test that "SET rpl_semi_sync_master_wait_point" is not allowed without REPLICATION MASTER ADMIN or SUPER
# Test that "SET rpl_semi_sync_master_wait_point" is not allowed without REPLICATION MASTER ADMIN
CREATE USER user1@localhost;
GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
REVOKE REPLICATION MASTER ADMIN, SUPER ON *.* FROM user1@localhost;
REVOKE REPLICATION MASTER ADMIN ON *.* FROM user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL rpl_semi_sync_master_wait_point=AFTER_SYNC;
ERROR 42000: Access denied; you need (at least one of) the SUPER, REPLICATION MASTER ADMIN privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the REPLICATION MASTER ADMIN privilege(s) for this operation
SET rpl_semi_sync_master_wait_point=AFTER_SYNC;
ERROR HY000: Variable 'rpl_semi_sync_master_wait_point' is a GLOBAL variable and should be set with SET GLOBAL
SET SESSION rpl_semi_sync_master_wait_point=AFTER_SYNC;
......@@ -30,17 +30,4 @@ ERROR HY000: Variable 'rpl_semi_sync_master_wait_point' is a GLOBAL variable and
disconnect user1;
connection default;
DROP USER user1@localhost;
# Test that "SET rpl_semi_sync_master_wait_point" is allowed with SUPER
CREATE USER user1@localhost;
GRANT SUPER ON *.* TO user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL rpl_semi_sync_master_wait_point=AFTER_SYNC;
SET rpl_semi_sync_master_wait_point=AFTER_SYNC;
ERROR HY000: Variable 'rpl_semi_sync_master_wait_point' is a GLOBAL variable and should be set with SET GLOBAL
SET SESSION rpl_semi_sync_master_wait_point=AFTER_SYNC;
ERROR HY000: Variable 'rpl_semi_sync_master_wait_point' is a GLOBAL variable and should be set with SET GLOBAL
disconnect user1;
connection default;
DROP USER user1@localhost;
SET @@global.rpl_semi_sync_master_wait_point=@global;
mysql-test/suite/sys_vars/r/rpl_semi_sync_slave_delay_master_grant.result
View file @ d6e3d89c
......@@ -2,14 +2,14 @@
# MDEV-21967 Bind REPLICATION {MASTER|SLAVE} ADMIN to rpl_semi_sync_* variables
#
SET @global=@@global.rpl_semi_sync_slave_delay_master;
# Test that "SET rpl_semi_sync_slave_delay_master" is not allowed without REPLICATION SLAVE ADMIN or SUPER
# Test that "SET rpl_semi_sync_slave_delay_master" is not allowed without REPLICATION SLAVE ADMIN
CREATE USER user1@localhost;
GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
REVOKE REPLICATION SLAVE ADMIN, SUPER ON *.* FROM user1@localhost;
REVOKE REPLICATION SLAVE ADMIN ON *.* FROM user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL rpl_semi_sync_slave_delay_master=1;
ERROR 42000: Access denied; you need (at least one of) the SUPER, REPLICATION SLAVE ADMIN privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the REPLICATION SLAVE ADMIN privilege(s) for this operation
SET rpl_semi_sync_slave_delay_master=1;
ERROR HY000: Variable 'rpl_semi_sync_slave_delay_master' is a GLOBAL variable and should be set with SET GLOBAL
SET SESSION rpl_semi_sync_slave_delay_master=1;
......@@ -30,17 +30,4 @@ ERROR HY000: Variable 'rpl_semi_sync_slave_delay_master' is a GLOBAL variable an
disconnect user1;
connection default;
DROP USER user1@localhost;
# Test that "SET rpl_semi_sync_slave_delay_master" is allowed with SUPER
CREATE USER user1@localhost;
GRANT SUPER ON *.* TO user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL rpl_semi_sync_slave_delay_master=1;
SET rpl_semi_sync_slave_delay_master=1;
ERROR HY000: Variable 'rpl_semi_sync_slave_delay_master' is a GLOBAL variable and should be set with SET GLOBAL
SET SESSION rpl_semi_sync_slave_delay_master=1;
ERROR HY000: Variable 'rpl_semi_sync_slave_delay_master' is a GLOBAL variable and should be set with SET GLOBAL
disconnect user1;
connection default;
DROP USER user1@localhost;
SET @@global.rpl_semi_sync_slave_delay_master=@global;
mysql-test/suite/sys_vars/r/rpl_semi_sync_slave_enabled_grant.result
View file @ d6e3d89c
......@@ -2,14 +2,14 @@
# MDEV-21967 Bind REPLICATION {MASTER|SLAVE} ADMIN to rpl_semi_sync_* variables
#
SET @global=@@global.rpl_semi_sync_slave_enabled;
# Test that "SET rpl_semi_sync_slave_enabled" is not allowed without REPLICATION SLAVE ADMIN or SUPER
# Test that "SET rpl_semi_sync_slave_enabled" is not allowed without REPLICATION SLAVE ADMIN
CREATE USER user1@localhost;
GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
REVOKE REPLICATION SLAVE ADMIN, SUPER ON *.* FROM user1@localhost;
REVOKE REPLICATION SLAVE ADMIN ON *.* FROM user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL rpl_semi_sync_slave_enabled=1;
ERROR 42000: Access denied; you need (at least one of) the SUPER, REPLICATION SLAVE ADMIN privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the REPLICATION SLAVE ADMIN privilege(s) for this operation
SET rpl_semi_sync_slave_enabled=1;
ERROR HY000: Variable 'rpl_semi_sync_slave_enabled' is a GLOBAL variable and should be set with SET GLOBAL
SET SESSION rpl_semi_sync_slave_enabled=1;
......@@ -30,17 +30,4 @@ ERROR HY000: Variable 'rpl_semi_sync_slave_enabled' is a GLOBAL variable and sho
disconnect user1;
connection default;
DROP USER user1@localhost;
# Test that "SET rpl_semi_sync_slave_enabled" is allowed with SUPER
CREATE USER user1@localhost;
GRANT SUPER ON *.* TO user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL rpl_semi_sync_slave_enabled=1;
SET rpl_semi_sync_slave_enabled=1;
ERROR HY000: Variable 'rpl_semi_sync_slave_enabled' is a GLOBAL variable and should be set with SET GLOBAL
SET SESSION rpl_semi_sync_slave_enabled=1;
ERROR HY000: Variable 'rpl_semi_sync_slave_enabled' is a GLOBAL variable and should be set with SET GLOBAL
disconnect user1;
connection default;
DROP USER user1@localhost;
SET @@global.rpl_semi_sync_slave_enabled=@global;
mysql-test/suite/sys_vars/r/rpl_semi_sync_slave_kill_conn_timeout_grant.result
View file @ d6e3d89c
......@@ -2,14 +2,14 @@
# MDEV-21967 Bind REPLICATION {MASTER|SLAVE} ADMIN to rpl_semi_sync_* variables
#
SET @global=@@global.rpl_semi_sync_slave_kill_conn_timeout;
# Test that "SET rpl_semi_sync_slave_kill_conn_timeout" is not allowed without REPLICATION SLAVE ADMIN or SUPER
# Test that "SET rpl_semi_sync_slave_kill_conn_timeout" is not allowed without REPLICATION SLAVE ADMIN
CREATE USER user1@localhost;
GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
REVOKE REPLICATION SLAVE ADMIN, SUPER ON *.* FROM user1@localhost;
REVOKE REPLICATION SLAVE ADMIN ON *.* FROM user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL rpl_semi_sync_slave_kill_conn_timeout=1;
ERROR 42000: Access denied; you need (at least one of) the SUPER, REPLICATION SLAVE ADMIN privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the REPLICATION SLAVE ADMIN privilege(s) for this operation
SET rpl_semi_sync_slave_kill_conn_timeout=1;
ERROR HY000: Variable 'rpl_semi_sync_slave_kill_conn_timeout' is a GLOBAL variable and should be set with SET GLOBAL
SET SESSION rpl_semi_sync_slave_kill_conn_timeout=1;
......@@ -30,17 +30,4 @@ ERROR HY000: Variable 'rpl_semi_sync_slave_kill_conn_timeout' is a GLOBAL variab
disconnect user1;
connection default;
DROP USER user1@localhost;
# Test that "SET rpl_semi_sync_slave_kill_conn_timeout" is allowed with SUPER
CREATE USER user1@localhost;
GRANT SUPER ON *.* TO user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL rpl_semi_sync_slave_kill_conn_timeout=1;
SET rpl_semi_sync_slave_kill_conn_timeout=1;
ERROR HY000: Variable 'rpl_semi_sync_slave_kill_conn_timeout' is a GLOBAL variable and should be set with SET GLOBAL
SET SESSION rpl_semi_sync_slave_kill_conn_timeout=1;
ERROR HY000: Variable 'rpl_semi_sync_slave_kill_conn_timeout' is a GLOBAL variable and should be set with SET GLOBAL
disconnect user1;
connection default;
DROP USER user1@localhost;
SET @@global.rpl_semi_sync_slave_kill_conn_timeout=@global;
mysql-test/suite/sys_vars/r/rpl_semi_sync_slave_trace_level_grant.result
View file @ d6e3d89c
......@@ -2,14 +2,14 @@
# MDEV-21967 Bind REPLICATION {MASTER|SLAVE} ADMIN to rpl_semi_sync_* variables
#
SET @global=@@global.rpl_semi_sync_slave_trace_level;
# Test that "SET rpl_semi_sync_slave_trace_level" is not allowed without REPLICATION SLAVE ADMIN or SUPER
# Test that "SET rpl_semi_sync_slave_trace_level" is not allowed without REPLICATION SLAVE ADMIN
CREATE USER user1@localhost;
GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
REVOKE REPLICATION SLAVE ADMIN, SUPER ON *.* FROM user1@localhost;
REVOKE REPLICATION SLAVE ADMIN ON *.* FROM user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL rpl_semi_sync_slave_trace_level=64;
ERROR 42000: Access denied; you need (at least one of) the SUPER, REPLICATION SLAVE ADMIN privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the REPLICATION SLAVE ADMIN privilege(s) for this operation
SET rpl_semi_sync_slave_trace_level=64;
ERROR HY000: Variable 'rpl_semi_sync_slave_trace_level' is a GLOBAL variable and should be set with SET GLOBAL
SET SESSION rpl_semi_sync_slave_trace_level=64;
......@@ -30,17 +30,4 @@ ERROR HY000: Variable 'rpl_semi_sync_slave_trace_level' is a GLOBAL variable and
disconnect user1;
connection default;
DROP USER user1@localhost;
# Test that "SET rpl_semi_sync_slave_trace_level" is allowed with SUPER
CREATE USER user1@localhost;
GRANT SUPER ON *.* TO user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL rpl_semi_sync_slave_trace_level=64;
SET rpl_semi_sync_slave_trace_level=64;
ERROR HY000: Variable 'rpl_semi_sync_slave_trace_level' is a GLOBAL variable and should be set with SET GLOBAL
SET SESSION rpl_semi_sync_slave_trace_level=64;
ERROR HY000: Variable 'rpl_semi_sync_slave_trace_level' is a GLOBAL variable and should be set with SET GLOBAL
disconnect user1;
connection default;
DROP USER user1@localhost;
SET @@global.rpl_semi_sync_slave_trace_level=@global;
mysql-test/suite/sys_vars/r/secure_auth_grant.result
View file @ d6e3d89c
......@@ -2,14 +2,14 @@ SET @global=@@global.secure_auth;
#
# MDEV-21961 Bind CONNECTION ADMIN to a number of global system variables
#
# Test that "SET secure_auth" is not allowed without CONNECTION ADMIN or SUPER
# Test that "SET secure_auth" is not allowed without CONNECTION ADMIN
CREATE USER user1@localhost;
GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
REVOKE CONNECTION ADMIN, SUPER ON *.* FROM user1@localhost;
REVOKE CONNECTION ADMIN ON *.* FROM user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL secure_auth=1;
ERROR 42000: Access denied; you need (at least one of) the SUPER, CONNECTION ADMIN privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the CONNECTION ADMIN privilege(s) for this operation
SET secure_auth=1;
ERROR HY000: Variable 'secure_auth' is a GLOBAL variable and should be set with SET GLOBAL
SET SESSION secure_auth=1;
......@@ -30,17 +30,4 @@ ERROR HY000: Variable 'secure_auth' is a GLOBAL variable and should be set with
disconnect user1;
connection default;
DROP USER user1@localhost;
# Test that "SET secure_auth" is allowed with SUPER
CREATE USER user1@localhost;
GRANT SUPER ON *.* TO user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL secure_auth=1;
SET secure_auth=1;
ERROR HY000: Variable 'secure_auth' is a GLOBAL variable and should be set with SET GLOBAL
SET SESSION secure_auth=1;
ERROR HY000: Variable 'secure_auth' is a GLOBAL variable and should be set with SET GLOBAL
disconnect user1;
connection default;
DROP USER user1@localhost;
SET @@global.secure_auth=@global;
mysql-test/suite/sys_vars/r/server_id_grant.result
View file @ d6e3d89c
......@@ -2,14 +2,14 @@
# MDEV-21975 Add BINLOG REPLAY privilege and bind new privileges to gtid_seq_no, preudo_thread_id, server_id, gtid_domain_id
#
SET @global=@@global.server_id;
# Test that "SET GLOBAL server_id" is not allowed without REPLICATION MASTER ADMIN or SUPER
# Test that "SET GLOBAL server_id" is not allowed without REPLICATION MASTER ADMIN
CREATE USER user1@localhost;
GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
REVOKE REPLICATION MASTER ADMIN, SUPER ON *.* FROM user1@localhost;
REVOKE REPLICATION MASTER ADMIN ON *.* FROM user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL server_id=1;
ERROR 42000: Access denied; you need (at least one of) the SUPER, REPLICATION MASTER ADMIN privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the REPLICATION MASTER ADMIN privilege(s) for this operation
disconnect user1;
connection default;
DROP USER user1@localhost;
......@@ -22,27 +22,18 @@ SET GLOBAL server_id=1;
disconnect user1;
connection default;
DROP USER user1@localhost;
# Test that "SET GLOBAL server_id" is allowed with SUPER
CREATE USER user1@localhost;
GRANT SUPER ON *.* TO user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL server_id=1;
disconnect user1;
connection default;
DROP USER user1@localhost;
SET @@global.server_id=@global;
SET @session=@@session.server_id;
# Test that "SET server_id" is not allowed without BINLOG REPLAY or SUPER
# Test that "SET server_id" is not allowed without BINLOG REPLAY
CREATE USER user1@localhost;
GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
REVOKE BINLOG REPLAY, SUPER ON *.* FROM user1@localhost;
REVOKE BINLOG REPLAY ON *.* FROM user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET server_id=1;
ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG REPLAY privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the BINLOG REPLAY privilege(s) for this operation
SET SESSION server_id=1;
ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG REPLAY privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the BINLOG REPLAY privilege(s) for this operation
disconnect user1;
connection default;
DROP USER user1@localhost;
......@@ -56,14 +47,4 @@ SET SESSION server_id=1;
disconnect user1;
connection default;
DROP USER user1@localhost;
# Test that "SET server_id" is allowed with SUPER
CREATE USER user1@localhost;
GRANT SUPER ON *.* TO user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET server_id=1;
SET SESSION server_id=1;
disconnect user1;
connection default;
DROP USER user1@localhost;
SET @@session.server_id=@session;
mysql-test/suite/sys_vars/r/slave_compressed_protocol_grant.result
View file @ d6e3d89c
......@@ -2,14 +2,14 @@
# MDEV-21966 Bind REPLICATION SLAVE ADMIN to a number of global system variables
#
SET @global=@@global.slave_compressed_protocol;
# Test that "SET slave_compressed_protocol" is not allowed without REPLICATION SLAVE ADMIN or SUPER
# Test that "SET slave_compressed_protocol" is not allowed without REPLICATION SLAVE ADMIN
CREATE USER user1@localhost;
GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
REVOKE REPLICATION SLAVE ADMIN, SUPER ON *.* FROM user1@localhost;
REVOKE REPLICATION SLAVE ADMIN ON *.* FROM user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL slave_compressed_protocol=1;
ERROR 42000: Access denied; you need (at least one of) the SUPER, REPLICATION SLAVE ADMIN privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the REPLICATION SLAVE ADMIN privilege(s) for this operation
SET slave_compressed_protocol=1;
ERROR HY000: Variable 'slave_compressed_protocol' is a GLOBAL variable and should be set with SET GLOBAL
SET SESSION slave_compressed_protocol=1;
......@@ -30,17 +30,4 @@ ERROR HY000: Variable 'slave_compressed_protocol' is a GLOBAL variable and shoul
disconnect user1;
connection default;
DROP USER user1@localhost;
# Test that "SET slave_compressed_protocol" is allowed with SUPER
CREATE USER user1@localhost;
GRANT SUPER ON *.* TO user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL slave_compressed_protocol=1;
SET slave_compressed_protocol=1;
ERROR HY000: Variable 'slave_compressed_protocol' is a GLOBAL variable and should be set with SET GLOBAL
SET SESSION slave_compressed_protocol=1;
ERROR HY000: Variable 'slave_compressed_protocol' is a GLOBAL variable and should be set with SET GLOBAL
disconnect user1;
connection default;
DROP USER user1@localhost;
SET @@global.slave_compressed_protocol=@global;
mysql-test/suite/sys_vars/r/slave_ddl_exec_mode_grant.result
View file @ d6e3d89c
......@@ -2,14 +2,14 @@
# MDEV-21966 Bind REPLICATION SLAVE ADMIN to a number of global system variables
#
SET @global=@@global.slave_ddl_exec_mode;
# Test that "SET slave_ddl_exec_mode" is not allowed without REPLICATION SLAVE ADMIN or SUPER
# Test that "SET slave_ddl_exec_mode" is not allowed without REPLICATION SLAVE ADMIN
CREATE USER user1@localhost;
GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
REVOKE REPLICATION SLAVE ADMIN, SUPER ON *.* FROM user1@localhost;
REVOKE REPLICATION SLAVE ADMIN ON *.* FROM user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL slave_ddl_exec_mode=STRICT;
ERROR 42000: Access denied; you need (at least one of) the SUPER, REPLICATION SLAVE ADMIN privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the REPLICATION SLAVE ADMIN privilege(s) for this operation
SET slave_ddl_exec_mode=STRICT;
ERROR HY000: Variable 'slave_ddl_exec_mode' is a GLOBAL variable and should be set with SET GLOBAL
SET SESSION slave_ddl_exec_mode=STRICT;
......@@ -30,17 +30,4 @@ ERROR HY000: Variable 'slave_ddl_exec_mode' is a GLOBAL variable and should be s
disconnect user1;
connection default;
DROP USER user1@localhost;
# Test that "SET slave_ddl_exec_mode" is allowed with SUPER
CREATE USER user1@localhost;
GRANT SUPER ON *.* TO user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL slave_ddl_exec_mode=STRICT;
SET slave_ddl_exec_mode=STRICT;
ERROR HY000: Variable 'slave_ddl_exec_mode' is a GLOBAL variable and should be set with SET GLOBAL
SET SESSION slave_ddl_exec_mode=STRICT;
ERROR HY000: Variable 'slave_ddl_exec_mode' is a GLOBAL variable and should be set with SET GLOBAL
disconnect user1;
connection default;
DROP USER user1@localhost;
SET @@global.slave_ddl_exec_mode=@global;
mysql-test/suite/sys_vars/r/slave_domain_parallel_threads_grant.result
View file @ d6e3d89c
......@@ -2,14 +2,14 @@
# MDEV-21966 Bind REPLICATION SLAVE ADMIN to a number of global system variables
#
SET @global=@@global.slave_domain_parallel_threads;
# Test that "SET slave_domain_parallel_threads" is not allowed without REPLICATION SLAVE ADMIN or SUPER
# Test that "SET slave_domain_parallel_threads" is not allowed without REPLICATION SLAVE ADMIN
CREATE USER user1@localhost;
GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
REVOKE REPLICATION SLAVE ADMIN, SUPER ON *.* FROM user1@localhost;
REVOKE REPLICATION SLAVE ADMIN ON *.* FROM user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL slave_domain_parallel_threads=0;
ERROR 42000: Access denied; you need (at least one of) the SUPER, REPLICATION SLAVE ADMIN privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the REPLICATION SLAVE ADMIN privilege(s) for this operation
SET slave_domain_parallel_threads=0;
ERROR HY000: Variable 'slave_domain_parallel_threads' is a GLOBAL variable and should be set with SET GLOBAL
SET SESSION slave_domain_parallel_threads=0;
......@@ -30,17 +30,4 @@ ERROR HY000: Variable 'slave_domain_parallel_threads' is a GLOBAL variable and s
disconnect user1;
connection default;
DROP USER user1@localhost;
# Test that "SET slave_domain_parallel_threads" is allowed with SUPER
CREATE USER user1@localhost;
GRANT SUPER ON *.* TO user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL slave_domain_parallel_threads=0;
SET slave_domain_parallel_threads=0;
ERROR HY000: Variable 'slave_domain_parallel_threads' is a GLOBAL variable and should be set with SET GLOBAL
SET SESSION slave_domain_parallel_threads=0;
ERROR HY000: Variable 'slave_domain_parallel_threads' is a GLOBAL variable and should be set with SET GLOBAL
disconnect user1;
connection default;
DROP USER user1@localhost;
SET @@global.slave_domain_parallel_threads=@global;
sql/privilege.h
View file @ d6e3d89c
This diff is collapsed.
sql/sql_acl.cc
View file @ d6e3d89c
This diff is collapsed.
sql/sql_show.cc
View file @ d6e3d89c
This diff is collapsed.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7