From 1a5e69b42b4ff0a3fd4585f1463adf01127241cd Mon Sep 17 00:00:00 2001 From: Oleg Smirnov Date: Thu, 16 Nov 2023 16:54:16 +0700 Subject: [PATCH] MDEV-24486 Add `table_privileges` view to the `sys` schema The existing INFORMATION_SCHEMA.TABLE_PRIVILEGES displays only those privileges that were specifically granted on the table level, whereas it may be useful to see privileges granted at the database and global level. This commit adds a new view `table_privileges` to the `sys` schema for that purpose. The view shows privileges on existing tables and views, combining all possible levels: - user_privileges - schema_privileges - table_privileges --- mysql-test/main/ctype_upgrade.result | 2 + mysql-test/main/information_schema.result | 4 + mysql-test/main/log_tables_upgrade.result | 1 + mysql-test/main/lowercase_fs_off.result | 1 + .../main/mysql_json_mysql_upgrade.result | 1 + ...on_mysql_upgrade_with_plugin_loaded.result | 1 + mysql-test/main/mysql_upgrade-20228.result | 1 + mysql-test/main/mysql_upgrade-28915.result | 2 + mysql-test/main/mysql_upgrade-6984.result | 1 + mysql-test/main/mysql_upgrade.result | 13 +++ .../mysql_upgrade_mysql_json_datatype.result | 1 + mysql-test/main/mysql_upgrade_ssl.result | 1 + mysql-test/main/mysql_upgrade_view.result | 3 + mysql-test/main/upgrade_MDEV-19650.result | 1 + mysql-test/main/upgrade_MDEV-23102-1.result | 2 + mysql-test/main/upgrade_MDEV-23102-2.result | 2 + ...de_geometrycolumn_procedure_definer.result | 1 + mysql-test/main/upgrade_mdev_24363.result | 1 + .../sysschema/r/all_sys_objects_exist.result | 3 +- .../sysschema/r/v_table_privileges.result | 92 +++++++++++++++++++ mysql-test/suite/sysschema/r/v_version.result | 2 +- .../suite/sysschema/t/v_table_privileges.test | 53 +++++++++++ scripts/sys_schema/CMakeLists.txt | 1 + scripts/sys_schema/NEWS.md | 23 +++-- scripts/sys_schema/README.md | 53 +++++++++++ scripts/sys_schema/sys_56.sql | 1 + scripts/sys_schema/sys_57.sql | 1 + .../sys_schema/views/i_s/table_privileges.sql | 76 +++++++++++++++ scripts/sys_schema/views/version.sql | 4 +- sql/privilege.h | 5 + 30 files changed, 341 insertions(+), 12 deletions(-) create mode 100644 mysql-test/suite/sysschema/r/v_table_privileges.result create mode 100644 mysql-test/suite/sysschema/t/v_table_privileges.test create mode 100644 scripts/sys_schema/views/i_s/table_privileges.sql diff --git a/mysql-test/main/ctype_upgrade.result b/mysql-test/main/ctype_upgrade.result index 97c797e8418..05482eb19d4 100644 --- a/mysql-test/main/ctype_upgrade.result +++ b/mysql-test/main/ctype_upgrade.result @@ -302,6 +302,7 @@ sys.statements_with_full_table_scans OK sys.statements_with_runtimes_in_95th_percentile OK sys.statements_with_sorting OK sys.statements_with_temp_tables OK +sys.table_privileges OK sys.user_summary OK sys.user_summary_by_file_io OK sys.user_summary_by_file_io_type OK @@ -464,6 +465,7 @@ sys.statements_with_full_table_scans OK sys.statements_with_runtimes_in_95th_percentile OK sys.statements_with_sorting OK sys.statements_with_temp_tables OK +sys.table_privileges OK sys.user_summary OK sys.user_summary_by_file_io OK sys.user_summary_by_file_io_type OK diff --git a/mysql-test/main/information_schema.result b/mysql-test/main/information_schema.result index 154f60ae35c..8e41f6996f6 100644 --- a/mysql-test/main/information_schema.result +++ b/mysql-test/main/information_schema.result @@ -140,6 +140,7 @@ TABLES TABLES TABLESPACES TABLESPACES TABLE_CONSTRAINTS TABLE_CONSTRAINTS TABLE_PRIVILEGES TABLE_PRIVILEGES +TABLE_PRIVILEGES table_privileges TABLE_STATISTICS TABLE_STATISTICS TRIGGERS TRIGGERS t1 t1 @@ -163,6 +164,7 @@ TABLES TABLES TABLESPACES TABLESPACES TABLE_CONSTRAINTS TABLE_CONSTRAINTS TABLE_PRIVILEGES TABLE_PRIVILEGES +TABLE_PRIVILEGES table_privileges TABLE_STATISTICS TABLE_STATISTICS TRIGGERS TRIGGERS t1 t1 @@ -186,6 +188,7 @@ TABLES TABLES TABLESPACES TABLESPACES TABLE_CONSTRAINTS TABLE_CONSTRAINTS TABLE_PRIVILEGES TABLE_PRIVILEGES +TABLE_PRIVILEGES table_privileges TABLE_STATISTICS TABLE_STATISTICS TRIGGERS TRIGGERS t1 t1 @@ -1508,6 +1511,7 @@ statements_with_runtimes_in_95th_percentile YES statements_with_sorting YES statements_with_temp_tables YES statement_analysis YES +table_privileges NO user YES user_summary NO user_summary_by_file_io NO diff --git a/mysql-test/main/log_tables_upgrade.result b/mysql-test/main/log_tables_upgrade.result index 1f8f478200c..5725add6524 100644 --- a/mysql-test/main/log_tables_upgrade.result +++ b/mysql-test/main/log_tables_upgrade.result @@ -87,6 +87,7 @@ sys.statements_with_full_table_scans OK sys.statements_with_runtimes_in_95th_percentile OK sys.statements_with_sorting OK sys.statements_with_temp_tables OK +sys.table_privileges OK sys.user_summary OK sys.user_summary_by_file_io OK sys.user_summary_by_file_io_type OK diff --git a/mysql-test/main/lowercase_fs_off.result b/mysql-test/main/lowercase_fs_off.result index f59470ae0bc..b29bf0ba386 100644 --- a/mysql-test/main/lowercase_fs_off.result +++ b/mysql-test/main/lowercase_fs_off.result @@ -178,6 +178,7 @@ sys.statements_with_full_table_scans OK sys.statements_with_runtimes_in_95th_percentile OK sys.statements_with_sorting OK sys.statements_with_temp_tables OK +sys.table_privileges OK sys.user_summary OK sys.user_summary_by_file_io OK sys.user_summary_by_file_io_type OK diff --git a/mysql-test/main/mysql_json_mysql_upgrade.result b/mysql-test/main/mysql_json_mysql_upgrade.result index 2b909594e74..21a67d4e3d5 100644 --- a/mysql-test/main/mysql_json_mysql_upgrade.result +++ b/mysql-test/main/mysql_json_mysql_upgrade.result @@ -98,6 +98,7 @@ sys.statements_with_full_table_scans OK sys.statements_with_runtimes_in_95th_percentile OK sys.statements_with_sorting OK sys.statements_with_temp_tables OK +sys.table_privileges OK sys.user_summary OK sys.user_summary_by_file_io OK sys.user_summary_by_file_io_type OK diff --git a/mysql-test/main/mysql_json_mysql_upgrade_with_plugin_loaded.result b/mysql-test/main/mysql_json_mysql_upgrade_with_plugin_loaded.result index 7bc2808a40b..09e8855c4be 100644 --- a/mysql-test/main/mysql_json_mysql_upgrade_with_plugin_loaded.result +++ b/mysql-test/main/mysql_json_mysql_upgrade_with_plugin_loaded.result @@ -98,6 +98,7 @@ sys.statements_with_full_table_scans OK sys.statements_with_runtimes_in_95th_percentile OK sys.statements_with_sorting OK sys.statements_with_temp_tables OK +sys.table_privileges OK sys.user_summary OK sys.user_summary_by_file_io OK sys.user_summary_by_file_io_type OK diff --git a/mysql-test/main/mysql_upgrade-20228.result b/mysql-test/main/mysql_upgrade-20228.result index cd616c53615..d43f26e69b6 100644 --- a/mysql-test/main/mysql_upgrade-20228.result +++ b/mysql-test/main/mysql_upgrade-20228.result @@ -91,6 +91,7 @@ sys.statements_with_full_table_scans OK sys.statements_with_runtimes_in_95th_percentile OK sys.statements_with_sorting OK sys.statements_with_temp_tables OK +sys.table_privileges OK sys.user_summary OK sys.user_summary_by_file_io OK sys.user_summary_by_file_io_type OK diff --git a/mysql-test/main/mysql_upgrade-28915.result b/mysql-test/main/mysql_upgrade-28915.result index 399cd9cf3c4..422fff4822f 100644 --- a/mysql-test/main/mysql_upgrade-28915.result +++ b/mysql-test/main/mysql_upgrade-28915.result @@ -149,6 +149,7 @@ sys.statements_with_full_table_scans OK sys.statements_with_runtimes_in_95th_percentile OK sys.statements_with_sorting OK sys.statements_with_temp_tables OK +sys.table_privileges OK sys.user_summary OK sys.user_summary_by_file_io OK sys.user_summary_by_file_io_type OK @@ -413,6 +414,7 @@ sys.statements_with_full_table_scans OK sys.statements_with_runtimes_in_95th_percentile OK sys.statements_with_sorting OK sys.statements_with_temp_tables OK +sys.table_privileges OK sys.user_summary OK sys.user_summary_by_file_io OK sys.user_summary_by_file_io_type OK diff --git a/mysql-test/main/mysql_upgrade-6984.result b/mysql-test/main/mysql_upgrade-6984.result index 4da47975d7d..ff3f017c144 100644 --- a/mysql-test/main/mysql_upgrade-6984.result +++ b/mysql-test/main/mysql_upgrade-6984.result @@ -94,6 +94,7 @@ sys.statements_with_full_table_scans OK sys.statements_with_runtimes_in_95th_percentile OK sys.statements_with_sorting OK sys.statements_with_temp_tables OK +sys.table_privileges OK sys.user_summary OK sys.user_summary_by_file_io OK sys.user_summary_by_file_io_type OK diff --git a/mysql-test/main/mysql_upgrade.result b/mysql-test/main/mysql_upgrade.result index 80fcb35865d..2af8cd0c36c 100644 --- a/mysql-test/main/mysql_upgrade.result +++ b/mysql-test/main/mysql_upgrade.result @@ -76,6 +76,7 @@ sys.statements_with_full_table_scans OK sys.statements_with_runtimes_in_95th_percentile OK sys.statements_with_sorting OK sys.statements_with_temp_tables OK +sys.table_privileges OK sys.user_summary OK sys.user_summary_by_file_io OK sys.user_summary_by_file_io_type OK @@ -229,6 +230,7 @@ sys.statements_with_full_table_scans OK sys.statements_with_runtimes_in_95th_percentile OK sys.statements_with_sorting OK sys.statements_with_temp_tables OK +sys.table_privileges OK sys.user_summary OK sys.user_summary_by_file_io OK sys.user_summary_by_file_io_type OK @@ -381,6 +383,7 @@ sys.statements_with_full_table_scans OK sys.statements_with_runtimes_in_95th_percentile OK sys.statements_with_sorting OK sys.statements_with_temp_tables OK +sys.table_privileges OK sys.user_summary OK sys.user_summary_by_file_io OK sys.user_summary_by_file_io_type OK @@ -539,6 +542,7 @@ sys.statements_with_full_table_scans OK sys.statements_with_runtimes_in_95th_percentile OK sys.statements_with_sorting OK sys.statements_with_temp_tables OK +sys.table_privileges OK sys.user_summary OK sys.user_summary_by_file_io OK sys.user_summary_by_file_io_type OK @@ -697,6 +701,7 @@ sys.statements_with_full_table_scans OK sys.statements_with_runtimes_in_95th_percentile OK sys.statements_with_sorting OK sys.statements_with_temp_tables OK +sys.table_privileges OK sys.user_summary OK sys.user_summary_by_file_io OK sys.user_summary_by_file_io_type OK @@ -858,6 +863,7 @@ sys.statements_with_full_table_scans OK sys.statements_with_runtimes_in_95th_percentile OK sys.statements_with_sorting OK sys.statements_with_temp_tables OK +sys.table_privileges OK sys.user_summary OK sys.user_summary_by_file_io OK sys.user_summary_by_file_io_type OK @@ -1059,6 +1065,7 @@ sys.statements_with_full_table_scans OK sys.statements_with_runtimes_in_95th_percentile OK sys.statements_with_sorting OK sys.statements_with_temp_tables OK +sys.table_privileges OK sys.user_summary OK sys.user_summary_by_file_io OK sys.user_summary_by_file_io_type OK @@ -1231,6 +1238,7 @@ sys.statements_with_full_table_scans OK sys.statements_with_runtimes_in_95th_percentile OK sys.statements_with_sorting OK sys.statements_with_temp_tables OK +sys.table_privileges OK sys.user_summary OK sys.user_summary_by_file_io OK sys.user_summary_by_file_io_type OK @@ -1411,6 +1419,7 @@ sys.statements_with_full_table_scans OK sys.statements_with_runtimes_in_95th_percentile OK sys.statements_with_sorting OK sys.statements_with_temp_tables OK +sys.table_privileges OK sys.user_summary OK sys.user_summary_by_file_io OK sys.user_summary_by_file_io_type OK @@ -1633,6 +1642,7 @@ sys.statements_with_full_table_scans OK sys.statements_with_runtimes_in_95th_percentile OK sys.statements_with_sorting OK sys.statements_with_temp_tables OK +sys.table_privileges OK sys.user_summary OK sys.user_summary_by_file_io OK sys.user_summary_by_file_io_type OK @@ -1813,6 +1823,7 @@ sys.statements_with_full_table_scans OK sys.statements_with_runtimes_in_95th_percentile OK sys.statements_with_sorting OK sys.statements_with_temp_tables OK +sys.table_privileges OK sys.user_summary OK sys.user_summary_by_file_io OK sys.user_summary_by_file_io_type OK @@ -2045,6 +2056,7 @@ sys.statements_with_full_table_scans OK sys.statements_with_runtimes_in_95th_percentile OK sys.statements_with_sorting OK sys.statements_with_temp_tables OK +sys.table_privileges OK sys.user_summary OK sys.user_summary_by_file_io OK sys.user_summary_by_file_io_type OK @@ -2265,6 +2277,7 @@ sys.statements_with_full_table_scans OK sys.statements_with_runtimes_in_95th_percentile OK sys.statements_with_sorting OK sys.statements_with_temp_tables OK +sys.table_privileges OK sys.user_summary OK sys.user_summary_by_file_io OK sys.user_summary_by_file_io_type OK diff --git a/mysql-test/main/mysql_upgrade_mysql_json_datatype.result b/mysql-test/main/mysql_upgrade_mysql_json_datatype.result index cb964cb7d0c..628619139c4 100644 --- a/mysql-test/main/mysql_upgrade_mysql_json_datatype.result +++ b/mysql-test/main/mysql_upgrade_mysql_json_datatype.result @@ -85,6 +85,7 @@ sys.statements_with_full_table_scans OK sys.statements_with_runtimes_in_95th_percentile OK sys.statements_with_sorting OK sys.statements_with_temp_tables OK +sys.table_privileges OK sys.user_summary OK sys.user_summary_by_file_io OK sys.user_summary_by_file_io_type OK diff --git a/mysql-test/main/mysql_upgrade_ssl.result b/mysql-test/main/mysql_upgrade_ssl.result index 990f05b3d94..b572f38be1f 100644 --- a/mysql-test/main/mysql_upgrade_ssl.result +++ b/mysql-test/main/mysql_upgrade_ssl.result @@ -76,6 +76,7 @@ sys.statements_with_full_table_scans OK sys.statements_with_runtimes_in_95th_percentile OK sys.statements_with_sorting OK sys.statements_with_temp_tables OK +sys.table_privileges OK sys.user_summary OK sys.user_summary_by_file_io OK sys.user_summary_by_file_io_type OK diff --git a/mysql-test/main/mysql_upgrade_view.result b/mysql-test/main/mysql_upgrade_view.result index 21304c15dd5..1018e2fe4e3 100644 --- a/mysql-test/main/mysql_upgrade_view.result +++ b/mysql-test/main/mysql_upgrade_view.result @@ -156,6 +156,7 @@ sys.statements_with_full_table_scans OK sys.statements_with_runtimes_in_95th_percentile OK sys.statements_with_sorting OK sys.statements_with_temp_tables OK +sys.table_privileges OK sys.user_summary OK sys.user_summary_by_file_io OK sys.user_summary_by_file_io_type OK @@ -409,6 +410,7 @@ sys.statements_with_full_table_scans OK sys.statements_with_runtimes_in_95th_percentile OK sys.statements_with_sorting OK sys.statements_with_temp_tables OK +sys.table_privileges OK sys.user_summary OK sys.user_summary_by_file_io OK sys.user_summary_by_file_io_type OK @@ -637,6 +639,7 @@ sys.statements_with_full_table_scans OK sys.statements_with_runtimes_in_95th_percentile OK sys.statements_with_sorting OK sys.statements_with_temp_tables OK +sys.table_privileges OK sys.user_summary OK sys.user_summary_by_file_io OK sys.user_summary_by_file_io_type OK diff --git a/mysql-test/main/upgrade_MDEV-19650.result b/mysql-test/main/upgrade_MDEV-19650.result index 81673dc8cdf..3be76243e39 100644 --- a/mysql-test/main/upgrade_MDEV-19650.result +++ b/mysql-test/main/upgrade_MDEV-19650.result @@ -179,6 +179,7 @@ sys.statements_with_full_table_scans OK sys.statements_with_runtimes_in_95th_percentile OK sys.statements_with_sorting OK sys.statements_with_temp_tables OK +sys.table_privileges OK sys.user_summary OK sys.user_summary_by_file_io OK sys.user_summary_by_file_io_type OK diff --git a/mysql-test/main/upgrade_MDEV-23102-1.result b/mysql-test/main/upgrade_MDEV-23102-1.result index a092cf10e30..3d12e40b18e 100644 --- a/mysql-test/main/upgrade_MDEV-23102-1.result +++ b/mysql-test/main/upgrade_MDEV-23102-1.result @@ -197,6 +197,7 @@ sys.statements_with_full_table_scans OK sys.statements_with_runtimes_in_95th_percentile OK sys.statements_with_sorting OK sys.statements_with_temp_tables OK +sys.table_privileges OK sys.user_summary OK sys.user_summary_by_file_io OK sys.user_summary_by_file_io_type OK @@ -399,6 +400,7 @@ sys.statements_with_full_table_scans OK sys.statements_with_runtimes_in_95th_percentile OK sys.statements_with_sorting OK sys.statements_with_temp_tables OK +sys.table_privileges OK sys.user_summary OK sys.user_summary_by_file_io OK sys.user_summary_by_file_io_type OK diff --git a/mysql-test/main/upgrade_MDEV-23102-2.result b/mysql-test/main/upgrade_MDEV-23102-2.result index f84a109e792..e986b06d974 100644 --- a/mysql-test/main/upgrade_MDEV-23102-2.result +++ b/mysql-test/main/upgrade_MDEV-23102-2.result @@ -181,6 +181,7 @@ sys.statements_with_full_table_scans OK sys.statements_with_runtimes_in_95th_percentile OK sys.statements_with_sorting OK sys.statements_with_temp_tables OK +sys.table_privileges OK sys.user_summary OK sys.user_summary_by_file_io OK sys.user_summary_by_file_io_type OK @@ -375,6 +376,7 @@ sys.statements_with_full_table_scans OK sys.statements_with_runtimes_in_95th_percentile OK sys.statements_with_sorting OK sys.statements_with_temp_tables OK +sys.table_privileges OK sys.user_summary OK sys.user_summary_by_file_io OK sys.user_summary_by_file_io_type OK diff --git a/mysql-test/main/upgrade_geometrycolumn_procedure_definer.result b/mysql-test/main/upgrade_geometrycolumn_procedure_definer.result index 9d2f445d01c..0b3864bd994 100644 --- a/mysql-test/main/upgrade_geometrycolumn_procedure_definer.result +++ b/mysql-test/main/upgrade_geometrycolumn_procedure_definer.result @@ -127,6 +127,7 @@ sys.statements_with_full_table_scans OK sys.statements_with_runtimes_in_95th_percentile OK sys.statements_with_sorting OK sys.statements_with_temp_tables OK +sys.table_privileges OK sys.user_summary OK sys.user_summary_by_file_io OK sys.user_summary_by_file_io_type OK diff --git a/mysql-test/main/upgrade_mdev_24363.result b/mysql-test/main/upgrade_mdev_24363.result index 184c948fe75..6cc5f2500a9 100644 --- a/mysql-test/main/upgrade_mdev_24363.result +++ b/mysql-test/main/upgrade_mdev_24363.result @@ -141,6 +141,7 @@ sys.statements_with_full_table_scans OK sys.statements_with_runtimes_in_95th_percentile OK sys.statements_with_sorting OK sys.statements_with_temp_tables OK +sys.table_privileges OK sys.user_summary OK sys.user_summary_by_file_io OK sys.user_summary_by_file_io_type OK diff --git a/mysql-test/suite/sysschema/r/all_sys_objects_exist.result b/mysql-test/suite/sysschema/r/all_sys_objects_exist.result index 4c1bf311450..eea49dcd6ae 100644 --- a/mysql-test/suite/sysschema/r/all_sys_objects_exist.result +++ b/mysql-test/suite/sysschema/r/all_sys_objects_exist.result @@ -42,6 +42,7 @@ statements_with_sorting statements_with_temp_tables statement_analysis sys_config +table_privileges user_summary user_summary_by_file_io user_summary_by_file_io_type @@ -159,4 +160,4 @@ SELECT TRIGGER_NAME FROM INFORMATION_SCHEMA.TRIGGERS WHERE TRIGGER_SCHEMA = 'sys TRIGGER_NAME SELECT sys_version FROM sys.version; sys_version -1.5.1 +1.5.2 diff --git a/mysql-test/suite/sysschema/r/v_table_privileges.result b/mysql-test/suite/sysschema/r/v_table_privileges.result new file mode 100644 index 00000000000..57eb9077081 --- /dev/null +++ b/mysql-test/suite/sysschema/r/v_table_privileges.result @@ -0,0 +1,92 @@ +DESC sys.table_privileges; +Field Type Null Key Default Extra +TABLE_SCHEMA varchar(64) NO NULL +TABLE_NAME varchar(64) NO NULL +GRANTEE varchar(385) NO +PRIVILEGE varchar(64) NO +LEVEL varchar(6) NO +SELECT * FROM sys.table_privileges; +CREATE DATABASE test2; +USE test2; +CREATE TABLE t1 (a int); +CREATE USER test2_user; +# Grant everything first +GRANT ALL ON t1 TO test2_user; +SELECT * FROM sys.table_privileges WHERE table_schema='test2' AND table_name='t1' + AND grantee LIKE '%test2_user%'; +TABLE_SCHEMA TABLE_NAME GRANTEE PRIVILEGE LEVEL +test2 t1 'test2_user'@'%' SELECT TABLE +test2 t1 'test2_user'@'%' INSERT TABLE +test2 t1 'test2_user'@'%' UPDATE TABLE +test2 t1 'test2_user'@'%' DELETE TABLE +test2 t1 'test2_user'@'%' CREATE TABLE +test2 t1 'test2_user'@'%' DROP TABLE +test2 t1 'test2_user'@'%' REFERENCES TABLE +test2 t1 'test2_user'@'%' INDEX TABLE +test2 t1 'test2_user'@'%' ALTER TABLE +test2 t1 'test2_user'@'%' SHOW VIEW TABLE +test2 t1 'test2_user'@'%' TRIGGER TABLE +test2 t1 'test2_user'@'%' DELETE HISTORY TABLE +# Then revoke some privileges +REVOKE REFERENCES, DELETE, ALTER, DROP ON t1 FROM test2_user; +SELECT * FROM sys.table_privileges WHERE table_schema='test2' AND table_name='t1' + AND grantee LIKE '%test2_user%'; +TABLE_SCHEMA TABLE_NAME GRANTEE PRIVILEGE LEVEL +test2 t1 'test2_user'@'%' SELECT TABLE +test2 t1 'test2_user'@'%' INSERT TABLE +test2 t1 'test2_user'@'%' UPDATE TABLE +test2 t1 'test2_user'@'%' CREATE TABLE +test2 t1 'test2_user'@'%' INDEX TABLE +test2 t1 'test2_user'@'%' SHOW VIEW TABLE +test2 t1 'test2_user'@'%' TRIGGER TABLE +test2 t1 'test2_user'@'%' DELETE HISTORY TABLE +CREATE ROLE test2_role; +GRANT SELECT, UPDATE, DELETE, DROP, INDEX ON t1 to test2_role; +# Must show both the user and the role +SELECT * FROM sys.table_privileges WHERE table_schema='test2' AND table_name='t1' + AND grantee LIKE '%test2%'; +TABLE_SCHEMA TABLE_NAME GRANTEE PRIVILEGE LEVEL +test2 t1 'test2_user'@'%' SELECT TABLE +test2 t1 'test2_user'@'%' INSERT TABLE +test2 t1 'test2_user'@'%' UPDATE TABLE +test2 t1 'test2_user'@'%' CREATE TABLE +test2 t1 'test2_user'@'%' INDEX TABLE +test2 t1 'test2_user'@'%' SHOW VIEW TABLE +test2 t1 'test2_user'@'%' TRIGGER TABLE +test2 t1 'test2_user'@'%' DELETE HISTORY TABLE +test2 t1 'test2_role'@'' SELECT TABLE +test2 t1 'test2_role'@'' UPDATE TABLE +test2 t1 'test2_role'@'' DELETE TABLE +test2 t1 'test2_role'@'' DROP TABLE +test2 t1 'test2_role'@'' INDEX TABLE +CREATE VIEW v1 AS SELECT * FROM t1; +SELECT * FROM sys.table_privileges WHERE table_schema='test2' AND table_name='v1' + AND grantee LIKE '%test2%'; +TABLE_SCHEMA TABLE_NAME GRANTEE PRIVILEGE LEVEL +GRANT SELECT ON v1 TO test2_role; +SELECT * FROM sys.table_privileges WHERE table_schema='test2' AND table_name='v1' + AND grantee LIKE '%test2%'; +TABLE_SCHEMA TABLE_NAME GRANTEE PRIVILEGE LEVEL +test2 v1 'test2_role'@'' SELECT TABLE +GRANT ALL ON v1 TO test2_user; +SELECT * FROM sys.table_privileges WHERE table_schema='test2' AND table_name='v1' + AND grantee LIKE '%test2%'; +TABLE_SCHEMA TABLE_NAME GRANTEE PRIVILEGE LEVEL +test2 v1 'test2_user'@'%' SELECT TABLE +test2 v1 'test2_user'@'%' INSERT TABLE +test2 v1 'test2_user'@'%' UPDATE TABLE +test2 v1 'test2_user'@'%' DELETE TABLE +test2 v1 'test2_user'@'%' CREATE TABLE +test2 v1 'test2_user'@'%' DROP TABLE +test2 v1 'test2_user'@'%' REFERENCES TABLE +test2 v1 'test2_user'@'%' INDEX TABLE +test2 v1 'test2_user'@'%' ALTER TABLE +test2 v1 'test2_user'@'%' SHOW VIEW TABLE +test2 v1 'test2_user'@'%' TRIGGER TABLE +test2 v1 'test2_user'@'%' DELETE HISTORY TABLE +test2 v1 'test2_role'@'' SELECT TABLE +DROP TABLE t1; +DROP VIEW v1; +DROP USER test2_user; +DROP ROLE test2_role; +DROP DATABASE test2; diff --git a/mysql-test/suite/sysschema/r/v_version.result b/mysql-test/suite/sysschema/r/v_version.result index ac914fc8524..ff1e351b184 100644 --- a/mysql-test/suite/sysschema/r/v_version.result +++ b/mysql-test/suite/sysschema/r/v_version.result @@ -1,3 +1,3 @@ SELECT sys_version FROM sys.version; sys_version -1.5.1 +1.5.2 diff --git a/mysql-test/suite/sysschema/t/v_table_privileges.test b/mysql-test/suite/sysschema/t/v_table_privileges.test new file mode 100644 index 00000000000..2186b75c959 --- /dev/null +++ b/mysql-test/suite/sysschema/t/v_table_privileges.test @@ -0,0 +1,53 @@ +-- source include/not_embedded.inc +# -- source ../include/ps_truncate_all_tables.inc +# Tests for sys schema +# Verify the sys.table_privileges view + +# Ensure structure changes don't slip in +DESC sys.table_privileges; + +# Make sure view select does not error, but ignore results +--disable_result_log +SELECT * FROM sys.table_privileges; +--enable_result_log + +CREATE DATABASE test2; +USE test2; +CREATE TABLE t1 (a int); + +CREATE USER test2_user; + +--echo # Grant everything first +GRANT ALL ON t1 TO test2_user; +SELECT * FROM sys.table_privileges WHERE table_schema='test2' AND table_name='t1' + AND grantee LIKE '%test2_user%'; + +--echo # Then revoke some privileges +REVOKE REFERENCES, DELETE, ALTER, DROP ON t1 FROM test2_user; +SELECT * FROM sys.table_privileges WHERE table_schema='test2' AND table_name='t1' + AND grantee LIKE '%test2_user%'; + +CREATE ROLE test2_role; +GRANT SELECT, UPDATE, DELETE, DROP, INDEX ON t1 to test2_role; +--echo # Must show both the user and the role +SELECT * FROM sys.table_privileges WHERE table_schema='test2' AND table_name='t1' + AND grantee LIKE '%test2%'; + +CREATE VIEW v1 AS SELECT * FROM t1; +SELECT * FROM sys.table_privileges WHERE table_schema='test2' AND table_name='v1' + AND grantee LIKE '%test2%'; + +GRANT SELECT ON v1 TO test2_role; +SELECT * FROM sys.table_privileges WHERE table_schema='test2' AND table_name='v1' + AND grantee LIKE '%test2%'; +GRANT ALL ON v1 TO test2_user; +SELECT * FROM sys.table_privileges WHERE table_schema='test2' AND table_name='v1' + AND grantee LIKE '%test2%'; + +DROP TABLE t1; +DROP VIEW v1; +DROP USER test2_user; +DROP ROLE test2_role; +DROP DATABASE test2; + + diff --git a/scripts/sys_schema/CMakeLists.txt b/scripts/sys_schema/CMakeLists.txt index 9222f9fa7aa..c0a953ccf18 100644 --- a/scripts/sys_schema/CMakeLists.txt +++ b/scripts/sys_schema/CMakeLists.txt @@ -38,6 +38,7 @@ ${CMAKE_CURRENT_SOURCE_DIR}/views/i_s/schema_object_overview.sql ${CMAKE_CURRENT_SOURCE_DIR}/views/i_s/schema_auto_increment_columns.sql ${CMAKE_CURRENT_SOURCE_DIR}/views/i_s/x_schema_flattened_keys.sql ${CMAKE_CURRENT_SOURCE_DIR}/views/i_s/schema_redundant_indexes.sql +${CMAKE_CURRENT_SOURCE_DIR}/views/i_s/table_privileges.sql ${CMAKE_CURRENT_SOURCE_DIR}/views/p_s/ps_check_lost_instrumentation_57.sql ${CMAKE_CURRENT_SOURCE_DIR}/views/p_s/latest_file_io.sql ${CMAKE_CURRENT_SOURCE_DIR}/views/p_s/x_latest_file_io.sql diff --git a/scripts/sys_schema/NEWS.md b/scripts/sys_schema/NEWS.md index 7aeefb7edf9..cf180fb614d 100644 --- a/scripts/sys_schema/NEWS.md +++ b/scripts/sys_schema/NEWS.md @@ -1,6 +1,13 @@ # Change history for the MySQL sys schema -## 1.5.1 (07/07/16) +## 1.5.2 (2023-11-20) + +### Improvements + +* A new `table_privileges` view was added, which displays privileges on tables granted at all levels (user, schema, table) + + +## 1.5.1 (2016-07-07) ### Improvements @@ -24,7 +31,7 @@ * Oracle Bug #21970806 - The `sysschema.fn_ps_thread_trx_info` test was unstable * Oracle Bug #23621189 - The `ps_trace_statement_digest` procedure ran EXPLAIN incorrectly in certain cases (such as on a SHOW statement, no query being specified, or not having a full qualified table), the procedure now catches these issues and ignores them -## 1.5.0 (11/09/15) +## 1.5.0 (2015-09-11) ### Improvements @@ -84,7 +91,7 @@ * Template files were added for stored procedures and functions * Improved the sys_config_cleanup.inc procedure in tests to be able to reset the sys_config table completely (including the set_by column to NULL). The triggers can now be set to not update the column by setting the @sys.ignore_sys_config_triggers user variable to true -## 1.4.0 (09/03/2015) +## 1.4.0 (2015-03-09) ### Backwards Incompatible Changes @@ -126,7 +133,7 @@ Various changes were made to allow better generation of integration sql files: * Each object has been created within it's own file. No longer do x$ views live with their non-x$ counterparts * DELIMITERs were standardized to $$ -## 1.3.0 (23/10/2014) +## 1.3.0 (2014-10-23) ### Improvements @@ -136,7 +143,7 @@ Various changes were made to allow better generation of integration sql files: * Fixed broken `host_summary_by_stages` views, broken with a last minute change before the 1.2.0 release that went unnoticed (facepalm) -## 1.2.0 (22/10/2014) +## 1.2.0 (2014-10-22) ### Backwards Incompatible Changes @@ -163,7 +170,7 @@ Various changes were made to allow better generation of integration sql files: * Added missing space for hour notation within the `format_time` function * Fixed views affected by MySQL 5.7 ONLY_FULL_GROUP_BY and functional dependency changes -## 1.1.0 (04/09/2014) +## 1.1.0 (2014-09-04) ### Improvements @@ -195,7 +202,7 @@ Various changes were made to allow better generation of integration sql files: * Fixed the RETURN datatype `extract_schema_from_file_name` and `extract_table_from_file_name` to return a VARCHAR(64) (**Contributed by Jesper Wisborg Krogh**) * Added events_transactions_current to the default enabled consumers in 5.7 (#25) -## 1.0.1 (23/05/2014) +## 1.0.1 (2014-05-23) ### Improvements @@ -215,4 +222,4 @@ Various changes were made to allow better generation of integration sql files: * Some views did not work with the ERROR_FOR_DIVISION_BY_ZERO SQL mode. (#6) (**Contributed by Joe Grasse**) * On Windows the `ps_thread_stack()` stored function failed to escape file path backslashes correctly within the JSON output. -## 1.0.0 (11/04/2014) +## 1.0.0 (2014-04-11) diff --git a/scripts/sys_schema/README.md b/scripts/sys_schema/README.md index 2f1dc74e055..0dd5fb96e55 100644 --- a/scripts/sys_schema/README.md +++ b/scripts/sys_schema/README.md @@ -1635,6 +1635,59 @@ mysql> select * from schema_object_overview; 10 rows in set (1.58 sec) ``` +#### table_privileges + +##### Description + +-- Shows privileges on existing tables and views granted at all possible levels: +-- - user_privileges +-- - schema_privileges +-- - table_privileges + +##### Structure + +```SQL +MariaDB [test]> desc sys.table_privileges; ++--------------+--------------+------+-----+---------+-------+ +| Field | Type | Null | Key | Default | Extra | ++--------------+--------------+------+-----+---------+-------+ +| TABLE_SCHEMA | varchar(64) | NO | | NULL | | +| TABLE_NAME | varchar(64) | NO | | NULL | | +| GRANTEE | varchar(385) | NO | | | | +| PRIVILEGE | varchar(64) | NO | | | | +| LEVEL | varchar(6) | NO | | | | ++--------------+--------------+------+-----+---------+-------+ +5 rows in set (0.002 sec) +``` + +##### Example + +```SQL +mysql> select * from sys.table_privileges; ++--------------+------------+--------------------+----------------+--------+ +| TABLE_SCHEMA | TABLE_NAME | GRANTEE | PRIVILEGE_TYPE | LEVEL | ++--------------+------------+--------------------+----------------+--------+ +| test | v1 | 'oleg'@'localhost' | SELECT | GLOBAL | +| test | t1 | 'oleg'@'localhost' | SELECT | GLOBAL | +| test | v1 | 'oleg'@'localhost' | INSERT | GLOBAL | +| test | t1 | 'oleg'@'localhost' | INSERT | GLOBAL | +| test | v1 | 'oleg'@'localhost' | UPDATE | GLOBAL | +| test | v1 | 'PUBLIC'@'' | SELECT | SCHEMA | +| test | t1 | 'PUBLIC'@'' | SELECT | SCHEMA | +| test | v1 | 'PUBLIC'@'' | INSERT | SCHEMA | +| test | t1 | 'PUBLIC'@'' | INSERT | SCHEMA | +| test | v1 | 'PUBLIC'@'' | UPDATE | SCHEMA | +| test | t1 | 'PUBLIC'@'' | UPDATE | SCHEMA | +| test | v1 | 'PUBLIC'@'' | DELETE HISTORY | SCHEMA | +| test | t1 | 'PUBLIC'@'' | DELETE HISTORY | SCHEMA | +| test | t1 | 'oleg'@'%' | SELECT | TABLE | +| test | t1 | 'oleg'@'%' | UPDATE | TABLE | +| test | v1 | 'oleg'@'%' | SELECT | TABLE | ++--------------+------------+--------------------+----------------+--------+ +16 rows in set (1.58 sec) +``` + + #### schema_table_statistics / x$schema_table_statistics ##### Description diff --git a/scripts/sys_schema/sys_56.sql b/scripts/sys_schema/sys_56.sql index 1de01d25b21..8bcdcf6f486 100644 --- a/scripts/sys_schema/sys_56.sql +++ b/scripts/sys_schema/sys_56.sql @@ -55,6 +55,7 @@ SOURCE ./views/i_s/schema_object_overview.sql SOURCE ./views/i_s/schema_auto_increment_columns.sql SOURCE ./views/i_s/x_schema_flattened_keys.sql SOURCE ./views/i_s/schema_redundant_indexes.sql +SOURCE ./views/i_s/table_privileges.sql SOURCE ./views/p_s/ps_check_lost_instrumentation.sql SOURCE ./views/p_s/processlist.sql diff --git a/scripts/sys_schema/sys_57.sql b/scripts/sys_schema/sys_57.sql index 277cc62457a..9aad516975d 100644 --- a/scripts/sys_schema/sys_57.sql +++ b/scripts/sys_schema/sys_57.sql @@ -56,6 +56,7 @@ SOURCE ./views/i_s/schema_object_overview.sql SOURCE ./views/i_s/schema_auto_increment_columns.sql SOURCE ./views/i_s/x_schema_flattened_keys.sql SOURCE ./views/i_s/schema_redundant_indexes.sql +SOURCE ./views/i_s/table_privileges.sql SOURCE ./views/p_s/ps_check_lost_instrumentation_57.sql diff --git a/scripts/sys_schema/views/i_s/table_privileges.sql b/scripts/sys_schema/views/i_s/table_privileges.sql new file mode 100644 index 00000000000..6aed7bf8794 --- /dev/null +++ b/scripts/sys_schema/views/i_s/table_privileges.sql @@ -0,0 +1,76 @@ +-- +-- View: table_privileges +-- +-- Shows privileges on existing tables and views granted at all possible levels: +-- - user_privileges +-- - schema_privileges +-- - table_privileges +-- +-- mysql> select * from sys.table_privileges; +-- +--------------+------------+--------------------+----------------+--------+ +-- | TABLE_SCHEMA | TABLE_NAME | GRANTEE | PRIVILEGE_TYPE | LEVEL | +-- +--------------+------------+--------------------+----------------+--------+ +-- | test | v1 | 'oleg'@'localhost' | SELECT | GLOBAL | +-- | test | t1 | 'oleg'@'localhost' | SELECT | GLOBAL | +-- | test | v1 | 'oleg'@'localhost' | INSERT | GLOBAL | +-- | test | t1 | 'oleg'@'localhost' | INSERT | GLOBAL | +-- | test | v1 | 'oleg'@'localhost' | UPDATE | GLOBAL | +-- | test | v1 | 'PUBLIC'@'' | SELECT | SCHEMA | +-- | test | t1 | 'PUBLIC'@'' | SELECT | SCHEMA | +-- | test | v1 | 'PUBLIC'@'' | INSERT | SCHEMA | +-- | test | t1 | 'PUBLIC'@'' | INSERT | SCHEMA | +-- | test | v1 | 'PUBLIC'@'' | UPDATE | SCHEMA | +-- | test | t1 | 'PUBLIC'@'' | UPDATE | SCHEMA | +-- | test | v1 | 'PUBLIC'@'' | DELETE HISTORY | SCHEMA | +-- | test | t1 | 'PUBLIC'@'' | DELETE HISTORY | SCHEMA | +-- | test | t1 | 'oleg'@'%' | SELECT | TABLE | +-- | test | t1 | 'oleg'@'%' | UPDATE | TABLE | +-- | test | v1 | 'oleg'@'%' | SELECT | TABLE | +-- +--------------+------------+--------------------+----------------+--------+ + +CREATE OR REPLACE + ALGORITHM = TEMPTABLE + DEFINER = 'mariadb.sys'@'localhost' + SQL SECURITY INVOKER +VIEW table_privileges ( + TABLE_SCHEMA, + TABLE_NAME, + GRANTEE, + PRIVILEGE, + LEVEL +) AS +SELECT t.TABLE_SCHEMA, + t.TABLE_NAME, + privs.GRANTEE, + privs.PRIVILEGE_TYPE, + privs.LEVEL +FROM INFORMATION_SCHEMA.TABLES AS t +JOIN ( SELECT NULL AS TABLE_SCHEMA, + NULL AS TABLE_NAME, + GRANTEE, + PRIVILEGE_TYPE, + 'GLOBAL' LEVEL + FROM INFORMATION_SCHEMA.USER_PRIVILEGES + UNION + SELECT TABLE_SCHEMA, + NULL AS TABLE_NAME, + GRANTEE, + PRIVILEGE_TYPE, + 'SCHEMA' LEVEL + FROM INFORMATION_SCHEMA.SCHEMA_PRIVILEGES + UNION + SELECT TABLE_SCHEMA, + TABLE_NAME, + GRANTEE, + PRIVILEGE_TYPE, + 'TABLE' LEVEL + FROM INFORMATION_SCHEMA.TABLE_PRIVILEGES + ) privs + ON (t.TABLE_SCHEMA = privs.TABLE_SCHEMA OR privs.TABLE_SCHEMA IS NULL) + AND (t.TABLE_NAME = privs.TABLE_NAME OR privs.TABLE_NAME IS NULL) + AND privs.PRIVILEGE_TYPE IN ('SELECT', 'INSERT', 'UPDATE', 'DELETE', + 'CREATE', 'ALTER', 'DROP', 'INDEX', + 'REFERENCES', 'TRIGGER', 'GRANT OPTION', + 'SHOW VIEW', 'DELETE HISTORY') +WHERE t.TABLE_SCHEMA NOT IN ('sys', 'mysql','information_schema', + 'performance_schema'); diff --git a/scripts/sys_schema/views/version.sql b/scripts/sys_schema/views/version.sql index a25b53151d2..4ba6401612b 100644 --- a/scripts/sys_schema/views/version.sql +++ b/scripts/sys_schema/views/version.sql @@ -33,5 +33,5 @@ VIEW version ( sys_version, mysql_version ) AS -SELECT '1.5.1' AS sys_version, - version() AS mysql_version; \ No newline at end of file +SELECT '1.5.2' AS sys_version, + version() AS mysql_version; diff --git a/sql/privilege.h b/sql/privilege.h index 87bb2dc1da3..143eebd125e 100644 --- a/sql/privilege.h +++ b/sql/privilege.h @@ -269,6 +269,11 @@ constexpr privilege_t PROC_DDL_ACLS= constexpr privilege_t SHOW_PROC_WITHOUT_DEFINITION_ACLS= PROC_DDL_ACLS | EXECUTE_ACL; +/* + When changing this, don't forget to update tables_priv + at scripts/mariadb_system_tables.sql, scripts/mariadb_system_tables_fix.sql + and scripts/sys_schema/i_s/table_privileges.sql +*/ constexpr privilege_t TABLE_ACLS= COL_DML_ACLS | ALL_TABLE_DDL_ACLS | VIEW_ACLS | GRANT_ACL | REFERENCES_ACL |