diff --git a/mysql-test/suite/sys_vars/r/master_verify_checksum_grant.result b/mysql-test/suite/sys_vars/r/master_verify_checksum_grant.result new file mode 100644 index 00000000000..4791e4cd7e0 --- /dev/null +++ b/mysql-test/suite/sys_vars/r/master_verify_checksum_grant.result @@ -0,0 +1,46 @@ +# +# MDEV-21972 Bind REPLICATION MASTER ADMIN to master_verify_checksum +# +SET @global=@@global.master_verify_checksum; +# Test that "SET master_verify_checksum" is not allowed without REPLICATION MASTER ADMIN or SUPER +CREATE USER user1@localhost; +GRANT ALL PRIVILEGES ON *.* TO user1@localhost; +REVOKE REPLICATION MASTER ADMIN, SUPER ON *.* FROM user1@localhost; +connect user1,localhost,user1,,; +connection user1; +SET GLOBAL master_verify_checksum=1; +ERROR 42000: Access denied; you need (at least one of) the SUPER, REPLICATION MASTER ADMIN privilege(s) for this operation +SET master_verify_checksum=1; +ERROR HY000: Variable 'master_verify_checksum' is a GLOBAL variable and should be set with SET GLOBAL +SET SESSION master_verify_checksum=1; +ERROR HY000: Variable 'master_verify_checksum' is a GLOBAL variable and should be set with SET GLOBAL +disconnect user1; +connection default; +DROP USER user1@localhost; +# Test that "SET master_verify_checksum" is allowed with REPLICATION MASTER ADMIN +CREATE USER user1@localhost; +GRANT REPLICATION MASTER ADMIN ON *.* TO user1@localhost; +connect user1,localhost,user1,,; +connection user1; +SET GLOBAL master_verify_checksum=1; +SET master_verify_checksum=1; +ERROR HY000: Variable 'master_verify_checksum' is a GLOBAL variable and should be set with SET GLOBAL +SET SESSION master_verify_checksum=1; +ERROR HY000: Variable 'master_verify_checksum' is a GLOBAL variable and should be set with SET GLOBAL +disconnect user1; +connection default; +DROP USER user1@localhost; +# Test that "SET master_verify_checksum" is allowed with SUPER +CREATE USER user1@localhost; +GRANT SUPER ON *.* TO user1@localhost; +connect user1,localhost,user1,,; +connection user1; +SET GLOBAL master_verify_checksum=1; +SET master_verify_checksum=1; +ERROR HY000: Variable 'master_verify_checksum' is a GLOBAL variable and should be set with SET GLOBAL +SET SESSION master_verify_checksum=1; +ERROR HY000: Variable 'master_verify_checksum' is a GLOBAL variable and should be set with SET GLOBAL +disconnect user1; +connection default; +DROP USER user1@localhost; +SET @@global.master_verify_checksum=@global; diff --git a/mysql-test/suite/sys_vars/t/master_verify_checksum_grant.test b/mysql-test/suite/sys_vars/t/master_verify_checksum_grant.test new file mode 100644 index 00000000000..33fa2a8a527 --- /dev/null +++ b/mysql-test/suite/sys_vars/t/master_verify_checksum_grant.test @@ -0,0 +1,9 @@ +--echo # +--echo # MDEV-21972 Bind REPLICATION MASTER ADMIN to master_verify_checksum +--echo # + +--let var = master_verify_checksum +--let grant = REPLICATION MASTER ADMIN +--let value = 1 + +--source suite/sys_vars/inc/sysvar_global_grant.inc diff --git a/sql/privilege.h b/sql/privilege.h index 1a11c1bb4ad..14750e001e0 100644 --- a/sql/privilege.h +++ b/sql/privilege.h @@ -482,6 +482,9 @@ constexpr privilege_t PRIV_SET_SYSTEM_GLOBAL_VAR_RPL_SEMI_SYNC_MASTER_TRACE_LEVE constexpr privilege_t PRIV_SET_SYSTEM_GLOBAL_VAR_RPL_SEMI_SYNC_MASTER_WAIT_POINT= REPL_MASTER_ADMIN_ACL | SUPER_ACL; +constexpr privilege_t PRIV_SET_SYSTEM_GLOBAL_VAR_MASTER_VERIFY_CHECKSUM= + REPL_MASTER_ADMIN_ACL | SUPER_ACL; + /* Privileges for statements that are executed on the slave */ // Was SUPER_ACL prior to 10.5.2 diff --git a/sql/sys_vars.cc b/sql/sys_vars.cc index 924cf914520..ff9dbcc8c49 100644 --- a/sql/sys_vars.cc +++ b/sql/sys_vars.cc @@ -3294,7 +3294,9 @@ Sys_slave_sql_verify_checksum( GLOBAL_VAR(opt_slave_sql_verify_checksum), CMD_LINE(OPT_ARG), DEFAULT(TRUE)); -static Sys_var_mybool Sys_master_verify_checksum( +static Sys_var_on_access_global +Sys_master_verify_checksum( "master_verify_checksum", "Force checksum verification of logged events in the binary log before " "sending them to slaves or printing them in the output of "