mirror of
https://github.com/MariaDB/server.git
synced 2025-07-29 05:21:33 +03:00
privilege: s/delete versioning rows/delete history/
This commit is contained in:
Sergei Golubchik
@ -13,8 +13,8 @@ GRANT USAGE ON *.* TO 'mysqltest_1'@'localhost'
|
|||||||
truncate mysqltest.t to system_time now();
|
truncate mysqltest.t to system_time now();
|
||||||
ERROR 42000: DELETE VERSIONING ROWS command denied to user 'mysqltest_1'@'localhost' for table 't'
|
ERROR 42000: DELETE VERSIONING ROWS command denied to user 'mysqltest_1'@'localhost' for table 't'
|
||||||
connection root;
|
connection root;
|
||||||
grant delete versioning rows on mysqltest.* to mysqltest_1@localhost;
|
grant delete history on mysqltest.* to mysqltest_1@localhost;
|
||||||
grant delete versioning rows on mysqltest.t to mysqltest_1@localhost;
|
grant delete history on mysqltest.t to mysqltest_1@localhost;
|
||||||
connection user1;
|
connection user1;
|
||||||
show grants;
|
show grants;
|
||||||
Grants for mysqltest_1@localhost
|
Grants for mysqltest_1@localhost
|
||||||
|
|||||||
@ -26,8 +26,8 @@ show grants;
|
|||||||
truncate mysqltest.t to system_time now();
|
truncate mysqltest.t to system_time now();
|
||||||
|
|
||||||
connection root;
|
connection root;
|
||||||
grant delete versioning rows on mysqltest.* to mysqltest_1@localhost;
|
grant delete history on mysqltest.* to mysqltest_1@localhost;
|
||||||
grant delete versioning rows on mysqltest.t to mysqltest_1@localhost;
|
grant delete history on mysqltest.t to mysqltest_1@localhost;
|
||||||
|
|
||||||
connection user1;
|
connection user1;
|
||||||
show grants;
|
show grants;
|
||||||
|
|||||||
@ -2019,7 +2019,7 @@ static bool acl_load(THD *thd, const Grant_tables& tables)
|
|||||||
user.access|= TRIGGER_ACL;
|
user.access|= TRIGGER_ACL;
|
||||||
|
|
||||||
if (user_table.num_fields() <= 46 && (user.access & DELETE_ACL))
|
if (user_table.num_fields() <= 46 && (user.access & DELETE_ACL))
|
||||||
user.access|= DELETE_VERSIONING_ROWS_ACL;
|
user.access|= DELETE_HISTORY_ACL;
|
||||||
|
|
||||||
user.sort= get_sort(2, user.host.hostname, user.user.str);
|
user.sort= get_sort(2, user.host.hostname, user.user.str);
|
||||||
user.hostname_length= safe_strlen(user.host.hostname);
|
user.hostname_length= safe_strlen(user.host.hostname);
|
||||||
|
|||||||
@ -49,7 +49,7 @@
|
|||||||
#define EVENT_ACL (1UL << 26)
|
#define EVENT_ACL (1UL << 26)
|
||||||
#define TRIGGER_ACL (1UL << 27)
|
#define TRIGGER_ACL (1UL << 27)
|
||||||
#define CREATE_TABLESPACE_ACL (1UL << 28)
|
#define CREATE_TABLESPACE_ACL (1UL << 28)
|
||||||
#define DELETE_VERSIONING_ROWS_ACL (1UL << 29)
|
#define DELETE_HISTORY_ACL (1UL << 29)
|
||||||
/*
|
/*
|
||||||
don't forget to update
|
don't forget to update
|
||||||
1. static struct show_privileges_st sys_privileges[]
|
1. static struct show_privileges_st sys_privileges[]
|
||||||
@ -64,12 +64,12 @@
|
|||||||
GRANT_ACL | REFERENCES_ACL | INDEX_ACL | ALTER_ACL | CREATE_TMP_ACL | \
|
GRANT_ACL | REFERENCES_ACL | INDEX_ACL | ALTER_ACL | CREATE_TMP_ACL | \
|
||||||
LOCK_TABLES_ACL | EXECUTE_ACL | CREATE_VIEW_ACL | SHOW_VIEW_ACL | \
|
LOCK_TABLES_ACL | EXECUTE_ACL | CREATE_VIEW_ACL | SHOW_VIEW_ACL | \
|
||||||
CREATE_PROC_ACL | ALTER_PROC_ACL | EVENT_ACL | TRIGGER_ACL | \
|
CREATE_PROC_ACL | ALTER_PROC_ACL | EVENT_ACL | TRIGGER_ACL | \
|
||||||
DELETE_VERSIONING_ROWS_ACL)
|
DELETE_HISTORY_ACL)
|
||||||
|
|
||||||
#define TABLE_ACLS \
|
#define TABLE_ACLS \
|
||||||
(SELECT_ACL | INSERT_ACL | UPDATE_ACL | DELETE_ACL | CREATE_ACL | DROP_ACL | \
|
(SELECT_ACL | INSERT_ACL | UPDATE_ACL | DELETE_ACL | CREATE_ACL | DROP_ACL | \
|
||||||
GRANT_ACL | REFERENCES_ACL | INDEX_ACL | ALTER_ACL | CREATE_VIEW_ACL | \
|
GRANT_ACL | REFERENCES_ACL | INDEX_ACL | ALTER_ACL | CREATE_VIEW_ACL | \
|
||||||
SHOW_VIEW_ACL | TRIGGER_ACL | DELETE_VERSIONING_ROWS_ACL)
|
SHOW_VIEW_ACL | TRIGGER_ACL | DELETE_HISTORY_ACL)
|
||||||
|
|
||||||
#define COL_ACLS \
|
#define COL_ACLS \
|
||||||
(SELECT_ACL | INSERT_ACL | UPDATE_ACL | REFERENCES_ACL)
|
(SELECT_ACL | INSERT_ACL | UPDATE_ACL | REFERENCES_ACL)
|
||||||
@ -87,7 +87,7 @@
|
|||||||
CREATE_TMP_ACL | LOCK_TABLES_ACL | REPL_SLAVE_ACL | REPL_CLIENT_ACL | \
|
CREATE_TMP_ACL | LOCK_TABLES_ACL | REPL_SLAVE_ACL | REPL_CLIENT_ACL | \
|
||||||
EXECUTE_ACL | CREATE_VIEW_ACL | SHOW_VIEW_ACL | CREATE_PROC_ACL | \
|
EXECUTE_ACL | CREATE_VIEW_ACL | SHOW_VIEW_ACL | CREATE_PROC_ACL | \
|
||||||
ALTER_PROC_ACL | CREATE_USER_ACL | EVENT_ACL | TRIGGER_ACL | \
|
ALTER_PROC_ACL | CREATE_USER_ACL | EVENT_ACL | TRIGGER_ACL | \
|
||||||
CREATE_TABLESPACE_ACL | DELETE_VERSIONING_ROWS_ACL)
|
CREATE_TABLESPACE_ACL | DELETE_HISTORY_ACL)
|
||||||
|
|
||||||
#define DEFAULT_CREATE_PROC_ACLS \
|
#define DEFAULT_CREATE_PROC_ACLS \
|
||||||
(ALTER_PROC_ACL | EXECUTE_ACL)
|
(ALTER_PROC_ACL | EXECUTE_ACL)
|
||||||
@ -119,7 +119,7 @@
|
|||||||
CREATE_PROC_ACL | ALTER_PROC_ACL )
|
CREATE_PROC_ACL | ALTER_PROC_ACL )
|
||||||
#define DB_CHUNK4 (EXECUTE_ACL)
|
#define DB_CHUNK4 (EXECUTE_ACL)
|
||||||
#define DB_CHUNK5 (EVENT_ACL | TRIGGER_ACL)
|
#define DB_CHUNK5 (EVENT_ACL | TRIGGER_ACL)
|
||||||
#define DB_CHUNK6 (DELETE_VERSIONING_ROWS_ACL)
|
#define DB_CHUNK6 (DELETE_HISTORY_ACL)
|
||||||
|
|
||||||
#define fix_rights_for_db(A) (((A) & DB_CHUNK0) | \
|
#define fix_rights_for_db(A) (((A) & DB_CHUNK0) | \
|
||||||
(((A) << 4) & DB_CHUNK1) | \
|
(((A) << 4) & DB_CHUNK1) | \
|
||||||
@ -139,7 +139,7 @@
|
|||||||
#define TBL_CHUNK1 DB_CHUNK1
|
#define TBL_CHUNK1 DB_CHUNK1
|
||||||
#define TBL_CHUNK2 (CREATE_VIEW_ACL | SHOW_VIEW_ACL)
|
#define TBL_CHUNK2 (CREATE_VIEW_ACL | SHOW_VIEW_ACL)
|
||||||
#define TBL_CHUNK3 TRIGGER_ACL
|
#define TBL_CHUNK3 TRIGGER_ACL
|
||||||
#define TBL_CHUNK4 (DELETE_VERSIONING_ROWS_ACL)
|
#define TBL_CHUNK4 (DELETE_HISTORY_ACL)
|
||||||
#define fix_rights_for_table(A) (((A) & TBL_CHUNK0) | \
|
#define fix_rights_for_table(A) (((A) & TBL_CHUNK0) | \
|
||||||
(((A) << 4) & TBL_CHUNK1) | \
|
(((A) << 4) & TBL_CHUNK1) | \
|
||||||
(((A) << 11) & TBL_CHUNK2) | \
|
(((A) << 11) & TBL_CHUNK2) | \
|
||||||
|
|||||||
@ -498,7 +498,7 @@ bool Sql_cmd_truncate_table::execute(THD *thd)
|
|||||||
|
|
||||||
if (table->vers_conditions)
|
if (table->vers_conditions)
|
||||||
{
|
{
|
||||||
if (check_one_table_access(thd, DELETE_VERSIONING_ROWS_ACL, table))
|
if (check_one_table_access(thd, DELETE_HISTORY_ACL, table))
|
||||||
DBUG_RETURN(res);
|
DBUG_RETURN(res);
|
||||||
DBUG_RETURN(mysql_delete(thd, table, NULL, NULL, -1, 0, NULL));
|
DBUG_RETURN(mysql_delete(thd, table, NULL, NULL, -1, 0, NULL));
|
||||||
}
|
}
|
||||||
|
|||||||
@ -16538,7 +16538,7 @@ object_privilege:
|
|||||||
| EVENT_SYM { Lex->grant |= EVENT_ACL;}
|
| EVENT_SYM { Lex->grant |= EVENT_ACL;}
|
||||||
| TRIGGER_SYM { Lex->grant |= TRIGGER_ACL; }
|
| TRIGGER_SYM { Lex->grant |= TRIGGER_ACL; }
|
||||||
| CREATE TABLESPACE { Lex->grant |= CREATE_TABLESPACE_ACL; }
|
| CREATE TABLESPACE { Lex->grant |= CREATE_TABLESPACE_ACL; }
|
||||||
| DELETE_SYM VERSIONING_SYM ROWS_SYM { Lex->grant |= DELETE_VERSIONING_ROWS_ACL; }
|
| DELETE_SYM HISTORY_SYM { Lex->grant |= DELETE_HISTORY_ACL; }
|
||||||
;
|
;
|
||||||
|
|
||||||
opt_and:
|
opt_and:
|
||||||
|
|||||||
Reference in New Issue
Block a user