diff --git a/mysql-test/main/events_bugs.result b/mysql-test/main/events_bugs.result index e3984bcd67a..0615dac53b1 100644 --- a/mysql-test/main/events_bugs.result +++ b/mysql-test/main/events_bugs.result @@ -405,7 +405,7 @@ SELECT event_name, definer FROM INFORMATION_SCHEMA.EVENTS; event_name definer e1 mysqltest_u1@localhost ALTER DEFINER=root@localhost EVENT e1 ON SCHEDULE EVERY 1 HOUR; -ERROR 42000: Access denied; you need (at least one of) the SUPER, SET USER privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the SET USER privilege(s) for this operation SELECT event_name, definer FROM INFORMATION_SCHEMA.EVENTS; event_name definer e1 mysqltest_u1@localhost @@ -418,7 +418,7 @@ event_name definer e1 mysqltest_u1@localhost DROP EVENT e1; CREATE DEFINER=root@localhost EVENT e1 ON SCHEDULE EVERY 1 DAY DO SELECT 1; -ERROR 42000: Access denied; you need (at least one of) the SUPER, SET USER privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the SET USER privilege(s) for this operation DROP EVENT e1; ERROR HY000: Unknown event 'e1' disconnect conn1; diff --git a/mysql-test/main/grant.result b/mysql-test/main/grant.result index d89bf9f075a..b067819acfd 100644 --- a/mysql-test/main/grant.result +++ b/mysql-test/main/grant.result @@ -630,7 +630,7 @@ Select Tables To retrieve rows from table Show databases Server Admin To see all databases with SHOW DATABASES Show view Tables To see views with SHOW CREATE VIEW Shutdown Server Admin To shut down the server -Super Server Admin To use KILL thread, SET GLOBAL, CHANGE MASTER, etc. +Super Server Admin To set few server variables Trigger Tables To use triggers Create tablespace Server Admin To create/alter/drop tablespaces Update Tables To update existing rows diff --git a/mysql-test/main/grant2.result b/mysql-test/main/grant2.result index 6ba7ddf1e0a..414d61243e9 100644 --- a/mysql-test/main/grant2.result +++ b/mysql-test/main/grant2.result @@ -161,7 +161,7 @@ connection con10; set sql_log_off = 1; ERROR 42000: Access denied; you need (at least one of) the SUPER privilege(s) for this operation set sql_log_bin = 0; -ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the BINLOG ADMIN privilege(s) for this operation disconnect con10; connection default; delete from mysql.user where user like 'mysqltest\_1'; diff --git a/mysql-test/main/grant_binlog_replay.result b/mysql-test/main/grant_binlog_replay.result index 2c71e70e59b..ea5e14b587d 100644 --- a/mysql-test/main/grant_binlog_replay.result +++ b/mysql-test/main/grant_binlog_replay.result @@ -5,15 +5,15 @@ # MDEV-21975 Add BINLOG REPLAY privilege and bind new privileges to gtid_seq_no, preudo_thread_id, server_id, gtid_domain_id # # -# Test that binlog replay statements are not allowed without BINLOG REPLAY or SUPER +# Test that binlog replay statements are not allowed without BINLOG REPLAY # CREATE USER user1@localhost IDENTIFIED BY ''; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE BINLOG REPLAY, SUPER ON *.* FROM user1@localhost; +REVOKE BINLOG REPLAY ON *.* FROM user1@localhost; connect con1,localhost,user1,,; connection con1; BINLOG ''; -ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG REPLAY privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the BINLOG REPLAY privilege(s) for this operation disconnect con1; connection default; DROP USER user1@localhost; @@ -33,20 +33,5 @@ disconnect con1; connection default; DROP USER user1@localhost; # -# Test that binlog replay statements are allowed with SUPER -# -CREATE USER user1@localhost IDENTIFIED BY ''; -GRANT SUPER ON *.* TO user1@localhost; -SHOW GRANTS FOR user1@localhost; -Grants for user1@localhost -GRANT SUPER ON *.* TO `user1`@`localhost` -connect con1,localhost,user1,,; -connection con1; -BINLOG ''; -ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use -disconnect con1; -connection default; -DROP USER user1@localhost; -# # End of 10.5 tests # diff --git a/mysql-test/main/grant_binlog_replay.test b/mysql-test/main/grant_binlog_replay.test index a3078e5023c..3fd157dfbf0 100644 --- a/mysql-test/main/grant_binlog_replay.test +++ b/mysql-test/main/grant_binlog_replay.test @@ -9,12 +9,12 @@ --echo # --echo # ---echo # Test that binlog replay statements are not allowed without BINLOG REPLAY or SUPER +--echo # Test that binlog replay statements are not allowed without BINLOG REPLAY --echo # CREATE USER user1@localhost IDENTIFIED BY ''; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE BINLOG REPLAY, SUPER ON *.* FROM user1@localhost; +REVOKE BINLOG REPLAY ON *.* FROM user1@localhost; connect (con1,localhost,user1,,); connection con1; @@ -25,7 +25,6 @@ disconnect con1; connection default; DROP USER user1@localhost; - --echo # --echo # Test that binlog replay statements are allowed with BINLOG REPLAY --echo # @@ -46,28 +45,6 @@ disconnect con1; connection default; DROP USER user1@localhost; - ---echo # ---echo # Test that binlog replay statements are allowed with SUPER ---echo # - -CREATE USER user1@localhost IDENTIFIED BY ''; -GRANT SUPER ON *.* TO user1@localhost; -SHOW GRANTS FOR user1@localhost; - -connect (con1,localhost,user1,,); -connection con1; ---error ER_BAD_SLAVE -# The below fails with a syntax error. -# This is fine. It's only important that it does not fail on "access denied". ---error ER_SYNTAX_ERROR -BINLOG ''; ---enable_result_log -disconnect con1; - -connection default; -DROP USER user1@localhost; - --echo # --echo # End of 10.5 tests --echo # diff --git a/mysql-test/main/grant_kill.result b/mysql-test/main/grant_kill.result index e1243a39a70..39a7e8fd5cb 100644 --- a/mysql-test/main/grant_kill.result +++ b/mysql-test/main/grant_kill.result @@ -5,13 +5,13 @@ # MDEV-21743 Split up SUPER privilege to smaller privileges # # -# Test that KILL is not allowed without CONNECTION ADMIN or SUPER +# Test that KILL is not allowed without CONNECTION ADMIN # CREATE USER foo@localhost; GRANT SELECT ON *.* TO foo@localhost; CREATE USER bar@localhost; GRANT ALL PRIVILEGES ON *.* TO bar@localhost; -REVOKE CONNECTION ADMIN, SUPER ON *.* FROM bar@localhost; +REVOKE CONNECTION ADMIN ON *.* FROM bar@localhost; connect foo,localhost,foo,,; connect bar,localhost,bar,,; SELECT user FROM information_schema.processlist ORDER BY user; @@ -47,25 +47,5 @@ disconnect bar; DROP USER foo@localhost; DROP USER bar@localhost; # -# Test that KILL is allowed with SUPER -# -CREATE USER foo@localhost; -GRANT SELECT ON *.* TO foo@localhost; -CREATE USER bar@localhost; -GRANT PROCESS, SUPER ON *.* TO bar@localhost; -connect foo,localhost,foo,,; -connect bar,localhost,bar,,; -SELECT user FROM information_schema.processlist ORDER BY user; -user -bar -foo -root -KILL ID; -connection default; -disconnect foo; -disconnect bar; -DROP USER foo@localhost; -DROP USER bar@localhost; -# # End of 10.5 tests # diff --git a/mysql-test/main/grant_kill.test b/mysql-test/main/grant_kill.test index 75a25743dc9..4cd7a84d18d 100644 --- a/mysql-test/main/grant_kill.test +++ b/mysql-test/main/grant_kill.test @@ -12,14 +12,14 @@ --let $count_sessions=1 --echo # ---echo # Test that KILL is not allowed without CONNECTION ADMIN or SUPER +--echo # Test that KILL is not allowed without CONNECTION ADMIN --echo # CREATE USER foo@localhost; GRANT SELECT ON *.* TO foo@localhost; CREATE USER bar@localhost; GRANT ALL PRIVILEGES ON *.* TO bar@localhost; -REVOKE CONNECTION ADMIN, SUPER ON *.* FROM bar@localhost; +REVOKE CONNECTION ADMIN ON *.* FROM bar@localhost; --connect (foo,localhost,foo,,) let $id=`(SELECT id FROM INFORMATION_SCHEMA.PROCESSLIST WHERE user='foo')`; --connect (bar,localhost,bar,,) @@ -59,31 +59,6 @@ let $wait_condition= DROP USER foo@localhost; DROP USER bar@localhost; ---echo # ---echo # Test that KILL is allowed with SUPER ---echo # - -CREATE USER foo@localhost; -GRANT SELECT ON *.* TO foo@localhost; -CREATE USER bar@localhost; -GRANT PROCESS, SUPER ON *.* TO bar@localhost; ---connect (foo,localhost,foo,,) -let $id=`(SELECT id FROM INFORMATION_SCHEMA.PROCESSLIST WHERE user='foo')`; ---connect (bar,localhost,bar,,) -SELECT user FROM information_schema.processlist ORDER BY user; ---replace_result $id ID ---eval KILL $id ---connection default -let $wait_condition= - select count(*) = 0 from information_schema.processlist - where user = "foo"; ---source include/wait_condition.inc ---disconnect foo ---disconnect bar ---source include/wait_until_count_sessions.inc -DROP USER foo@localhost; -DROP USER bar@localhost; - --enable_service_connection --echo # diff --git a/mysql-test/main/grant_server.result b/mysql-test/main/grant_server.result index 37b5f67ba4b..b8094f4b1d7 100644 --- a/mysql-test/main/grant_server.result +++ b/mysql-test/main/grant_server.result @@ -12,11 +12,11 @@ connection con1; CREATE SERVER IF NOT EXISTS server_1 FOREIGN DATA WRAPPER mysql OPTIONS (USER 'mysqltest_1', HOST 'localhost', DATABASE 'test2'); -ERROR 42000: Access denied; you need (at least one of) the SUPER, FEDERATED ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the FEDERATED ADMIN privilege(s) for this operation ALTER SERVER server_1 OPTIONS(HOST 'Server.Example.Org'); -ERROR 42000: Access denied; you need (at least one of) the SUPER, FEDERATED ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the FEDERATED ADMIN privilege(s) for this operation DROP SERVER server_1; -ERROR 42000: Access denied; you need (at least one of) the SUPER, FEDERATED ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the FEDERATED ADMIN privilege(s) for this operation disconnect con1; connection default; DROP USER user1@localhost; @@ -39,7 +39,8 @@ disconnect con1; connection default; DROP USER user1@localhost; # -# Test that SERVER DDL statements are allowed with SUPER +# Test that SERVER DDL statements are not allowed with SUPER +# but only with FEDERATED ADMIN # CREATE USER user1@localhost IDENTIFIED BY ''; GRANT SUPER ON *.* TO user1@localhost; @@ -51,6 +52,15 @@ connection con1; CREATE SERVER IF NOT EXISTS server_1 FOREIGN DATA WRAPPER mysql OPTIONS (USER 'mysqltest_1', HOST 'localhost', DATABASE 'test2'); +ERROR 42000: Access denied; you need (at least one of) the FEDERATED ADMIN privilege(s) for this operation +disconnect con1; +connection default; +REVOKE SUPER ON *.* FROM user1@localhost; +GRANT FEDERATED ADMIN ON *.* TO user1@localhost; +connect con1,localhost,user1,,; +CREATE SERVER IF NOT EXISTS server_1 +FOREIGN DATA WRAPPER mysql +OPTIONS (USER 'mysqltest_1', HOST 'localhost', DATABASE 'test2'); ALTER SERVER server_1 OPTIONS(HOST 'Server.Example.Org'); DROP SERVER server_1; disconnect con1; diff --git a/mysql-test/main/grant_server.test b/mysql-test/main/grant_server.test index 58c6b4e9ab6..f4b61135a7d 100644 --- a/mysql-test/main/grant_server.test +++ b/mysql-test/main/grant_server.test @@ -27,7 +27,6 @@ disconnect con1; connection default; DROP USER user1@localhost; - --echo # --echo # Test that SERVER DDL statements are allowed with FEDERATED ADMIN --echo # @@ -48,9 +47,9 @@ disconnect con1; connection default; DROP USER user1@localhost; - --echo # ---echo # Test that SERVER DDL statements are allowed with SUPER +--echo # Test that SERVER DDL statements are not allowed with SUPER +--echo # but only with FEDERATED ADMIN --echo # CREATE USER user1@localhost IDENTIFIED BY ''; @@ -59,6 +58,15 @@ SHOW GRANTS FOR user1@localhost; connect (con1,localhost,user1,,); connection con1; +--error ER_SPECIFIC_ACCESS_DENIED_ERROR +CREATE SERVER IF NOT EXISTS server_1 + FOREIGN DATA WRAPPER mysql + OPTIONS (USER 'mysqltest_1', HOST 'localhost', DATABASE 'test2'); +disconnect con1; +connection default; +REVOKE SUPER ON *.* FROM user1@localhost; +GRANT FEDERATED ADMIN ON *.* TO user1@localhost; +connect (con1,localhost,user1,,); CREATE SERVER IF NOT EXISTS server_1 FOREIGN DATA WRAPPER mysql OPTIONS (USER 'mysqltest_1', HOST 'localhost', DATABASE 'test2'); @@ -69,7 +77,6 @@ disconnect con1; connection default; DROP USER user1@localhost; - --echo # --echo # End of 10.5 tests --echo # diff --git a/mysql-test/main/grant_slave_admin.result b/mysql-test/main/grant_slave_admin.result index 0f1f2c9985f..66fc02e98b8 100644 --- a/mysql-test/main/grant_slave_admin.result +++ b/mysql-test/main/grant_slave_admin.result @@ -5,19 +5,19 @@ # MDEV-21743 Split up SUPER privilege to smaller privileges # # -# Test that slave admin statements are not allowed without REPLICATION SLAVE ADMIN or SUPER +# Test that slave admin statements are not allowed without REPLICATION SLAVE ADMIN # CREATE USER user1@localhost IDENTIFIED BY ''; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE REPLICATION SLAVE ADMIN, SUPER ON *.* FROM user1@localhost; +REVOKE REPLICATION SLAVE ADMIN ON *.* FROM user1@localhost; connect con1,localhost,user1,,; connection con1; START SLAVE; -ERROR 42000: Access denied; you need (at least one of) the SUPER, REPLICATION SLAVE ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the REPLICATION SLAVE ADMIN privilege(s) for this operation CHANGE MASTER TO MASTER_HOST='127.0.0.1'; -ERROR 42000: Access denied; you need (at least one of) the SUPER, REPLICATION SLAVE ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the REPLICATION SLAVE ADMIN privilege(s) for this operation STOP SLAVE; -ERROR 42000: Access denied; you need (at least one of) the SUPER, REPLICATION SLAVE ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the REPLICATION SLAVE ADMIN privilege(s) for this operation disconnect con1; connection default; DROP USER user1@localhost; @@ -41,24 +41,5 @@ disconnect con1; connection default; DROP USER user1@localhost; # -# Test that slave admin statements are allowed with SUPER -# -CREATE USER user1@localhost IDENTIFIED BY ''; -GRANT SUPER ON *.* TO user1@localhost; -SHOW GRANTS FOR user1@localhost; -Grants for user1@localhost -GRANT SUPER ON *.* TO `user1`@`localhost` -connect con1,localhost,user1,,; -connection con1; -START SLAVE; -ERROR HY000: Misconfigured slave: MASTER_HOST was not set; Fix in config file or with CHANGE MASTER TO -CHANGE MASTER TO MASTER_USER='root'; -STOP SLAVE; -Warnings: -Note 1255 Slave already has been stopped -disconnect con1; -connection default; -DROP USER user1@localhost; -# # End of 10.5 tests # diff --git a/mysql-test/main/grant_slave_admin.test b/mysql-test/main/grant_slave_admin.test index d73c31e0cf2..f4099975d90 100644 --- a/mysql-test/main/grant_slave_admin.test +++ b/mysql-test/main/grant_slave_admin.test @@ -9,12 +9,12 @@ --echo # --echo # ---echo # Test that slave admin statements are not allowed without REPLICATION SLAVE ADMIN or SUPER +--echo # Test that slave admin statements are not allowed without REPLICATION SLAVE ADMIN --echo # CREATE USER user1@localhost IDENTIFIED BY ''; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE REPLICATION SLAVE ADMIN, SUPER ON *.* FROM user1@localhost; +REVOKE REPLICATION SLAVE ADMIN ON *.* FROM user1@localhost; connect (con1,localhost,user1,,); connection con1; @@ -29,7 +29,6 @@ disconnect con1; connection default; DROP USER user1@localhost; - --echo # --echo # Test that slave admin statements are allowed with REPLICATION SLAVE ADMIN --echo # @@ -49,26 +48,6 @@ disconnect con1; connection default; DROP USER user1@localhost; - ---echo # ---echo # Test that slave admin statements are allowed with SUPER ---echo # - -CREATE USER user1@localhost IDENTIFIED BY ''; -GRANT SUPER ON *.* TO user1@localhost; -SHOW GRANTS FOR user1@localhost; - -connect (con1,localhost,user1,,); -connection con1; ---error ER_BAD_SLAVE -START SLAVE; -CHANGE MASTER TO MASTER_USER='root'; -STOP SLAVE; -disconnect con1; - -connection default; -DROP USER user1@localhost; - --echo # --echo # End of 10.5 tests --echo # diff --git a/mysql-test/main/grant_slave_monitor.result b/mysql-test/main/grant_slave_monitor.result index 68df790074a..78f6b23b1ff 100644 --- a/mysql-test/main/grant_slave_monitor.result +++ b/mysql-test/main/grant_slave_monitor.result @@ -1,19 +1,18 @@ CREATE USER user1@localhost IDENTIFIED BY ''; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE SLAVE MONITOR, SUPER ON *.* FROM user1@localhost; +REVOKE SLAVE MONITOR ON *.* FROM user1@localhost; FLUSH PRIVILEGES; connect con1,localhost,user1,,; connection con1; SHOW GRANTS; Grants for user1@localhost -GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY ON *.* TO `user1`@`localhost` +GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY ON *.* TO `user1`@`localhost` # # Verify that having REPLICATION SLAVE ADMIN doesn't allow SHOW SLAVE STATUS -# Expected error: Access denied; you need (at least one of) the SUPER, SLAVE -# MONITOR privilege(s) for this operation +# Expected error: Access denied; you need (at least one of) the SLAVE MONITOR privilege(s) for this operation # SHOW SLAVE STATUS; -ERROR 42000: Access denied; you need (at least one of) the SUPER, SLAVE MONITOR privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the SLAVE MONITOR privilege(s) for this operation # # Verify that having REPLICATION SLAVE ADMIN doesn't allow SHOW RELAYLOG EVENTS # Expected error: Access denied; you need (at least one of) the REPLICA MONITOR @@ -32,28 +31,13 @@ connect con1,localhost,user1,,; connection con1; SHOW GRANTS; Grants for user1@localhost -GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY, SLAVE MONITOR ON *.* TO `user1`@`localhost` +GRANT ALL PRIVILEGES ON *.* TO `user1`@`localhost` SHOW SLAVE STATUS; SHOW RELAYLOG EVENTS; disconnect con1; connection default; DROP USER user1@localhost; # -# SHOW SLAVE STATUS command is allowed with SUPER privilege -# -CREATE USER user1@localhost IDENTIFIED BY ''; -GRANT SUPER ON *.* TO user1@localhost; -connect con1,localhost,user1,,; -SHOW SLAVE STATUS; -# -# SHOW RELAYLOG EVENTS is not allowed with SUPER privilege, it requires SLAVE MONITOR -# -SHOW RELAYLOG EVENTS; -ERROR 42000: Access denied; you need (at least one of) the SLAVE MONITOR privilege(s) for this operation -disconnect con1; -connection default; -DROP USER user1@localhost; -# # MDEV-25030 Upgrade to 10.5.9 breaks root's ability to grant # insert mysql.global_priv values ('bar', 'foo7', '{"access":274877906943,"version_id":100507,"plugin":"mysql_native_password","authentication_string":""}'), @@ -68,7 +52,7 @@ Grants for foo8@bar GRANT ALL PRIVILEGES ON *.* TO `foo8`@`bar` WITH GRANT OPTION show grants for foo9@bar; Grants for foo9@bar -GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY ON *.* TO `foo9`@`bar` WITH GRANT OPTION +GRANT ALL PRIVILEGES ON *.* TO `foo9`@`bar` WITH GRANT OPTION drop user foo7@bar, foo8@bar, foo9@bar; # # End of 10.5 tests diff --git a/mysql-test/main/grant_slave_monitor.test b/mysql-test/main/grant_slave_monitor.test index af4399b7150..b5e65ef2cb4 100644 --- a/mysql-test/main/grant_slave_monitor.test +++ b/mysql-test/main/grant_slave_monitor.test @@ -7,14 +7,12 @@ # ==== Implementation ==== # # Step1: GRANT ALL privileges for a new user 'user1' and then REVOKE -# SLAVE MONITOR and SUPER privileges. +# SLAVE MONITOR privileges. # Step2: Execute SHOW SLAVE STAUTS/SHOW RELAYLOG EVENTS commands and expect # ER_SPECIFIC_ACCESS_DENIED_ERROR. This also verifies that REPLICATION # SLAVE ADMIN privilege is not required for these two commands. # Step3: GRANT SLAVE MONITOR privilege and observe that both commands are # allowd to execute. -# Step4: GRANT SUPER privilege and observe that only SHOW SLAVE STATUS command -# is allowed. # # ==== References ==== # @@ -27,7 +25,7 @@ CREATE USER user1@localhost IDENTIFIED BY ''; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE SLAVE MONITOR, SUPER ON *.* FROM user1@localhost; +REVOKE SLAVE MONITOR ON *.* FROM user1@localhost; FLUSH PRIVILEGES; --connect(con1,localhost,user1,,) @@ -36,8 +34,7 @@ SHOW GRANTS; --echo # --echo # Verify that having REPLICATION SLAVE ADMIN doesn't allow SHOW SLAVE STATUS ---echo # Expected error: Access denied; you need (at least one of) the SUPER, SLAVE ---echo # MONITOR privilege(s) for this operation +--echo # Expected error: Access denied; you need (at least one of) the SLAVE MONITOR privilege(s) for this operation --echo # --error ER_SPECIFIC_ACCESS_DENIED_ERROR SHOW SLAVE STATUS; @@ -76,30 +73,6 @@ SHOW RELAYLOG EVENTS; --connection default DROP USER user1@localhost; ---echo # ---echo # SHOW SLAVE STATUS command is allowed with SUPER privilege ---echo # -CREATE USER user1@localhost IDENTIFIED BY ''; -GRANT SUPER ON *.* TO user1@localhost; - ---connect(con1,localhost,user1,,) ---disable_result_log -SHOW SLAVE STATUS; ---enable_result_log - ---echo # ---echo # SHOW RELAYLOG EVENTS is not allowed with SUPER privilege, it requires SLAVE MONITOR ---echo # - ---disable_ps_protocol ---error ER_SPECIFIC_ACCESS_DENIED_ERROR -SHOW RELAYLOG EVENTS; ---enable_ps_protocol ---disconnect con1 - ---connection default -DROP USER user1@localhost; - --echo # --echo # MDEV-25030 Upgrade to 10.5.9 breaks root's ability to grant --echo # diff --git a/mysql-test/main/information_schema_db.result b/mysql-test/main/information_schema_db.result index 725b1a125ad..2b19415c05d 100644 --- a/mysql-test/main/information_schema_db.result +++ b/mysql-test/main/information_schema_db.result @@ -100,7 +100,7 @@ grant insert on v1 to testdb_2@localhost; create view v5 as select f1 from t1; grant select, show view on v5 to testdb_2@localhost; create definer=`no_such_user`@`no_such_host` view v6 as select f1 from t1; -ERROR 42000: Access denied; you need (at least one of) the SUPER, SET USER privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the SET USER privilege(s) for this operation connection default; use testdb_1; create view v6 as select f1 from t1; diff --git a/mysql-test/main/mysql_upgrade_to_100502.result b/mysql-test/main/mysql_upgrade_to_100502.result index 7235b16aa5a..54f4d273c5e 100644 --- a/mysql-test/main/mysql_upgrade_to_100502.result +++ b/mysql-test/main/mysql_upgrade_to_100502.result @@ -13,12 +13,12 @@ CREATE USER user_super@localhost; GRANT SUPER ON *.* TO user_super@localhost; SHOW GRANTS FOR user_super@localhost; Grants for user_super@localhost -GRANT SUPER, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, BINLOG ADMIN, BINLOG REPLAY ON *.* TO `user_super`@`localhost` +GRANT SUPER, BINLOG MONITOR, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY, SLAVE MONITOR ON *.* TO `user_super`@`localhost` CREATE USER user_super_replslave@localhost; GRANT SUPER, REPLICATION SLAVE ON *.* TO user_super_replslave@localhost; SHOW GRANTS FOR user_super_replslave@localhost; Grants for user_super_replslave@localhost -GRANT SUPER, REPLICATION SLAVE, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY, SLAVE MONITOR ON *.* TO `user_super_replslave`@`localhost` +GRANT SUPER, REPLICATION SLAVE, BINLOG MONITOR, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY, SLAVE MONITOR ON *.* TO `user_super_replslave`@`localhost` # # MDEV-23610: Slave user can't run "SHOW SLAVE STATUS" anymore after upgrade to 10.5, mysql_upgrade should take of that # @@ -30,7 +30,7 @@ CREATE USER user_replsuper@localhost; GRANT SUPER ON *.* TO user_replsuper@localhost; SHOW GRANTS FOR user_replsuper@localhost; Grants for user_replsuper@localhost -GRANT SUPER, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, BINLOG ADMIN, BINLOG REPLAY ON *.* TO `user_replsuper`@`localhost` +GRANT SUPER, BINLOG MONITOR, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY, SLAVE MONITOR ON *.* TO `user_replsuper`@`localhost` # # Users with privilege REPLICATION CLIENT prior to 10.5 should successfully execute # SHOW SLAVE STATUS command @@ -62,13 +62,13 @@ GRANT ALL PRIVILEGES ON *.* TO `user_all`@`localhost` WITH GRANT OPTION # SHOW GRANTS FOR user_super@localhost; Grants for user_super@localhost -GRANT SUPER, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, BINLOG ADMIN, BINLOG REPLAY ON *.* TO `user_super`@`localhost` +GRANT SUPER, BINLOG MONITOR, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY, SLAVE MONITOR ON *.* TO `user_super`@`localhost` # # Should automatically get all new 10.5.2 priveleges that were splitted from SUPER, plus REPLICATION MASTER ADMIN # SHOW GRANTS FOR user_super_replslave@localhost; Grants for user_super_replslave@localhost -GRANT SUPER, REPLICATION SLAVE, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY, SLAVE MONITOR ON *.* TO `user_super_replslave`@`localhost` +GRANT SUPER, REPLICATION SLAVE, BINLOG MONITOR, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY, SLAVE MONITOR ON *.* TO `user_super_replslave`@`localhost` # # MDEV-23610: Slave user can't run "SHOW SLAVE STATUS" anymore after upgrade to 10.5, mysql_upgrade should take of that # diff --git a/mysql-test/main/mysqldump.result b/mysql-test/main/mysqldump.result index 13fc0cc9fe6..44ed94e43c9 100644 --- a/mysql-test/main/mysqldump.result +++ b/mysql-test/main/mysqldump.result @@ -3733,8 +3733,8 @@ reset master; mariadb-dump: Couldn't execute 'FLUSH /*!40101 LOCAL */ TABLES': Access denied; you need (at least one of) the RELOAD privilege(s) for this operation (1227) mariadb-dump: Couldn't execute 'FLUSH /*!40101 LOCAL */ TABLES': Access denied; you need (at least one of) the RELOAD privilege(s) for this operation (1227) grant RELOAD on *.* to mysqltest_1@localhost; -mariadb-dump: Couldn't execute 'SHOW MASTER STATUS': Access denied; you need (at least one of) the SUPER, BINLOG MONITOR privilege(s) for this operation (1227) -mariadb-dump: Couldn't execute 'SHOW MASTER STATUS': Access denied; you need (at least one of) the SUPER, BINLOG MONITOR privilege(s) for this operation (1227) +mariadb-dump: Couldn't execute 'SHOW MASTER STATUS': Access denied; you need (at least one of) the BINLOG MONITOR privilege(s) for this operation (1227) +mariadb-dump: Couldn't execute 'SHOW MASTER STATUS': Access denied; you need (at least one of) the BINLOG MONITOR privilege(s) for this operation (1227) grant REPLICATION CLIENT on *.* to mysqltest_1@localhost; drop table t1; drop user mysqltest_1@localhost; diff --git a/mysql-test/main/sp-security.result b/mysql-test/main/sp-security.result index eb186dd7faf..f25bff8a920 100644 --- a/mysql-test/main/sp-security.result +++ b/mysql-test/main/sp-security.result @@ -432,9 +432,9 @@ CREATE FUNCTION wl2897_f1() RETURNS INT RETURN 1; connection mysqltest_1_con; USE mysqltest; CREATE DEFINER=root@localhost PROCEDURE wl2897_p2() SELECT 2; -ERROR 42000: Access denied; you need (at least one of) the SUPER, SET USER privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the SET USER privilege(s) for this operation CREATE DEFINER=root@localhost FUNCTION wl2897_f2() RETURNS INT RETURN 2; -ERROR 42000: Access denied; you need (at least one of) the SUPER, SET USER privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the SET USER privilege(s) for this operation connection mysqltest_2_con; use mysqltest; CREATE DEFINER='a @ b @ c'@localhost PROCEDURE wl2897_p3() SELECT 3; diff --git a/mysql-test/main/system_mysql_db_error_log.result b/mysql-test/main/system_mysql_db_error_log.result index 5af3eda0700..c2129b7df31 100644 --- a/mysql-test/main/system_mysql_db_error_log.result +++ b/mysql-test/main/system_mysql_db_error_log.result @@ -110,7 +110,7 @@ host='localhost' and user='good_version_id_100500'; FLUSH PRIVILEGES; SHOW GRANTS FOR good_version_id_100500@localhost; Grants for good_version_id_100500@localhost -GRANT SUPER, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, BINLOG ADMIN, BINLOG REPLAY ON *.* TO `good_version_id_100500`@`localhost` +GRANT SUPER, BINLOG MONITOR, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY, SLAVE MONITOR ON *.* TO `good_version_id_100500`@`localhost` DROP USER good_version_id_100500@localhost; FOUND 1 /Warning.*'user' entry 'bad_access1@localhost' has a wrong 'access' value.*version_id=/ in system_mysql_db_error_log.err FOUND 1 /Warning.*'user' entry 'bad_version_id_1000000@localhost' has a wrong 'version_id' value 1000000/ in system_mysql_db_error_log.err diff --git a/mysql-test/main/trigger_notembedded.result b/mysql-test/main/trigger_notembedded.result index 41547ac1e99..b6d878431f2 100644 --- a/mysql-test/main/trigger_notembedded.result +++ b/mysql-test/main/trigger_notembedded.result @@ -112,7 +112,7 @@ CREATE DEFINER='mysqltest_inv'@'localhost' TRIGGER trg1 BEFORE INSERT ON t1 FOR EACH ROW SET @new_sum = 0; -ERROR 42000: Access denied; you need (at least one of) the SUPER, SET USER privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the SET USER privilege(s) for this operation connection default; use mysqltest_db1; GRANT SET USER ON *.* TO mysqltest_dfn@localhost; diff --git a/mysql-test/main/view_grant.result b/mysql-test/main/view_grant.result index 3754a55eea8..112fccae07b 100644 --- a/mysql-test/main/view_grant.result +++ b/mysql-test/main/view_grant.result @@ -22,7 +22,7 @@ grant create view,select on test.* to mysqltest_1@localhost; connect user1,localhost,mysqltest_1,,test; connection user1; create definer=root@localhost view v1 as select * from mysqltest.t1; -ERROR 42000: Access denied; you need (at least one of) the SUPER, SET USER privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the SET USER privilege(s) for this operation create view v1 as select * from mysqltest.t1; alter view v1 as select * from mysqltest.t1; ERROR 42000: DROP command denied to user 'mysqltest_1'@'localhost' for table `test`.`v1` @@ -931,7 +931,7 @@ ERROR 42000: CREATE VIEW command denied to user 'u26813'@'localhost' for table ` ALTER VIEW v2 AS SELECT f2 FROM t1; ERROR 42000: DROP command denied to user 'u26813'@'localhost' for table `db26813`.`v2` ALTER VIEW v3 AS SELECT f2 FROM t1; -ERROR 42000: Access denied; you need (at least one of) the SUPER, SET USER privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the SET USER privilege(s) for this operation connection root; SHOW CREATE VIEW v3; View Create View character_set_client collation_connection @@ -959,9 +959,9 @@ GRANT SELECT, DROP, CREATE VIEW, SHOW VIEW ON mysqltest_29908.v2 TO u29908_2@loc GRANT SELECT ON mysqltest_29908.t1 TO u29908_2@localhost; connect u2,localhost,u29908_2,,mysqltest_29908; ALTER VIEW v1 AS SELECT f2 FROM t1; -ERROR 42000: Access denied; you need (at least one of) the SUPER, SET USER privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the SET USER privilege(s) for this operation ALTER VIEW v2 AS SELECT f2 FROM t1; -ERROR 42000: Access denied; you need (at least one of) the SUPER, SET USER privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the SET USER privilege(s) for this operation SHOW CREATE VIEW v2; View Create View character_set_client collation_connection v2 CREATE ALGORITHM=UNDEFINED DEFINER=`u29908_1`@`localhost` SQL SECURITY INVOKER VIEW `v2` AS select `t1`.`f1` AS `f1` from `t1` latin1 latin1_swedish_ci diff --git a/mysql-test/suite/binlog/r/binlog_grant.result b/mysql-test/suite/binlog/r/binlog_grant.result index edf705614eb..76cc415d568 100644 --- a/mysql-test/suite/binlog/r/binlog_grant.result +++ b/mysql-test/suite/binlog/r/binlog_grant.result @@ -16,7 +16,7 @@ set session sql_log_bin = 1; connection plain; [plain] set session sql_log_bin = 1; -ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the BINLOG ADMIN privilege(s) for this operation **** Variable BINLOG_FORMAT **** connection root; [root] @@ -25,9 +25,9 @@ set session binlog_format = row; connection plain; [plain] set global binlog_format = row; -ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the BINLOG ADMIN privilege(s) for this operation set session binlog_format = row; -ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the BINLOG ADMIN privilege(s) for this operation **** Clean up **** disconnect plain; disconnect root; @@ -45,7 +45,10 @@ disconnect rpl; connection default; DROP USER 'mysqltest_1'@'localhost'; # -# Start of 10.5 test +# End of 10.4 tests +# +# +# Start of 10.5 tests # # # MDEV-21743 Split up SUPER privilege to smaller privileges @@ -61,29 +64,29 @@ SHOW GRANTS FOR user1@localhost; Grants for user1@localhost GRANT USAGE ON *.* TO `user1`@`localhost` DROP USER user1@localhost; -# Test if SHOW BINARY LOGS and SHOW BINGLOG STATUS are not allowed without REPLICATION CLIENT or SUPER +# Test if SHOW BINARY LOGS and SHOW BINGLOG STATUS are not allowed without REPLICATION CLIENT CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE REPLICATION CLIENT, SUPER ON *.* FROM user1@localhost; +REVOKE REPLICATION CLIENT ON *.* FROM user1@localhost; connect user1,localhost,user1,,; connection user1; SHOW MASTER LOGS; -ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG MONITOR privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the BINLOG MONITOR privilege(s) for this operation SHOW BINARY LOGS; -ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG MONITOR privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the BINLOG MONITOR privilege(s) for this operation SHOW BINLOG STATUS; -ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG MONITOR privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the BINLOG MONITOR privilege(s) for this operation disconnect user1; connection default; DROP USER user1@localhost; -# Test if PURGE BINARY LOGS is not allowed without BINLOG ADMIN or SUPER +# Test if PURGE BINARY LOGS is not allowed without BINLOG ADMIN CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE BINLOG ADMIN, SUPER ON *.* FROM user1@localhost; +REVOKE BINLOG ADMIN ON *.* FROM user1@localhost; connect user1,localhost,user1,,; connection user1; PURGE BINARY LOGS BEFORE '2001-01-01 00:00:00'; -ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the BINLOG ADMIN privilege(s) for this operation disconnect user1; connection default; DROP USER user1@localhost; @@ -96,15 +99,6 @@ PURGE BINARY LOGS BEFORE '2001-01-01 00:00:00'; disconnect user1; connection default; DROP USER user1@localhost; -# Test if PURGE BINLOG is allowed with SUPER -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; -connect user1,localhost,user1,,"*NO-ONE*"; -connection user1; -PURGE BINARY LOGS BEFORE '2001-01-01 00:00:00'; -disconnect user1; -connection default; -DROP USER user1@localhost; # Test if SHOW BINLOG EVENTS is not allowed without BINLOG MONITOR CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; @@ -142,7 +136,7 @@ connect user1,localhost,user1,,; RENAME TABLE t1 to t2; connection default; REVOKE BINLOG REPLAY ON *.* FROM user1@localhost; -call mtr.add_suppression("Access denied; you need (at least one of) the SUPER, BINLOG REPLAY privilege(s) for this operation"); +call mtr.add_suppression("Access denied; you need (at least one of) the BINLOG REPLAY privilege(s) for this operation"); # Privilege errors are expected now: connection user1; connection default; diff --git a/mysql-test/suite/binlog/t/binlog_grant.test b/mysql-test/suite/binlog/t/binlog_grant.test index d573281f691..5ece793e4a3 100644 --- a/mysql-test/suite/binlog/t/binlog_grant.test +++ b/mysql-test/suite/binlog/t/binlog_grant.test @@ -30,7 +30,6 @@ connection plain; --error ER_SPECIFIC_ACCESS_DENIED_ERROR set session sql_log_bin = 1; - # Testing setting both session and global BINLOG_FORMAT variable both # as root and as plain user. @@ -56,7 +55,6 @@ connection default; set global binlog_format = @saved_binlog_format; drop user mysqltest_1@localhost; - # Testing if REPLICATION CLIENT privilege is enough to execute # SHOW MASTER LOGS and SHOW BINARY. CREATE USER 'mysqltest_1'@'localhost'; @@ -77,9 +75,12 @@ SHOW BINLOG STATUS; connection default; DROP USER 'mysqltest_1'@'localhost'; +--echo # +--echo # End of 10.4 tests +--echo # --echo # ---echo # Start of 10.5 test +--echo # Start of 10.5 tests --echo # --echo # @@ -95,11 +96,10 @@ REVOKE REPLICATION CLIENT ON *.* FROM user1@localhost; SHOW GRANTS FOR user1@localhost; DROP USER user1@localhost; - ---echo # Test if SHOW BINARY LOGS and SHOW BINGLOG STATUS are not allowed without REPLICATION CLIENT or SUPER +--echo # Test if SHOW BINARY LOGS and SHOW BINGLOG STATUS are not allowed without REPLICATION CLIENT CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE REPLICATION CLIENT, SUPER ON *.* FROM user1@localhost; +REVOKE REPLICATION CLIENT ON *.* FROM user1@localhost; --connect(user1,localhost,user1,,) --connection user1 --error ER_SPECIFIC_ACCESS_DENIED_ERROR @@ -112,11 +112,10 @@ SHOW BINLOG STATUS; --connection default DROP USER user1@localhost; - ---echo # Test if PURGE BINARY LOGS is not allowed without BINLOG ADMIN or SUPER +--echo # Test if PURGE BINARY LOGS is not allowed without BINLOG ADMIN CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE BINLOG ADMIN, SUPER ON *.* FROM user1@localhost; +REVOKE BINLOG ADMIN ON *.* FROM user1@localhost; --connect(user1,localhost,user1,,) --connection user1 --error ER_SPECIFIC_ACCESS_DENIED_ERROR @@ -125,7 +124,6 @@ PURGE BINARY LOGS BEFORE '2001-01-01 00:00:00'; --connection default DROP USER user1@localhost; - --echo # Test if PURGE BINLOG is allowed with BINLOG ADMIN CREATE USER user1@localhost; GRANT BINLOG ADMIN ON *.* TO user1@localhost; @@ -136,18 +134,6 @@ PURGE BINARY LOGS BEFORE '2001-01-01 00:00:00'; connection default; DROP USER user1@localhost; - ---echo # Test if PURGE BINLOG is allowed with SUPER -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; ---connect(user1,localhost,user1,,"*NO-ONE*") ---connection user1 -PURGE BINARY LOGS BEFORE '2001-01-01 00:00:00'; ---disconnect user1 -connection default; -DROP USER user1@localhost; - - --echo # Test if SHOW BINLOG EVENTS is not allowed without BINLOG MONITOR CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; @@ -160,7 +146,6 @@ SHOW BINLOG EVENTS; --connection default DROP USER user1@localhost; - --echo # Test if SHOW BINLOG EVENTS is allowed with BINLOG MONITOR CREATE USER user1@localhost; GRANT BINLOG MONITOR ON *.* TO user1@localhost; @@ -196,7 +181,7 @@ RENAME TABLE t1 to t2; --connection default REVOKE BINLOG REPLAY ON *.* FROM user1@localhost; -call mtr.add_suppression("Access denied; you need (at least one of) the SUPER, BINLOG REPLAY privilege(s) for this operation"); +call mtr.add_suppression("Access denied; you need (at least one of) the BINLOG REPLAY privilege(s) for this operation"); --echo # Privilege errors are expected now: --connection user1 --error 1 diff --git a/mysql-test/suite/binlog_encryption/rpl_skip_replication.result b/mysql-test/suite/binlog_encryption/rpl_skip_replication.result index 96e0a30331d..c17ffbb5e47 100644 --- a/mysql-test/suite/binlog_encryption/rpl_skip_replication.result +++ b/mysql-test/suite/binlog_encryption/rpl_skip_replication.result @@ -12,7 +12,7 @@ SELECT,UPDATE ON *.* TO 'nonsuperuser'@'127.0.0.1'; connect nonpriv, 127.0.0.1, nonsuperuser,, test, $SLAVE_MYPORT,; connection nonpriv; SET GLOBAL replicate_events_marked_for_skip=FILTER_ON_MASTER; -ERROR 42000: Access denied; you need (at least one of) the SUPER, REPLICATION SLAVE ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the REPLICATION SLAVE ADMIN privilege(s) for this operation disconnect nonpriv; connection slave; DROP USER'nonsuperuser'@'127.0.0.1'; diff --git a/mysql-test/suite/engines/funcs/r/rpl_temporary.result b/mysql-test/suite/engines/funcs/r/rpl_temporary.result index 492e9ac3ac3..3651ead16cc 100644 --- a/mysql-test/suite/engines/funcs/r/rpl_temporary.result +++ b/mysql-test/suite/engines/funcs/r/rpl_temporary.result @@ -42,12 +42,12 @@ connect con3,localhost,zedjzlcsjhd,,; connection con3; SET @save_select_limit=@@session.sql_select_limit; SET @@session.sql_select_limit=10, @@session.pseudo_thread_id=100; -ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG REPLAY privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the BINLOG REPLAY privilege(s) for this operation SELECT @@session.sql_select_limit = @save_select_limit; @@session.sql_select_limit = @save_select_limit 1 SET @@session.sql_select_limit=10, @@session.sql_log_bin=0; -ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the BINLOG ADMIN privilege(s) for this operation SELECT @@session.sql_select_limit = @save_select_limit; @@session.sql_select_limit = @save_select_limit 1 diff --git a/mysql-test/suite/federated/federated_server.result b/mysql-test/suite/federated/federated_server.result index d25676e7ad5..1207a4bbe09 100644 --- a/mysql-test/suite/federated/federated_server.result +++ b/mysql-test/suite/federated/federated_server.result @@ -197,7 +197,7 @@ OWNER 'root'); create user guest_select@localhost; grant select on federated.* to guest_select@localhost; create user guest_super@localhost; -grant select,SUPER,RELOAD on *.* to guest_super@localhost; +grant select,FEDERATED ADMIN,RELOAD on *.* to guest_super@localhost; create user guest_usage@localhost; grant usage on *.* to guest_usage@localhost; CREATE TABLE federated.t1 ( @@ -212,7 +212,7 @@ connect conn_usage,127.0.0.1,guest_usage,,,$MASTER_MYPORT; connect conn_super,127.0.0.1,guest_super,,,$MASTER_MYPORT; connection conn_select; alter server s1 options (database 'db_bogus'); -ERROR 42000: Access denied; you need (at least one of) the SUPER, FEDERATED ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the FEDERATED ADMIN privilege(s) for this operation connection master; flush tables; select * from federated.t1; @@ -220,7 +220,7 @@ id name 1 this is legitimate connection conn_usage; alter server s1 options (database 'db_bogus'); -ERROR 42000: Access denied; you need (at least one of) the SUPER, FEDERATED ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the FEDERATED ADMIN privilege(s) for this operation connection master; flush tables; select * from federated.t1; @@ -234,7 +234,7 @@ select * from federated.t1; Got one of the listed errors connection conn_select; drop server if exists 's1'; -ERROR 42000: Access denied; you need (at least one of) the SUPER, FEDERATED ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the FEDERATED ADMIN privilege(s) for this operation create server 's1' foreign data wrapper 'mysql' options (HOST '127.0.0.1', DATABASE 'db_legitimate', @@ -243,7 +243,7 @@ PASSWORD 'foo', PORT SLAVE_PORT, SOCKET '', OWNER 'root'); -ERROR 42000: Access denied; you need (at least one of) the SUPER, FEDERATED ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the FEDERATED ADMIN privilege(s) for this operation connection conn_super; drop server 's1'; create server 's1' foreign data wrapper 'mysql' options diff --git a/mysql-test/suite/federated/federated_server.test b/mysql-test/suite/federated/federated_server.test index 3d491b1dfdf..10f383d4efa 100644 --- a/mysql-test/suite/federated/federated_server.test +++ b/mysql-test/suite/federated/federated_server.test @@ -162,7 +162,7 @@ drop database second_db; # # Bug#25671 - CREATE/DROP/ALTER SERVER should require privileges # -# Changes to SERVER declarations should require SUPER privilege. +# Changes to SERVER declarations should require FEDERATED ADMIN privilege. # Based upon test case by Giuseppe Maxia create database db_legitimate; @@ -202,7 +202,7 @@ create user guest_select@localhost; grant select on federated.* to guest_select@localhost; create user guest_super@localhost; -grant select,SUPER,RELOAD on *.* to guest_super@localhost; +grant select,FEDERATED ADMIN,RELOAD on *.* to guest_super@localhost; create user guest_usage@localhost; grant usage on *.* to guest_usage@localhost; diff --git a/mysql-test/suite/funcs_1/r/innodb_trig_03e.result b/mysql-test/suite/funcs_1/r/innodb_trig_03e.result index 51f4eca4f1a..c9e9b1c5ae7 100644 --- a/mysql-test/suite/funcs_1/r/innodb_trig_03e.result +++ b/mysql-test/suite/funcs_1/r/innodb_trig_03e.result @@ -1353,7 +1353,7 @@ drop trigger trg1_0; create definer=not_ex_user@localhost trigger trg1_0 before INSERT on t1 for each row set new.f1 = 'trig 1_0-yes'; -ERROR 42000: Access denied; you need (at least one of) the SUPER, SET USER privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the SET USER privilege(s) for this operation create definer=current_user trigger trg1_1 before INSERT on t1 for each row set new.f1 = 'trig 1_1-yes'; @@ -1388,7 +1388,7 @@ GRANT SELECT, INSERT, UPDATE, TRIGGER ON `priv_db`.`t1` TO `test_yesprivs`@`loca create definer=not_ex_user@localhost trigger trg1_3 after UPDATE on t1 for each row set @var1 = 'trig 1_3-yes'; -ERROR 42000: Access denied; you need (at least one of) the SUPER, SET USER privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the SET USER privilege(s) for this operation connection default; select current_user; current_user diff --git a/mysql-test/suite/funcs_1/r/memory_trig_03e.result b/mysql-test/suite/funcs_1/r/memory_trig_03e.result index 9397e0766ef..a4a429755b5 100644 --- a/mysql-test/suite/funcs_1/r/memory_trig_03e.result +++ b/mysql-test/suite/funcs_1/r/memory_trig_03e.result @@ -1354,7 +1354,7 @@ drop trigger trg1_0; create definer=not_ex_user@localhost trigger trg1_0 before INSERT on t1 for each row set new.f1 = 'trig 1_0-yes'; -ERROR 42000: Access denied; you need (at least one of) the SUPER, SET USER privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the SET USER privilege(s) for this operation create definer=current_user trigger trg1_1 before INSERT on t1 for each row set new.f1 = 'trig 1_1-yes'; @@ -1389,7 +1389,7 @@ GRANT SELECT, INSERT, UPDATE, TRIGGER ON `priv_db`.`t1` TO `test_yesprivs`@`loca create definer=not_ex_user@localhost trigger trg1_3 after UPDATE on t1 for each row set @var1 = 'trig 1_3-yes'; -ERROR 42000: Access denied; you need (at least one of) the SUPER, SET USER privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the SET USER privilege(s) for this operation connection default; select current_user; current_user diff --git a/mysql-test/suite/funcs_1/r/myisam_trig_03e.result b/mysql-test/suite/funcs_1/r/myisam_trig_03e.result index b16beda5752..eb70366b789 100644 --- a/mysql-test/suite/funcs_1/r/myisam_trig_03e.result +++ b/mysql-test/suite/funcs_1/r/myisam_trig_03e.result @@ -1354,7 +1354,7 @@ drop trigger trg1_0; create definer=not_ex_user@localhost trigger trg1_0 before INSERT on t1 for each row set new.f1 = 'trig 1_0-yes'; -ERROR 42000: Access denied; you need (at least one of) the SUPER, SET USER privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the SET USER privilege(s) for this operation create definer=current_user trigger trg1_1 before INSERT on t1 for each row set new.f1 = 'trig 1_1-yes'; @@ -1389,7 +1389,7 @@ GRANT SELECT, INSERT, UPDATE, TRIGGER ON `priv_db`.`t1` TO `test_yesprivs`@`loca create definer=not_ex_user@localhost trigger trg1_3 after UPDATE on t1 for each row set @var1 = 'trig 1_3-yes'; -ERROR 42000: Access denied; you need (at least one of) the SUPER, SET USER privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the SET USER privilege(s) for this operation connection default; select current_user; current_user diff --git a/mysql-test/suite/roles/admin.result b/mysql-test/suite/roles/admin.result index 2ecbfae4516..4e8fa9652a0 100644 --- a/mysql-test/suite/roles/admin.result +++ b/mysql-test/suite/roles/admin.result @@ -8,9 +8,9 @@ create role role3 with admin role1; create role role4 with admin root@localhost; connect c1, localhost, foo,,; create role role5 with admin root@localhost; -ERROR 42000: Access denied; you need (at least one of) the SUPER, SET USER privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the SET USER privilege(s) for this operation create role role5 with admin role3; -ERROR 42000: Access denied; you need (at least one of) the SUPER, SET USER privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the SET USER privilege(s) for this operation create role role5 with admin foo@localhost; connection default; call mtr.add_suppression("Invalid roles_mapping table entry user:'foo@bar', rolename:'role6'"); diff --git a/mysql-test/suite/roles/definer.result b/mysql-test/suite/roles/definer.result index 091ba255bc6..f7cc9684ce5 100644 --- a/mysql-test/suite/roles/definer.result +++ b/mysql-test/suite/roles/definer.result @@ -669,7 +669,7 @@ CREATE DEFINER='r1' PROCEDURE user1_proc2() SQL SECURITY INVOKER BEGIN SELECT NOW(), VERSION(); END;// -ERROR 42000: Access denied; you need (at least one of) the SUPER, SET USER privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the SET USER privilege(s) for this operation set role r1; CREATE DEFINER='r1' PROCEDURE user1_proc2() SQL SECURITY INVOKER BEGIN diff --git a/mysql-test/suite/rpl/r/rpl_skip_replication.result b/mysql-test/suite/rpl/r/rpl_skip_replication.result index 96e0a30331d..c17ffbb5e47 100644 --- a/mysql-test/suite/rpl/r/rpl_skip_replication.result +++ b/mysql-test/suite/rpl/r/rpl_skip_replication.result @@ -12,7 +12,7 @@ SELECT,UPDATE ON *.* TO 'nonsuperuser'@'127.0.0.1'; connect nonpriv, 127.0.0.1, nonsuperuser,, test, $SLAVE_MYPORT,; connection nonpriv; SET GLOBAL replicate_events_marked_for_skip=FILTER_ON_MASTER; -ERROR 42000: Access denied; you need (at least one of) the SUPER, REPLICATION SLAVE ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the REPLICATION SLAVE ADMIN privilege(s) for this operation disconnect nonpriv; connection slave; DROP USER'nonsuperuser'@'127.0.0.1'; diff --git a/mysql-test/suite/rpl/r/rpl_temporary.result b/mysql-test/suite/rpl/r/rpl_temporary.result index 492e9ac3ac3..3651ead16cc 100644 --- a/mysql-test/suite/rpl/r/rpl_temporary.result +++ b/mysql-test/suite/rpl/r/rpl_temporary.result @@ -42,12 +42,12 @@ connect con3,localhost,zedjzlcsjhd,,; connection con3; SET @save_select_limit=@@session.sql_select_limit; SET @@session.sql_select_limit=10, @@session.pseudo_thread_id=100; -ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG REPLAY privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the BINLOG REPLAY privilege(s) for this operation SELECT @@session.sql_select_limit = @save_select_limit; @@session.sql_select_limit = @save_select_limit 1 SET @@session.sql_select_limit=10, @@session.sql_log_bin=0; -ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the BINLOG ADMIN privilege(s) for this operation SELECT @@session.sql_select_limit = @save_select_limit; @@session.sql_select_limit = @save_select_limit 1 diff --git a/mysql-test/suite/sys_vars/inc/sysvar_global_and_session_grant.inc b/mysql-test/suite/sys_vars/inc/sysvar_global_and_session_grant.inc index 0c6d070583b..09b178deb68 100644 --- a/mysql-test/suite/sys_vars/inc/sysvar_global_and_session_grant.inc +++ b/mysql-test/suite/sys_vars/inc/sysvar_global_and_session_grant.inc @@ -3,11 +3,11 @@ --eval SET @global=@@global.$var ---echo # Test that "SET $var" is not allowed without $grant or SUPER +--echo # Test that "SET $var" is not allowed without $grant CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; ---eval REVOKE $grant, SUPER ON *.* FROM user1@localhost +--eval REVOKE $grant ON *.* FROM user1@localhost --connect(user1,localhost,user1,,) --connection user1 --error ER_SPECIFIC_ACCESS_DENIED_ERROR @@ -33,17 +33,4 @@ CREATE USER user1@localhost; --connection default DROP USER user1@localhost; ---echo # Test that "SET $var" is allowed with SUPER - -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; ---connect(user1,localhost,user1,,) ---connection user1 ---eval SET GLOBAL $var=$value ---eval SET $var=$value ---eval SET SESSION $var=$value ---disconnect user1 ---connection default -DROP USER user1@localhost; - --eval SET @@global.$var=@global diff --git a/mysql-test/suite/sys_vars/inc/sysvar_global_grant.inc b/mysql-test/suite/sys_vars/inc/sysvar_global_grant.inc index f452c1b19d9..bf121d7214f 100644 --- a/mysql-test/suite/sys_vars/inc/sysvar_global_grant.inc +++ b/mysql-test/suite/sys_vars/inc/sysvar_global_grant.inc @@ -1,13 +1,12 @@ --source include/not_embedded.inc - --eval SET @global=@@global.$var ---echo # Test that "SET $var" is not allowed without $grant or SUPER +--echo # Test that "SET $var" is not allowed without $grant CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; ---eval REVOKE $grant, SUPER ON *.* FROM user1@localhost +--eval REVOKE $grant ON *.* FROM user1@localhost --connect(user1,localhost,user1,,) --connection user1 --error ER_SPECIFIC_ACCESS_DENIED_ERROR @@ -35,19 +34,4 @@ CREATE USER user1@localhost; --connection default DROP USER user1@localhost; ---echo # Test that "SET $var" is allowed with SUPER - -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; ---connect(user1,localhost,user1,,) ---connection user1 ---eval SET GLOBAL $var=$value ---error ER_GLOBAL_VARIABLE ---eval SET $var=$value ---error ER_GLOBAL_VARIABLE ---eval SET SESSION $var=$value ---disconnect user1 ---connection default -DROP USER user1@localhost; - --eval SET @@global.$var=@global diff --git a/mysql-test/suite/sys_vars/inc/sysvar_global_grant_alone.inc b/mysql-test/suite/sys_vars/inc/sysvar_global_grant_alone.inc index 6a1cf1a74c0..4fb93ce4d24 100644 --- a/mysql-test/suite/sys_vars/inc/sysvar_global_grant_alone.inc +++ b/mysql-test/suite/sys_vars/inc/sysvar_global_grant_alone.inc @@ -1,13 +1,12 @@ --source include/not_embedded.inc - --eval SET @global=@@global.$var ---echo # Test that "SET GLOBAL $var" is not allowed without $grant or SUPER +--echo # Test that "SET GLOBAL $var" is not allowed without $grant CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; ---eval REVOKE $grant, SUPER ON *.* FROM user1@localhost +--eval REVOKE $grant ON *.* FROM user1@localhost --connect(user1,localhost,user1,,) --connection user1 --error ER_SPECIFIC_ACCESS_DENIED_ERROR @@ -27,15 +26,4 @@ CREATE USER user1@localhost; --connection default DROP USER user1@localhost; ---echo # Test that "SET GLOBAL $var" is allowed with SUPER - -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; ---connect(user1,localhost,user1,,) ---connection user1 ---eval SET GLOBAL $var=$value ---disconnect user1 ---connection default -DROP USER user1@localhost; - --eval SET @@global.$var=@global diff --git a/mysql-test/suite/sys_vars/inc/sysvar_session_grant.inc b/mysql-test/suite/sys_vars/inc/sysvar_session_grant.inc index 1cdc6e7190a..ce41d5247d0 100644 --- a/mysql-test/suite/sys_vars/inc/sysvar_session_grant.inc +++ b/mysql-test/suite/sys_vars/inc/sysvar_session_grant.inc @@ -3,11 +3,11 @@ --eval SET @session=@@session.$var ---echo # Test that "SET $var" is not allowed without $grant or SUPER +--echo # Test that "SET $var" is not allowed without $grant CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; ---eval REVOKE $grant, SUPER ON *.* FROM user1@localhost +--eval REVOKE $grant ON *.* FROM user1@localhost --connect(user1,localhost,user1,,) --connection user1 --error ER_LOCAL_VARIABLE @@ -34,18 +34,4 @@ CREATE USER user1@localhost; --connection default DROP USER user1@localhost; ---echo # Test that "SET $var" is allowed with SUPER - -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; ---connect(user1,localhost,user1,,) ---connection user1 ---error ER_LOCAL_VARIABLE ---eval SET GLOBAL $var=$value ---eval SET $var=$value ---eval SET SESSION $var=$value ---disconnect user1 ---connection default -DROP USER user1@localhost; - --eval SET @@session.$var=@session diff --git a/mysql-test/suite/sys_vars/inc/sysvar_session_grant_alone.inc b/mysql-test/suite/sys_vars/inc/sysvar_session_grant_alone.inc index af38623a010..b5a484a375c 100644 --- a/mysql-test/suite/sys_vars/inc/sysvar_session_grant_alone.inc +++ b/mysql-test/suite/sys_vars/inc/sysvar_session_grant_alone.inc @@ -3,11 +3,11 @@ --eval SET @session=@@session.$var ---echo # Test that "SET $var" is not allowed without $grant or SUPER +--echo # Test that "SET $var" is not allowed without $grant CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; ---eval REVOKE $grant, SUPER ON *.* FROM user1@localhost +--eval REVOKE $grant ON *.* FROM user1@localhost --connect(user1,localhost,user1,,) --connection user1 --error ER_SPECIFIC_ACCESS_DENIED_ERROR @@ -30,16 +30,4 @@ CREATE USER user1@localhost; --connection default DROP USER user1@localhost; ---echo # Test that "SET $var" is allowed with SUPER - -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; ---connect(user1,localhost,user1,,) ---connection user1 ---eval SET $var=$value ---eval SET SESSION $var=$value ---disconnect user1 ---connection default -DROP USER user1@localhost; - --eval SET @@session.$var=@session diff --git a/mysql-test/suite/sys_vars/r/binlog_annotate_row_events_grant.result b/mysql-test/suite/sys_vars/r/binlog_annotate_row_events_grant.result index 1ff25d209bd..69aa36443c6 100644 --- a/mysql-test/suite/sys_vars/r/binlog_annotate_row_events_grant.result +++ b/mysql-test/suite/sys_vars/r/binlog_annotate_row_events_grant.result @@ -2,18 +2,18 @@ # MDEV-21971 Bind BINLOG ADMIN to binlog_annotate_row_events and binlog_row_image global and session variables # SET @global=@@global.binlog_annotate_row_events; -# Test that "SET binlog_annotate_row_events" is not allowed without BINLOG ADMIN or SUPER +# Test that "SET binlog_annotate_row_events" is not allowed without BINLOG ADMIN CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE BINLOG ADMIN, SUPER ON *.* FROM user1@localhost; +REVOKE BINLOG ADMIN ON *.* FROM user1@localhost; connect user1,localhost,user1,,; connection user1; SET GLOBAL binlog_annotate_row_events=1; -ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the BINLOG ADMIN privilege(s) for this operation SET binlog_annotate_row_events=1; -ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the BINLOG ADMIN privilege(s) for this operation SET SESSION binlog_annotate_row_events=1; -ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the BINLOG ADMIN privilege(s) for this operation disconnect user1; connection default; DROP USER user1@localhost; @@ -28,15 +28,4 @@ SET SESSION binlog_annotate_row_events=1; disconnect user1; connection default; DROP USER user1@localhost; -# Test that "SET binlog_annotate_row_events" is allowed with SUPER -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; -connect user1,localhost,user1,,; -connection user1; -SET GLOBAL binlog_annotate_row_events=1; -SET binlog_annotate_row_events=1; -SET SESSION binlog_annotate_row_events=1; -disconnect user1; -connection default; -DROP USER user1@localhost; SET @@global.binlog_annotate_row_events=@global; diff --git a/mysql-test/suite/sys_vars/r/binlog_cache_size_grant.result b/mysql-test/suite/sys_vars/r/binlog_cache_size_grant.result index e6898e58968..49dac9648c3 100644 --- a/mysql-test/suite/sys_vars/r/binlog_cache_size_grant.result +++ b/mysql-test/suite/sys_vars/r/binlog_cache_size_grant.result @@ -2,14 +2,14 @@ # MDEV-21963 Bind BINLOG ADMIN to a number of global system variables # SET @global=@@global.binlog_cache_size; -# Test that "SET binlog_cache_size" is not allowed without BINLOG ADMIN or SUPER +# Test that "SET binlog_cache_size" is not allowed without BINLOG ADMIN CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE BINLOG ADMIN, SUPER ON *.* FROM user1@localhost; +REVOKE BINLOG ADMIN ON *.* FROM user1@localhost; connect user1,localhost,user1,,; connection user1; SET GLOBAL binlog_cache_size=65536; -ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the BINLOG ADMIN privilege(s) for this operation SET binlog_cache_size=65536; ERROR HY000: Variable 'binlog_cache_size' is a GLOBAL variable and should be set with SET GLOBAL SET SESSION binlog_cache_size=65536; @@ -30,17 +30,4 @@ ERROR HY000: Variable 'binlog_cache_size' is a GLOBAL variable and should be set disconnect user1; connection default; DROP USER user1@localhost; -# Test that "SET binlog_cache_size" is allowed with SUPER -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; -connect user1,localhost,user1,,; -connection user1; -SET GLOBAL binlog_cache_size=65536; -SET binlog_cache_size=65536; -ERROR HY000: Variable 'binlog_cache_size' is a GLOBAL variable and should be set with SET GLOBAL -SET SESSION binlog_cache_size=65536; -ERROR HY000: Variable 'binlog_cache_size' is a GLOBAL variable and should be set with SET GLOBAL -disconnect user1; -connection default; -DROP USER user1@localhost; SET @@global.binlog_cache_size=@global; diff --git a/mysql-test/suite/sys_vars/r/binlog_commit_wait_count_grant.result b/mysql-test/suite/sys_vars/r/binlog_commit_wait_count_grant.result index 930772f7499..69d69cf5d5e 100644 --- a/mysql-test/suite/sys_vars/r/binlog_commit_wait_count_grant.result +++ b/mysql-test/suite/sys_vars/r/binlog_commit_wait_count_grant.result @@ -2,14 +2,14 @@ # MDEV-21963 Bind BINLOG ADMIN to a number of global system variables # SET @global=@@global.binlog_commit_wait_count; -# Test that "SET binlog_commit_wait_count" is not allowed without BINLOG ADMIN or SUPER +# Test that "SET binlog_commit_wait_count" is not allowed without BINLOG ADMIN CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE BINLOG ADMIN, SUPER ON *.* FROM user1@localhost; +REVOKE BINLOG ADMIN ON *.* FROM user1@localhost; connect user1,localhost,user1,,; connection user1; SET GLOBAL binlog_commit_wait_count=65536; -ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the BINLOG ADMIN privilege(s) for this operation SET binlog_commit_wait_count=65536; ERROR HY000: Variable 'binlog_commit_wait_count' is a GLOBAL variable and should be set with SET GLOBAL SET SESSION binlog_commit_wait_count=65536; @@ -30,17 +30,4 @@ ERROR HY000: Variable 'binlog_commit_wait_count' is a GLOBAL variable and should disconnect user1; connection default; DROP USER user1@localhost; -# Test that "SET binlog_commit_wait_count" is allowed with SUPER -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; -connect user1,localhost,user1,,; -connection user1; -SET GLOBAL binlog_commit_wait_count=65536; -SET binlog_commit_wait_count=65536; -ERROR HY000: Variable 'binlog_commit_wait_count' is a GLOBAL variable and should be set with SET GLOBAL -SET SESSION binlog_commit_wait_count=65536; -ERROR HY000: Variable 'binlog_commit_wait_count' is a GLOBAL variable and should be set with SET GLOBAL -disconnect user1; -connection default; -DROP USER user1@localhost; SET @@global.binlog_commit_wait_count=@global; diff --git a/mysql-test/suite/sys_vars/r/binlog_commit_wait_usec_grant.result b/mysql-test/suite/sys_vars/r/binlog_commit_wait_usec_grant.result index cfbb759e959..e5ef4fec042 100644 --- a/mysql-test/suite/sys_vars/r/binlog_commit_wait_usec_grant.result +++ b/mysql-test/suite/sys_vars/r/binlog_commit_wait_usec_grant.result @@ -2,14 +2,14 @@ # MDEV-21963 Bind BINLOG ADMIN to a number of global system variables # SET @global=@@global.binlog_commit_wait_usec; -# Test that "SET binlog_commit_wait_usec" is not allowed without BINLOG ADMIN or SUPER +# Test that "SET binlog_commit_wait_usec" is not allowed without BINLOG ADMIN CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE BINLOG ADMIN, SUPER ON *.* FROM user1@localhost; +REVOKE BINLOG ADMIN ON *.* FROM user1@localhost; connect user1,localhost,user1,,; connection user1; SET GLOBAL binlog_commit_wait_usec=65536; -ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the BINLOG ADMIN privilege(s) for this operation SET binlog_commit_wait_usec=65536; ERROR HY000: Variable 'binlog_commit_wait_usec' is a GLOBAL variable and should be set with SET GLOBAL SET SESSION binlog_commit_wait_usec=65536; @@ -30,17 +30,4 @@ ERROR HY000: Variable 'binlog_commit_wait_usec' is a GLOBAL variable and should disconnect user1; connection default; DROP USER user1@localhost; -# Test that "SET binlog_commit_wait_usec" is allowed with SUPER -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; -connect user1,localhost,user1,,; -connection user1; -SET GLOBAL binlog_commit_wait_usec=65536; -SET binlog_commit_wait_usec=65536; -ERROR HY000: Variable 'binlog_commit_wait_usec' is a GLOBAL variable and should be set with SET GLOBAL -SET SESSION binlog_commit_wait_usec=65536; -ERROR HY000: Variable 'binlog_commit_wait_usec' is a GLOBAL variable and should be set with SET GLOBAL -disconnect user1; -connection default; -DROP USER user1@localhost; SET @@global.binlog_commit_wait_usec=@global; diff --git a/mysql-test/suite/sys_vars/r/binlog_direct_non_transactional_updates_grant.result b/mysql-test/suite/sys_vars/r/binlog_direct_non_transactional_updates_grant.result index e70dbbf408f..f283d226aae 100644 --- a/mysql-test/suite/sys_vars/r/binlog_direct_non_transactional_updates_grant.result +++ b/mysql-test/suite/sys_vars/r/binlog_direct_non_transactional_updates_grant.result @@ -3,18 +3,18 @@ SET @session= @@global.binlog_direct_non_transactional_updates; # # # -# Test that "SET binlog_direct_non_transactional_updates" is not allowed without BINLOG ADMIN or SUPER +# Test that "SET binlog_direct_non_transactional_updates" is not allowed without BINLOG ADMIN CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE BINLOG ADMIN, SUPER ON *.* FROM user1@localhost; +REVOKE BINLOG ADMIN ON *.* FROM user1@localhost; connect user1,localhost,user1,,; connection user1; SET binlog_direct_non_transactional_updates=0; -ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the BINLOG ADMIN privilege(s) for this operation SET GLOBAL binlog_direct_non_transactional_updates=0; -ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the BINLOG ADMIN privilege(s) for this operation SET SESSION binlog_direct_non_transactional_updates=0; -ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the BINLOG ADMIN privilege(s) for this operation disconnect user1; connection default; DROP USER user1@localhost; @@ -29,16 +29,5 @@ SET SESSION binlog_direct_non_transactional_updates=0; disconnect user1; connection default; DROP USER user1@localhost; -# Test that "SET binlog_direct_non_transactional_updates" is allowed with SUPER -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; -connect user1,localhost,user1,,; -connection user1; -SET binlog_direct_non_transactional_updates=0; -SET GLOBAL binlog_direct_non_transactional_updates=0; -SET SESSION binlog_direct_non_transactional_updates=0; -disconnect user1; -connection default; -DROP USER user1@localhost; SET GLOBAL binlog_direct_non_transactional_updates=@global; SET SESSION binlog_direct_non_transactional_updates=@session; diff --git a/mysql-test/suite/sys_vars/r/binlog_expire_logs_seconds_grant.result b/mysql-test/suite/sys_vars/r/binlog_expire_logs_seconds_grant.result index 94b57d2e7c3..5e86432272f 100644 --- a/mysql-test/suite/sys_vars/r/binlog_expire_logs_seconds_grant.result +++ b/mysql-test/suite/sys_vars/r/binlog_expire_logs_seconds_grant.result @@ -3,14 +3,14 @@ # Test that "SET binlog_expire_logs_seconds" is not allowed without BINLOG ADMIN or SUPER # SET @global=@@global.binlog_expire_logs_seconds; -# Test that "SET binlog_expire_logs_seconds" is not allowed without BINLOG ADMIN or SUPER +# Test that "SET binlog_expire_logs_seconds" is not allowed without BINLOG ADMIN CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE BINLOG ADMIN, SUPER ON *.* FROM user1@localhost; +REVOKE BINLOG ADMIN ON *.* FROM user1@localhost; connect user1,localhost,user1,,; connection user1; SET GLOBAL binlog_expire_logs_seconds=10; -ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the BINLOG ADMIN privilege(s) for this operation SET binlog_expire_logs_seconds=10; ERROR HY000: Variable 'binlog_expire_logs_seconds' is a GLOBAL variable and should be set with SET GLOBAL SET SESSION binlog_expire_logs_seconds=10; @@ -31,17 +31,4 @@ ERROR HY000: Variable 'binlog_expire_logs_seconds' is a GLOBAL variable and shou disconnect user1; connection default; DROP USER user1@localhost; -# Test that "SET binlog_expire_logs_seconds" is allowed with SUPER -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; -connect user1,localhost,user1,,; -connection user1; -SET GLOBAL binlog_expire_logs_seconds=10; -SET binlog_expire_logs_seconds=10; -ERROR HY000: Variable 'binlog_expire_logs_seconds' is a GLOBAL variable and should be set with SET GLOBAL -SET SESSION binlog_expire_logs_seconds=10; -ERROR HY000: Variable 'binlog_expire_logs_seconds' is a GLOBAL variable and should be set with SET GLOBAL -disconnect user1; -connection default; -DROP USER user1@localhost; SET @@global.binlog_expire_logs_seconds=@global; diff --git a/mysql-test/suite/sys_vars/r/binlog_file_cache_size_grant.result b/mysql-test/suite/sys_vars/r/binlog_file_cache_size_grant.result index 3cd5aaf57d4..38ae2098aa9 100644 --- a/mysql-test/suite/sys_vars/r/binlog_file_cache_size_grant.result +++ b/mysql-test/suite/sys_vars/r/binlog_file_cache_size_grant.result @@ -2,14 +2,14 @@ # MDEV-21963 Bind BINLOG ADMIN to a number of global system variables # SET @global=@@global.binlog_file_cache_size; -# Test that "SET binlog_file_cache_size" is not allowed without BINLOG ADMIN or SUPER +# Test that "SET binlog_file_cache_size" is not allowed without BINLOG ADMIN CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE BINLOG ADMIN, SUPER ON *.* FROM user1@localhost; +REVOKE BINLOG ADMIN ON *.* FROM user1@localhost; connect user1,localhost,user1,,; connection user1; SET GLOBAL binlog_file_cache_size=65536; -ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the BINLOG ADMIN privilege(s) for this operation SET binlog_file_cache_size=65536; ERROR HY000: Variable 'binlog_file_cache_size' is a GLOBAL variable and should be set with SET GLOBAL SET SESSION binlog_file_cache_size=65536; @@ -30,17 +30,4 @@ ERROR HY000: Variable 'binlog_file_cache_size' is a GLOBAL variable and should b disconnect user1; connection default; DROP USER user1@localhost; -# Test that "SET binlog_file_cache_size" is allowed with SUPER -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; -connect user1,localhost,user1,,; -connection user1; -SET GLOBAL binlog_file_cache_size=65536; -SET binlog_file_cache_size=65536; -ERROR HY000: Variable 'binlog_file_cache_size' is a GLOBAL variable and should be set with SET GLOBAL -SET SESSION binlog_file_cache_size=65536; -ERROR HY000: Variable 'binlog_file_cache_size' is a GLOBAL variable and should be set with SET GLOBAL -disconnect user1; -connection default; -DROP USER user1@localhost; SET @@global.binlog_file_cache_size=@global; diff --git a/mysql-test/suite/sys_vars/r/binlog_format_grant.result b/mysql-test/suite/sys_vars/r/binlog_format_grant.result index b3cd77a6bd4..ba9ec79d621 100644 --- a/mysql-test/suite/sys_vars/r/binlog_format_grant.result +++ b/mysql-test/suite/sys_vars/r/binlog_format_grant.result @@ -1,18 +1,18 @@ # # # -# Test that "SET binlog_format" is not allowed without BINLOG ADMIN or SUPER +# Test that "SET binlog_format" is not allowed without BINLOG ADMIN CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE BINLOG ADMIN, SUPER ON *.* FROM user1@localhost; +REVOKE BINLOG ADMIN ON *.* FROM user1@localhost; connect user1,localhost,user1,,; connection user1; SET binlog_format=mixed; -ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the BINLOG ADMIN privilege(s) for this operation SET GLOBAL binlog_format=mixed; -ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the BINLOG ADMIN privilege(s) for this operation SET SESSION binlog_format=mixed; -ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the BINLOG ADMIN privilege(s) for this operation disconnect user1; connection default; DROP USER user1@localhost; @@ -27,14 +27,3 @@ SET SESSION binlog_format=mixed; disconnect user1; connection default; DROP USER user1@localhost; -# Test that "SET binlog_format" is allowed with SUPER -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; -connect user1,localhost,user1,,; -connection user1; -SET binlog_format=mixed; -SET GLOBAL binlog_format=mixed; -SET SESSION binlog_format=mixed; -disconnect user1; -connection default; -DROP USER user1@localhost; diff --git a/mysql-test/suite/sys_vars/r/binlog_row_image_grant.result b/mysql-test/suite/sys_vars/r/binlog_row_image_grant.result index d9cf65d9932..c2194aec404 100644 --- a/mysql-test/suite/sys_vars/r/binlog_row_image_grant.result +++ b/mysql-test/suite/sys_vars/r/binlog_row_image_grant.result @@ -2,18 +2,18 @@ # MDEV-21971 Bind BINLOG ADMIN to binlog_annotate_row_events and binlog_row_image global and session variables # SET @global=@@global.binlog_row_image; -# Test that "SET binlog_row_image" is not allowed without BINLOG ADMIN or SUPER +# Test that "SET binlog_row_image" is not allowed without BINLOG ADMIN CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE BINLOG ADMIN, SUPER ON *.* FROM user1@localhost; +REVOKE BINLOG ADMIN ON *.* FROM user1@localhost; connect user1,localhost,user1,,; connection user1; SET GLOBAL binlog_row_image=1; -ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the BINLOG ADMIN privilege(s) for this operation SET binlog_row_image=1; -ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the BINLOG ADMIN privilege(s) for this operation SET SESSION binlog_row_image=1; -ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the BINLOG ADMIN privilege(s) for this operation disconnect user1; connection default; DROP USER user1@localhost; @@ -28,15 +28,4 @@ SET SESSION binlog_row_image=1; disconnect user1; connection default; DROP USER user1@localhost; -# Test that "SET binlog_row_image" is allowed with SUPER -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; -connect user1,localhost,user1,,; -connection user1; -SET GLOBAL binlog_row_image=1; -SET binlog_row_image=1; -SET SESSION binlog_row_image=1; -disconnect user1; -connection default; -DROP USER user1@localhost; SET @@global.binlog_row_image=@global; diff --git a/mysql-test/suite/sys_vars/r/binlog_row_metadata_grant.result b/mysql-test/suite/sys_vars/r/binlog_row_metadata_grant.result index 43282278aa3..2c47c1481eb 100644 --- a/mysql-test/suite/sys_vars/r/binlog_row_metadata_grant.result +++ b/mysql-test/suite/sys_vars/r/binlog_row_metadata_grant.result @@ -2,14 +2,14 @@ # MDEV-21963 Bind BINLOG ADMIN to a number of global system variables # SET @global=@@global.binlog_row_metadata; -# Test that "SET binlog_row_metadata" is not allowed without BINLOG ADMIN or SUPER +# Test that "SET binlog_row_metadata" is not allowed without BINLOG ADMIN CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE BINLOG ADMIN, SUPER ON *.* FROM user1@localhost; +REVOKE BINLOG ADMIN ON *.* FROM user1@localhost; connect user1,localhost,user1,,; connection user1; SET GLOBAL binlog_row_metadata=NO_LOG; -ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the BINLOG ADMIN privilege(s) for this operation SET binlog_row_metadata=NO_LOG; ERROR HY000: Variable 'binlog_row_metadata' is a GLOBAL variable and should be set with SET GLOBAL SET SESSION binlog_row_metadata=NO_LOG; @@ -30,17 +30,4 @@ ERROR HY000: Variable 'binlog_row_metadata' is a GLOBAL variable and should be s disconnect user1; connection default; DROP USER user1@localhost; -# Test that "SET binlog_row_metadata" is allowed with SUPER -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; -connect user1,localhost,user1,,; -connection user1; -SET GLOBAL binlog_row_metadata=NO_LOG; -SET binlog_row_metadata=NO_LOG; -ERROR HY000: Variable 'binlog_row_metadata' is a GLOBAL variable and should be set with SET GLOBAL -SET SESSION binlog_row_metadata=NO_LOG; -ERROR HY000: Variable 'binlog_row_metadata' is a GLOBAL variable and should be set with SET GLOBAL -disconnect user1; -connection default; -DROP USER user1@localhost; SET @@global.binlog_row_metadata=@global; diff --git a/mysql-test/suite/sys_vars/r/binlog_stmt_cache_size_grant.result b/mysql-test/suite/sys_vars/r/binlog_stmt_cache_size_grant.result index 87070de932c..ca2505e9570 100644 --- a/mysql-test/suite/sys_vars/r/binlog_stmt_cache_size_grant.result +++ b/mysql-test/suite/sys_vars/r/binlog_stmt_cache_size_grant.result @@ -2,14 +2,14 @@ # MDEV-21963 Bind BINLOG ADMIN to a number of global system variables # SET @global=@@global.binlog_stmt_cache_size; -# Test that "SET binlog_stmt_cache_size" is not allowed without BINLOG ADMIN or SUPER +# Test that "SET binlog_stmt_cache_size" is not allowed without BINLOG ADMIN CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE BINLOG ADMIN, SUPER ON *.* FROM user1@localhost; +REVOKE BINLOG ADMIN ON *.* FROM user1@localhost; connect user1,localhost,user1,,; connection user1; SET GLOBAL binlog_stmt_cache_size=65536; -ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the BINLOG ADMIN privilege(s) for this operation SET binlog_stmt_cache_size=65536; ERROR HY000: Variable 'binlog_stmt_cache_size' is a GLOBAL variable and should be set with SET GLOBAL SET SESSION binlog_stmt_cache_size=65536; @@ -30,17 +30,4 @@ ERROR HY000: Variable 'binlog_stmt_cache_size' is a GLOBAL variable and should b disconnect user1; connection default; DROP USER user1@localhost; -# Test that "SET binlog_stmt_cache_size" is allowed with SUPER -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; -connect user1,localhost,user1,,; -connection user1; -SET GLOBAL binlog_stmt_cache_size=65536; -SET binlog_stmt_cache_size=65536; -ERROR HY000: Variable 'binlog_stmt_cache_size' is a GLOBAL variable and should be set with SET GLOBAL -SET SESSION binlog_stmt_cache_size=65536; -ERROR HY000: Variable 'binlog_stmt_cache_size' is a GLOBAL variable and should be set with SET GLOBAL -disconnect user1; -connection default; -DROP USER user1@localhost; SET @@global.binlog_stmt_cache_size=@global; diff --git a/mysql-test/suite/sys_vars/r/connect_timeout_grant.result b/mysql-test/suite/sys_vars/r/connect_timeout_grant.result index 96351490f6f..488649a4a3a 100644 --- a/mysql-test/suite/sys_vars/r/connect_timeout_grant.result +++ b/mysql-test/suite/sys_vars/r/connect_timeout_grant.result @@ -2,14 +2,14 @@ SET @global=@@global.connect_timeout; # # MDEV-21961 Bind CONNECTION ADMIN to a number of global system variables # -# Test that "SET connect_timeout" is not allowed without CONNECTION ADMIN or SUPER +# Test that "SET connect_timeout" is not allowed without CONNECTION ADMIN CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE CONNECTION ADMIN, SUPER ON *.* FROM user1@localhost; +REVOKE CONNECTION ADMIN ON *.* FROM user1@localhost; connect user1,localhost,user1,,; connection user1; SET GLOBAL connect_timeout=10; -ERROR 42000: Access denied; you need (at least one of) the SUPER, CONNECTION ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the CONNECTION ADMIN privilege(s) for this operation SET connect_timeout=10; ERROR HY000: Variable 'connect_timeout' is a GLOBAL variable and should be set with SET GLOBAL SET SESSION connect_timeout=10; @@ -30,17 +30,4 @@ ERROR HY000: Variable 'connect_timeout' is a GLOBAL variable and should be set w disconnect user1; connection default; DROP USER user1@localhost; -# Test that "SET connect_timeout" is allowed with SUPER -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; -connect user1,localhost,user1,,; -connection user1; -SET GLOBAL connect_timeout=10; -SET connect_timeout=10; -ERROR HY000: Variable 'connect_timeout' is a GLOBAL variable and should be set with SET GLOBAL -SET SESSION connect_timeout=10; -ERROR HY000: Variable 'connect_timeout' is a GLOBAL variable and should be set with SET GLOBAL -disconnect user1; -connection default; -DROP USER user1@localhost; SET @@global.connect_timeout=@global; diff --git a/mysql-test/suite/sys_vars/r/disconnect_on_expired_password_grant.result b/mysql-test/suite/sys_vars/r/disconnect_on_expired_password_grant.result index b7152351a5d..e3bc2754e85 100644 --- a/mysql-test/suite/sys_vars/r/disconnect_on_expired_password_grant.result +++ b/mysql-test/suite/sys_vars/r/disconnect_on_expired_password_grant.result @@ -2,14 +2,14 @@ SET @global=@@global.disconnect_on_expired_password; # # MDEV-21961 Bind CONNECTION ADMIN to a number of global system variables # -# Test that "SET disconnect_on_expired_password" is not allowed without CONNECTION ADMIN or SUPER +# Test that "SET disconnect_on_expired_password" is not allowed without CONNECTION ADMIN CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE CONNECTION ADMIN, SUPER ON *.* FROM user1@localhost; +REVOKE CONNECTION ADMIN ON *.* FROM user1@localhost; connect user1,localhost,user1,,; connection user1; SET GLOBAL disconnect_on_expired_password=1; -ERROR 42000: Access denied; you need (at least one of) the SUPER, CONNECTION ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the CONNECTION ADMIN privilege(s) for this operation SET disconnect_on_expired_password=1; ERROR HY000: Variable 'disconnect_on_expired_password' is a GLOBAL variable and should be set with SET GLOBAL SET SESSION disconnect_on_expired_password=1; @@ -30,17 +30,4 @@ ERROR HY000: Variable 'disconnect_on_expired_password' is a GLOBAL variable and disconnect user1; connection default; DROP USER user1@localhost; -# Test that "SET disconnect_on_expired_password" is allowed with SUPER -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; -connect user1,localhost,user1,,; -connection user1; -SET GLOBAL disconnect_on_expired_password=1; -SET disconnect_on_expired_password=1; -ERROR HY000: Variable 'disconnect_on_expired_password' is a GLOBAL variable and should be set with SET GLOBAL -SET SESSION disconnect_on_expired_password=1; -ERROR HY000: Variable 'disconnect_on_expired_password' is a GLOBAL variable and should be set with SET GLOBAL -disconnect user1; -connection default; -DROP USER user1@localhost; SET @@global.disconnect_on_expired_password=@global; diff --git a/mysql-test/suite/sys_vars/r/expire_logs_days_grant.result b/mysql-test/suite/sys_vars/r/expire_logs_days_grant.result index f7a3ddc76c1..4dcff017357 100644 --- a/mysql-test/suite/sys_vars/r/expire_logs_days_grant.result +++ b/mysql-test/suite/sys_vars/r/expire_logs_days_grant.result @@ -2,14 +2,14 @@ # MDEV-21963 Bind BINLOG ADMIN to a number of global system variables # SET @global=@@global.expire_logs_days; -# Test that "SET expire_logs_days" is not allowed without BINLOG ADMIN or SUPER +# Test that "SET expire_logs_days" is not allowed without BINLOG ADMIN CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE BINLOG ADMIN, SUPER ON *.* FROM user1@localhost; +REVOKE BINLOG ADMIN ON *.* FROM user1@localhost; connect user1,localhost,user1,,; connection user1; SET GLOBAL expire_logs_days=33; -ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the BINLOG ADMIN privilege(s) for this operation SET expire_logs_days=33; ERROR HY000: Variable 'expire_logs_days' is a GLOBAL variable and should be set with SET GLOBAL SET SESSION expire_logs_days=33; @@ -30,17 +30,4 @@ ERROR HY000: Variable 'expire_logs_days' is a GLOBAL variable and should be set disconnect user1; connection default; DROP USER user1@localhost; -# Test that "SET expire_logs_days" is allowed with SUPER -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; -connect user1,localhost,user1,,; -connection user1; -SET GLOBAL expire_logs_days=33; -SET expire_logs_days=33; -ERROR HY000: Variable 'expire_logs_days' is a GLOBAL variable and should be set with SET GLOBAL -SET SESSION expire_logs_days=33; -ERROR HY000: Variable 'expire_logs_days' is a GLOBAL variable and should be set with SET GLOBAL -disconnect user1; -connection default; -DROP USER user1@localhost; SET @@global.expire_logs_days=@global; diff --git a/mysql-test/suite/sys_vars/r/extra_max_connections_grant.result b/mysql-test/suite/sys_vars/r/extra_max_connections_grant.result index 2f211dd5661..2663cfadd95 100644 --- a/mysql-test/suite/sys_vars/r/extra_max_connections_grant.result +++ b/mysql-test/suite/sys_vars/r/extra_max_connections_grant.result @@ -2,14 +2,14 @@ SET @global=@@global.extra_max_connections; # # MDEV-21961 Bind CONNECTION ADMIN to a number of global system variables # -# Test that "SET extra_max_connections" is not allowed without CONNECTION ADMIN or SUPER +# Test that "SET extra_max_connections" is not allowed without CONNECTION ADMIN CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE CONNECTION ADMIN, SUPER ON *.* FROM user1@localhost; +REVOKE CONNECTION ADMIN ON *.* FROM user1@localhost; connect user1,localhost,user1,,; connection user1; SET GLOBAL extra_max_connections=10; -ERROR 42000: Access denied; you need (at least one of) the SUPER, CONNECTION ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the CONNECTION ADMIN privilege(s) for this operation SET extra_max_connections=10; ERROR HY000: Variable 'extra_max_connections' is a GLOBAL variable and should be set with SET GLOBAL SET SESSION extra_max_connections=10; @@ -30,17 +30,4 @@ ERROR HY000: Variable 'extra_max_connections' is a GLOBAL variable and should be disconnect user1; connection default; DROP USER user1@localhost; -# Test that "SET extra_max_connections" is allowed with SUPER -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; -connect user1,localhost,user1,,; -connection user1; -SET GLOBAL extra_max_connections=10; -SET extra_max_connections=10; -ERROR HY000: Variable 'extra_max_connections' is a GLOBAL variable and should be set with SET GLOBAL -SET SESSION extra_max_connections=10; -ERROR HY000: Variable 'extra_max_connections' is a GLOBAL variable and should be set with SET GLOBAL -disconnect user1; -connection default; -DROP USER user1@localhost; SET @@global.extra_max_connections=@global; diff --git a/mysql-test/suite/sys_vars/r/gtid_binlog_state_grant.result b/mysql-test/suite/sys_vars/r/gtid_binlog_state_grant.result index 0ccf610cc28..4aa0a800c9b 100644 --- a/mysql-test/suite/sys_vars/r/gtid_binlog_state_grant.result +++ b/mysql-test/suite/sys_vars/r/gtid_binlog_state_grant.result @@ -1,14 +1,14 @@ # # MDEV-21973 Bind REPLICATION {MASTER|SLAVE} ADMIN to gtid_* GLOBAL-only system variables # -# Test that "SET gtid_binlog_state" is not allowed without REPLICATION MASTER ADMIN or SUPER +# Test that "SET gtid_binlog_state" is not allowed without REPLICATION MASTER ADMIN CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE REPLICATION MASTER ADMIN, SUPER ON *.* FROM user1@localhost; +REVOKE REPLICATION MASTER ADMIN ON *.* FROM user1@localhost; connect user1,localhost,user1,,; connection user1; SET GLOBAL gtid_binlog_state='0-1-10'; -ERROR 42000: Access denied; you need (at least one of) the SUPER, REPLICATION MASTER ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the REPLICATION MASTER ADMIN privilege(s) for this operation SET gtid_binlog_state='0-1-10'; ERROR HY000: Variable 'gtid_binlog_state' is a GLOBAL variable and should be set with SET GLOBAL SET SESSION gtid_binlog_state='0-1-10'; @@ -30,17 +30,3 @@ ERROR HY000: Variable 'gtid_binlog_state' is a GLOBAL variable and should be set disconnect user1; connection default; DROP USER user1@localhost; -# Test that "SET gtid_binlog_state" is allowed with SUPER -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; -connect user1,localhost,user1,,; -connection user1; -SET GLOBAL gtid_binlog_state='0-1-10'; -ERROR HY000: Binlog closed, cannot RESET MASTER -SET gtid_binlog_state='0-1-10'; -ERROR HY000: Variable 'gtid_binlog_state' is a GLOBAL variable and should be set with SET GLOBAL -SET SESSION gtid_binlog_state='0-1-10'; -ERROR HY000: Variable 'gtid_binlog_state' is a GLOBAL variable and should be set with SET GLOBAL -disconnect user1; -connection default; -DROP USER user1@localhost; diff --git a/mysql-test/suite/sys_vars/r/gtid_cleanup_batch_size_grant.result b/mysql-test/suite/sys_vars/r/gtid_cleanup_batch_size_grant.result index 326fb47d48c..33a39d1ce2d 100644 --- a/mysql-test/suite/sys_vars/r/gtid_cleanup_batch_size_grant.result +++ b/mysql-test/suite/sys_vars/r/gtid_cleanup_batch_size_grant.result @@ -2,14 +2,14 @@ # MDEV-21973 Bind REPLICATION {MASTER|SLAVE} ADMIN to gtid_* GLOBAL-only system variables # SET @global=@@global.gtid_cleanup_batch_size; -# Test that "SET gtid_cleanup_batch_size" is not allowed without REPLICATION SLAVE ADMIN or SUPER +# Test that "SET gtid_cleanup_batch_size" is not allowed without REPLICATION SLAVE ADMIN CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE REPLICATION SLAVE ADMIN, SUPER ON *.* FROM user1@localhost; +REVOKE REPLICATION SLAVE ADMIN ON *.* FROM user1@localhost; connect user1,localhost,user1,,; connection user1; SET GLOBAL gtid_cleanup_batch_size=1; -ERROR 42000: Access denied; you need (at least one of) the SUPER, REPLICATION SLAVE ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the REPLICATION SLAVE ADMIN privilege(s) for this operation SET gtid_cleanup_batch_size=1; ERROR HY000: Variable 'gtid_cleanup_batch_size' is a GLOBAL variable and should be set with SET GLOBAL SET SESSION gtid_cleanup_batch_size=1; @@ -30,17 +30,4 @@ ERROR HY000: Variable 'gtid_cleanup_batch_size' is a GLOBAL variable and should disconnect user1; connection default; DROP USER user1@localhost; -# Test that "SET gtid_cleanup_batch_size" is allowed with SUPER -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; -connect user1,localhost,user1,,; -connection user1; -SET GLOBAL gtid_cleanup_batch_size=1; -SET gtid_cleanup_batch_size=1; -ERROR HY000: Variable 'gtid_cleanup_batch_size' is a GLOBAL variable and should be set with SET GLOBAL -SET SESSION gtid_cleanup_batch_size=1; -ERROR HY000: Variable 'gtid_cleanup_batch_size' is a GLOBAL variable and should be set with SET GLOBAL -disconnect user1; -connection default; -DROP USER user1@localhost; SET @@global.gtid_cleanup_batch_size=@global; diff --git a/mysql-test/suite/sys_vars/r/gtid_domain_id_grant.result b/mysql-test/suite/sys_vars/r/gtid_domain_id_grant.result index 096f5136ab0..9d1ac3de3ea 100644 --- a/mysql-test/suite/sys_vars/r/gtid_domain_id_grant.result +++ b/mysql-test/suite/sys_vars/r/gtid_domain_id_grant.result @@ -2,14 +2,14 @@ # MDEV-21975 Add BINLOG REPLAY privilege and bind new privileges to gtid_seq_no, preudo_thread_id, server_id, gtid_domain_id # SET @global=@@global.gtid_domain_id; -# Test that "SET GLOBAL gtid_domain_id" is not allowed without REPLICATION MASTER ADMIN or SUPER +# Test that "SET GLOBAL gtid_domain_id" is not allowed without REPLICATION MASTER ADMIN CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE REPLICATION MASTER ADMIN, SUPER ON *.* FROM user1@localhost; +REVOKE REPLICATION MASTER ADMIN ON *.* FROM user1@localhost; connect user1,localhost,user1,,; connection user1; SET GLOBAL gtid_domain_id=1; -ERROR 42000: Access denied; you need (at least one of) the SUPER, REPLICATION MASTER ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the REPLICATION MASTER ADMIN privilege(s) for this operation disconnect user1; connection default; DROP USER user1@localhost; @@ -22,27 +22,18 @@ SET GLOBAL gtid_domain_id=1; disconnect user1; connection default; DROP USER user1@localhost; -# Test that "SET GLOBAL gtid_domain_id" is allowed with SUPER -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; -connect user1,localhost,user1,,; -connection user1; -SET GLOBAL gtid_domain_id=1; -disconnect user1; -connection default; -DROP USER user1@localhost; SET @@global.gtid_domain_id=@global; SET @session=@@session.gtid_domain_id; -# Test that "SET gtid_domain_id" is not allowed without BINLOG REPLAY or SUPER +# Test that "SET gtid_domain_id" is not allowed without BINLOG REPLAY CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE BINLOG REPLAY, SUPER ON *.* FROM user1@localhost; +REVOKE BINLOG REPLAY ON *.* FROM user1@localhost; connect user1,localhost,user1,,; connection user1; SET gtid_domain_id=1; -ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG REPLAY privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the BINLOG REPLAY privilege(s) for this operation SET SESSION gtid_domain_id=1; -ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG REPLAY privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the BINLOG REPLAY privilege(s) for this operation disconnect user1; connection default; DROP USER user1@localhost; @@ -56,14 +47,4 @@ SET SESSION gtid_domain_id=1; disconnect user1; connection default; DROP USER user1@localhost; -# Test that "SET gtid_domain_id" is allowed with SUPER -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; -connect user1,localhost,user1,,; -connection user1; -SET gtid_domain_id=1; -SET SESSION gtid_domain_id=1; -disconnect user1; -connection default; -DROP USER user1@localhost; SET @@session.gtid_domain_id=@session; diff --git a/mysql-test/suite/sys_vars/r/gtid_ignore_duplicates_grant.result b/mysql-test/suite/sys_vars/r/gtid_ignore_duplicates_grant.result index f4c95fb6192..ed6faac5c84 100644 --- a/mysql-test/suite/sys_vars/r/gtid_ignore_duplicates_grant.result +++ b/mysql-test/suite/sys_vars/r/gtid_ignore_duplicates_grant.result @@ -2,14 +2,14 @@ # MDEV-21973 Bind REPLICATION {MASTER|SLAVE} ADMIN to gtid_* GLOBAL-only system variables # SET @global=@@global.gtid_ignore_duplicates; -# Test that "SET gtid_ignore_duplicates" is not allowed without REPLICATION SLAVE ADMIN or SUPER +# Test that "SET gtid_ignore_duplicates" is not allowed without REPLICATION SLAVE ADMIN CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE REPLICATION SLAVE ADMIN, SUPER ON *.* FROM user1@localhost; +REVOKE REPLICATION SLAVE ADMIN ON *.* FROM user1@localhost; connect user1,localhost,user1,,; connection user1; SET GLOBAL gtid_ignore_duplicates=1; -ERROR 42000: Access denied; you need (at least one of) the SUPER, REPLICATION SLAVE ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the REPLICATION SLAVE ADMIN privilege(s) for this operation SET gtid_ignore_duplicates=1; ERROR HY000: Variable 'gtid_ignore_duplicates' is a GLOBAL variable and should be set with SET GLOBAL SET SESSION gtid_ignore_duplicates=1; @@ -30,17 +30,4 @@ ERROR HY000: Variable 'gtid_ignore_duplicates' is a GLOBAL variable and should b disconnect user1; connection default; DROP USER user1@localhost; -# Test that "SET gtid_ignore_duplicates" is allowed with SUPER -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; -connect user1,localhost,user1,,; -connection user1; -SET GLOBAL gtid_ignore_duplicates=1; -SET gtid_ignore_duplicates=1; -ERROR HY000: Variable 'gtid_ignore_duplicates' is a GLOBAL variable and should be set with SET GLOBAL -SET SESSION gtid_ignore_duplicates=1; -ERROR HY000: Variable 'gtid_ignore_duplicates' is a GLOBAL variable and should be set with SET GLOBAL -disconnect user1; -connection default; -DROP USER user1@localhost; SET @@global.gtid_ignore_duplicates=@global; diff --git a/mysql-test/suite/sys_vars/r/gtid_pos_auto_engines_grant.result b/mysql-test/suite/sys_vars/r/gtid_pos_auto_engines_grant.result index 60fae07cf7c..f3ee01798e6 100644 --- a/mysql-test/suite/sys_vars/r/gtid_pos_auto_engines_grant.result +++ b/mysql-test/suite/sys_vars/r/gtid_pos_auto_engines_grant.result @@ -2,14 +2,14 @@ # MDEV-21973 Bind REPLICATION {MASTER|SLAVE} ADMIN to gtid_* GLOBAL-only system variables # SET @global=@@global.gtid_pos_auto_engines; -# Test that "SET gtid_pos_auto_engines" is not allowed without REPLICATION SLAVE ADMIN or SUPER +# Test that "SET gtid_pos_auto_engines" is not allowed without REPLICATION SLAVE ADMIN CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE REPLICATION SLAVE ADMIN, SUPER ON *.* FROM user1@localhost; +REVOKE REPLICATION SLAVE ADMIN ON *.* FROM user1@localhost; connect user1,localhost,user1,,; connection user1; SET GLOBAL gtid_pos_auto_engines=''; -ERROR 42000: Access denied; you need (at least one of) the SUPER, REPLICATION SLAVE ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the REPLICATION SLAVE ADMIN privilege(s) for this operation SET gtid_pos_auto_engines=''; ERROR HY000: Variable 'gtid_pos_auto_engines' is a GLOBAL variable and should be set with SET GLOBAL SET SESSION gtid_pos_auto_engines=''; @@ -30,17 +30,4 @@ ERROR HY000: Variable 'gtid_pos_auto_engines' is a GLOBAL variable and should be disconnect user1; connection default; DROP USER user1@localhost; -# Test that "SET gtid_pos_auto_engines" is allowed with SUPER -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; -connect user1,localhost,user1,,; -connection user1; -SET GLOBAL gtid_pos_auto_engines=''; -SET gtid_pos_auto_engines=''; -ERROR HY000: Variable 'gtid_pos_auto_engines' is a GLOBAL variable and should be set with SET GLOBAL -SET SESSION gtid_pos_auto_engines=''; -ERROR HY000: Variable 'gtid_pos_auto_engines' is a GLOBAL variable and should be set with SET GLOBAL -disconnect user1; -connection default; -DROP USER user1@localhost; SET @@global.gtid_pos_auto_engines=@global; diff --git a/mysql-test/suite/sys_vars/r/gtid_seq_no_grant.result b/mysql-test/suite/sys_vars/r/gtid_seq_no_grant.result index 0d08cde546c..d8a5d976e8a 100644 --- a/mysql-test/suite/sys_vars/r/gtid_seq_no_grant.result +++ b/mysql-test/suite/sys_vars/r/gtid_seq_no_grant.result @@ -2,18 +2,18 @@ # MDEV-21975 Add BINLOG REPLAY privilege and bind new privileges to gtid_seq_no, preudo_thread_id, server_id, gtid_domain_id # SET @session=@@session.gtid_seq_no; -# Test that "SET gtid_seq_no" is not allowed without BINLOG REPLAY or SUPER +# Test that "SET gtid_seq_no" is not allowed without BINLOG REPLAY CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE BINLOG REPLAY, SUPER ON *.* FROM user1@localhost; +REVOKE BINLOG REPLAY ON *.* FROM user1@localhost; connect user1,localhost,user1,,; connection user1; SET GLOBAL gtid_seq_no=1; ERROR HY000: Variable 'gtid_seq_no' is a SESSION variable and can't be used with SET GLOBAL SET gtid_seq_no=1; -ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG REPLAY privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the BINLOG REPLAY privilege(s) for this operation SET SESSION gtid_seq_no=1; -ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG REPLAY privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the BINLOG REPLAY privilege(s) for this operation disconnect user1; connection default; DROP USER user1@localhost; @@ -29,16 +29,4 @@ SET SESSION gtid_seq_no=1; disconnect user1; connection default; DROP USER user1@localhost; -# Test that "SET gtid_seq_no" is allowed with SUPER -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; -connect user1,localhost,user1,,; -connection user1; -SET GLOBAL gtid_seq_no=1; -ERROR HY000: Variable 'gtid_seq_no' is a SESSION variable and can't be used with SET GLOBAL -SET gtid_seq_no=1; -SET SESSION gtid_seq_no=1; -disconnect user1; -connection default; -DROP USER user1@localhost; SET @@session.gtid_seq_no=@session; diff --git a/mysql-test/suite/sys_vars/r/gtid_slave_pos_grant.result b/mysql-test/suite/sys_vars/r/gtid_slave_pos_grant.result index 52918706e3f..dfad91fbf6b 100644 --- a/mysql-test/suite/sys_vars/r/gtid_slave_pos_grant.result +++ b/mysql-test/suite/sys_vars/r/gtid_slave_pos_grant.result @@ -2,14 +2,14 @@ # MDEV-21973 Bind REPLICATION {MASTER|SLAVE} ADMIN to gtid_* GLOBAL-only system variables # SET @global=@@global.gtid_slave_pos; -# Test that "SET gtid_slave_pos" is not allowed without REPLICATION SLAVE ADMIN or SUPER +# Test that "SET gtid_slave_pos" is not allowed without REPLICATION SLAVE ADMIN CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE REPLICATION SLAVE ADMIN, SUPER ON *.* FROM user1@localhost; +REVOKE REPLICATION SLAVE ADMIN ON *.* FROM user1@localhost; connect user1,localhost,user1,,; connection user1; SET GLOBAL gtid_slave_pos=''; -ERROR 42000: Access denied; you need (at least one of) the SUPER, REPLICATION SLAVE ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the REPLICATION SLAVE ADMIN privilege(s) for this operation SET gtid_slave_pos=''; ERROR HY000: Variable 'gtid_slave_pos' is a GLOBAL variable and should be set with SET GLOBAL SET SESSION gtid_slave_pos=''; @@ -30,17 +30,4 @@ ERROR HY000: Variable 'gtid_slave_pos' is a GLOBAL variable and should be set wi disconnect user1; connection default; DROP USER user1@localhost; -# Test that "SET gtid_slave_pos" is allowed with SUPER -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; -connect user1,localhost,user1,,; -connection user1; -SET GLOBAL gtid_slave_pos=''; -SET gtid_slave_pos=''; -ERROR HY000: Variable 'gtid_slave_pos' is a GLOBAL variable and should be set with SET GLOBAL -SET SESSION gtid_slave_pos=''; -ERROR HY000: Variable 'gtid_slave_pos' is a GLOBAL variable and should be set with SET GLOBAL -disconnect user1; -connection default; -DROP USER user1@localhost; SET @@global.gtid_slave_pos=@global; diff --git a/mysql-test/suite/sys_vars/r/gtid_strict_mode_grant.result b/mysql-test/suite/sys_vars/r/gtid_strict_mode_grant.result index 0ea4d0ab0b3..8744d7433cb 100644 --- a/mysql-test/suite/sys_vars/r/gtid_strict_mode_grant.result +++ b/mysql-test/suite/sys_vars/r/gtid_strict_mode_grant.result @@ -2,14 +2,14 @@ # MDEV-21973 Bind REPLICATION {MASTER|SLAVE} ADMIN to gtid_* GLOBAL-only system variables # SET @global=@@global.gtid_strict_mode; -# Test that "SET gtid_strict_mode" is not allowed without REPLICATION SLAVE ADMIN or SUPER +# Test that "SET gtid_strict_mode" is not allowed without REPLICATION SLAVE ADMIN CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE REPLICATION SLAVE ADMIN, SUPER ON *.* FROM user1@localhost; +REVOKE REPLICATION SLAVE ADMIN ON *.* FROM user1@localhost; connect user1,localhost,user1,,; connection user1; SET GLOBAL gtid_strict_mode=1; -ERROR 42000: Access denied; you need (at least one of) the SUPER, REPLICATION SLAVE ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the REPLICATION SLAVE ADMIN privilege(s) for this operation SET gtid_strict_mode=1; ERROR HY000: Variable 'gtid_strict_mode' is a GLOBAL variable and should be set with SET GLOBAL SET SESSION gtid_strict_mode=1; @@ -30,17 +30,4 @@ ERROR HY000: Variable 'gtid_strict_mode' is a GLOBAL variable and should be set disconnect user1; connection default; DROP USER user1@localhost; -# Test that "SET gtid_strict_mode" is allowed with SUPER -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; -connect user1,localhost,user1,,; -connection user1; -SET GLOBAL gtid_strict_mode=1; -SET gtid_strict_mode=1; -ERROR HY000: Variable 'gtid_strict_mode' is a GLOBAL variable and should be set with SET GLOBAL -SET SESSION gtid_strict_mode=1; -ERROR HY000: Variable 'gtid_strict_mode' is a GLOBAL variable and should be set with SET GLOBAL -disconnect user1; -connection default; -DROP USER user1@localhost; SET @@global.gtid_strict_mode=@global; diff --git a/mysql-test/suite/sys_vars/r/init_connect_grant.result b/mysql-test/suite/sys_vars/r/init_connect_grant.result index 6c3726708f4..2575052c629 100644 --- a/mysql-test/suite/sys_vars/r/init_connect_grant.result +++ b/mysql-test/suite/sys_vars/r/init_connect_grant.result @@ -2,14 +2,14 @@ SET @global=@@global.init_connect; # # MDEV-21961 Bind CONNECTION ADMIN to a number of global system variables # -# Test that "SET init_connect" is not allowed without CONNECTION ADMIN or SUPER +# Test that "SET init_connect" is not allowed without CONNECTION ADMIN CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE CONNECTION ADMIN, SUPER ON *.* FROM user1@localhost; +REVOKE CONNECTION ADMIN ON *.* FROM user1@localhost; connect user1,localhost,user1,,; connection user1; SET GLOBAL init_connect="SET @xxx=1"; -ERROR 42000: Access denied; you need (at least one of) the SUPER, CONNECTION ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the CONNECTION ADMIN privilege(s) for this operation SET init_connect="SET @xxx=1"; ERROR HY000: Variable 'init_connect' is a GLOBAL variable and should be set with SET GLOBAL SET SESSION init_connect="SET @xxx=1"; @@ -30,17 +30,4 @@ ERROR HY000: Variable 'init_connect' is a GLOBAL variable and should be set with disconnect user1; connection default; DROP USER user1@localhost; -# Test that "SET init_connect" is allowed with SUPER -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; -connect user1,localhost,user1,,; -connection user1; -SET GLOBAL init_connect="SET @xxx=1"; -SET init_connect="SET @xxx=1"; -ERROR HY000: Variable 'init_connect' is a GLOBAL variable and should be set with SET GLOBAL -SET SESSION init_connect="SET @xxx=1"; -ERROR HY000: Variable 'init_connect' is a GLOBAL variable and should be set with SET GLOBAL -disconnect user1; -connection default; -DROP USER user1@localhost; SET @@global.init_connect=@global; diff --git a/mysql-test/suite/sys_vars/r/init_slave_grant.result b/mysql-test/suite/sys_vars/r/init_slave_grant.result index 59639b92482..9655498de36 100644 --- a/mysql-test/suite/sys_vars/r/init_slave_grant.result +++ b/mysql-test/suite/sys_vars/r/init_slave_grant.result @@ -2,14 +2,14 @@ # MDEV-21966 Bind REPLICATION SLAVE ADMIN to a number of global system variables # SET @global=@@global.init_slave; -# Test that "SET init_slave" is not allowed without REPLICATION SLAVE ADMIN or SUPER +# Test that "SET init_slave" is not allowed without REPLICATION SLAVE ADMIN CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE REPLICATION SLAVE ADMIN, SUPER ON *.* FROM user1@localhost; +REVOKE REPLICATION SLAVE ADMIN ON *.* FROM user1@localhost; connect user1,localhost,user1,,; connection user1; SET GLOBAL init_slave='SET @x=1'; -ERROR 42000: Access denied; you need (at least one of) the SUPER, REPLICATION SLAVE ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the REPLICATION SLAVE ADMIN privilege(s) for this operation SET init_slave='SET @x=1'; ERROR HY000: Variable 'init_slave' is a GLOBAL variable and should be set with SET GLOBAL SET SESSION init_slave='SET @x=1'; @@ -30,17 +30,4 @@ ERROR HY000: Variable 'init_slave' is a GLOBAL variable and should be set with S disconnect user1; connection default; DROP USER user1@localhost; -# Test that "SET init_slave" is allowed with SUPER -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; -connect user1,localhost,user1,,; -connection user1; -SET GLOBAL init_slave='SET @x=1'; -SET init_slave='SET @x=1'; -ERROR HY000: Variable 'init_slave' is a GLOBAL variable and should be set with SET GLOBAL -SET SESSION init_slave='SET @x=1'; -ERROR HY000: Variable 'init_slave' is a GLOBAL variable and should be set with SET GLOBAL -disconnect user1; -connection default; -DROP USER user1@localhost; SET @@global.init_slave=@global; diff --git a/mysql-test/suite/sys_vars/r/log_bin_compress_grant.result b/mysql-test/suite/sys_vars/r/log_bin_compress_grant.result index f75f22a75f8..1f0220a8093 100644 --- a/mysql-test/suite/sys_vars/r/log_bin_compress_grant.result +++ b/mysql-test/suite/sys_vars/r/log_bin_compress_grant.result @@ -2,14 +2,14 @@ # MDEV-21963 Bind BINLOG ADMIN to a number of global system variables # SET @global=@@global.log_bin_compress; -# Test that "SET log_bin_compress" is not allowed without BINLOG ADMIN or SUPER +# Test that "SET log_bin_compress" is not allowed without BINLOG ADMIN CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE BINLOG ADMIN, SUPER ON *.* FROM user1@localhost; +REVOKE BINLOG ADMIN ON *.* FROM user1@localhost; connect user1,localhost,user1,,; connection user1; SET GLOBAL log_bin_compress=1; -ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the BINLOG ADMIN privilege(s) for this operation SET log_bin_compress=1; ERROR HY000: Variable 'log_bin_compress' is a GLOBAL variable and should be set with SET GLOBAL SET SESSION log_bin_compress=1; @@ -30,17 +30,4 @@ ERROR HY000: Variable 'log_bin_compress' is a GLOBAL variable and should be set disconnect user1; connection default; DROP USER user1@localhost; -# Test that "SET log_bin_compress" is allowed with SUPER -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; -connect user1,localhost,user1,,; -connection user1; -SET GLOBAL log_bin_compress=1; -SET log_bin_compress=1; -ERROR HY000: Variable 'log_bin_compress' is a GLOBAL variable and should be set with SET GLOBAL -SET SESSION log_bin_compress=1; -ERROR HY000: Variable 'log_bin_compress' is a GLOBAL variable and should be set with SET GLOBAL -disconnect user1; -connection default; -DROP USER user1@localhost; SET @@global.log_bin_compress=@global; diff --git a/mysql-test/suite/sys_vars/r/log_bin_compress_min_len_grant.result b/mysql-test/suite/sys_vars/r/log_bin_compress_min_len_grant.result index b1ccafb1dd2..2f4590b4b00 100644 --- a/mysql-test/suite/sys_vars/r/log_bin_compress_min_len_grant.result +++ b/mysql-test/suite/sys_vars/r/log_bin_compress_min_len_grant.result @@ -2,14 +2,14 @@ # MDEV-21963 Bind BINLOG ADMIN to a number of global system variables # SET @global=@@global.log_bin_compress_min_len; -# Test that "SET log_bin_compress_min_len" is not allowed without BINLOG ADMIN or SUPER +# Test that "SET log_bin_compress_min_len" is not allowed without BINLOG ADMIN CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE BINLOG ADMIN, SUPER ON *.* FROM user1@localhost; +REVOKE BINLOG ADMIN ON *.* FROM user1@localhost; connect user1,localhost,user1,,; connection user1; SET GLOBAL log_bin_compress_min_len=512; -ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the BINLOG ADMIN privilege(s) for this operation SET log_bin_compress_min_len=512; ERROR HY000: Variable 'log_bin_compress_min_len' is a GLOBAL variable and should be set with SET GLOBAL SET SESSION log_bin_compress_min_len=512; @@ -30,17 +30,4 @@ ERROR HY000: Variable 'log_bin_compress_min_len' is a GLOBAL variable and should disconnect user1; connection default; DROP USER user1@localhost; -# Test that "SET log_bin_compress_min_len" is allowed with SUPER -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; -connect user1,localhost,user1,,; -connection user1; -SET GLOBAL log_bin_compress_min_len=512; -SET log_bin_compress_min_len=512; -ERROR HY000: Variable 'log_bin_compress_min_len' is a GLOBAL variable and should be set with SET GLOBAL -SET SESSION log_bin_compress_min_len=512; -ERROR HY000: Variable 'log_bin_compress_min_len' is a GLOBAL variable and should be set with SET GLOBAL -disconnect user1; -connection default; -DROP USER user1@localhost; SET @@global.log_bin_compress_min_len=@global; diff --git a/mysql-test/suite/sys_vars/r/log_bin_trust_function_creators_grant.result b/mysql-test/suite/sys_vars/r/log_bin_trust_function_creators_grant.result index ef9af94d8f6..5d3948bfa44 100644 --- a/mysql-test/suite/sys_vars/r/log_bin_trust_function_creators_grant.result +++ b/mysql-test/suite/sys_vars/r/log_bin_trust_function_creators_grant.result @@ -2,14 +2,14 @@ # MDEV-21963 Bind BINLOG ADMIN to a number of global system variables # SET @global=@@global.log_bin_trust_function_creators; -# Test that "SET log_bin_trust_function_creators" is not allowed without BINLOG ADMIN or SUPER +# Test that "SET log_bin_trust_function_creators" is not allowed without BINLOG ADMIN CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE BINLOG ADMIN, SUPER ON *.* FROM user1@localhost; +REVOKE BINLOG ADMIN ON *.* FROM user1@localhost; connect user1,localhost,user1,,; connection user1; SET GLOBAL log_bin_trust_function_creators=1; -ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the BINLOG ADMIN privilege(s) for this operation SET log_bin_trust_function_creators=1; ERROR HY000: Variable 'log_bin_trust_function_creators' is a GLOBAL variable and should be set with SET GLOBAL SET SESSION log_bin_trust_function_creators=1; @@ -30,17 +30,4 @@ ERROR HY000: Variable 'log_bin_trust_function_creators' is a GLOBAL variable and disconnect user1; connection default; DROP USER user1@localhost; -# Test that "SET log_bin_trust_function_creators" is allowed with SUPER -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; -connect user1,localhost,user1,,; -connection user1; -SET GLOBAL log_bin_trust_function_creators=1; -SET log_bin_trust_function_creators=1; -ERROR HY000: Variable 'log_bin_trust_function_creators' is a GLOBAL variable and should be set with SET GLOBAL -SET SESSION log_bin_trust_function_creators=1; -ERROR HY000: Variable 'log_bin_trust_function_creators' is a GLOBAL variable and should be set with SET GLOBAL -disconnect user1; -connection default; -DROP USER user1@localhost; SET @@global.log_bin_trust_function_creators=@global; diff --git a/mysql-test/suite/sys_vars/r/master_verify_checksum_grant.result b/mysql-test/suite/sys_vars/r/master_verify_checksum_grant.result index 4791e4cd7e0..8d773f35855 100644 --- a/mysql-test/suite/sys_vars/r/master_verify_checksum_grant.result +++ b/mysql-test/suite/sys_vars/r/master_verify_checksum_grant.result @@ -2,14 +2,14 @@ # MDEV-21972 Bind REPLICATION MASTER ADMIN to master_verify_checksum # SET @global=@@global.master_verify_checksum; -# Test that "SET master_verify_checksum" is not allowed without REPLICATION MASTER ADMIN or SUPER +# Test that "SET master_verify_checksum" is not allowed without REPLICATION MASTER ADMIN CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE REPLICATION MASTER ADMIN, SUPER ON *.* FROM user1@localhost; +REVOKE REPLICATION MASTER ADMIN ON *.* FROM user1@localhost; connect user1,localhost,user1,,; connection user1; SET GLOBAL master_verify_checksum=1; -ERROR 42000: Access denied; you need (at least one of) the SUPER, REPLICATION MASTER ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the REPLICATION MASTER ADMIN privilege(s) for this operation SET master_verify_checksum=1; ERROR HY000: Variable 'master_verify_checksum' is a GLOBAL variable and should be set with SET GLOBAL SET SESSION master_verify_checksum=1; @@ -30,17 +30,4 @@ ERROR HY000: Variable 'master_verify_checksum' is a GLOBAL variable and should b disconnect user1; connection default; DROP USER user1@localhost; -# Test that "SET master_verify_checksum" is allowed with SUPER -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; -connect user1,localhost,user1,,; -connection user1; -SET GLOBAL master_verify_checksum=1; -SET master_verify_checksum=1; -ERROR HY000: Variable 'master_verify_checksum' is a GLOBAL variable and should be set with SET GLOBAL -SET SESSION master_verify_checksum=1; -ERROR HY000: Variable 'master_verify_checksum' is a GLOBAL variable and should be set with SET GLOBAL -disconnect user1; -connection default; -DROP USER user1@localhost; SET @@global.master_verify_checksum=@global; diff --git a/mysql-test/suite/sys_vars/r/max_binlog_cache_size_grant.result b/mysql-test/suite/sys_vars/r/max_binlog_cache_size_grant.result index 350194c46cc..f1108553b4e 100644 --- a/mysql-test/suite/sys_vars/r/max_binlog_cache_size_grant.result +++ b/mysql-test/suite/sys_vars/r/max_binlog_cache_size_grant.result @@ -2,14 +2,14 @@ # MDEV-21963 Bind BINLOG ADMIN to a number of global system variables # SET @global=@@global.max_binlog_cache_size; -# Test that "SET max_binlog_cache_size" is not allowed without BINLOG ADMIN or SUPER +# Test that "SET max_binlog_cache_size" is not allowed without BINLOG ADMIN CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE BINLOG ADMIN, SUPER ON *.* FROM user1@localhost; +REVOKE BINLOG ADMIN ON *.* FROM user1@localhost; connect user1,localhost,user1,,; connection user1; SET GLOBAL max_binlog_cache_size=4096; -ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the BINLOG ADMIN privilege(s) for this operation SET max_binlog_cache_size=4096; ERROR HY000: Variable 'max_binlog_cache_size' is a GLOBAL variable and should be set with SET GLOBAL SET SESSION max_binlog_cache_size=4096; @@ -30,17 +30,4 @@ ERROR HY000: Variable 'max_binlog_cache_size' is a GLOBAL variable and should be disconnect user1; connection default; DROP USER user1@localhost; -# Test that "SET max_binlog_cache_size" is allowed with SUPER -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; -connect user1,localhost,user1,,; -connection user1; -SET GLOBAL max_binlog_cache_size=4096; -SET max_binlog_cache_size=4096; -ERROR HY000: Variable 'max_binlog_cache_size' is a GLOBAL variable and should be set with SET GLOBAL -SET SESSION max_binlog_cache_size=4096; -ERROR HY000: Variable 'max_binlog_cache_size' is a GLOBAL variable and should be set with SET GLOBAL -disconnect user1; -connection default; -DROP USER user1@localhost; SET @@global.max_binlog_cache_size=@global; diff --git a/mysql-test/suite/sys_vars/r/max_binlog_size_grant.result b/mysql-test/suite/sys_vars/r/max_binlog_size_grant.result index 34e1fde76fe..6937e82d3d0 100644 --- a/mysql-test/suite/sys_vars/r/max_binlog_size_grant.result +++ b/mysql-test/suite/sys_vars/r/max_binlog_size_grant.result @@ -2,14 +2,14 @@ # MDEV-21963 Bind BINLOG ADMIN to a number of global system variables # SET @global=@@global.max_binlog_size; -# Test that "SET max_binlog_size" is not allowed without BINLOG ADMIN or SUPER +# Test that "SET max_binlog_size" is not allowed without BINLOG ADMIN CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE BINLOG ADMIN, SUPER ON *.* FROM user1@localhost; +REVOKE BINLOG ADMIN ON *.* FROM user1@localhost; connect user1,localhost,user1,,; connection user1; SET GLOBAL max_binlog_size=4096; -ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the BINLOG ADMIN privilege(s) for this operation SET max_binlog_size=4096; ERROR HY000: Variable 'max_binlog_size' is a GLOBAL variable and should be set with SET GLOBAL SET SESSION max_binlog_size=4096; @@ -30,17 +30,4 @@ ERROR HY000: Variable 'max_binlog_size' is a GLOBAL variable and should be set w disconnect user1; connection default; DROP USER user1@localhost; -# Test that "SET max_binlog_size" is allowed with SUPER -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; -connect user1,localhost,user1,,; -connection user1; -SET GLOBAL max_binlog_size=4096; -SET max_binlog_size=4096; -ERROR HY000: Variable 'max_binlog_size' is a GLOBAL variable and should be set with SET GLOBAL -SET SESSION max_binlog_size=4096; -ERROR HY000: Variable 'max_binlog_size' is a GLOBAL variable and should be set with SET GLOBAL -disconnect user1; -connection default; -DROP USER user1@localhost; SET @@global.max_binlog_size=@global; diff --git a/mysql-test/suite/sys_vars/r/max_binlog_stmt_cache_size_grant.result b/mysql-test/suite/sys_vars/r/max_binlog_stmt_cache_size_grant.result index 2ddd164f7c1..c6a01661080 100644 --- a/mysql-test/suite/sys_vars/r/max_binlog_stmt_cache_size_grant.result +++ b/mysql-test/suite/sys_vars/r/max_binlog_stmt_cache_size_grant.result @@ -2,14 +2,14 @@ # MDEV-21963 Bind BINLOG ADMIN to a number of global system variables # SET @global=@@global.max_binlog_stmt_cache_size; -# Test that "SET max_binlog_stmt_cache_size" is not allowed without BINLOG ADMIN or SUPER +# Test that "SET max_binlog_stmt_cache_size" is not allowed without BINLOG ADMIN CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE BINLOG ADMIN, SUPER ON *.* FROM user1@localhost; +REVOKE BINLOG ADMIN ON *.* FROM user1@localhost; connect user1,localhost,user1,,; connection user1; SET GLOBAL max_binlog_stmt_cache_size=4096; -ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the BINLOG ADMIN privilege(s) for this operation SET max_binlog_stmt_cache_size=4096; ERROR HY000: Variable 'max_binlog_stmt_cache_size' is a GLOBAL variable and should be set with SET GLOBAL SET SESSION max_binlog_stmt_cache_size=4096; @@ -30,17 +30,4 @@ ERROR HY000: Variable 'max_binlog_stmt_cache_size' is a GLOBAL variable and shou disconnect user1; connection default; DROP USER user1@localhost; -# Test that "SET max_binlog_stmt_cache_size" is allowed with SUPER -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; -connect user1,localhost,user1,,; -connection user1; -SET GLOBAL max_binlog_stmt_cache_size=4096; -SET max_binlog_stmt_cache_size=4096; -ERROR HY000: Variable 'max_binlog_stmt_cache_size' is a GLOBAL variable and should be set with SET GLOBAL -SET SESSION max_binlog_stmt_cache_size=4096; -ERROR HY000: Variable 'max_binlog_stmt_cache_size' is a GLOBAL variable and should be set with SET GLOBAL -disconnect user1; -connection default; -DROP USER user1@localhost; SET @@global.max_binlog_stmt_cache_size=@global; diff --git a/mysql-test/suite/sys_vars/r/max_connect_errors_grant.result b/mysql-test/suite/sys_vars/r/max_connect_errors_grant.result index 527a4ecaf72..be145cb6139 100644 --- a/mysql-test/suite/sys_vars/r/max_connect_errors_grant.result +++ b/mysql-test/suite/sys_vars/r/max_connect_errors_grant.result @@ -2,14 +2,14 @@ SET @global=@@global.max_connect_errors; # # MDEV-21961 Bind CONNECTION ADMIN to a number of global system variables # -# Test that "SET max_connect_errors" is not allowed without CONNECTION ADMIN or SUPER +# Test that "SET max_connect_errors" is not allowed without CONNECTION ADMIN CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE CONNECTION ADMIN, SUPER ON *.* FROM user1@localhost; +REVOKE CONNECTION ADMIN ON *.* FROM user1@localhost; connect user1,localhost,user1,,; connection user1; SET GLOBAL max_connect_errors=10; -ERROR 42000: Access denied; you need (at least one of) the SUPER, CONNECTION ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the CONNECTION ADMIN privilege(s) for this operation SET max_connect_errors=10; ERROR HY000: Variable 'max_connect_errors' is a GLOBAL variable and should be set with SET GLOBAL SET SESSION max_connect_errors=10; @@ -30,17 +30,4 @@ ERROR HY000: Variable 'max_connect_errors' is a GLOBAL variable and should be se disconnect user1; connection default; DROP USER user1@localhost; -# Test that "SET max_connect_errors" is allowed with SUPER -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; -connect user1,localhost,user1,,; -connection user1; -SET GLOBAL max_connect_errors=10; -SET max_connect_errors=10; -ERROR HY000: Variable 'max_connect_errors' is a GLOBAL variable and should be set with SET GLOBAL -SET SESSION max_connect_errors=10; -ERROR HY000: Variable 'max_connect_errors' is a GLOBAL variable and should be set with SET GLOBAL -disconnect user1; -connection default; -DROP USER user1@localhost; SET @@global.max_connect_errors=@global; diff --git a/mysql-test/suite/sys_vars/r/max_connections_grant.result b/mysql-test/suite/sys_vars/r/max_connections_grant.result index e55904d4cc1..7cd6784733c 100644 --- a/mysql-test/suite/sys_vars/r/max_connections_grant.result +++ b/mysql-test/suite/sys_vars/r/max_connections_grant.result @@ -2,14 +2,14 @@ SET @global=@@global.max_connections; # # MDEV-21961 Bind CONNECTION ADMIN to a number of global system variables # -# Test that "SET max_connections" is not allowed without CONNECTION ADMIN or SUPER +# Test that "SET max_connections" is not allowed without CONNECTION ADMIN CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE CONNECTION ADMIN, SUPER ON *.* FROM user1@localhost; +REVOKE CONNECTION ADMIN ON *.* FROM user1@localhost; connect user1,localhost,user1,,; connection user1; SET GLOBAL max_connections=10; -ERROR 42000: Access denied; you need (at least one of) the SUPER, CONNECTION ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the CONNECTION ADMIN privilege(s) for this operation SET max_connections=10; ERROR HY000: Variable 'max_connections' is a GLOBAL variable and should be set with SET GLOBAL SET SESSION max_connections=10; @@ -30,17 +30,4 @@ ERROR HY000: Variable 'max_connections' is a GLOBAL variable and should be set w disconnect user1; connection default; DROP USER user1@localhost; -# Test that "SET max_connections" is allowed with SUPER -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; -connect user1,localhost,user1,,; -connection user1; -SET GLOBAL max_connections=10; -SET max_connections=10; -ERROR HY000: Variable 'max_connections' is a GLOBAL variable and should be set with SET GLOBAL -SET SESSION max_connections=10; -ERROR HY000: Variable 'max_connections' is a GLOBAL variable and should be set with SET GLOBAL -disconnect user1; -connection default; -DROP USER user1@localhost; SET @@global.max_connections=@global; diff --git a/mysql-test/suite/sys_vars/r/max_password_errors_grant.result b/mysql-test/suite/sys_vars/r/max_password_errors_grant.result index 4ae0dfb887a..58817d3c4d6 100644 --- a/mysql-test/suite/sys_vars/r/max_password_errors_grant.result +++ b/mysql-test/suite/sys_vars/r/max_password_errors_grant.result @@ -2,14 +2,14 @@ SET @global=@@global.max_password_errors; # # MDEV-21961 Bind CONNECTION ADMIN to a number of global system variables # -# Test that "SET max_password_errors" is not allowed without CONNECTION ADMIN or SUPER +# Test that "SET max_password_errors" is not allowed without CONNECTION ADMIN CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE CONNECTION ADMIN, SUPER ON *.* FROM user1@localhost; +REVOKE CONNECTION ADMIN ON *.* FROM user1@localhost; connect user1,localhost,user1,,; connection user1; SET GLOBAL max_password_errors=10; -ERROR 42000: Access denied; you need (at least one of) the SUPER, CONNECTION ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the CONNECTION ADMIN privilege(s) for this operation SET max_password_errors=10; ERROR HY000: Variable 'max_password_errors' is a GLOBAL variable and should be set with SET GLOBAL SET SESSION max_password_errors=10; @@ -30,17 +30,4 @@ ERROR HY000: Variable 'max_password_errors' is a GLOBAL variable and should be s disconnect user1; connection default; DROP USER user1@localhost; -# Test that "SET max_password_errors" is allowed with SUPER -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; -connect user1,localhost,user1,,; -connection user1; -SET GLOBAL max_password_errors=10; -SET max_password_errors=10; -ERROR HY000: Variable 'max_password_errors' is a GLOBAL variable and should be set with SET GLOBAL -SET SESSION max_password_errors=10; -ERROR HY000: Variable 'max_password_errors' is a GLOBAL variable and should be set with SET GLOBAL -disconnect user1; -connection default; -DROP USER user1@localhost; SET @@global.max_password_errors=@global; diff --git a/mysql-test/suite/sys_vars/r/preudo_thread_id_grant.result b/mysql-test/suite/sys_vars/r/preudo_thread_id_grant.result index d306a192727..8ac8e32d673 100644 --- a/mysql-test/suite/sys_vars/r/preudo_thread_id_grant.result +++ b/mysql-test/suite/sys_vars/r/preudo_thread_id_grant.result @@ -2,18 +2,18 @@ # MDEV-21975 Add BINLOG REPLAY privilege and bind new privileges to gtid_seq_no, preudo_thread_id, server_id, gtid_domain_id # SET @session=@@session.pseudo_thread_id; -# Test that "SET pseudo_thread_id" is not allowed without BINLOG REPLAY or SUPER +# Test that "SET pseudo_thread_id" is not allowed without BINLOG REPLAY CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE BINLOG REPLAY, SUPER ON *.* FROM user1@localhost; +REVOKE BINLOG REPLAY ON *.* FROM user1@localhost; connect user1,localhost,user1,,; connection user1; SET GLOBAL pseudo_thread_id=1; ERROR HY000: Variable 'pseudo_thread_id' is a SESSION variable and can't be used with SET GLOBAL SET pseudo_thread_id=1; -ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG REPLAY privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the BINLOG REPLAY privilege(s) for this operation SET SESSION pseudo_thread_id=1; -ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG REPLAY privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the BINLOG REPLAY privilege(s) for this operation disconnect user1; connection default; DROP USER user1@localhost; @@ -29,16 +29,4 @@ SET SESSION pseudo_thread_id=1; disconnect user1; connection default; DROP USER user1@localhost; -# Test that "SET pseudo_thread_id" is allowed with SUPER -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; -connect user1,localhost,user1,,; -connection user1; -SET GLOBAL pseudo_thread_id=1; -ERROR HY000: Variable 'pseudo_thread_id' is a SESSION variable and can't be used with SET GLOBAL -SET pseudo_thread_id=1; -SET SESSION pseudo_thread_id=1; -disconnect user1; -connection default; -DROP USER user1@localhost; SET @@session.pseudo_thread_id=@session; diff --git a/mysql-test/suite/sys_vars/r/proxy_protocol_networks_grant.result b/mysql-test/suite/sys_vars/r/proxy_protocol_networks_grant.result index b6bae272443..90419a80a99 100644 --- a/mysql-test/suite/sys_vars/r/proxy_protocol_networks_grant.result +++ b/mysql-test/suite/sys_vars/r/proxy_protocol_networks_grant.result @@ -2,14 +2,14 @@ SET @global=@@global.proxy_protocol_networks; # # MDEV-21961 Bind CONNECTION ADMIN to a number of global system variables # -# Test that "SET proxy_protocol_networks" is not allowed without CONNECTION ADMIN or SUPER +# Test that "SET proxy_protocol_networks" is not allowed without CONNECTION ADMIN CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE CONNECTION ADMIN, SUPER ON *.* FROM user1@localhost; +REVOKE CONNECTION ADMIN ON *.* FROM user1@localhost; connect user1,localhost,user1,,; connection user1; SET GLOBAL proxy_protocol_networks=""; -ERROR 42000: Access denied; you need (at least one of) the SUPER, CONNECTION ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the CONNECTION ADMIN privilege(s) for this operation SET proxy_protocol_networks=""; ERROR HY000: Variable 'proxy_protocol_networks' is a GLOBAL variable and should be set with SET GLOBAL SET SESSION proxy_protocol_networks=""; @@ -30,17 +30,4 @@ ERROR HY000: Variable 'proxy_protocol_networks' is a GLOBAL variable and should disconnect user1; connection default; DROP USER user1@localhost; -# Test that "SET proxy_protocol_networks" is allowed with SUPER -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; -connect user1,localhost,user1,,; -connection user1; -SET GLOBAL proxy_protocol_networks=""; -SET proxy_protocol_networks=""; -ERROR HY000: Variable 'proxy_protocol_networks' is a GLOBAL variable and should be set with SET GLOBAL -SET SESSION proxy_protocol_networks=""; -ERROR HY000: Variable 'proxy_protocol_networks' is a GLOBAL variable and should be set with SET GLOBAL -disconnect user1; -connection default; -DROP USER user1@localhost; SET @@global.proxy_protocol_networks=@global; diff --git a/mysql-test/suite/sys_vars/r/read_binlog_speed_limit_grant.result b/mysql-test/suite/sys_vars/r/read_binlog_speed_limit_grant.result index 03536c1c371..73a2127e33f 100644 --- a/mysql-test/suite/sys_vars/r/read_binlog_speed_limit_grant.result +++ b/mysql-test/suite/sys_vars/r/read_binlog_speed_limit_grant.result @@ -2,14 +2,14 @@ # MDEV-21966 Bind REPLICATION SLAVE ADMIN to a number of global system variables # SET @global=@@global.read_binlog_speed_limit; -# Test that "SET read_binlog_speed_limit" is not allowed without REPLICATION SLAVE ADMIN or SUPER +# Test that "SET read_binlog_speed_limit" is not allowed without REPLICATION SLAVE ADMIN CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE REPLICATION SLAVE ADMIN, SUPER ON *.* FROM user1@localhost; +REVOKE REPLICATION SLAVE ADMIN ON *.* FROM user1@localhost; connect user1,localhost,user1,,; connection user1; SET GLOBAL read_binlog_speed_limit=65536; -ERROR 42000: Access denied; you need (at least one of) the SUPER, REPLICATION SLAVE ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the REPLICATION SLAVE ADMIN privilege(s) for this operation SET read_binlog_speed_limit=65536; ERROR HY000: Variable 'read_binlog_speed_limit' is a GLOBAL variable and should be set with SET GLOBAL SET SESSION read_binlog_speed_limit=65536; @@ -30,17 +30,4 @@ ERROR HY000: Variable 'read_binlog_speed_limit' is a GLOBAL variable and should disconnect user1; connection default; DROP USER user1@localhost; -# Test that "SET read_binlog_speed_limit" is allowed with SUPER -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; -connect user1,localhost,user1,,; -connection user1; -SET GLOBAL read_binlog_speed_limit=65536; -SET read_binlog_speed_limit=65536; -ERROR HY000: Variable 'read_binlog_speed_limit' is a GLOBAL variable and should be set with SET GLOBAL -SET SESSION read_binlog_speed_limit=65536; -ERROR HY000: Variable 'read_binlog_speed_limit' is a GLOBAL variable and should be set with SET GLOBAL -disconnect user1; -connection default; -DROP USER user1@localhost; SET @@global.read_binlog_speed_limit=@global; diff --git a/mysql-test/suite/sys_vars/r/read_only_grant.result b/mysql-test/suite/sys_vars/r/read_only_grant.result index 455390eb4fc..fd908b0e52d 100644 --- a/mysql-test/suite/sys_vars/r/read_only_grant.result +++ b/mysql-test/suite/sys_vars/r/read_only_grant.result @@ -36,5 +36,5 @@ insert mysql.global_priv values ('bar', 'foo', '{"access":32768,"version_id":101 flush privileges; show grants for foo@bar; Grants for foo@bar -GRANT SUPER, READ_ONLY ADMIN ON *.* TO `foo`@`bar` +GRANT SUPER, BINLOG MONITOR, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY, SLAVE MONITOR ON *.* TO `foo`@`bar` drop user foo@bar; diff --git a/mysql-test/suite/sys_vars/r/relay_log_purge_grant.result b/mysql-test/suite/sys_vars/r/relay_log_purge_grant.result index 0823bf1ff9d..b22b86f2b36 100644 --- a/mysql-test/suite/sys_vars/r/relay_log_purge_grant.result +++ b/mysql-test/suite/sys_vars/r/relay_log_purge_grant.result @@ -2,14 +2,14 @@ # MDEV-21969 Bind REPLICATION SLAVE ADMIN to relay_log_*, sync_master_info, sync_relay_log, sync_relay_log_info # SET @global=@@global.relay_log_purge; -# Test that "SET relay_log_purge" is not allowed without REPLICATION SLAVE ADMIN or SUPER +# Test that "SET relay_log_purge" is not allowed without REPLICATION SLAVE ADMIN CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE REPLICATION SLAVE ADMIN, SUPER ON *.* FROM user1@localhost; +REVOKE REPLICATION SLAVE ADMIN ON *.* FROM user1@localhost; connect user1,localhost,user1,,; connection user1; SET GLOBAL relay_log_purge=1; -ERROR 42000: Access denied; you need (at least one of) the SUPER, REPLICATION SLAVE ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the REPLICATION SLAVE ADMIN privilege(s) for this operation SET relay_log_purge=1; ERROR HY000: Variable 'relay_log_purge' is a GLOBAL variable and should be set with SET GLOBAL SET SESSION relay_log_purge=1; @@ -30,17 +30,4 @@ ERROR HY000: Variable 'relay_log_purge' is a GLOBAL variable and should be set w disconnect user1; connection default; DROP USER user1@localhost; -# Test that "SET relay_log_purge" is allowed with SUPER -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; -connect user1,localhost,user1,,; -connection user1; -SET GLOBAL relay_log_purge=1; -SET relay_log_purge=1; -ERROR HY000: Variable 'relay_log_purge' is a GLOBAL variable and should be set with SET GLOBAL -SET SESSION relay_log_purge=1; -ERROR HY000: Variable 'relay_log_purge' is a GLOBAL variable and should be set with SET GLOBAL -disconnect user1; -connection default; -DROP USER user1@localhost; SET @@global.relay_log_purge=@global; diff --git a/mysql-test/suite/sys_vars/r/relay_log_recovery_grant.result b/mysql-test/suite/sys_vars/r/relay_log_recovery_grant.result index 9e90c99ff0d..14e2ef0e3b9 100644 --- a/mysql-test/suite/sys_vars/r/relay_log_recovery_grant.result +++ b/mysql-test/suite/sys_vars/r/relay_log_recovery_grant.result @@ -2,14 +2,14 @@ # MDEV-21969 Bind REPLICATION SLAVE ADMIN to relay_log_*, sync_master_info, sync_relay_log, sync_relay_log_info # SET @global=@@global.relay_log_recovery; -# Test that "SET relay_log_recovery" is not allowed without REPLICATION SLAVE ADMIN or SUPER +# Test that "SET relay_log_recovery" is not allowed without REPLICATION SLAVE ADMIN CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE REPLICATION SLAVE ADMIN, SUPER ON *.* FROM user1@localhost; +REVOKE REPLICATION SLAVE ADMIN ON *.* FROM user1@localhost; connect user1,localhost,user1,,; connection user1; SET GLOBAL relay_log_recovery=1; -ERROR 42000: Access denied; you need (at least one of) the SUPER, REPLICATION SLAVE ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the REPLICATION SLAVE ADMIN privilege(s) for this operation SET relay_log_recovery=1; ERROR HY000: Variable 'relay_log_recovery' is a GLOBAL variable and should be set with SET GLOBAL SET SESSION relay_log_recovery=1; @@ -30,17 +30,4 @@ ERROR HY000: Variable 'relay_log_recovery' is a GLOBAL variable and should be se disconnect user1; connection default; DROP USER user1@localhost; -# Test that "SET relay_log_recovery" is allowed with SUPER -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; -connect user1,localhost,user1,,; -connection user1; -SET GLOBAL relay_log_recovery=1; -SET relay_log_recovery=1; -ERROR HY000: Variable 'relay_log_recovery' is a GLOBAL variable and should be set with SET GLOBAL -SET SESSION relay_log_recovery=1; -ERROR HY000: Variable 'relay_log_recovery' is a GLOBAL variable and should be set with SET GLOBAL -disconnect user1; -connection default; -DROP USER user1@localhost; SET @@global.relay_log_recovery=@global; diff --git a/mysql-test/suite/sys_vars/r/replicate_do_db_grant.result b/mysql-test/suite/sys_vars/r/replicate_do_db_grant.result index 1f352590072..e5418dd627b 100644 --- a/mysql-test/suite/sys_vars/r/replicate_do_db_grant.result +++ b/mysql-test/suite/sys_vars/r/replicate_do_db_grant.result @@ -2,14 +2,14 @@ # MDEV-21966 Bind REPLICATION SLAVE ADMIN to a number of global system variables # SET @global=@@global.replicate_do_db; -# Test that "SET replicate_do_db" is not allowed without REPLICATION SLAVE ADMIN or SUPER +# Test that "SET replicate_do_db" is not allowed without REPLICATION SLAVE ADMIN CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE REPLICATION SLAVE ADMIN, SUPER ON *.* FROM user1@localhost; +REVOKE REPLICATION SLAVE ADMIN ON *.* FROM user1@localhost; connect user1,localhost,user1,,; connection user1; SET GLOBAL replicate_do_db=''; -ERROR 42000: Access denied; you need (at least one of) the SUPER, REPLICATION SLAVE ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the REPLICATION SLAVE ADMIN privilege(s) for this operation SET replicate_do_db=''; ERROR HY000: Variable 'replicate_do_db' is a GLOBAL variable and should be set with SET GLOBAL SET SESSION replicate_do_db=''; @@ -30,17 +30,4 @@ ERROR HY000: Variable 'replicate_do_db' is a GLOBAL variable and should be set w disconnect user1; connection default; DROP USER user1@localhost; -# Test that "SET replicate_do_db" is allowed with SUPER -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; -connect user1,localhost,user1,,; -connection user1; -SET GLOBAL replicate_do_db=''; -SET replicate_do_db=''; -ERROR HY000: Variable 'replicate_do_db' is a GLOBAL variable and should be set with SET GLOBAL -SET SESSION replicate_do_db=''; -ERROR HY000: Variable 'replicate_do_db' is a GLOBAL variable and should be set with SET GLOBAL -disconnect user1; -connection default; -DROP USER user1@localhost; SET @@global.replicate_do_db=@global; diff --git a/mysql-test/suite/sys_vars/r/replicate_do_table_grant.result b/mysql-test/suite/sys_vars/r/replicate_do_table_grant.result index 31290979695..37b5450f677 100644 --- a/mysql-test/suite/sys_vars/r/replicate_do_table_grant.result +++ b/mysql-test/suite/sys_vars/r/replicate_do_table_grant.result @@ -2,14 +2,14 @@ # MDEV-21966 Bind REPLICATION SLAVE ADMIN to a number of global system variables # SET @global=@@global.replicate_do_table; -# Test that "SET replicate_do_table" is not allowed without REPLICATION SLAVE ADMIN or SUPER +# Test that "SET replicate_do_table" is not allowed without REPLICATION SLAVE ADMIN CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE REPLICATION SLAVE ADMIN, SUPER ON *.* FROM user1@localhost; +REVOKE REPLICATION SLAVE ADMIN ON *.* FROM user1@localhost; connect user1,localhost,user1,,; connection user1; SET GLOBAL replicate_do_table=''; -ERROR 42000: Access denied; you need (at least one of) the SUPER, REPLICATION SLAVE ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the REPLICATION SLAVE ADMIN privilege(s) for this operation SET replicate_do_table=''; ERROR HY000: Variable 'replicate_do_table' is a GLOBAL variable and should be set with SET GLOBAL SET SESSION replicate_do_table=''; @@ -30,17 +30,4 @@ ERROR HY000: Variable 'replicate_do_table' is a GLOBAL variable and should be se disconnect user1; connection default; DROP USER user1@localhost; -# Test that "SET replicate_do_table" is allowed with SUPER -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; -connect user1,localhost,user1,,; -connection user1; -SET GLOBAL replicate_do_table=''; -SET replicate_do_table=''; -ERROR HY000: Variable 'replicate_do_table' is a GLOBAL variable and should be set with SET GLOBAL -SET SESSION replicate_do_table=''; -ERROR HY000: Variable 'replicate_do_table' is a GLOBAL variable and should be set with SET GLOBAL -disconnect user1; -connection default; -DROP USER user1@localhost; SET @@global.replicate_do_table=@global; diff --git a/mysql-test/suite/sys_vars/r/replicate_events_marked_for_skip_grant.result b/mysql-test/suite/sys_vars/r/replicate_events_marked_for_skip_grant.result index f649294f7e5..250be74b247 100644 --- a/mysql-test/suite/sys_vars/r/replicate_events_marked_for_skip_grant.result +++ b/mysql-test/suite/sys_vars/r/replicate_events_marked_for_skip_grant.result @@ -2,14 +2,14 @@ # MDEV-21966 Bind REPLICATION SLAVE ADMIN to a number of global system variables # SET @global=@@global.replicate_events_marked_for_skip; -# Test that "SET replicate_events_marked_for_skip" is not allowed without REPLICATION SLAVE ADMIN or SUPER +# Test that "SET replicate_events_marked_for_skip" is not allowed without REPLICATION SLAVE ADMIN CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE REPLICATION SLAVE ADMIN, SUPER ON *.* FROM user1@localhost; +REVOKE REPLICATION SLAVE ADMIN ON *.* FROM user1@localhost; connect user1,localhost,user1,,; connection user1; SET GLOBAL replicate_events_marked_for_skip=REPLICATE; -ERROR 42000: Access denied; you need (at least one of) the SUPER, REPLICATION SLAVE ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the REPLICATION SLAVE ADMIN privilege(s) for this operation SET replicate_events_marked_for_skip=REPLICATE; ERROR HY000: Variable 'replicate_events_marked_for_skip' is a GLOBAL variable and should be set with SET GLOBAL SET SESSION replicate_events_marked_for_skip=REPLICATE; @@ -30,17 +30,4 @@ ERROR HY000: Variable 'replicate_events_marked_for_skip' is a GLOBAL variable an disconnect user1; connection default; DROP USER user1@localhost; -# Test that "SET replicate_events_marked_for_skip" is allowed with SUPER -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; -connect user1,localhost,user1,,; -connection user1; -SET GLOBAL replicate_events_marked_for_skip=REPLICATE; -SET replicate_events_marked_for_skip=REPLICATE; -ERROR HY000: Variable 'replicate_events_marked_for_skip' is a GLOBAL variable and should be set with SET GLOBAL -SET SESSION replicate_events_marked_for_skip=REPLICATE; -ERROR HY000: Variable 'replicate_events_marked_for_skip' is a GLOBAL variable and should be set with SET GLOBAL -disconnect user1; -connection default; -DROP USER user1@localhost; SET @@global.replicate_events_marked_for_skip=@global; diff --git a/mysql-test/suite/sys_vars/r/replicate_ignore_db_grant.result b/mysql-test/suite/sys_vars/r/replicate_ignore_db_grant.result index 612fab62771..6086f363a9c 100644 --- a/mysql-test/suite/sys_vars/r/replicate_ignore_db_grant.result +++ b/mysql-test/suite/sys_vars/r/replicate_ignore_db_grant.result @@ -2,14 +2,14 @@ # MDEV-21966 Bind REPLICATION SLAVE ADMIN to a number of global system variables # SET @global=@@global.replicate_ignore_db; -# Test that "SET replicate_ignore_db" is not allowed without REPLICATION SLAVE ADMIN or SUPER +# Test that "SET replicate_ignore_db" is not allowed without REPLICATION SLAVE ADMIN CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE REPLICATION SLAVE ADMIN, SUPER ON *.* FROM user1@localhost; +REVOKE REPLICATION SLAVE ADMIN ON *.* FROM user1@localhost; connect user1,localhost,user1,,; connection user1; SET GLOBAL replicate_ignore_db=''; -ERROR 42000: Access denied; you need (at least one of) the SUPER, REPLICATION SLAVE ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the REPLICATION SLAVE ADMIN privilege(s) for this operation SET replicate_ignore_db=''; ERROR HY000: Variable 'replicate_ignore_db' is a GLOBAL variable and should be set with SET GLOBAL SET SESSION replicate_ignore_db=''; @@ -30,17 +30,4 @@ ERROR HY000: Variable 'replicate_ignore_db' is a GLOBAL variable and should be s disconnect user1; connection default; DROP USER user1@localhost; -# Test that "SET replicate_ignore_db" is allowed with SUPER -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; -connect user1,localhost,user1,,; -connection user1; -SET GLOBAL replicate_ignore_db=''; -SET replicate_ignore_db=''; -ERROR HY000: Variable 'replicate_ignore_db' is a GLOBAL variable and should be set with SET GLOBAL -SET SESSION replicate_ignore_db=''; -ERROR HY000: Variable 'replicate_ignore_db' is a GLOBAL variable and should be set with SET GLOBAL -disconnect user1; -connection default; -DROP USER user1@localhost; SET @@global.replicate_ignore_db=@global; diff --git a/mysql-test/suite/sys_vars/r/replicate_ignore_table_grant.result b/mysql-test/suite/sys_vars/r/replicate_ignore_table_grant.result index 9f2354a8704..b2ff338486e 100644 --- a/mysql-test/suite/sys_vars/r/replicate_ignore_table_grant.result +++ b/mysql-test/suite/sys_vars/r/replicate_ignore_table_grant.result @@ -2,14 +2,14 @@ # MDEV-21966 Bind REPLICATION SLAVE ADMIN to a number of global system variables # SET @global=@@global.replicate_ignore_table; -# Test that "SET replicate_ignore_table" is not allowed without REPLICATION SLAVE ADMIN or SUPER +# Test that "SET replicate_ignore_table" is not allowed without REPLICATION SLAVE ADMIN CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE REPLICATION SLAVE ADMIN, SUPER ON *.* FROM user1@localhost; +REVOKE REPLICATION SLAVE ADMIN ON *.* FROM user1@localhost; connect user1,localhost,user1,,; connection user1; SET GLOBAL replicate_ignore_table=''; -ERROR 42000: Access denied; you need (at least one of) the SUPER, REPLICATION SLAVE ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the REPLICATION SLAVE ADMIN privilege(s) for this operation SET replicate_ignore_table=''; ERROR HY000: Variable 'replicate_ignore_table' is a GLOBAL variable and should be set with SET GLOBAL SET SESSION replicate_ignore_table=''; @@ -30,17 +30,4 @@ ERROR HY000: Variable 'replicate_ignore_table' is a GLOBAL variable and should b disconnect user1; connection default; DROP USER user1@localhost; -# Test that "SET replicate_ignore_table" is allowed with SUPER -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; -connect user1,localhost,user1,,; -connection user1; -SET GLOBAL replicate_ignore_table=''; -SET replicate_ignore_table=''; -ERROR HY000: Variable 'replicate_ignore_table' is a GLOBAL variable and should be set with SET GLOBAL -SET SESSION replicate_ignore_table=''; -ERROR HY000: Variable 'replicate_ignore_table' is a GLOBAL variable and should be set with SET GLOBAL -disconnect user1; -connection default; -DROP USER user1@localhost; SET @@global.replicate_ignore_table=@global; diff --git a/mysql-test/suite/sys_vars/r/replicate_wild_do_table_grant.result b/mysql-test/suite/sys_vars/r/replicate_wild_do_table_grant.result index 1c9e12ded65..c09ef6ecce1 100644 --- a/mysql-test/suite/sys_vars/r/replicate_wild_do_table_grant.result +++ b/mysql-test/suite/sys_vars/r/replicate_wild_do_table_grant.result @@ -2,14 +2,14 @@ # MDEV-21966 Bind REPLICATION SLAVE ADMIN to a number of global system variables # SET @global=@@global.replicate_wild_do_table; -# Test that "SET replicate_wild_do_table" is not allowed without REPLICATION SLAVE ADMIN or SUPER +# Test that "SET replicate_wild_do_table" is not allowed without REPLICATION SLAVE ADMIN CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE REPLICATION SLAVE ADMIN, SUPER ON *.* FROM user1@localhost; +REVOKE REPLICATION SLAVE ADMIN ON *.* FROM user1@localhost; connect user1,localhost,user1,,; connection user1; SET GLOBAL replicate_wild_do_table=''; -ERROR 42000: Access denied; you need (at least one of) the SUPER, REPLICATION SLAVE ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the REPLICATION SLAVE ADMIN privilege(s) for this operation SET replicate_wild_do_table=''; ERROR HY000: Variable 'replicate_wild_do_table' is a GLOBAL variable and should be set with SET GLOBAL SET SESSION replicate_wild_do_table=''; @@ -30,17 +30,4 @@ ERROR HY000: Variable 'replicate_wild_do_table' is a GLOBAL variable and should disconnect user1; connection default; DROP USER user1@localhost; -# Test that "SET replicate_wild_do_table" is allowed with SUPER -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; -connect user1,localhost,user1,,; -connection user1; -SET GLOBAL replicate_wild_do_table=''; -SET replicate_wild_do_table=''; -ERROR HY000: Variable 'replicate_wild_do_table' is a GLOBAL variable and should be set with SET GLOBAL -SET SESSION replicate_wild_do_table=''; -ERROR HY000: Variable 'replicate_wild_do_table' is a GLOBAL variable and should be set with SET GLOBAL -disconnect user1; -connection default; -DROP USER user1@localhost; SET @@global.replicate_wild_do_table=@global; diff --git a/mysql-test/suite/sys_vars/r/replicate_wild_ignore_table_grant.result b/mysql-test/suite/sys_vars/r/replicate_wild_ignore_table_grant.result index 27a82173d50..2f5998e19d0 100644 --- a/mysql-test/suite/sys_vars/r/replicate_wild_ignore_table_grant.result +++ b/mysql-test/suite/sys_vars/r/replicate_wild_ignore_table_grant.result @@ -2,14 +2,14 @@ # MDEV-21966 Bind REPLICATION SLAVE ADMIN to a number of global system variables # SET @global=@@global.replicate_wild_ignore_table; -# Test that "SET replicate_wild_ignore_table" is not allowed without REPLICATION SLAVE ADMIN or SUPER +# Test that "SET replicate_wild_ignore_table" is not allowed without REPLICATION SLAVE ADMIN CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE REPLICATION SLAVE ADMIN, SUPER ON *.* FROM user1@localhost; +REVOKE REPLICATION SLAVE ADMIN ON *.* FROM user1@localhost; connect user1,localhost,user1,,; connection user1; SET GLOBAL replicate_wild_ignore_table=''; -ERROR 42000: Access denied; you need (at least one of) the SUPER, REPLICATION SLAVE ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the REPLICATION SLAVE ADMIN privilege(s) for this operation SET replicate_wild_ignore_table=''; ERROR HY000: Variable 'replicate_wild_ignore_table' is a GLOBAL variable and should be set with SET GLOBAL SET SESSION replicate_wild_ignore_table=''; @@ -30,17 +30,4 @@ ERROR HY000: Variable 'replicate_wild_ignore_table' is a GLOBAL variable and sho disconnect user1; connection default; DROP USER user1@localhost; -# Test that "SET replicate_wild_ignore_table" is allowed with SUPER -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; -connect user1,localhost,user1,,; -connection user1; -SET GLOBAL replicate_wild_ignore_table=''; -SET replicate_wild_ignore_table=''; -ERROR HY000: Variable 'replicate_wild_ignore_table' is a GLOBAL variable and should be set with SET GLOBAL -SET SESSION replicate_wild_ignore_table=''; -ERROR HY000: Variable 'replicate_wild_ignore_table' is a GLOBAL variable and should be set with SET GLOBAL -disconnect user1; -connection default; -DROP USER user1@localhost; SET @@global.replicate_wild_ignore_table=@global; diff --git a/mysql-test/suite/sys_vars/r/rpl_semi_sync_master_enabled_grant.result b/mysql-test/suite/sys_vars/r/rpl_semi_sync_master_enabled_grant.result index 3c5b3d070d5..803a5551df2 100644 --- a/mysql-test/suite/sys_vars/r/rpl_semi_sync_master_enabled_grant.result +++ b/mysql-test/suite/sys_vars/r/rpl_semi_sync_master_enabled_grant.result @@ -2,14 +2,14 @@ # MDEV-21967 Bind REPLICATION {MASTER|SLAVE} ADMIN to rpl_semi_sync_* variables # SET @global=@@global.rpl_semi_sync_master_enabled; -# Test that "SET rpl_semi_sync_master_enabled" is not allowed without REPLICATION MASTER ADMIN or SUPER +# Test that "SET rpl_semi_sync_master_enabled" is not allowed without REPLICATION MASTER ADMIN CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE REPLICATION MASTER ADMIN, SUPER ON *.* FROM user1@localhost; +REVOKE REPLICATION MASTER ADMIN ON *.* FROM user1@localhost; connect user1,localhost,user1,,; connection user1; SET GLOBAL rpl_semi_sync_master_enabled=1; -ERROR 42000: Access denied; you need (at least one of) the SUPER, REPLICATION MASTER ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the REPLICATION MASTER ADMIN privilege(s) for this operation SET rpl_semi_sync_master_enabled=1; ERROR HY000: Variable 'rpl_semi_sync_master_enabled' is a GLOBAL variable and should be set with SET GLOBAL SET SESSION rpl_semi_sync_master_enabled=1; @@ -30,17 +30,4 @@ ERROR HY000: Variable 'rpl_semi_sync_master_enabled' is a GLOBAL variable and sh disconnect user1; connection default; DROP USER user1@localhost; -# Test that "SET rpl_semi_sync_master_enabled" is allowed with SUPER -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; -connect user1,localhost,user1,,; -connection user1; -SET GLOBAL rpl_semi_sync_master_enabled=1; -SET rpl_semi_sync_master_enabled=1; -ERROR HY000: Variable 'rpl_semi_sync_master_enabled' is a GLOBAL variable and should be set with SET GLOBAL -SET SESSION rpl_semi_sync_master_enabled=1; -ERROR HY000: Variable 'rpl_semi_sync_master_enabled' is a GLOBAL variable and should be set with SET GLOBAL -disconnect user1; -connection default; -DROP USER user1@localhost; SET @@global.rpl_semi_sync_master_enabled=@global; diff --git a/mysql-test/suite/sys_vars/r/rpl_semi_sync_master_timeout_grant.result b/mysql-test/suite/sys_vars/r/rpl_semi_sync_master_timeout_grant.result index 2e8b51d5fa8..be12c0ff84d 100644 --- a/mysql-test/suite/sys_vars/r/rpl_semi_sync_master_timeout_grant.result +++ b/mysql-test/suite/sys_vars/r/rpl_semi_sync_master_timeout_grant.result @@ -2,14 +2,14 @@ # MDEV-21967 Bind REPLICATION {MASTER|SLAVE} ADMIN to rpl_semi_sync_* variables # SET @global=@@global.rpl_semi_sync_master_timeout; -# Test that "SET rpl_semi_sync_master_timeout" is not allowed without REPLICATION MASTER ADMIN or SUPER +# Test that "SET rpl_semi_sync_master_timeout" is not allowed without REPLICATION MASTER ADMIN CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE REPLICATION MASTER ADMIN, SUPER ON *.* FROM user1@localhost; +REVOKE REPLICATION MASTER ADMIN ON *.* FROM user1@localhost; connect user1,localhost,user1,,; connection user1; SET GLOBAL rpl_semi_sync_master_timeout=20000; -ERROR 42000: Access denied; you need (at least one of) the SUPER, REPLICATION MASTER ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the REPLICATION MASTER ADMIN privilege(s) for this operation SET rpl_semi_sync_master_timeout=20000; ERROR HY000: Variable 'rpl_semi_sync_master_timeout' is a GLOBAL variable and should be set with SET GLOBAL SET SESSION rpl_semi_sync_master_timeout=20000; @@ -30,17 +30,4 @@ ERROR HY000: Variable 'rpl_semi_sync_master_timeout' is a GLOBAL variable and sh disconnect user1; connection default; DROP USER user1@localhost; -# Test that "SET rpl_semi_sync_master_timeout" is allowed with SUPER -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; -connect user1,localhost,user1,,; -connection user1; -SET GLOBAL rpl_semi_sync_master_timeout=20000; -SET rpl_semi_sync_master_timeout=20000; -ERROR HY000: Variable 'rpl_semi_sync_master_timeout' is a GLOBAL variable and should be set with SET GLOBAL -SET SESSION rpl_semi_sync_master_timeout=20000; -ERROR HY000: Variable 'rpl_semi_sync_master_timeout' is a GLOBAL variable and should be set with SET GLOBAL -disconnect user1; -connection default; -DROP USER user1@localhost; SET @@global.rpl_semi_sync_master_timeout=@global; diff --git a/mysql-test/suite/sys_vars/r/rpl_semi_sync_master_trace_level_grant.result b/mysql-test/suite/sys_vars/r/rpl_semi_sync_master_trace_level_grant.result index c31d063f1d9..2c5a7e65041 100644 --- a/mysql-test/suite/sys_vars/r/rpl_semi_sync_master_trace_level_grant.result +++ b/mysql-test/suite/sys_vars/r/rpl_semi_sync_master_trace_level_grant.result @@ -2,14 +2,14 @@ # MDEV-21967 Bind REPLICATION {MASTER|SLAVE} ADMIN to rpl_semi_sync_* variables # SET @global=@@global.rpl_semi_sync_master_trace_level; -# Test that "SET rpl_semi_sync_master_trace_level" is not allowed without REPLICATION MASTER ADMIN or SUPER +# Test that "SET rpl_semi_sync_master_trace_level" is not allowed without REPLICATION MASTER ADMIN CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE REPLICATION MASTER ADMIN, SUPER ON *.* FROM user1@localhost; +REVOKE REPLICATION MASTER ADMIN ON *.* FROM user1@localhost; connect user1,localhost,user1,,; connection user1; SET GLOBAL rpl_semi_sync_master_trace_level=64; -ERROR 42000: Access denied; you need (at least one of) the SUPER, REPLICATION MASTER ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the REPLICATION MASTER ADMIN privilege(s) for this operation SET rpl_semi_sync_master_trace_level=64; ERROR HY000: Variable 'rpl_semi_sync_master_trace_level' is a GLOBAL variable and should be set with SET GLOBAL SET SESSION rpl_semi_sync_master_trace_level=64; @@ -30,17 +30,4 @@ ERROR HY000: Variable 'rpl_semi_sync_master_trace_level' is a GLOBAL variable an disconnect user1; connection default; DROP USER user1@localhost; -# Test that "SET rpl_semi_sync_master_trace_level" is allowed with SUPER -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; -connect user1,localhost,user1,,; -connection user1; -SET GLOBAL rpl_semi_sync_master_trace_level=64; -SET rpl_semi_sync_master_trace_level=64; -ERROR HY000: Variable 'rpl_semi_sync_master_trace_level' is a GLOBAL variable and should be set with SET GLOBAL -SET SESSION rpl_semi_sync_master_trace_level=64; -ERROR HY000: Variable 'rpl_semi_sync_master_trace_level' is a GLOBAL variable and should be set with SET GLOBAL -disconnect user1; -connection default; -DROP USER user1@localhost; SET @@global.rpl_semi_sync_master_trace_level=@global; diff --git a/mysql-test/suite/sys_vars/r/rpl_semi_sync_master_wait_no_slave_grant.result b/mysql-test/suite/sys_vars/r/rpl_semi_sync_master_wait_no_slave_grant.result index 14e239f7c4c..7af4016a6f6 100644 --- a/mysql-test/suite/sys_vars/r/rpl_semi_sync_master_wait_no_slave_grant.result +++ b/mysql-test/suite/sys_vars/r/rpl_semi_sync_master_wait_no_slave_grant.result @@ -2,14 +2,14 @@ # MDEV-21967 Bind REPLICATION {MASTER|SLAVE} ADMIN to rpl_semi_sync_* variables # SET @global=@@global.rpl_semi_sync_master_wait_no_slave; -# Test that "SET rpl_semi_sync_master_wait_no_slave" is not allowed without REPLICATION MASTER ADMIN or SUPER +# Test that "SET rpl_semi_sync_master_wait_no_slave" is not allowed without REPLICATION MASTER ADMIN CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE REPLICATION MASTER ADMIN, SUPER ON *.* FROM user1@localhost; +REVOKE REPLICATION MASTER ADMIN ON *.* FROM user1@localhost; connect user1,localhost,user1,,; connection user1; SET GLOBAL rpl_semi_sync_master_wait_no_slave=1; -ERROR 42000: Access denied; you need (at least one of) the SUPER, REPLICATION MASTER ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the REPLICATION MASTER ADMIN privilege(s) for this operation SET rpl_semi_sync_master_wait_no_slave=1; ERROR HY000: Variable 'rpl_semi_sync_master_wait_no_slave' is a GLOBAL variable and should be set with SET GLOBAL SET SESSION rpl_semi_sync_master_wait_no_slave=1; @@ -30,17 +30,4 @@ ERROR HY000: Variable 'rpl_semi_sync_master_wait_no_slave' is a GLOBAL variable disconnect user1; connection default; DROP USER user1@localhost; -# Test that "SET rpl_semi_sync_master_wait_no_slave" is allowed with SUPER -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; -connect user1,localhost,user1,,; -connection user1; -SET GLOBAL rpl_semi_sync_master_wait_no_slave=1; -SET rpl_semi_sync_master_wait_no_slave=1; -ERROR HY000: Variable 'rpl_semi_sync_master_wait_no_slave' is a GLOBAL variable and should be set with SET GLOBAL -SET SESSION rpl_semi_sync_master_wait_no_slave=1; -ERROR HY000: Variable 'rpl_semi_sync_master_wait_no_slave' is a GLOBAL variable and should be set with SET GLOBAL -disconnect user1; -connection default; -DROP USER user1@localhost; SET @@global.rpl_semi_sync_master_wait_no_slave=@global; diff --git a/mysql-test/suite/sys_vars/r/rpl_semi_sync_master_wait_point_grant.result b/mysql-test/suite/sys_vars/r/rpl_semi_sync_master_wait_point_grant.result index 5760c45900e..0ce01cdb7be 100644 --- a/mysql-test/suite/sys_vars/r/rpl_semi_sync_master_wait_point_grant.result +++ b/mysql-test/suite/sys_vars/r/rpl_semi_sync_master_wait_point_grant.result @@ -2,14 +2,14 @@ # MDEV-21967 Bind REPLICATION {MASTER|SLAVE} ADMIN to rpl_semi_sync_* variables # SET @global=@@global.rpl_semi_sync_master_wait_point; -# Test that "SET rpl_semi_sync_master_wait_point" is not allowed without REPLICATION MASTER ADMIN or SUPER +# Test that "SET rpl_semi_sync_master_wait_point" is not allowed without REPLICATION MASTER ADMIN CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE REPLICATION MASTER ADMIN, SUPER ON *.* FROM user1@localhost; +REVOKE REPLICATION MASTER ADMIN ON *.* FROM user1@localhost; connect user1,localhost,user1,,; connection user1; SET GLOBAL rpl_semi_sync_master_wait_point=AFTER_SYNC; -ERROR 42000: Access denied; you need (at least one of) the SUPER, REPLICATION MASTER ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the REPLICATION MASTER ADMIN privilege(s) for this operation SET rpl_semi_sync_master_wait_point=AFTER_SYNC; ERROR HY000: Variable 'rpl_semi_sync_master_wait_point' is a GLOBAL variable and should be set with SET GLOBAL SET SESSION rpl_semi_sync_master_wait_point=AFTER_SYNC; @@ -30,17 +30,4 @@ ERROR HY000: Variable 'rpl_semi_sync_master_wait_point' is a GLOBAL variable and disconnect user1; connection default; DROP USER user1@localhost; -# Test that "SET rpl_semi_sync_master_wait_point" is allowed with SUPER -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; -connect user1,localhost,user1,,; -connection user1; -SET GLOBAL rpl_semi_sync_master_wait_point=AFTER_SYNC; -SET rpl_semi_sync_master_wait_point=AFTER_SYNC; -ERROR HY000: Variable 'rpl_semi_sync_master_wait_point' is a GLOBAL variable and should be set with SET GLOBAL -SET SESSION rpl_semi_sync_master_wait_point=AFTER_SYNC; -ERROR HY000: Variable 'rpl_semi_sync_master_wait_point' is a GLOBAL variable and should be set with SET GLOBAL -disconnect user1; -connection default; -DROP USER user1@localhost; SET @@global.rpl_semi_sync_master_wait_point=@global; diff --git a/mysql-test/suite/sys_vars/r/rpl_semi_sync_slave_delay_master_grant.result b/mysql-test/suite/sys_vars/r/rpl_semi_sync_slave_delay_master_grant.result index 9e1c3073da9..9460df95c3a 100644 --- a/mysql-test/suite/sys_vars/r/rpl_semi_sync_slave_delay_master_grant.result +++ b/mysql-test/suite/sys_vars/r/rpl_semi_sync_slave_delay_master_grant.result @@ -2,14 +2,14 @@ # MDEV-21967 Bind REPLICATION {MASTER|SLAVE} ADMIN to rpl_semi_sync_* variables # SET @global=@@global.rpl_semi_sync_slave_delay_master; -# Test that "SET rpl_semi_sync_slave_delay_master" is not allowed without REPLICATION SLAVE ADMIN or SUPER +# Test that "SET rpl_semi_sync_slave_delay_master" is not allowed without REPLICATION SLAVE ADMIN CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE REPLICATION SLAVE ADMIN, SUPER ON *.* FROM user1@localhost; +REVOKE REPLICATION SLAVE ADMIN ON *.* FROM user1@localhost; connect user1,localhost,user1,,; connection user1; SET GLOBAL rpl_semi_sync_slave_delay_master=1; -ERROR 42000: Access denied; you need (at least one of) the SUPER, REPLICATION SLAVE ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the REPLICATION SLAVE ADMIN privilege(s) for this operation SET rpl_semi_sync_slave_delay_master=1; ERROR HY000: Variable 'rpl_semi_sync_slave_delay_master' is a GLOBAL variable and should be set with SET GLOBAL SET SESSION rpl_semi_sync_slave_delay_master=1; @@ -30,17 +30,4 @@ ERROR HY000: Variable 'rpl_semi_sync_slave_delay_master' is a GLOBAL variable an disconnect user1; connection default; DROP USER user1@localhost; -# Test that "SET rpl_semi_sync_slave_delay_master" is allowed with SUPER -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; -connect user1,localhost,user1,,; -connection user1; -SET GLOBAL rpl_semi_sync_slave_delay_master=1; -SET rpl_semi_sync_slave_delay_master=1; -ERROR HY000: Variable 'rpl_semi_sync_slave_delay_master' is a GLOBAL variable and should be set with SET GLOBAL -SET SESSION rpl_semi_sync_slave_delay_master=1; -ERROR HY000: Variable 'rpl_semi_sync_slave_delay_master' is a GLOBAL variable and should be set with SET GLOBAL -disconnect user1; -connection default; -DROP USER user1@localhost; SET @@global.rpl_semi_sync_slave_delay_master=@global; diff --git a/mysql-test/suite/sys_vars/r/rpl_semi_sync_slave_enabled_grant.result b/mysql-test/suite/sys_vars/r/rpl_semi_sync_slave_enabled_grant.result index f370b82d751..f99eee16122 100644 --- a/mysql-test/suite/sys_vars/r/rpl_semi_sync_slave_enabled_grant.result +++ b/mysql-test/suite/sys_vars/r/rpl_semi_sync_slave_enabled_grant.result @@ -2,14 +2,14 @@ # MDEV-21967 Bind REPLICATION {MASTER|SLAVE} ADMIN to rpl_semi_sync_* variables # SET @global=@@global.rpl_semi_sync_slave_enabled; -# Test that "SET rpl_semi_sync_slave_enabled" is not allowed without REPLICATION SLAVE ADMIN or SUPER +# Test that "SET rpl_semi_sync_slave_enabled" is not allowed without REPLICATION SLAVE ADMIN CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE REPLICATION SLAVE ADMIN, SUPER ON *.* FROM user1@localhost; +REVOKE REPLICATION SLAVE ADMIN ON *.* FROM user1@localhost; connect user1,localhost,user1,,; connection user1; SET GLOBAL rpl_semi_sync_slave_enabled=1; -ERROR 42000: Access denied; you need (at least one of) the SUPER, REPLICATION SLAVE ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the REPLICATION SLAVE ADMIN privilege(s) for this operation SET rpl_semi_sync_slave_enabled=1; ERROR HY000: Variable 'rpl_semi_sync_slave_enabled' is a GLOBAL variable and should be set with SET GLOBAL SET SESSION rpl_semi_sync_slave_enabled=1; @@ -30,17 +30,4 @@ ERROR HY000: Variable 'rpl_semi_sync_slave_enabled' is a GLOBAL variable and sho disconnect user1; connection default; DROP USER user1@localhost; -# Test that "SET rpl_semi_sync_slave_enabled" is allowed with SUPER -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; -connect user1,localhost,user1,,; -connection user1; -SET GLOBAL rpl_semi_sync_slave_enabled=1; -SET rpl_semi_sync_slave_enabled=1; -ERROR HY000: Variable 'rpl_semi_sync_slave_enabled' is a GLOBAL variable and should be set with SET GLOBAL -SET SESSION rpl_semi_sync_slave_enabled=1; -ERROR HY000: Variable 'rpl_semi_sync_slave_enabled' is a GLOBAL variable and should be set with SET GLOBAL -disconnect user1; -connection default; -DROP USER user1@localhost; SET @@global.rpl_semi_sync_slave_enabled=@global; diff --git a/mysql-test/suite/sys_vars/r/rpl_semi_sync_slave_kill_conn_timeout_grant.result b/mysql-test/suite/sys_vars/r/rpl_semi_sync_slave_kill_conn_timeout_grant.result index f5e0f3b3e3a..42eda8058fa 100644 --- a/mysql-test/suite/sys_vars/r/rpl_semi_sync_slave_kill_conn_timeout_grant.result +++ b/mysql-test/suite/sys_vars/r/rpl_semi_sync_slave_kill_conn_timeout_grant.result @@ -2,14 +2,14 @@ # MDEV-21967 Bind REPLICATION {MASTER|SLAVE} ADMIN to rpl_semi_sync_* variables # SET @global=@@global.rpl_semi_sync_slave_kill_conn_timeout; -# Test that "SET rpl_semi_sync_slave_kill_conn_timeout" is not allowed without REPLICATION SLAVE ADMIN or SUPER +# Test that "SET rpl_semi_sync_slave_kill_conn_timeout" is not allowed without REPLICATION SLAVE ADMIN CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE REPLICATION SLAVE ADMIN, SUPER ON *.* FROM user1@localhost; +REVOKE REPLICATION SLAVE ADMIN ON *.* FROM user1@localhost; connect user1,localhost,user1,,; connection user1; SET GLOBAL rpl_semi_sync_slave_kill_conn_timeout=1; -ERROR 42000: Access denied; you need (at least one of) the SUPER, REPLICATION SLAVE ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the REPLICATION SLAVE ADMIN privilege(s) for this operation SET rpl_semi_sync_slave_kill_conn_timeout=1; ERROR HY000: Variable 'rpl_semi_sync_slave_kill_conn_timeout' is a GLOBAL variable and should be set with SET GLOBAL SET SESSION rpl_semi_sync_slave_kill_conn_timeout=1; @@ -30,17 +30,4 @@ ERROR HY000: Variable 'rpl_semi_sync_slave_kill_conn_timeout' is a GLOBAL variab disconnect user1; connection default; DROP USER user1@localhost; -# Test that "SET rpl_semi_sync_slave_kill_conn_timeout" is allowed with SUPER -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; -connect user1,localhost,user1,,; -connection user1; -SET GLOBAL rpl_semi_sync_slave_kill_conn_timeout=1; -SET rpl_semi_sync_slave_kill_conn_timeout=1; -ERROR HY000: Variable 'rpl_semi_sync_slave_kill_conn_timeout' is a GLOBAL variable and should be set with SET GLOBAL -SET SESSION rpl_semi_sync_slave_kill_conn_timeout=1; -ERROR HY000: Variable 'rpl_semi_sync_slave_kill_conn_timeout' is a GLOBAL variable and should be set with SET GLOBAL -disconnect user1; -connection default; -DROP USER user1@localhost; SET @@global.rpl_semi_sync_slave_kill_conn_timeout=@global; diff --git a/mysql-test/suite/sys_vars/r/rpl_semi_sync_slave_trace_level_grant.result b/mysql-test/suite/sys_vars/r/rpl_semi_sync_slave_trace_level_grant.result index a1471906bba..9693731dc08 100644 --- a/mysql-test/suite/sys_vars/r/rpl_semi_sync_slave_trace_level_grant.result +++ b/mysql-test/suite/sys_vars/r/rpl_semi_sync_slave_trace_level_grant.result @@ -2,14 +2,14 @@ # MDEV-21967 Bind REPLICATION {MASTER|SLAVE} ADMIN to rpl_semi_sync_* variables # SET @global=@@global.rpl_semi_sync_slave_trace_level; -# Test that "SET rpl_semi_sync_slave_trace_level" is not allowed without REPLICATION SLAVE ADMIN or SUPER +# Test that "SET rpl_semi_sync_slave_trace_level" is not allowed without REPLICATION SLAVE ADMIN CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE REPLICATION SLAVE ADMIN, SUPER ON *.* FROM user1@localhost; +REVOKE REPLICATION SLAVE ADMIN ON *.* FROM user1@localhost; connect user1,localhost,user1,,; connection user1; SET GLOBAL rpl_semi_sync_slave_trace_level=64; -ERROR 42000: Access denied; you need (at least one of) the SUPER, REPLICATION SLAVE ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the REPLICATION SLAVE ADMIN privilege(s) for this operation SET rpl_semi_sync_slave_trace_level=64; ERROR HY000: Variable 'rpl_semi_sync_slave_trace_level' is a GLOBAL variable and should be set with SET GLOBAL SET SESSION rpl_semi_sync_slave_trace_level=64; @@ -30,17 +30,4 @@ ERROR HY000: Variable 'rpl_semi_sync_slave_trace_level' is a GLOBAL variable and disconnect user1; connection default; DROP USER user1@localhost; -# Test that "SET rpl_semi_sync_slave_trace_level" is allowed with SUPER -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; -connect user1,localhost,user1,,; -connection user1; -SET GLOBAL rpl_semi_sync_slave_trace_level=64; -SET rpl_semi_sync_slave_trace_level=64; -ERROR HY000: Variable 'rpl_semi_sync_slave_trace_level' is a GLOBAL variable and should be set with SET GLOBAL -SET SESSION rpl_semi_sync_slave_trace_level=64; -ERROR HY000: Variable 'rpl_semi_sync_slave_trace_level' is a GLOBAL variable and should be set with SET GLOBAL -disconnect user1; -connection default; -DROP USER user1@localhost; SET @@global.rpl_semi_sync_slave_trace_level=@global; diff --git a/mysql-test/suite/sys_vars/r/secure_auth_grant.result b/mysql-test/suite/sys_vars/r/secure_auth_grant.result index ed33eb33951..69e001ad77d 100644 --- a/mysql-test/suite/sys_vars/r/secure_auth_grant.result +++ b/mysql-test/suite/sys_vars/r/secure_auth_grant.result @@ -2,14 +2,14 @@ SET @global=@@global.secure_auth; # # MDEV-21961 Bind CONNECTION ADMIN to a number of global system variables # -# Test that "SET secure_auth" is not allowed without CONNECTION ADMIN or SUPER +# Test that "SET secure_auth" is not allowed without CONNECTION ADMIN CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE CONNECTION ADMIN, SUPER ON *.* FROM user1@localhost; +REVOKE CONNECTION ADMIN ON *.* FROM user1@localhost; connect user1,localhost,user1,,; connection user1; SET GLOBAL secure_auth=1; -ERROR 42000: Access denied; you need (at least one of) the SUPER, CONNECTION ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the CONNECTION ADMIN privilege(s) for this operation SET secure_auth=1; ERROR HY000: Variable 'secure_auth' is a GLOBAL variable and should be set with SET GLOBAL SET SESSION secure_auth=1; @@ -30,17 +30,4 @@ ERROR HY000: Variable 'secure_auth' is a GLOBAL variable and should be set with disconnect user1; connection default; DROP USER user1@localhost; -# Test that "SET secure_auth" is allowed with SUPER -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; -connect user1,localhost,user1,,; -connection user1; -SET GLOBAL secure_auth=1; -SET secure_auth=1; -ERROR HY000: Variable 'secure_auth' is a GLOBAL variable and should be set with SET GLOBAL -SET SESSION secure_auth=1; -ERROR HY000: Variable 'secure_auth' is a GLOBAL variable and should be set with SET GLOBAL -disconnect user1; -connection default; -DROP USER user1@localhost; SET @@global.secure_auth=@global; diff --git a/mysql-test/suite/sys_vars/r/server_id_grant.result b/mysql-test/suite/sys_vars/r/server_id_grant.result index f562560e8da..444c1a56d5a 100644 --- a/mysql-test/suite/sys_vars/r/server_id_grant.result +++ b/mysql-test/suite/sys_vars/r/server_id_grant.result @@ -2,14 +2,14 @@ # MDEV-21975 Add BINLOG REPLAY privilege and bind new privileges to gtid_seq_no, preudo_thread_id, server_id, gtid_domain_id # SET @global=@@global.server_id; -# Test that "SET GLOBAL server_id" is not allowed without REPLICATION MASTER ADMIN or SUPER +# Test that "SET GLOBAL server_id" is not allowed without REPLICATION MASTER ADMIN CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE REPLICATION MASTER ADMIN, SUPER ON *.* FROM user1@localhost; +REVOKE REPLICATION MASTER ADMIN ON *.* FROM user1@localhost; connect user1,localhost,user1,,; connection user1; SET GLOBAL server_id=1; -ERROR 42000: Access denied; you need (at least one of) the SUPER, REPLICATION MASTER ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the REPLICATION MASTER ADMIN privilege(s) for this operation disconnect user1; connection default; DROP USER user1@localhost; @@ -22,27 +22,18 @@ SET GLOBAL server_id=1; disconnect user1; connection default; DROP USER user1@localhost; -# Test that "SET GLOBAL server_id" is allowed with SUPER -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; -connect user1,localhost,user1,,; -connection user1; -SET GLOBAL server_id=1; -disconnect user1; -connection default; -DROP USER user1@localhost; SET @@global.server_id=@global; SET @session=@@session.server_id; -# Test that "SET server_id" is not allowed without BINLOG REPLAY or SUPER +# Test that "SET server_id" is not allowed without BINLOG REPLAY CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE BINLOG REPLAY, SUPER ON *.* FROM user1@localhost; +REVOKE BINLOG REPLAY ON *.* FROM user1@localhost; connect user1,localhost,user1,,; connection user1; SET server_id=1; -ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG REPLAY privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the BINLOG REPLAY privilege(s) for this operation SET SESSION server_id=1; -ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG REPLAY privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the BINLOG REPLAY privilege(s) for this operation disconnect user1; connection default; DROP USER user1@localhost; @@ -56,14 +47,4 @@ SET SESSION server_id=1; disconnect user1; connection default; DROP USER user1@localhost; -# Test that "SET server_id" is allowed with SUPER -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; -connect user1,localhost,user1,,; -connection user1; -SET server_id=1; -SET SESSION server_id=1; -disconnect user1; -connection default; -DROP USER user1@localhost; SET @@session.server_id=@session; diff --git a/mysql-test/suite/sys_vars/r/slave_compressed_protocol_grant.result b/mysql-test/suite/sys_vars/r/slave_compressed_protocol_grant.result index 2f3f52982ea..3ef5417d613 100644 --- a/mysql-test/suite/sys_vars/r/slave_compressed_protocol_grant.result +++ b/mysql-test/suite/sys_vars/r/slave_compressed_protocol_grant.result @@ -2,14 +2,14 @@ # MDEV-21966 Bind REPLICATION SLAVE ADMIN to a number of global system variables # SET @global=@@global.slave_compressed_protocol; -# Test that "SET slave_compressed_protocol" is not allowed without REPLICATION SLAVE ADMIN or SUPER +# Test that "SET slave_compressed_protocol" is not allowed without REPLICATION SLAVE ADMIN CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE REPLICATION SLAVE ADMIN, SUPER ON *.* FROM user1@localhost; +REVOKE REPLICATION SLAVE ADMIN ON *.* FROM user1@localhost; connect user1,localhost,user1,,; connection user1; SET GLOBAL slave_compressed_protocol=1; -ERROR 42000: Access denied; you need (at least one of) the SUPER, REPLICATION SLAVE ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the REPLICATION SLAVE ADMIN privilege(s) for this operation SET slave_compressed_protocol=1; ERROR HY000: Variable 'slave_compressed_protocol' is a GLOBAL variable and should be set with SET GLOBAL SET SESSION slave_compressed_protocol=1; @@ -30,17 +30,4 @@ ERROR HY000: Variable 'slave_compressed_protocol' is a GLOBAL variable and shoul disconnect user1; connection default; DROP USER user1@localhost; -# Test that "SET slave_compressed_protocol" is allowed with SUPER -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; -connect user1,localhost,user1,,; -connection user1; -SET GLOBAL slave_compressed_protocol=1; -SET slave_compressed_protocol=1; -ERROR HY000: Variable 'slave_compressed_protocol' is a GLOBAL variable and should be set with SET GLOBAL -SET SESSION slave_compressed_protocol=1; -ERROR HY000: Variable 'slave_compressed_protocol' is a GLOBAL variable and should be set with SET GLOBAL -disconnect user1; -connection default; -DROP USER user1@localhost; SET @@global.slave_compressed_protocol=@global; diff --git a/mysql-test/suite/sys_vars/r/slave_ddl_exec_mode_grant.result b/mysql-test/suite/sys_vars/r/slave_ddl_exec_mode_grant.result index d4f21f1e0ea..dc05d6ced6b 100644 --- a/mysql-test/suite/sys_vars/r/slave_ddl_exec_mode_grant.result +++ b/mysql-test/suite/sys_vars/r/slave_ddl_exec_mode_grant.result @@ -2,14 +2,14 @@ # MDEV-21966 Bind REPLICATION SLAVE ADMIN to a number of global system variables # SET @global=@@global.slave_ddl_exec_mode; -# Test that "SET slave_ddl_exec_mode" is not allowed without REPLICATION SLAVE ADMIN or SUPER +# Test that "SET slave_ddl_exec_mode" is not allowed without REPLICATION SLAVE ADMIN CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE REPLICATION SLAVE ADMIN, SUPER ON *.* FROM user1@localhost; +REVOKE REPLICATION SLAVE ADMIN ON *.* FROM user1@localhost; connect user1,localhost,user1,,; connection user1; SET GLOBAL slave_ddl_exec_mode=STRICT; -ERROR 42000: Access denied; you need (at least one of) the SUPER, REPLICATION SLAVE ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the REPLICATION SLAVE ADMIN privilege(s) for this operation SET slave_ddl_exec_mode=STRICT; ERROR HY000: Variable 'slave_ddl_exec_mode' is a GLOBAL variable and should be set with SET GLOBAL SET SESSION slave_ddl_exec_mode=STRICT; @@ -30,17 +30,4 @@ ERROR HY000: Variable 'slave_ddl_exec_mode' is a GLOBAL variable and should be s disconnect user1; connection default; DROP USER user1@localhost; -# Test that "SET slave_ddl_exec_mode" is allowed with SUPER -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; -connect user1,localhost,user1,,; -connection user1; -SET GLOBAL slave_ddl_exec_mode=STRICT; -SET slave_ddl_exec_mode=STRICT; -ERROR HY000: Variable 'slave_ddl_exec_mode' is a GLOBAL variable and should be set with SET GLOBAL -SET SESSION slave_ddl_exec_mode=STRICT; -ERROR HY000: Variable 'slave_ddl_exec_mode' is a GLOBAL variable and should be set with SET GLOBAL -disconnect user1; -connection default; -DROP USER user1@localhost; SET @@global.slave_ddl_exec_mode=@global; diff --git a/mysql-test/suite/sys_vars/r/slave_domain_parallel_threads_grant.result b/mysql-test/suite/sys_vars/r/slave_domain_parallel_threads_grant.result index f31e48e276d..757b188a4d9 100644 --- a/mysql-test/suite/sys_vars/r/slave_domain_parallel_threads_grant.result +++ b/mysql-test/suite/sys_vars/r/slave_domain_parallel_threads_grant.result @@ -2,14 +2,14 @@ # MDEV-21966 Bind REPLICATION SLAVE ADMIN to a number of global system variables # SET @global=@@global.slave_domain_parallel_threads; -# Test that "SET slave_domain_parallel_threads" is not allowed without REPLICATION SLAVE ADMIN or SUPER +# Test that "SET slave_domain_parallel_threads" is not allowed without REPLICATION SLAVE ADMIN CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE REPLICATION SLAVE ADMIN, SUPER ON *.* FROM user1@localhost; +REVOKE REPLICATION SLAVE ADMIN ON *.* FROM user1@localhost; connect user1,localhost,user1,,; connection user1; SET GLOBAL slave_domain_parallel_threads=0; -ERROR 42000: Access denied; you need (at least one of) the SUPER, REPLICATION SLAVE ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the REPLICATION SLAVE ADMIN privilege(s) for this operation SET slave_domain_parallel_threads=0; ERROR HY000: Variable 'slave_domain_parallel_threads' is a GLOBAL variable and should be set with SET GLOBAL SET SESSION slave_domain_parallel_threads=0; @@ -30,17 +30,4 @@ ERROR HY000: Variable 'slave_domain_parallel_threads' is a GLOBAL variable and s disconnect user1; connection default; DROP USER user1@localhost; -# Test that "SET slave_domain_parallel_threads" is allowed with SUPER -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; -connect user1,localhost,user1,,; -connection user1; -SET GLOBAL slave_domain_parallel_threads=0; -SET slave_domain_parallel_threads=0; -ERROR HY000: Variable 'slave_domain_parallel_threads' is a GLOBAL variable and should be set with SET GLOBAL -SET SESSION slave_domain_parallel_threads=0; -ERROR HY000: Variable 'slave_domain_parallel_threads' is a GLOBAL variable and should be set with SET GLOBAL -disconnect user1; -connection default; -DROP USER user1@localhost; SET @@global.slave_domain_parallel_threads=@global; diff --git a/mysql-test/suite/sys_vars/r/slave_exec_mode_grant.result b/mysql-test/suite/sys_vars/r/slave_exec_mode_grant.result index c1cfdba7c2a..7fd5481ce4f 100644 --- a/mysql-test/suite/sys_vars/r/slave_exec_mode_grant.result +++ b/mysql-test/suite/sys_vars/r/slave_exec_mode_grant.result @@ -2,14 +2,14 @@ # MDEV-21966 Bind REPLICATION SLAVE ADMIN to a number of global system variables # SET @global=@@global.slave_exec_mode; -# Test that "SET slave_exec_mode" is not allowed without REPLICATION SLAVE ADMIN or SUPER +# Test that "SET slave_exec_mode" is not allowed without REPLICATION SLAVE ADMIN CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE REPLICATION SLAVE ADMIN, SUPER ON *.* FROM user1@localhost; +REVOKE REPLICATION SLAVE ADMIN ON *.* FROM user1@localhost; connect user1,localhost,user1,,; connection user1; SET GLOBAL slave_exec_mode=STRICT; -ERROR 42000: Access denied; you need (at least one of) the SUPER, REPLICATION SLAVE ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the REPLICATION SLAVE ADMIN privilege(s) for this operation SET slave_exec_mode=STRICT; ERROR HY000: Variable 'slave_exec_mode' is a GLOBAL variable and should be set with SET GLOBAL SET SESSION slave_exec_mode=STRICT; @@ -30,17 +30,4 @@ ERROR HY000: Variable 'slave_exec_mode' is a GLOBAL variable and should be set w disconnect user1; connection default; DROP USER user1@localhost; -# Test that "SET slave_exec_mode" is allowed with SUPER -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; -connect user1,localhost,user1,,; -connection user1; -SET GLOBAL slave_exec_mode=STRICT; -SET slave_exec_mode=STRICT; -ERROR HY000: Variable 'slave_exec_mode' is a GLOBAL variable and should be set with SET GLOBAL -SET SESSION slave_exec_mode=STRICT; -ERROR HY000: Variable 'slave_exec_mode' is a GLOBAL variable and should be set with SET GLOBAL -disconnect user1; -connection default; -DROP USER user1@localhost; SET @@global.slave_exec_mode=@global; diff --git a/mysql-test/suite/sys_vars/r/slave_max_allowed_packet_grant.result b/mysql-test/suite/sys_vars/r/slave_max_allowed_packet_grant.result index 664d580e1a6..45e79aad0b9 100644 --- a/mysql-test/suite/sys_vars/r/slave_max_allowed_packet_grant.result +++ b/mysql-test/suite/sys_vars/r/slave_max_allowed_packet_grant.result @@ -2,14 +2,14 @@ # MDEV-21966 Bind REPLICATION SLAVE ADMIN to a number of global system variables # SET @global=@@global.slave_max_allowed_packet; -# Test that "SET slave_max_allowed_packet" is not allowed without REPLICATION SLAVE ADMIN or SUPER +# Test that "SET slave_max_allowed_packet" is not allowed without REPLICATION SLAVE ADMIN CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE REPLICATION SLAVE ADMIN, SUPER ON *.* FROM user1@localhost; +REVOKE REPLICATION SLAVE ADMIN ON *.* FROM user1@localhost; connect user1,localhost,user1,,; connection user1; SET GLOBAL slave_max_allowed_packet=65536; -ERROR 42000: Access denied; you need (at least one of) the SUPER, REPLICATION SLAVE ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the REPLICATION SLAVE ADMIN privilege(s) for this operation SET slave_max_allowed_packet=65536; ERROR HY000: Variable 'slave_max_allowed_packet' is a GLOBAL variable and should be set with SET GLOBAL SET SESSION slave_max_allowed_packet=65536; @@ -30,17 +30,4 @@ ERROR HY000: Variable 'slave_max_allowed_packet' is a GLOBAL variable and should disconnect user1; connection default; DROP USER user1@localhost; -# Test that "SET slave_max_allowed_packet" is allowed with SUPER -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; -connect user1,localhost,user1,,; -connection user1; -SET GLOBAL slave_max_allowed_packet=65536; -SET slave_max_allowed_packet=65536; -ERROR HY000: Variable 'slave_max_allowed_packet' is a GLOBAL variable and should be set with SET GLOBAL -SET SESSION slave_max_allowed_packet=65536; -ERROR HY000: Variable 'slave_max_allowed_packet' is a GLOBAL variable and should be set with SET GLOBAL -disconnect user1; -connection default; -DROP USER user1@localhost; SET @@global.slave_max_allowed_packet=@global; diff --git a/mysql-test/suite/sys_vars/r/slave_net_timeout_grant.result b/mysql-test/suite/sys_vars/r/slave_net_timeout_grant.result index 2b6664ab31f..da6e8b0475a 100644 --- a/mysql-test/suite/sys_vars/r/slave_net_timeout_grant.result +++ b/mysql-test/suite/sys_vars/r/slave_net_timeout_grant.result @@ -2,14 +2,14 @@ # MDEV-21966 Bind REPLICATION SLAVE ADMIN to a number of global system variables # SET @global=@@global.slave_net_timeout; -# Test that "SET slave_net_timeout" is not allowed without REPLICATION SLAVE ADMIN or SUPER +# Test that "SET slave_net_timeout" is not allowed without REPLICATION SLAVE ADMIN CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE REPLICATION SLAVE ADMIN, SUPER ON *.* FROM user1@localhost; +REVOKE REPLICATION SLAVE ADMIN ON *.* FROM user1@localhost; connect user1,localhost,user1,,; connection user1; SET GLOBAL slave_net_timeout=60; -ERROR 42000: Access denied; you need (at least one of) the SUPER, REPLICATION SLAVE ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the REPLICATION SLAVE ADMIN privilege(s) for this operation SET slave_net_timeout=60; ERROR HY000: Variable 'slave_net_timeout' is a GLOBAL variable and should be set with SET GLOBAL SET SESSION slave_net_timeout=60; @@ -30,17 +30,4 @@ ERROR HY000: Variable 'slave_net_timeout' is a GLOBAL variable and should be set disconnect user1; connection default; DROP USER user1@localhost; -# Test that "SET slave_net_timeout" is allowed with SUPER -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; -connect user1,localhost,user1,,; -connection user1; -SET GLOBAL slave_net_timeout=60; -SET slave_net_timeout=60; -ERROR HY000: Variable 'slave_net_timeout' is a GLOBAL variable and should be set with SET GLOBAL -SET SESSION slave_net_timeout=60; -ERROR HY000: Variable 'slave_net_timeout' is a GLOBAL variable and should be set with SET GLOBAL -disconnect user1; -connection default; -DROP USER user1@localhost; SET @@global.slave_net_timeout=@global; diff --git a/mysql-test/suite/sys_vars/r/slave_parallel_max_queued_grant.result b/mysql-test/suite/sys_vars/r/slave_parallel_max_queued_grant.result index 315de47853b..9594c7ce511 100644 --- a/mysql-test/suite/sys_vars/r/slave_parallel_max_queued_grant.result +++ b/mysql-test/suite/sys_vars/r/slave_parallel_max_queued_grant.result @@ -2,14 +2,14 @@ # MDEV-21966 Bind REPLICATION SLAVE ADMIN to a number of global system variables # SET @global=@@global.slave_parallel_max_queued; -# Test that "SET slave_parallel_max_queued" is not allowed without REPLICATION SLAVE ADMIN or SUPER +# Test that "SET slave_parallel_max_queued" is not allowed without REPLICATION SLAVE ADMIN CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE REPLICATION SLAVE ADMIN, SUPER ON *.* FROM user1@localhost; +REVOKE REPLICATION SLAVE ADMIN ON *.* FROM user1@localhost; connect user1,localhost,user1,,; connection user1; SET GLOBAL slave_parallel_max_queued=65536; -ERROR 42000: Access denied; you need (at least one of) the SUPER, REPLICATION SLAVE ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the REPLICATION SLAVE ADMIN privilege(s) for this operation SET slave_parallel_max_queued=65536; ERROR HY000: Variable 'slave_parallel_max_queued' is a GLOBAL variable and should be set with SET GLOBAL SET SESSION slave_parallel_max_queued=65536; @@ -30,17 +30,4 @@ ERROR HY000: Variable 'slave_parallel_max_queued' is a GLOBAL variable and shoul disconnect user1; connection default; DROP USER user1@localhost; -# Test that "SET slave_parallel_max_queued" is allowed with SUPER -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; -connect user1,localhost,user1,,; -connection user1; -SET GLOBAL slave_parallel_max_queued=65536; -SET slave_parallel_max_queued=65536; -ERROR HY000: Variable 'slave_parallel_max_queued' is a GLOBAL variable and should be set with SET GLOBAL -SET SESSION slave_parallel_max_queued=65536; -ERROR HY000: Variable 'slave_parallel_max_queued' is a GLOBAL variable and should be set with SET GLOBAL -disconnect user1; -connection default; -DROP USER user1@localhost; SET @@global.slave_parallel_max_queued=@global; diff --git a/mysql-test/suite/sys_vars/r/slave_parallel_mode_grant.result b/mysql-test/suite/sys_vars/r/slave_parallel_mode_grant.result index 6d5da37da7a..1bb894f918a 100644 --- a/mysql-test/suite/sys_vars/r/slave_parallel_mode_grant.result +++ b/mysql-test/suite/sys_vars/r/slave_parallel_mode_grant.result @@ -2,14 +2,14 @@ # MDEV-21966 Bind REPLICATION SLAVE ADMIN to a number of global system variables # SET @global=@@global.slave_parallel_mode; -# Test that "SET slave_parallel_mode" is not allowed without REPLICATION SLAVE ADMIN or SUPER +# Test that "SET slave_parallel_mode" is not allowed without REPLICATION SLAVE ADMIN CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE REPLICATION SLAVE ADMIN, SUPER ON *.* FROM user1@localhost; +REVOKE REPLICATION SLAVE ADMIN ON *.* FROM user1@localhost; connect user1,localhost,user1,,; connection user1; SET GLOBAL slave_parallel_mode=1; -ERROR 42000: Access denied; you need (at least one of) the SUPER, REPLICATION SLAVE ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the REPLICATION SLAVE ADMIN privilege(s) for this operation SET slave_parallel_mode=1; ERROR HY000: Variable 'slave_parallel_mode' is a GLOBAL variable and should be set with SET GLOBAL SET SESSION slave_parallel_mode=1; @@ -30,17 +30,4 @@ ERROR HY000: Variable 'slave_parallel_mode' is a GLOBAL variable and should be s disconnect user1; connection default; DROP USER user1@localhost; -# Test that "SET slave_parallel_mode" is allowed with SUPER -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; -connect user1,localhost,user1,,; -connection user1; -SET GLOBAL slave_parallel_mode=1; -SET slave_parallel_mode=1; -ERROR HY000: Variable 'slave_parallel_mode' is a GLOBAL variable and should be set with SET GLOBAL -SET SESSION slave_parallel_mode=1; -ERROR HY000: Variable 'slave_parallel_mode' is a GLOBAL variable and should be set with SET GLOBAL -disconnect user1; -connection default; -DROP USER user1@localhost; SET @@global.slave_parallel_mode=@global; diff --git a/mysql-test/suite/sys_vars/r/slave_parallel_threads_grant.result b/mysql-test/suite/sys_vars/r/slave_parallel_threads_grant.result index 147252f78e3..a1dbcfc6ff6 100644 --- a/mysql-test/suite/sys_vars/r/slave_parallel_threads_grant.result +++ b/mysql-test/suite/sys_vars/r/slave_parallel_threads_grant.result @@ -2,14 +2,14 @@ # MDEV-21966 Bind REPLICATION SLAVE ADMIN to a number of global system variables # SET @global=@@global.slave_parallel_threads; -# Test that "SET slave_parallel_threads" is not allowed without REPLICATION SLAVE ADMIN or SUPER +# Test that "SET slave_parallel_threads" is not allowed without REPLICATION SLAVE ADMIN CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE REPLICATION SLAVE ADMIN, SUPER ON *.* FROM user1@localhost; +REVOKE REPLICATION SLAVE ADMIN ON *.* FROM user1@localhost; connect user1,localhost,user1,,; connection user1; SET GLOBAL slave_parallel_threads=256; -ERROR 42000: Access denied; you need (at least one of) the SUPER, REPLICATION SLAVE ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the REPLICATION SLAVE ADMIN privilege(s) for this operation SET slave_parallel_threads=256; ERROR HY000: Variable 'slave_parallel_threads' is a GLOBAL variable and should be set with SET GLOBAL SET SESSION slave_parallel_threads=256; @@ -30,17 +30,4 @@ ERROR HY000: Variable 'slave_parallel_threads' is a GLOBAL variable and should b disconnect user1; connection default; DROP USER user1@localhost; -# Test that "SET slave_parallel_threads" is allowed with SUPER -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; -connect user1,localhost,user1,,; -connection user1; -SET GLOBAL slave_parallel_threads=256; -SET slave_parallel_threads=256; -ERROR HY000: Variable 'slave_parallel_threads' is a GLOBAL variable and should be set with SET GLOBAL -SET SESSION slave_parallel_threads=256; -ERROR HY000: Variable 'slave_parallel_threads' is a GLOBAL variable and should be set with SET GLOBAL -disconnect user1; -connection default; -DROP USER user1@localhost; SET @@global.slave_parallel_threads=@global; diff --git a/mysql-test/suite/sys_vars/r/slave_parallel_workers_grant.result b/mysql-test/suite/sys_vars/r/slave_parallel_workers_grant.result index 1985cc429e5..0de4af52b15 100644 --- a/mysql-test/suite/sys_vars/r/slave_parallel_workers_grant.result +++ b/mysql-test/suite/sys_vars/r/slave_parallel_workers_grant.result @@ -2,14 +2,14 @@ # MDEV-21966 Bind REPLICATION SLAVE ADMIN to a number of global system variables # SET @global=@@global.slave_parallel_workers; -# Test that "SET slave_parallel_workers" is not allowed without REPLICATION SLAVE ADMIN or SUPER +# Test that "SET slave_parallel_workers" is not allowed without REPLICATION SLAVE ADMIN CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE REPLICATION SLAVE ADMIN, SUPER ON *.* FROM user1@localhost; +REVOKE REPLICATION SLAVE ADMIN ON *.* FROM user1@localhost; connect user1,localhost,user1,,; connection user1; SET GLOBAL slave_parallel_workers=256; -ERROR 42000: Access denied; you need (at least one of) the SUPER, REPLICATION SLAVE ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the REPLICATION SLAVE ADMIN privilege(s) for this operation SET slave_parallel_workers=256; ERROR HY000: Variable 'slave_parallel_workers' is a GLOBAL variable and should be set with SET GLOBAL SET SESSION slave_parallel_workers=256; @@ -30,17 +30,4 @@ ERROR HY000: Variable 'slave_parallel_workers' is a GLOBAL variable and should b disconnect user1; connection default; DROP USER user1@localhost; -# Test that "SET slave_parallel_workers" is allowed with SUPER -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; -connect user1,localhost,user1,,; -connection user1; -SET GLOBAL slave_parallel_workers=256; -SET slave_parallel_workers=256; -ERROR HY000: Variable 'slave_parallel_workers' is a GLOBAL variable and should be set with SET GLOBAL -SET SESSION slave_parallel_workers=256; -ERROR HY000: Variable 'slave_parallel_workers' is a GLOBAL variable and should be set with SET GLOBAL -disconnect user1; -connection default; -DROP USER user1@localhost; SET @@global.slave_parallel_workers=@global; diff --git a/mysql-test/suite/sys_vars/r/slave_run_triggers_for_rbr_grant.result b/mysql-test/suite/sys_vars/r/slave_run_triggers_for_rbr_grant.result index fd33c95f768..fea67a8063a 100644 --- a/mysql-test/suite/sys_vars/r/slave_run_triggers_for_rbr_grant.result +++ b/mysql-test/suite/sys_vars/r/slave_run_triggers_for_rbr_grant.result @@ -2,14 +2,14 @@ # MDEV-21966 Bind REPLICATION SLAVE ADMIN to a number of global system variables # SET @global=@@global.slave_run_triggers_for_rbr; -# Test that "SET slave_run_triggers_for_rbr" is not allowed without REPLICATION SLAVE ADMIN or SUPER +# Test that "SET slave_run_triggers_for_rbr" is not allowed without REPLICATION SLAVE ADMIN CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE REPLICATION SLAVE ADMIN, SUPER ON *.* FROM user1@localhost; +REVOKE REPLICATION SLAVE ADMIN ON *.* FROM user1@localhost; connect user1,localhost,user1,,; connection user1; SET GLOBAL slave_run_triggers_for_rbr=YES; -ERROR 42000: Access denied; you need (at least one of) the SUPER, REPLICATION SLAVE ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the REPLICATION SLAVE ADMIN privilege(s) for this operation SET slave_run_triggers_for_rbr=YES; ERROR HY000: Variable 'slave_run_triggers_for_rbr' is a GLOBAL variable and should be set with SET GLOBAL SET SESSION slave_run_triggers_for_rbr=YES; @@ -30,17 +30,4 @@ ERROR HY000: Variable 'slave_run_triggers_for_rbr' is a GLOBAL variable and shou disconnect user1; connection default; DROP USER user1@localhost; -# Test that "SET slave_run_triggers_for_rbr" is allowed with SUPER -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; -connect user1,localhost,user1,,; -connection user1; -SET GLOBAL slave_run_triggers_for_rbr=YES; -SET slave_run_triggers_for_rbr=YES; -ERROR HY000: Variable 'slave_run_triggers_for_rbr' is a GLOBAL variable and should be set with SET GLOBAL -SET SESSION slave_run_triggers_for_rbr=YES; -ERROR HY000: Variable 'slave_run_triggers_for_rbr' is a GLOBAL variable and should be set with SET GLOBAL -disconnect user1; -connection default; -DROP USER user1@localhost; SET @@global.slave_run_triggers_for_rbr=@global; diff --git a/mysql-test/suite/sys_vars/r/slave_sql_verify_checksum_grant.result b/mysql-test/suite/sys_vars/r/slave_sql_verify_checksum_grant.result index 1cc4f3f3ef9..236b3a34793 100644 --- a/mysql-test/suite/sys_vars/r/slave_sql_verify_checksum_grant.result +++ b/mysql-test/suite/sys_vars/r/slave_sql_verify_checksum_grant.result @@ -2,14 +2,14 @@ # MDEV-21966 Bind REPLICATION SLAVE ADMIN to a number of global system variables # SET @global=@@global.slave_sql_verify_checksum; -# Test that "SET slave_sql_verify_checksum" is not allowed without REPLICATION SLAVE ADMIN or SUPER +# Test that "SET slave_sql_verify_checksum" is not allowed without REPLICATION SLAVE ADMIN CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE REPLICATION SLAVE ADMIN, SUPER ON *.* FROM user1@localhost; +REVOKE REPLICATION SLAVE ADMIN ON *.* FROM user1@localhost; connect user1,localhost,user1,,; connection user1; SET GLOBAL slave_sql_verify_checksum=1; -ERROR 42000: Access denied; you need (at least one of) the SUPER, REPLICATION SLAVE ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the REPLICATION SLAVE ADMIN privilege(s) for this operation SET slave_sql_verify_checksum=1; ERROR HY000: Variable 'slave_sql_verify_checksum' is a GLOBAL variable and should be set with SET GLOBAL SET SESSION slave_sql_verify_checksum=1; @@ -30,17 +30,4 @@ ERROR HY000: Variable 'slave_sql_verify_checksum' is a GLOBAL variable and shoul disconnect user1; connection default; DROP USER user1@localhost; -# Test that "SET slave_sql_verify_checksum" is allowed with SUPER -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; -connect user1,localhost,user1,,; -connection user1; -SET GLOBAL slave_sql_verify_checksum=1; -SET slave_sql_verify_checksum=1; -ERROR HY000: Variable 'slave_sql_verify_checksum' is a GLOBAL variable and should be set with SET GLOBAL -SET SESSION slave_sql_verify_checksum=1; -ERROR HY000: Variable 'slave_sql_verify_checksum' is a GLOBAL variable and should be set with SET GLOBAL -disconnect user1; -connection default; -DROP USER user1@localhost; SET @@global.slave_sql_verify_checksum=@global; diff --git a/mysql-test/suite/sys_vars/r/slave_transaction_retry_interval_grant.result b/mysql-test/suite/sys_vars/r/slave_transaction_retry_interval_grant.result index e2e5e3963b5..ac144e62e5c 100644 --- a/mysql-test/suite/sys_vars/r/slave_transaction_retry_interval_grant.result +++ b/mysql-test/suite/sys_vars/r/slave_transaction_retry_interval_grant.result @@ -2,14 +2,14 @@ # MDEV-21966 Bind REPLICATION SLAVE ADMIN to a number of global system variables # SET @global=@@global.slave_transaction_retry_interval; -# Test that "SET slave_transaction_retry_interval" is not allowed without REPLICATION SLAVE ADMIN or SUPER +# Test that "SET slave_transaction_retry_interval" is not allowed without REPLICATION SLAVE ADMIN CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE REPLICATION SLAVE ADMIN, SUPER ON *.* FROM user1@localhost; +REVOKE REPLICATION SLAVE ADMIN ON *.* FROM user1@localhost; connect user1,localhost,user1,,; connection user1; SET GLOBAL slave_transaction_retry_interval=256; -ERROR 42000: Access denied; you need (at least one of) the SUPER, REPLICATION SLAVE ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the REPLICATION SLAVE ADMIN privilege(s) for this operation SET slave_transaction_retry_interval=256; ERROR HY000: Variable 'slave_transaction_retry_interval' is a GLOBAL variable and should be set with SET GLOBAL SET SESSION slave_transaction_retry_interval=256; @@ -30,17 +30,4 @@ ERROR HY000: Variable 'slave_transaction_retry_interval' is a GLOBAL variable an disconnect user1; connection default; DROP USER user1@localhost; -# Test that "SET slave_transaction_retry_interval" is allowed with SUPER -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; -connect user1,localhost,user1,,; -connection user1; -SET GLOBAL slave_transaction_retry_interval=256; -SET slave_transaction_retry_interval=256; -ERROR HY000: Variable 'slave_transaction_retry_interval' is a GLOBAL variable and should be set with SET GLOBAL -SET SESSION slave_transaction_retry_interval=256; -ERROR HY000: Variable 'slave_transaction_retry_interval' is a GLOBAL variable and should be set with SET GLOBAL -disconnect user1; -connection default; -DROP USER user1@localhost; SET @@global.slave_transaction_retry_interval=@global; diff --git a/mysql-test/suite/sys_vars/r/slave_type_conversions_grant.result b/mysql-test/suite/sys_vars/r/slave_type_conversions_grant.result index 01022e73dcb..5057f190fc1 100644 --- a/mysql-test/suite/sys_vars/r/slave_type_conversions_grant.result +++ b/mysql-test/suite/sys_vars/r/slave_type_conversions_grant.result @@ -2,14 +2,14 @@ # MDEV-21966 Bind REPLICATION SLAVE ADMIN to a number of global system variables # SET @global=@@global.slave_type_conversions; -# Test that "SET slave_type_conversions" is not allowed without REPLICATION SLAVE ADMIN or SUPER +# Test that "SET slave_type_conversions" is not allowed without REPLICATION SLAVE ADMIN CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE REPLICATION SLAVE ADMIN, SUPER ON *.* FROM user1@localhost; +REVOKE REPLICATION SLAVE ADMIN ON *.* FROM user1@localhost; connect user1,localhost,user1,,; connection user1; SET GLOBAL slave_type_conversions=ALL_NON_LOSSY; -ERROR 42000: Access denied; you need (at least one of) the SUPER, REPLICATION SLAVE ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the REPLICATION SLAVE ADMIN privilege(s) for this operation SET slave_type_conversions=ALL_NON_LOSSY; ERROR HY000: Variable 'slave_type_conversions' is a GLOBAL variable and should be set with SET GLOBAL SET SESSION slave_type_conversions=ALL_NON_LOSSY; @@ -30,17 +30,4 @@ ERROR HY000: Variable 'slave_type_conversions' is a GLOBAL variable and should b disconnect user1; connection default; DROP USER user1@localhost; -# Test that "SET slave_type_conversions" is allowed with SUPER -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; -connect user1,localhost,user1,,; -connection user1; -SET GLOBAL slave_type_conversions=ALL_NON_LOSSY; -SET slave_type_conversions=ALL_NON_LOSSY; -ERROR HY000: Variable 'slave_type_conversions' is a GLOBAL variable and should be set with SET GLOBAL -SET SESSION slave_type_conversions=ALL_NON_LOSSY; -ERROR HY000: Variable 'slave_type_conversions' is a GLOBAL variable and should be set with SET GLOBAL -disconnect user1; -connection default; -DROP USER user1@localhost; SET @@global.slave_type_conversions=@global; diff --git a/mysql-test/suite/sys_vars/r/slow_launch_time_grant.result b/mysql-test/suite/sys_vars/r/slow_launch_time_grant.result index 45aef07d473..52435ae3686 100644 --- a/mysql-test/suite/sys_vars/r/slow_launch_time_grant.result +++ b/mysql-test/suite/sys_vars/r/slow_launch_time_grant.result @@ -2,14 +2,14 @@ SET @global=@@global.slow_launch_time; # # MDEV-21961 Bind CONNECTION ADMIN to a number of global system variables # -# Test that "SET slow_launch_time" is not allowed without CONNECTION ADMIN or SUPER +# Test that "SET slow_launch_time" is not allowed without CONNECTION ADMIN CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE CONNECTION ADMIN, SUPER ON *.* FROM user1@localhost; +REVOKE CONNECTION ADMIN ON *.* FROM user1@localhost; connect user1,localhost,user1,,; connection user1; SET GLOBAL slow_launch_time=10; -ERROR 42000: Access denied; you need (at least one of) the SUPER, CONNECTION ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the CONNECTION ADMIN privilege(s) for this operation SET slow_launch_time=10; ERROR HY000: Variable 'slow_launch_time' is a GLOBAL variable and should be set with SET GLOBAL SET SESSION slow_launch_time=10; @@ -30,17 +30,4 @@ ERROR HY000: Variable 'slow_launch_time' is a GLOBAL variable and should be set disconnect user1; connection default; DROP USER user1@localhost; -# Test that "SET slow_launch_time" is allowed with SUPER -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; -connect user1,localhost,user1,,; -connection user1; -SET GLOBAL slow_launch_time=10; -SET slow_launch_time=10; -ERROR HY000: Variable 'slow_launch_time' is a GLOBAL variable and should be set with SET GLOBAL -SET SESSION slow_launch_time=10; -ERROR HY000: Variable 'slow_launch_time' is a GLOBAL variable and should be set with SET GLOBAL -disconnect user1; -connection default; -DROP USER user1@localhost; SET @@global.slow_launch_time=@global; diff --git a/mysql-test/suite/sys_vars/r/sql_log_bin_grant.result b/mysql-test/suite/sys_vars/r/sql_log_bin_grant.result index 574c53e1f0a..336b2943f71 100644 --- a/mysql-test/suite/sys_vars/r/sql_log_bin_grant.result +++ b/mysql-test/suite/sys_vars/r/sql_log_bin_grant.result @@ -1,18 +1,18 @@ # # # -# Test that "SET sql_log_bin" is not allowed without BINLOG ADMIN or SUPER +# Test that "SET sql_log_bin" is not allowed without BINLOG ADMIN CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE BINLOG ADMIN, SUPER ON *.* FROM user1@localhost; +REVOKE BINLOG ADMIN ON *.* FROM user1@localhost; connect user1,localhost,user1,,; connection user1; SET sql_log_bin=1; -ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the BINLOG ADMIN privilege(s) for this operation SET GLOBAL sql_log_bin=1; -ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the BINLOG ADMIN privilege(s) for this operation SET SESSION sql_log_bin=1; -ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the BINLOG ADMIN privilege(s) for this operation disconnect user1; connection default; DROP USER user1@localhost; @@ -28,15 +28,3 @@ SET SESSION sql_log_bin=1; disconnect user1; connection default; DROP USER user1@localhost; -# Test that "SET sql_log_bin" is allowed with SUPER -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; -connect user1,localhost,user1,,; -connection user1; -SET sql_log_bin=1; -SET GLOBAL sql_log_bin=1; -ERROR HY000: Variable 'sql_log_bin' is a SESSION variable -SET SESSION sql_log_bin=1; -disconnect user1; -connection default; -DROP USER user1@localhost; diff --git a/mysql-test/suite/sys_vars/r/sync_binlog_grant.result b/mysql-test/suite/sys_vars/r/sync_binlog_grant.result index 1fcdf8b000e..b66ba1fb946 100644 --- a/mysql-test/suite/sys_vars/r/sync_binlog_grant.result +++ b/mysql-test/suite/sys_vars/r/sync_binlog_grant.result @@ -2,14 +2,14 @@ # MDEV-21963 Bind BINLOG ADMIN to a number of global system variables # SET @global=@@global.sync_binlog; -# Test that "SET sync_binlog" is not allowed without BINLOG ADMIN or SUPER +# Test that "SET sync_binlog" is not allowed without BINLOG ADMIN CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE BINLOG ADMIN, SUPER ON *.* FROM user1@localhost; +REVOKE BINLOG ADMIN ON *.* FROM user1@localhost; connect user1,localhost,user1,,; connection user1; SET GLOBAL sync_binlog=10; -ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the BINLOG ADMIN privilege(s) for this operation SET sync_binlog=10; ERROR HY000: Variable 'sync_binlog' is a GLOBAL variable and should be set with SET GLOBAL SET SESSION sync_binlog=10; @@ -30,17 +30,4 @@ ERROR HY000: Variable 'sync_binlog' is a GLOBAL variable and should be set with disconnect user1; connection default; DROP USER user1@localhost; -# Test that "SET sync_binlog" is allowed with SUPER -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; -connect user1,localhost,user1,,; -connection user1; -SET GLOBAL sync_binlog=10; -SET sync_binlog=10; -ERROR HY000: Variable 'sync_binlog' is a GLOBAL variable and should be set with SET GLOBAL -SET SESSION sync_binlog=10; -ERROR HY000: Variable 'sync_binlog' is a GLOBAL variable and should be set with SET GLOBAL -disconnect user1; -connection default; -DROP USER user1@localhost; SET @@global.sync_binlog=@global; diff --git a/mysql-test/suite/sys_vars/r/sync_master_info_grant.result b/mysql-test/suite/sys_vars/r/sync_master_info_grant.result index 40b04ea4480..6a81685d3cb 100644 --- a/mysql-test/suite/sys_vars/r/sync_master_info_grant.result +++ b/mysql-test/suite/sys_vars/r/sync_master_info_grant.result @@ -2,14 +2,14 @@ # MDEV-21969 Bind REPLICATION SLAVE ADMIN to relay_log_*, sync_master_info, sync_relay_log, sync_relay_log_info # SET @global=@@global.sync_master_info; -# Test that "SET sync_master_info" is not allowed without REPLICATION SLAVE ADMIN or SUPER +# Test that "SET sync_master_info" is not allowed without REPLICATION SLAVE ADMIN CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE REPLICATION SLAVE ADMIN, SUPER ON *.* FROM user1@localhost; +REVOKE REPLICATION SLAVE ADMIN ON *.* FROM user1@localhost; connect user1,localhost,user1,,; connection user1; SET GLOBAL sync_master_info=20000; -ERROR 42000: Access denied; you need (at least one of) the SUPER, REPLICATION SLAVE ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the REPLICATION SLAVE ADMIN privilege(s) for this operation SET sync_master_info=20000; ERROR HY000: Variable 'sync_master_info' is a GLOBAL variable and should be set with SET GLOBAL SET SESSION sync_master_info=20000; @@ -30,17 +30,4 @@ ERROR HY000: Variable 'sync_master_info' is a GLOBAL variable and should be set disconnect user1; connection default; DROP USER user1@localhost; -# Test that "SET sync_master_info" is allowed with SUPER -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; -connect user1,localhost,user1,,; -connection user1; -SET GLOBAL sync_master_info=20000; -SET sync_master_info=20000; -ERROR HY000: Variable 'sync_master_info' is a GLOBAL variable and should be set with SET GLOBAL -SET SESSION sync_master_info=20000; -ERROR HY000: Variable 'sync_master_info' is a GLOBAL variable and should be set with SET GLOBAL -disconnect user1; -connection default; -DROP USER user1@localhost; SET @@global.sync_master_info=@global; diff --git a/mysql-test/suite/sys_vars/r/sync_relay_log_grant.result b/mysql-test/suite/sys_vars/r/sync_relay_log_grant.result index f71e8325858..881a7b1fa11 100644 --- a/mysql-test/suite/sys_vars/r/sync_relay_log_grant.result +++ b/mysql-test/suite/sys_vars/r/sync_relay_log_grant.result @@ -2,14 +2,14 @@ # MDEV-21969 Bind REPLICATION SLAVE ADMIN to relay_log_*, sync_master_info, sync_relay_log, sync_relay_log_info # SET @global=@@global.sync_relay_log; -# Test that "SET sync_relay_log" is not allowed without REPLICATION SLAVE ADMIN or SUPER +# Test that "SET sync_relay_log" is not allowed without REPLICATION SLAVE ADMIN CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE REPLICATION SLAVE ADMIN, SUPER ON *.* FROM user1@localhost; +REVOKE REPLICATION SLAVE ADMIN ON *.* FROM user1@localhost; connect user1,localhost,user1,,; connection user1; SET GLOBAL sync_relay_log=20000; -ERROR 42000: Access denied; you need (at least one of) the SUPER, REPLICATION SLAVE ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the REPLICATION SLAVE ADMIN privilege(s) for this operation SET sync_relay_log=20000; ERROR HY000: Variable 'sync_relay_log' is a GLOBAL variable and should be set with SET GLOBAL SET SESSION sync_relay_log=20000; @@ -30,17 +30,4 @@ ERROR HY000: Variable 'sync_relay_log' is a GLOBAL variable and should be set wi disconnect user1; connection default; DROP USER user1@localhost; -# Test that "SET sync_relay_log" is allowed with SUPER -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; -connect user1,localhost,user1,,; -connection user1; -SET GLOBAL sync_relay_log=20000; -SET sync_relay_log=20000; -ERROR HY000: Variable 'sync_relay_log' is a GLOBAL variable and should be set with SET GLOBAL -SET SESSION sync_relay_log=20000; -ERROR HY000: Variable 'sync_relay_log' is a GLOBAL variable and should be set with SET GLOBAL -disconnect user1; -connection default; -DROP USER user1@localhost; SET @@global.sync_relay_log=@global; diff --git a/mysql-test/suite/sys_vars/r/sync_relay_log_info_grant.result b/mysql-test/suite/sys_vars/r/sync_relay_log_info_grant.result index 25727aac07c..18eae3fa932 100644 --- a/mysql-test/suite/sys_vars/r/sync_relay_log_info_grant.result +++ b/mysql-test/suite/sys_vars/r/sync_relay_log_info_grant.result @@ -2,14 +2,14 @@ # MDEV-21969 Bind REPLICATION SLAVE ADMIN to relay_log_*, sync_master_info, sync_relay_log, sync_relay_log_info # SET @global=@@global.sync_relay_log_info; -# Test that "SET sync_relay_log_info" is not allowed without REPLICATION SLAVE ADMIN or SUPER +# Test that "SET sync_relay_log_info" is not allowed without REPLICATION SLAVE ADMIN CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE REPLICATION SLAVE ADMIN, SUPER ON *.* FROM user1@localhost; +REVOKE REPLICATION SLAVE ADMIN ON *.* FROM user1@localhost; connect user1,localhost,user1,,; connection user1; SET GLOBAL sync_relay_log_info=20000; -ERROR 42000: Access denied; you need (at least one of) the SUPER, REPLICATION SLAVE ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the REPLICATION SLAVE ADMIN privilege(s) for this operation SET sync_relay_log_info=20000; ERROR HY000: Variable 'sync_relay_log_info' is a GLOBAL variable and should be set with SET GLOBAL SET SESSION sync_relay_log_info=20000; @@ -30,17 +30,4 @@ ERROR HY000: Variable 'sync_relay_log_info' is a GLOBAL variable and should be s disconnect user1; connection default; DROP USER user1@localhost; -# Test that "SET sync_relay_log_info" is allowed with SUPER -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; -connect user1,localhost,user1,,; -connection user1; -SET GLOBAL sync_relay_log_info=20000; -SET sync_relay_log_info=20000; -ERROR HY000: Variable 'sync_relay_log_info' is a GLOBAL variable and should be set with SET GLOBAL -SET SESSION sync_relay_log_info=20000; -ERROR HY000: Variable 'sync_relay_log_info' is a GLOBAL variable and should be set with SET GLOBAL -disconnect user1; -connection default; -DROP USER user1@localhost; SET @@global.sync_relay_log_info=@global; diff --git a/mysql-test/suite/sys_vars/r/thread_pool_idle_timeout_grant.result b/mysql-test/suite/sys_vars/r/thread_pool_idle_timeout_grant.result index f9e14eaff0e..a9f3021d6ed 100644 --- a/mysql-test/suite/sys_vars/r/thread_pool_idle_timeout_grant.result +++ b/mysql-test/suite/sys_vars/r/thread_pool_idle_timeout_grant.result @@ -2,14 +2,14 @@ SET @global=@@global.thread_pool_idle_timeout; # # MDEV-21961 Bind CONNECTION ADMIN to a number of global system variables # -# Test that "SET thread_pool_idle_timeout" is not allowed without CONNECTION ADMIN or SUPER +# Test that "SET thread_pool_idle_timeout" is not allowed without CONNECTION ADMIN CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE CONNECTION ADMIN, SUPER ON *.* FROM user1@localhost; +REVOKE CONNECTION ADMIN ON *.* FROM user1@localhost; connect user1,localhost,user1,,; connection user1; SET GLOBAL thread_pool_idle_timeout=10; -ERROR 42000: Access denied; you need (at least one of) the SUPER, CONNECTION ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the CONNECTION ADMIN privilege(s) for this operation SET thread_pool_idle_timeout=10; ERROR HY000: Variable 'thread_pool_idle_timeout' is a GLOBAL variable and should be set with SET GLOBAL SET SESSION thread_pool_idle_timeout=10; @@ -30,17 +30,4 @@ ERROR HY000: Variable 'thread_pool_idle_timeout' is a GLOBAL variable and should disconnect user1; connection default; DROP USER user1@localhost; -# Test that "SET thread_pool_idle_timeout" is allowed with SUPER -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; -connect user1,localhost,user1,,; -connection user1; -SET GLOBAL thread_pool_idle_timeout=10; -SET thread_pool_idle_timeout=10; -ERROR HY000: Variable 'thread_pool_idle_timeout' is a GLOBAL variable and should be set with SET GLOBAL -SET SESSION thread_pool_idle_timeout=10; -ERROR HY000: Variable 'thread_pool_idle_timeout' is a GLOBAL variable and should be set with SET GLOBAL -disconnect user1; -connection default; -DROP USER user1@localhost; SET @@global.thread_pool_idle_timeout=@global; diff --git a/mysql-test/suite/sys_vars/r/thread_pool_max_threads_grant.result b/mysql-test/suite/sys_vars/r/thread_pool_max_threads_grant.result index 17511766787..40ea57a75c2 100644 --- a/mysql-test/suite/sys_vars/r/thread_pool_max_threads_grant.result +++ b/mysql-test/suite/sys_vars/r/thread_pool_max_threads_grant.result @@ -2,14 +2,14 @@ SET @global=@@global.thread_pool_max_threads; # # MDEV-21961 Bind CONNECTION ADMIN to a number of global system variables # -# Test that "SET thread_pool_max_threads" is not allowed without CONNECTION ADMIN or SUPER +# Test that "SET thread_pool_max_threads" is not allowed without CONNECTION ADMIN CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE CONNECTION ADMIN, SUPER ON *.* FROM user1@localhost; +REVOKE CONNECTION ADMIN ON *.* FROM user1@localhost; connect user1,localhost,user1,,; connection user1; SET GLOBAL thread_pool_max_threads=10; -ERROR 42000: Access denied; you need (at least one of) the SUPER, CONNECTION ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the CONNECTION ADMIN privilege(s) for this operation SET thread_pool_max_threads=10; ERROR HY000: Variable 'thread_pool_max_threads' is a GLOBAL variable and should be set with SET GLOBAL SET SESSION thread_pool_max_threads=10; @@ -30,17 +30,4 @@ ERROR HY000: Variable 'thread_pool_max_threads' is a GLOBAL variable and should disconnect user1; connection default; DROP USER user1@localhost; -# Test that "SET thread_pool_max_threads" is allowed with SUPER -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; -connect user1,localhost,user1,,; -connection user1; -SET GLOBAL thread_pool_max_threads=10; -SET thread_pool_max_threads=10; -ERROR HY000: Variable 'thread_pool_max_threads' is a GLOBAL variable and should be set with SET GLOBAL -SET SESSION thread_pool_max_threads=10; -ERROR HY000: Variable 'thread_pool_max_threads' is a GLOBAL variable and should be set with SET GLOBAL -disconnect user1; -connection default; -DROP USER user1@localhost; SET @@global.thread_pool_max_threads=@global; diff --git a/mysql-test/suite/sys_vars/r/thread_pool_oversubscribe_grant.result b/mysql-test/suite/sys_vars/r/thread_pool_oversubscribe_grant.result index 965be157f02..ddb5cc01126 100644 --- a/mysql-test/suite/sys_vars/r/thread_pool_oversubscribe_grant.result +++ b/mysql-test/suite/sys_vars/r/thread_pool_oversubscribe_grant.result @@ -2,14 +2,14 @@ SET @global=@@global.thread_pool_oversubscribe; # # MDEV-21961 Bind CONNECTION ADMIN to a number of global system variables # -# Test that "SET thread_pool_oversubscribe" is not allowed without CONNECTION ADMIN or SUPER +# Test that "SET thread_pool_oversubscribe" is not allowed without CONNECTION ADMIN CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE CONNECTION ADMIN, SUPER ON *.* FROM user1@localhost; +REVOKE CONNECTION ADMIN ON *.* FROM user1@localhost; connect user1,localhost,user1,,; connection user1; SET GLOBAL thread_pool_oversubscribe=10; -ERROR 42000: Access denied; you need (at least one of) the SUPER, CONNECTION ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the CONNECTION ADMIN privilege(s) for this operation SET thread_pool_oversubscribe=10; ERROR HY000: Variable 'thread_pool_oversubscribe' is a GLOBAL variable and should be set with SET GLOBAL SET SESSION thread_pool_oversubscribe=10; @@ -30,17 +30,4 @@ ERROR HY000: Variable 'thread_pool_oversubscribe' is a GLOBAL variable and shoul disconnect user1; connection default; DROP USER user1@localhost; -# Test that "SET thread_pool_oversubscribe" is allowed with SUPER -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; -connect user1,localhost,user1,,; -connection user1; -SET GLOBAL thread_pool_oversubscribe=10; -SET thread_pool_oversubscribe=10; -ERROR HY000: Variable 'thread_pool_oversubscribe' is a GLOBAL variable and should be set with SET GLOBAL -SET SESSION thread_pool_oversubscribe=10; -ERROR HY000: Variable 'thread_pool_oversubscribe' is a GLOBAL variable and should be set with SET GLOBAL -disconnect user1; -connection default; -DROP USER user1@localhost; SET @@global.thread_pool_oversubscribe=@global; diff --git a/mysql-test/suite/sys_vars/r/thread_pool_stall_limit_grant.result b/mysql-test/suite/sys_vars/r/thread_pool_stall_limit_grant.result index 08462dc4733..335f60ea888 100644 --- a/mysql-test/suite/sys_vars/r/thread_pool_stall_limit_grant.result +++ b/mysql-test/suite/sys_vars/r/thread_pool_stall_limit_grant.result @@ -2,14 +2,14 @@ SET @global=@@global.thread_pool_stall_limit; # # MDEV-21961 Bind CONNECTION ADMIN to a number of global system variables # -# Test that "SET thread_pool_stall_limit" is not allowed without CONNECTION ADMIN or SUPER +# Test that "SET thread_pool_stall_limit" is not allowed without CONNECTION ADMIN CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE CONNECTION ADMIN, SUPER ON *.* FROM user1@localhost; +REVOKE CONNECTION ADMIN ON *.* FROM user1@localhost; connect user1,localhost,user1,,; connection user1; SET GLOBAL thread_pool_stall_limit=400; -ERROR 42000: Access denied; you need (at least one of) the SUPER, CONNECTION ADMIN privilege(s) for this operation +ERROR 42000: Access denied; you need (at least one of) the CONNECTION ADMIN privilege(s) for this operation SET thread_pool_stall_limit=400; ERROR HY000: Variable 'thread_pool_stall_limit' is a GLOBAL variable and should be set with SET GLOBAL SET SESSION thread_pool_stall_limit=400; @@ -30,17 +30,4 @@ ERROR HY000: Variable 'thread_pool_stall_limit' is a GLOBAL variable and should disconnect user1; connection default; DROP USER user1@localhost; -# Test that "SET thread_pool_stall_limit" is allowed with SUPER -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; -connect user1,localhost,user1,,; -connection user1; -SET GLOBAL thread_pool_stall_limit=400; -SET thread_pool_stall_limit=400; -ERROR HY000: Variable 'thread_pool_stall_limit' is a GLOBAL variable and should be set with SET GLOBAL -SET SESSION thread_pool_stall_limit=400; -ERROR HY000: Variable 'thread_pool_stall_limit' is a GLOBAL variable and should be set with SET GLOBAL -disconnect user1; -connection default; -DROP USER user1@localhost; SET @@global.thread_pool_stall_limit=@global; diff --git a/mysql-test/suite/sys_vars/t/binlog_direct_non_transactional_updates_grant.test b/mysql-test/suite/sys_vars/t/binlog_direct_non_transactional_updates_grant.test index 7de1a119308..98970a4314b 100644 --- a/mysql-test/suite/sys_vars/t/binlog_direct_non_transactional_updates_grant.test +++ b/mysql-test/suite/sys_vars/t/binlog_direct_non_transactional_updates_grant.test @@ -3,16 +3,15 @@ source include/have_log_bin.inc; SET @global= @@global.binlog_direct_non_transactional_updates; SET @session= @@global.binlog_direct_non_transactional_updates; - --echo # --echo # --echo # ---echo # Test that "SET binlog_direct_non_transactional_updates" is not allowed without BINLOG ADMIN or SUPER +--echo # Test that "SET binlog_direct_non_transactional_updates" is not allowed without BINLOG ADMIN CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE BINLOG ADMIN, SUPER ON *.* FROM user1@localhost; +REVOKE BINLOG ADMIN ON *.* FROM user1@localhost; --connect(user1,localhost,user1,,) --connection user1 --error ER_SPECIFIC_ACCESS_DENIED_ERROR @@ -38,19 +37,5 @@ SET SESSION binlog_direct_non_transactional_updates=0; --connection default DROP USER user1@localhost; ---echo # Test that "SET binlog_direct_non_transactional_updates" is allowed with SUPER - -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; ---connect(user1,localhost,user1,,) ---connection user1 -SET binlog_direct_non_transactional_updates=0; -SET GLOBAL binlog_direct_non_transactional_updates=0; -SET SESSION binlog_direct_non_transactional_updates=0; ---disconnect user1 ---connection default -DROP USER user1@localhost; - - SET GLOBAL binlog_direct_non_transactional_updates=@global; SET SESSION binlog_direct_non_transactional_updates=@session; diff --git a/mysql-test/suite/sys_vars/t/binlog_format_grant.test b/mysql-test/suite/sys_vars/t/binlog_format_grant.test index 6f89c75a79e..6f834db4d51 100644 --- a/mysql-test/suite/sys_vars/t/binlog_format_grant.test +++ b/mysql-test/suite/sys_vars/t/binlog_format_grant.test @@ -1,15 +1,14 @@ source include/have_log_bin.inc; - --echo # --echo # --echo # ---echo # Test that "SET binlog_format" is not allowed without BINLOG ADMIN or SUPER +--echo # Test that "SET binlog_format" is not allowed without BINLOG ADMIN CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE BINLOG ADMIN, SUPER ON *.* FROM user1@localhost; +REVOKE BINLOG ADMIN ON *.* FROM user1@localhost; --connect(user1,localhost,user1,,) --connection user1 --error ER_SPECIFIC_ACCESS_DENIED_ERROR @@ -34,16 +33,3 @@ SET SESSION binlog_format=mixed; --disconnect user1 --connection default DROP USER user1@localhost; - ---echo # Test that "SET binlog_format" is allowed with SUPER - -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; ---connect(user1,localhost,user1,,) ---connection user1 -SET binlog_format=mixed; -SET GLOBAL binlog_format=mixed; -SET SESSION binlog_format=mixed; ---disconnect user1 ---connection default -DROP USER user1@localhost; diff --git a/mysql-test/suite/sys_vars/t/connect_timeout_grant.test b/mysql-test/suite/sys_vars/t/connect_timeout_grant.test index 61a7a3eb530..fa90b79eb1c 100644 --- a/mysql-test/suite/sys_vars/t/connect_timeout_grant.test +++ b/mysql-test/suite/sys_vars/t/connect_timeout_grant.test @@ -6,11 +6,11 @@ SET @global=@@global.connect_timeout; --echo # MDEV-21961 Bind CONNECTION ADMIN to a number of global system variables --echo # ---echo # Test that "SET connect_timeout" is not allowed without CONNECTION ADMIN or SUPER +--echo # Test that "SET connect_timeout" is not allowed without CONNECTION ADMIN CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE CONNECTION ADMIN, SUPER ON *.* FROM user1@localhost; +REVOKE CONNECTION ADMIN ON *.* FROM user1@localhost; --connect(user1,localhost,user1,,) --connection user1 --error ER_SPECIFIC_ACCESS_DENIED_ERROR @@ -38,19 +38,4 @@ SET SESSION connect_timeout=10; --connection default DROP USER user1@localhost; ---echo # Test that "SET connect_timeout" is allowed with SUPER - -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; ---connect(user1,localhost,user1,,) ---connection user1 -SET GLOBAL connect_timeout=10; ---error ER_GLOBAL_VARIABLE -SET connect_timeout=10; ---error ER_GLOBAL_VARIABLE -SET SESSION connect_timeout=10; ---disconnect user1 ---connection default -DROP USER user1@localhost; - SET @@global.connect_timeout=@global; diff --git a/mysql-test/suite/sys_vars/t/disconnect_on_expired_password_grant.test b/mysql-test/suite/sys_vars/t/disconnect_on_expired_password_grant.test index 0d317d298f4..e901d944e84 100644 --- a/mysql-test/suite/sys_vars/t/disconnect_on_expired_password_grant.test +++ b/mysql-test/suite/sys_vars/t/disconnect_on_expired_password_grant.test @@ -6,11 +6,11 @@ SET @global=@@global.disconnect_on_expired_password; --echo # MDEV-21961 Bind CONNECTION ADMIN to a number of global system variables --echo # ---echo # Test that "SET disconnect_on_expired_password" is not allowed without CONNECTION ADMIN or SUPER +--echo # Test that "SET disconnect_on_expired_password" is not allowed without CONNECTION ADMIN CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE CONNECTION ADMIN, SUPER ON *.* FROM user1@localhost; +REVOKE CONNECTION ADMIN ON *.* FROM user1@localhost; --connect(user1,localhost,user1,,) --connection user1 --error ER_SPECIFIC_ACCESS_DENIED_ERROR @@ -38,19 +38,4 @@ SET SESSION disconnect_on_expired_password=1; --connection default DROP USER user1@localhost; ---echo # Test that "SET disconnect_on_expired_password" is allowed with SUPER - -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; ---connect(user1,localhost,user1,,) ---connection user1 -SET GLOBAL disconnect_on_expired_password=1; ---error ER_GLOBAL_VARIABLE -SET disconnect_on_expired_password=1; ---error ER_GLOBAL_VARIABLE -SET SESSION disconnect_on_expired_password=1; ---disconnect user1 ---connection default -DROP USER user1@localhost; - SET @@global.disconnect_on_expired_password=@global; diff --git a/mysql-test/suite/sys_vars/t/extra_max_connections_grant.test b/mysql-test/suite/sys_vars/t/extra_max_connections_grant.test index 058364ec0a8..de35fa2cbc4 100644 --- a/mysql-test/suite/sys_vars/t/extra_max_connections_grant.test +++ b/mysql-test/suite/sys_vars/t/extra_max_connections_grant.test @@ -6,11 +6,11 @@ SET @global=@@global.extra_max_connections; --echo # MDEV-21961 Bind CONNECTION ADMIN to a number of global system variables --echo # ---echo # Test that "SET extra_max_connections" is not allowed without CONNECTION ADMIN or SUPER +--echo # Test that "SET extra_max_connections" is not allowed without CONNECTION ADMIN CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE CONNECTION ADMIN, SUPER ON *.* FROM user1@localhost; +REVOKE CONNECTION ADMIN ON *.* FROM user1@localhost; --connect(user1,localhost,user1,,) --connection user1 --error ER_SPECIFIC_ACCESS_DENIED_ERROR @@ -38,19 +38,4 @@ SET SESSION extra_max_connections=10; --connection default DROP USER user1@localhost; ---echo # Test that "SET extra_max_connections" is allowed with SUPER - -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; ---connect(user1,localhost,user1,,) ---connection user1 -SET GLOBAL extra_max_connections=10; ---error ER_GLOBAL_VARIABLE -SET extra_max_connections=10; ---error ER_GLOBAL_VARIABLE -SET SESSION extra_max_connections=10; ---disconnect user1 ---connection default -DROP USER user1@localhost; - SET @@global.extra_max_connections=@global; diff --git a/mysql-test/suite/sys_vars/t/gtid_binlog_state_grant.test b/mysql-test/suite/sys_vars/t/gtid_binlog_state_grant.test index b1cfa320c0f..b08a439c7dc 100644 --- a/mysql-test/suite/sys_vars/t/gtid_binlog_state_grant.test +++ b/mysql-test/suite/sys_vars/t/gtid_binlog_state_grant.test @@ -1,6 +1,5 @@ --source include/not_embedded.inc - --echo # --echo # MDEV-21973 Bind REPLICATION {MASTER|SLAVE} ADMIN to gtid_* GLOBAL-only system variables --echo # @@ -11,17 +10,15 @@ # or "Binlog closed, cannot RESET MASTER" on success. # - --let var = gtid_binlog_state --let grant = REPLICATION MASTER ADMIN --let value = '0-1-10' - ---echo # Test that "SET $var" is not allowed without $grant or SUPER +--echo # Test that "SET $var" is not allowed without $grant CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; ---eval REVOKE $grant, SUPER ON *.* FROM user1@localhost +--eval REVOKE $grant ON *.* FROM user1@localhost --connect(user1,localhost,user1,,) --connection user1 --error ER_SPECIFIC_ACCESS_DENIED_ERROR @@ -49,19 +46,3 @@ CREATE USER user1@localhost; --disconnect user1 --connection default DROP USER user1@localhost; - ---echo # Test that "SET $var" is allowed with SUPER - -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; ---connect(user1,localhost,user1,,) ---connection user1 ---error ER_FLUSH_MASTER_BINLOG_CLOSED ---eval SET GLOBAL $var=$value ---error ER_GLOBAL_VARIABLE ---eval SET $var=$value ---error ER_GLOBAL_VARIABLE ---eval SET SESSION $var=$value ---disconnect user1 ---connection default -DROP USER user1@localhost; diff --git a/mysql-test/suite/sys_vars/t/init_connect_grant.test b/mysql-test/suite/sys_vars/t/init_connect_grant.test index 685f0900833..8f211459485 100644 --- a/mysql-test/suite/sys_vars/t/init_connect_grant.test +++ b/mysql-test/suite/sys_vars/t/init_connect_grant.test @@ -6,11 +6,11 @@ SET @global=@@global.init_connect; --echo # MDEV-21961 Bind CONNECTION ADMIN to a number of global system variables --echo # ---echo # Test that "SET init_connect" is not allowed without CONNECTION ADMIN or SUPER +--echo # Test that "SET init_connect" is not allowed without CONNECTION ADMIN CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE CONNECTION ADMIN, SUPER ON *.* FROM user1@localhost; +REVOKE CONNECTION ADMIN ON *.* FROM user1@localhost; --connect(user1,localhost,user1,,) --connection user1 --error ER_SPECIFIC_ACCESS_DENIED_ERROR @@ -38,19 +38,4 @@ SET SESSION init_connect="SET @xxx=1"; --connection default DROP USER user1@localhost; ---echo # Test that "SET init_connect" is allowed with SUPER - -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; ---connect(user1,localhost,user1,,) ---connection user1 -SET GLOBAL init_connect="SET @xxx=1"; ---error ER_GLOBAL_VARIABLE -SET init_connect="SET @xxx=1"; ---error ER_GLOBAL_VARIABLE -SET SESSION init_connect="SET @xxx=1"; ---disconnect user1 ---connection default -DROP USER user1@localhost; - SET @@global.init_connect=@global; diff --git a/mysql-test/suite/sys_vars/t/max_connect_errors_grant.test b/mysql-test/suite/sys_vars/t/max_connect_errors_grant.test index d349d93818d..589be6567fc 100644 --- a/mysql-test/suite/sys_vars/t/max_connect_errors_grant.test +++ b/mysql-test/suite/sys_vars/t/max_connect_errors_grant.test @@ -6,11 +6,11 @@ SET @global=@@global.max_connect_errors; --echo # MDEV-21961 Bind CONNECTION ADMIN to a number of global system variables --echo # ---echo # Test that "SET max_connect_errors" is not allowed without CONNECTION ADMIN or SUPER +--echo # Test that "SET max_connect_errors" is not allowed without CONNECTION ADMIN CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE CONNECTION ADMIN, SUPER ON *.* FROM user1@localhost; +REVOKE CONNECTION ADMIN ON *.* FROM user1@localhost; --connect(user1,localhost,user1,,) --connection user1 --error ER_SPECIFIC_ACCESS_DENIED_ERROR @@ -38,19 +38,4 @@ SET SESSION max_connect_errors=10; --connection default DROP USER user1@localhost; ---echo # Test that "SET max_connect_errors" is allowed with SUPER - -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; ---connect(user1,localhost,user1,,) ---connection user1 -SET GLOBAL max_connect_errors=10; ---error ER_GLOBAL_VARIABLE -SET max_connect_errors=10; ---error ER_GLOBAL_VARIABLE -SET SESSION max_connect_errors=10; ---disconnect user1 ---connection default -DROP USER user1@localhost; - SET @@global.max_connect_errors=@global; diff --git a/mysql-test/suite/sys_vars/t/max_connections_grant.test b/mysql-test/suite/sys_vars/t/max_connections_grant.test index d51bd08ed9d..1364e526ad8 100644 --- a/mysql-test/suite/sys_vars/t/max_connections_grant.test +++ b/mysql-test/suite/sys_vars/t/max_connections_grant.test @@ -6,11 +6,11 @@ SET @global=@@global.max_connections; --echo # MDEV-21961 Bind CONNECTION ADMIN to a number of global system variables --echo # ---echo # Test that "SET max_connections" is not allowed without CONNECTION ADMIN or SUPER +--echo # Test that "SET max_connections" is not allowed without CONNECTION ADMIN CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE CONNECTION ADMIN, SUPER ON *.* FROM user1@localhost; +REVOKE CONNECTION ADMIN ON *.* FROM user1@localhost; --connect(user1,localhost,user1,,) --connection user1 --error ER_SPECIFIC_ACCESS_DENIED_ERROR @@ -38,19 +38,4 @@ SET SESSION max_connections=10; --connection default DROP USER user1@localhost; ---echo # Test that "SET max_connections" is allowed with SUPER - -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; ---connect(user1,localhost,user1,,) ---connection user1 -SET GLOBAL max_connections=10; ---error ER_GLOBAL_VARIABLE -SET max_connections=10; ---error ER_GLOBAL_VARIABLE -SET SESSION max_connections=10; ---disconnect user1 ---connection default -DROP USER user1@localhost; - SET @@global.max_connections=@global; diff --git a/mysql-test/suite/sys_vars/t/max_password_errors_grant.test b/mysql-test/suite/sys_vars/t/max_password_errors_grant.test index f11c1fb8226..c8b9e998898 100644 --- a/mysql-test/suite/sys_vars/t/max_password_errors_grant.test +++ b/mysql-test/suite/sys_vars/t/max_password_errors_grant.test @@ -6,11 +6,11 @@ SET @global=@@global.max_password_errors; --echo # MDEV-21961 Bind CONNECTION ADMIN to a number of global system variables --echo # ---echo # Test that "SET max_password_errors" is not allowed without CONNECTION ADMIN or SUPER +--echo # Test that "SET max_password_errors" is not allowed without CONNECTION ADMIN CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE CONNECTION ADMIN, SUPER ON *.* FROM user1@localhost; +REVOKE CONNECTION ADMIN ON *.* FROM user1@localhost; --connect(user1,localhost,user1,,) --connection user1 --error ER_SPECIFIC_ACCESS_DENIED_ERROR @@ -38,19 +38,4 @@ SET SESSION max_password_errors=10; --connection default DROP USER user1@localhost; ---echo # Test that "SET max_password_errors" is allowed with SUPER - -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; ---connect(user1,localhost,user1,,) ---connection user1 -SET GLOBAL max_password_errors=10; ---error ER_GLOBAL_VARIABLE -SET max_password_errors=10; ---error ER_GLOBAL_VARIABLE -SET SESSION max_password_errors=10; ---disconnect user1 ---connection default -DROP USER user1@localhost; - SET @@global.max_password_errors=@global; diff --git a/mysql-test/suite/sys_vars/t/proxy_protocol_networks_grant.test b/mysql-test/suite/sys_vars/t/proxy_protocol_networks_grant.test index f2dd8158424..85538755768 100644 --- a/mysql-test/suite/sys_vars/t/proxy_protocol_networks_grant.test +++ b/mysql-test/suite/sys_vars/t/proxy_protocol_networks_grant.test @@ -6,11 +6,11 @@ SET @global=@@global.proxy_protocol_networks; --echo # MDEV-21961 Bind CONNECTION ADMIN to a number of global system variables --echo # ---echo # Test that "SET proxy_protocol_networks" is not allowed without CONNECTION ADMIN or SUPER +--echo # Test that "SET proxy_protocol_networks" is not allowed without CONNECTION ADMIN CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE CONNECTION ADMIN, SUPER ON *.* FROM user1@localhost; +REVOKE CONNECTION ADMIN ON *.* FROM user1@localhost; --connect(user1,localhost,user1,,) --connection user1 --error ER_SPECIFIC_ACCESS_DENIED_ERROR @@ -38,19 +38,4 @@ SET SESSION proxy_protocol_networks=""; --connection default DROP USER user1@localhost; ---echo # Test that "SET proxy_protocol_networks" is allowed with SUPER - -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; ---connect(user1,localhost,user1,,) ---connection user1 -SET GLOBAL proxy_protocol_networks=""; ---error ER_GLOBAL_VARIABLE -SET proxy_protocol_networks=""; ---error ER_GLOBAL_VARIABLE -SET SESSION proxy_protocol_networks=""; ---disconnect user1 ---connection default -DROP USER user1@localhost; - SET @@global.proxy_protocol_networks=@global; diff --git a/mysql-test/suite/sys_vars/t/secure_auth_grant.test b/mysql-test/suite/sys_vars/t/secure_auth_grant.test index f597ec790cb..3cec03a2eb1 100644 --- a/mysql-test/suite/sys_vars/t/secure_auth_grant.test +++ b/mysql-test/suite/sys_vars/t/secure_auth_grant.test @@ -6,11 +6,11 @@ SET @global=@@global.secure_auth; --echo # MDEV-21961 Bind CONNECTION ADMIN to a number of global system variables --echo # ---echo # Test that "SET secure_auth" is not allowed without CONNECTION ADMIN or SUPER +--echo # Test that "SET secure_auth" is not allowed without CONNECTION ADMIN CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE CONNECTION ADMIN, SUPER ON *.* FROM user1@localhost; +REVOKE CONNECTION ADMIN ON *.* FROM user1@localhost; --connect(user1,localhost,user1,,) --connection user1 --error ER_SPECIFIC_ACCESS_DENIED_ERROR @@ -38,19 +38,4 @@ SET SESSION secure_auth=1; --connection default DROP USER user1@localhost; ---echo # Test that "SET secure_auth" is allowed with SUPER - -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; ---connect(user1,localhost,user1,,) ---connection user1 -SET GLOBAL secure_auth=1; ---error ER_GLOBAL_VARIABLE -SET secure_auth=1; ---error ER_GLOBAL_VARIABLE -SET SESSION secure_auth=1; ---disconnect user1 ---connection default -DROP USER user1@localhost; - SET @@global.secure_auth=@global; diff --git a/mysql-test/suite/sys_vars/t/slow_launch_time_grant.test b/mysql-test/suite/sys_vars/t/slow_launch_time_grant.test index 1a81930593e..de0ded83a40 100644 --- a/mysql-test/suite/sys_vars/t/slow_launch_time_grant.test +++ b/mysql-test/suite/sys_vars/t/slow_launch_time_grant.test @@ -6,11 +6,11 @@ SET @global=@@global.slow_launch_time; --echo # MDEV-21961 Bind CONNECTION ADMIN to a number of global system variables --echo # ---echo # Test that "SET slow_launch_time" is not allowed without CONNECTION ADMIN or SUPER +--echo # Test that "SET slow_launch_time" is not allowed without CONNECTION ADMIN CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE CONNECTION ADMIN, SUPER ON *.* FROM user1@localhost; +REVOKE CONNECTION ADMIN ON *.* FROM user1@localhost; --connect(user1,localhost,user1,,) --connection user1 --error ER_SPECIFIC_ACCESS_DENIED_ERROR @@ -38,19 +38,4 @@ SET SESSION slow_launch_time=10; --connection default DROP USER user1@localhost; ---echo # Test that "SET slow_launch_time" is allowed with SUPER - -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; ---connect(user1,localhost,user1,,) ---connection user1 -SET GLOBAL slow_launch_time=10; ---error ER_GLOBAL_VARIABLE -SET slow_launch_time=10; ---error ER_GLOBAL_VARIABLE -SET SESSION slow_launch_time=10; ---disconnect user1 ---connection default -DROP USER user1@localhost; - SET @@global.slow_launch_time=@global; diff --git a/mysql-test/suite/sys_vars/t/sql_log_bin_grant.test b/mysql-test/suite/sys_vars/t/sql_log_bin_grant.test index d7ffc2b613b..fa0baefac38 100644 --- a/mysql-test/suite/sys_vars/t/sql_log_bin_grant.test +++ b/mysql-test/suite/sys_vars/t/sql_log_bin_grant.test @@ -1,15 +1,14 @@ source include/have_log_bin.inc; - --echo # --echo # --echo # ---echo # Test that "SET sql_log_bin" is not allowed without BINLOG ADMIN or SUPER +--echo # Test that "SET sql_log_bin" is not allowed without BINLOG ADMIN CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE BINLOG ADMIN, SUPER ON *.* FROM user1@localhost; +REVOKE BINLOG ADMIN ON *.* FROM user1@localhost; --connect(user1,localhost,user1,,) --connection user1 --error ER_SPECIFIC_ACCESS_DENIED_ERROR @@ -35,17 +34,3 @@ SET SESSION sql_log_bin=1; --disconnect user1 --connection default DROP USER user1@localhost; - ---echo # Test that "SET sql_log_bin" is allowed with SUPER - -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; ---connect(user1,localhost,user1,,) ---connection user1 -SET sql_log_bin=1; ---error ER_INCORRECT_GLOBAL_LOCAL_VAR -SET GLOBAL sql_log_bin=1; -SET SESSION sql_log_bin=1; ---disconnect user1 ---connection default -DROP USER user1@localhost; diff --git a/mysql-test/suite/sys_vars/t/thread_pool_idle_timeout_grant.test b/mysql-test/suite/sys_vars/t/thread_pool_idle_timeout_grant.test index 8f5f2491e12..33b97ac6304 100644 --- a/mysql-test/suite/sys_vars/t/thread_pool_idle_timeout_grant.test +++ b/mysql-test/suite/sys_vars/t/thread_pool_idle_timeout_grant.test @@ -8,11 +8,11 @@ SET @global=@@global.thread_pool_idle_timeout; --echo # MDEV-21961 Bind CONNECTION ADMIN to a number of global system variables --echo # ---echo # Test that "SET thread_pool_idle_timeout" is not allowed without CONNECTION ADMIN or SUPER +--echo # Test that "SET thread_pool_idle_timeout" is not allowed without CONNECTION ADMIN CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE CONNECTION ADMIN, SUPER ON *.* FROM user1@localhost; +REVOKE CONNECTION ADMIN ON *.* FROM user1@localhost; --connect(user1,localhost,user1,,) --connection user1 --error ER_SPECIFIC_ACCESS_DENIED_ERROR @@ -40,19 +40,4 @@ SET SESSION thread_pool_idle_timeout=10; --connection default DROP USER user1@localhost; ---echo # Test that "SET thread_pool_idle_timeout" is allowed with SUPER - -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; ---connect(user1,localhost,user1,,) ---connection user1 -SET GLOBAL thread_pool_idle_timeout=10; ---error ER_GLOBAL_VARIABLE -SET thread_pool_idle_timeout=10; ---error ER_GLOBAL_VARIABLE -SET SESSION thread_pool_idle_timeout=10; ---disconnect user1 ---connection default -DROP USER user1@localhost; - SET @@global.thread_pool_idle_timeout=@global; diff --git a/mysql-test/suite/sys_vars/t/thread_pool_max_threads_grant.test b/mysql-test/suite/sys_vars/t/thread_pool_max_threads_grant.test index 299d5ff4f44..b77df1493ee 100644 --- a/mysql-test/suite/sys_vars/t/thread_pool_max_threads_grant.test +++ b/mysql-test/suite/sys_vars/t/thread_pool_max_threads_grant.test @@ -8,11 +8,11 @@ SET @global=@@global.thread_pool_max_threads; --echo # MDEV-21961 Bind CONNECTION ADMIN to a number of global system variables --echo # ---echo # Test that "SET thread_pool_max_threads" is not allowed without CONNECTION ADMIN or SUPER +--echo # Test that "SET thread_pool_max_threads" is not allowed without CONNECTION ADMIN CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE CONNECTION ADMIN, SUPER ON *.* FROM user1@localhost; +REVOKE CONNECTION ADMIN ON *.* FROM user1@localhost; --connect(user1,localhost,user1,,) --connection user1 --error ER_SPECIFIC_ACCESS_DENIED_ERROR @@ -40,19 +40,4 @@ SET SESSION thread_pool_max_threads=10; --connection default DROP USER user1@localhost; ---echo # Test that "SET thread_pool_max_threads" is allowed with SUPER - -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; ---connect(user1,localhost,user1,,) ---connection user1 -SET GLOBAL thread_pool_max_threads=10; ---error ER_GLOBAL_VARIABLE -SET thread_pool_max_threads=10; ---error ER_GLOBAL_VARIABLE -SET SESSION thread_pool_max_threads=10; ---disconnect user1 ---connection default -DROP USER user1@localhost; - SET @@global.thread_pool_max_threads=@global; diff --git a/mysql-test/suite/sys_vars/t/thread_pool_oversubscribe_grant.test b/mysql-test/suite/sys_vars/t/thread_pool_oversubscribe_grant.test index f3a96c69e8a..3ff215ae7fa 100644 --- a/mysql-test/suite/sys_vars/t/thread_pool_oversubscribe_grant.test +++ b/mysql-test/suite/sys_vars/t/thread_pool_oversubscribe_grant.test @@ -8,11 +8,11 @@ SET @global=@@global.thread_pool_oversubscribe; --echo # MDEV-21961 Bind CONNECTION ADMIN to a number of global system variables --echo # ---echo # Test that "SET thread_pool_oversubscribe" is not allowed without CONNECTION ADMIN or SUPER +--echo # Test that "SET thread_pool_oversubscribe" is not allowed without CONNECTION ADMIN CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE CONNECTION ADMIN, SUPER ON *.* FROM user1@localhost; +REVOKE CONNECTION ADMIN ON *.* FROM user1@localhost; --connect(user1,localhost,user1,,) --connection user1 --error ER_SPECIFIC_ACCESS_DENIED_ERROR @@ -40,19 +40,4 @@ SET SESSION thread_pool_oversubscribe=10; --connection default DROP USER user1@localhost; ---echo # Test that "SET thread_pool_oversubscribe" is allowed with SUPER - -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; ---connect(user1,localhost,user1,,) ---connection user1 -SET GLOBAL thread_pool_oversubscribe=10; ---error ER_GLOBAL_VARIABLE -SET thread_pool_oversubscribe=10; ---error ER_GLOBAL_VARIABLE -SET SESSION thread_pool_oversubscribe=10; ---disconnect user1 ---connection default -DROP USER user1@localhost; - SET @@global.thread_pool_oversubscribe=@global; diff --git a/mysql-test/suite/sys_vars/t/thread_pool_stall_limit_grant.test b/mysql-test/suite/sys_vars/t/thread_pool_stall_limit_grant.test index ae0ed8a785b..2c57fecd11e 100644 --- a/mysql-test/suite/sys_vars/t/thread_pool_stall_limit_grant.test +++ b/mysql-test/suite/sys_vars/t/thread_pool_stall_limit_grant.test @@ -8,11 +8,11 @@ SET @global=@@global.thread_pool_stall_limit; --echo # MDEV-21961 Bind CONNECTION ADMIN to a number of global system variables --echo # ---echo # Test that "SET thread_pool_stall_limit" is not allowed without CONNECTION ADMIN or SUPER +--echo # Test that "SET thread_pool_stall_limit" is not allowed without CONNECTION ADMIN CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; -REVOKE CONNECTION ADMIN, SUPER ON *.* FROM user1@localhost; +REVOKE CONNECTION ADMIN ON *.* FROM user1@localhost; --connect(user1,localhost,user1,,) --connection user1 --error ER_SPECIFIC_ACCESS_DENIED_ERROR @@ -40,19 +40,4 @@ SET SESSION thread_pool_stall_limit=400; --connection default DROP USER user1@localhost; ---echo # Test that "SET thread_pool_stall_limit" is allowed with SUPER - -CREATE USER user1@localhost; -GRANT SUPER ON *.* TO user1@localhost; ---connect(user1,localhost,user1,,) ---connection user1 -SET GLOBAL thread_pool_stall_limit=400; ---error ER_GLOBAL_VARIABLE -SET thread_pool_stall_limit=400; ---error ER_GLOBAL_VARIABLE -SET SESSION thread_pool_stall_limit=400; ---disconnect user1 ---connection default -DROP USER user1@localhost; - SET @@global.thread_pool_stall_limit=@global; diff --git a/sql/privilege.h b/sql/privilege.h index 8e9b9a3748e..a34d3f4a172 100644 --- a/sql/privilege.h +++ b/sql/privilege.h @@ -224,21 +224,24 @@ static inline privilege_t& operator|=(privilege_t &a, privilege_t b) return a= a | b; } +/* + A combination of all privileges that SUPER used to allow before 10.11.0 +*/ +constexpr privilege_t ALLOWED_BY_SUPER_BEFORE_101100= READ_ONLY_ADMIN_ACL; /* - A combination of all SUPER privileges added since the old user table format. - These privileges are automatically added when upgrading from the - old format mysql.user table if a user has the SUPER privilege. + A combination of all privileges that SUPER used to allow before 11.0.0 */ -constexpr privilege_t GLOBAL_SUPER_ADDED_SINCE_USER_TABLE_ACLS= +constexpr privilege_t ALLOWED_BY_SUPER_BEFORE_110000= SET_USER_ACL | FEDERATED_ADMIN_ACL | CONNECTION_ADMIN_ACL | - READ_ONLY_ADMIN_ACL | REPL_SLAVE_ADMIN_ACL | BINLOG_ADMIN_ACL | - BINLOG_REPLAY_ACL; - + BINLOG_REPLAY_ACL | + SLAVE_MONITOR_ACL | + BINLOG_MONITOR_ACL | + REPL_MASTER_ADMIN_ACL; constexpr privilege_t COL_DML_ACLS= SELECT_ACL | INSERT_ACL | UPDATE_ACL | DELETE_ACL; @@ -274,12 +277,10 @@ constexpr privilege_t PROC_ACLS= ALTER_PROC_ACL | EXECUTE_ACL | GRANT_ACL; constexpr privilege_t GLOBAL_ACLS= - DB_ACLS | SHOW_DB_ACL | - CREATE_USER_ACL | CREATE_TABLESPACE_ACL | + DB_ACLS | SHOW_DB_ACL | CREATE_USER_ACL | CREATE_TABLESPACE_ACL | SUPER_ACL | RELOAD_ACL | SHUTDOWN_ACL | PROCESS_ACL | FILE_ACL | - REPL_SLAVE_ACL | BINLOG_MONITOR_ACL | - GLOBAL_SUPER_ADDED_SINCE_USER_TABLE_ACLS | - REPL_MASTER_ADMIN_ACL | SLAVE_MONITOR_ACL; + REPL_SLAVE_ACL | + ALLOWED_BY_SUPER_BEFORE_101100 | ALLOWED_BY_SUPER_BEFORE_110000; constexpr privilege_t DEFAULT_CREATE_PROC_ACLS= ALTER_PROC_ACL | EXECUTE_ACL; @@ -303,7 +304,7 @@ constexpr privilege_t PRIV_LOCK_TABLES= SELECT_ACL | LOCK_TABLES_ACL; CREATE DEFINER=xxx {TRIGGER|VIEW|FUNCTION|PROCEDURE} Was SUPER prior to 10.5.2 */ -constexpr privilege_t PRIV_DEFINER_CLAUSE= SET_USER_ACL | SUPER_ACL; +constexpr privilege_t PRIV_DEFINER_CLAUSE= SET_USER_ACL; /* If a VIEW has a `definer=invoker@host` clause and the specified definer does not exists, then @@ -319,7 +320,7 @@ constexpr privilege_t PRIV_DEFINER_CLAUSE= SET_USER_ACL | SUPER_ACL; Was SUPER prior to 10.5.2 */ -constexpr privilege_t PRIV_REVEAL_MISSING_DEFINER= SET_USER_ACL | SUPER_ACL; +constexpr privilege_t PRIV_REVEAL_MISSING_DEFINER= SET_USER_ACL; /* Actions that require only the SUPER privilege */ constexpr privilege_t PRIV_DES_DECRYPT_ONE_ARG= SUPER_ACL; @@ -330,119 +331,117 @@ constexpr privilege_t PRIV_SET_RESTRICTED_SESSION_SYSTEM_VARIABLE= SUPER_ACL; /* The following variables respected only SUPER_ACL prior to 10.5.2 */ constexpr privilege_t PRIV_SET_SYSTEM_VAR_BINLOG_FORMAT= - SUPER_ACL | BINLOG_ADMIN_ACL; + BINLOG_ADMIN_ACL; constexpr privilege_t PRIV_SET_SYSTEM_VAR_BINLOG_DIRECT_NON_TRANSACTIONAL_UPDATES= - SUPER_ACL | BINLOG_ADMIN_ACL; + BINLOG_ADMIN_ACL; constexpr privilege_t PRIV_SET_SYSTEM_VAR_BINLOG_ANNOTATE_ROW_EVENTS= - SUPER_ACL | BINLOG_ADMIN_ACL; + BINLOG_ADMIN_ACL; constexpr privilege_t PRIV_SET_SYSTEM_VAR_BINLOG_ROW_IMAGE= - SUPER_ACL | BINLOG_ADMIN_ACL; + BINLOG_ADMIN_ACL; constexpr privilege_t PRIV_SET_SYSTEM_VAR_SQL_LOG_BIN= - SUPER_ACL | BINLOG_ADMIN_ACL; + BINLOG_ADMIN_ACL; constexpr privilege_t PRIV_SET_SYSTEM_GLOBAL_VAR_BINLOG_CACHE_SIZE= - SUPER_ACL | BINLOG_ADMIN_ACL; + BINLOG_ADMIN_ACL; constexpr privilege_t PRIV_SET_SYSTEM_GLOBAL_VAR_BINLOG_FILE_CACHE_SIZE= - SUPER_ACL | BINLOG_ADMIN_ACL; + BINLOG_ADMIN_ACL; constexpr privilege_t PRIV_SET_SYSTEM_GLOBAL_VAR_BINLOG_STMT_CACHE_SIZE= - SUPER_ACL | BINLOG_ADMIN_ACL; + BINLOG_ADMIN_ACL; constexpr privilege_t PRIV_SET_SYSTEM_GLOBAL_VAR_BINLOG_COMMIT_WAIT_COUNT= - SUPER_ACL | BINLOG_ADMIN_ACL; + BINLOG_ADMIN_ACL; constexpr privilege_t PRIV_SET_SYSTEM_GLOBAL_VAR_BINLOG_COMMIT_WAIT_USEC= - SUPER_ACL | BINLOG_ADMIN_ACL; + BINLOG_ADMIN_ACL; constexpr privilege_t PRIV_SET_SYSTEM_GLOBAL_VAR_BINLOG_ROW_METADATA= - SUPER_ACL | BINLOG_ADMIN_ACL; + BINLOG_ADMIN_ACL; constexpr privilege_t PRIV_SET_SYSTEM_GLOBAL_VAR_EXPIRE_LOGS_DAYS= - SUPER_ACL | BINLOG_ADMIN_ACL; + BINLOG_ADMIN_ACL; constexpr privilege_t PRIV_SET_SYSTEM_GLOBAL_VAR_LOG_BIN_COMPRESS= - SUPER_ACL | BINLOG_ADMIN_ACL; + BINLOG_ADMIN_ACL; constexpr privilege_t PRIV_SET_SYSTEM_GLOBAL_VAR_LOG_BIN_COMPRESS_MIN_LEN= - SUPER_ACL | BINLOG_ADMIN_ACL; + BINLOG_ADMIN_ACL; constexpr privilege_t PRIV_SET_SYSTEM_GLOBAL_VAR_LOG_BIN_TRUST_FUNCTION_CREATORS= - SUPER_ACL | BINLOG_ADMIN_ACL; + BINLOG_ADMIN_ACL; constexpr privilege_t PRIV_SET_SYSTEM_GLOBAL_VAR_MAX_BINLOG_CACHE_SIZE= - SUPER_ACL | BINLOG_ADMIN_ACL; + BINLOG_ADMIN_ACL; constexpr privilege_t PRIV_SET_SYSTEM_GLOBAL_VAR_MAX_BINLOG_STMT_CACHE_SIZE= - SUPER_ACL | BINLOG_ADMIN_ACL; + BINLOG_ADMIN_ACL; constexpr privilege_t PRIV_SET_SYSTEM_GLOBAL_VAR_MAX_BINLOG_SIZE= - SUPER_ACL | BINLOG_ADMIN_ACL; + BINLOG_ADMIN_ACL; constexpr privilege_t PRIV_SET_SYSTEM_GLOBAL_VAR_SYNC_BINLOG= - SUPER_ACL | BINLOG_ADMIN_ACL; - + BINLOG_ADMIN_ACL; /* Privileges related to --read-only */ // Was super prior to 10.5.2 constexpr privilege_t PRIV_IGNORE_READ_ONLY= READ_ONLY_ADMIN_ACL; // Was super prior to 10.5.2 -constexpr privilege_t PRIV_SET_SYSTEM_GLOBAL_VAR_READ_ONLY= - READ_ONLY_ADMIN_ACL; +constexpr privilege_t PRIV_SET_SYSTEM_GLOBAL_VAR_READ_ONLY= READ_ONLY_ADMIN_ACL; /* Privileges related to connection handling. */ // Was SUPER_ACL prior to 10.5.2 -constexpr privilege_t PRIV_IGNORE_INIT_CONNECT= CONNECTION_ADMIN_ACL | SUPER_ACL; +constexpr privilege_t PRIV_IGNORE_INIT_CONNECT= CONNECTION_ADMIN_ACL; // Was SUPER_ACL prior to 10.5.2 -constexpr privilege_t PRIV_IGNORE_MAX_USER_CONNECTIONS= CONNECTION_ADMIN_ACL | SUPER_ACL; +constexpr privilege_t PRIV_IGNORE_MAX_USER_CONNECTIONS= CONNECTION_ADMIN_ACL; // Was SUPER_ACL prior to 10.5.2 -constexpr privilege_t PRIV_IGNORE_MAX_CONNECTIONS= CONNECTION_ADMIN_ACL | SUPER_ACL; +constexpr privilege_t PRIV_IGNORE_MAX_CONNECTIONS= CONNECTION_ADMIN_ACL; // Was SUPER_ACL prior to 10.5.2 -constexpr privilege_t PRIV_IGNORE_MAX_PASSWORD_ERRORS= CONNECTION_ADMIN_ACL | SUPER_ACL; +constexpr privilege_t PRIV_IGNORE_MAX_PASSWORD_ERRORS= CONNECTION_ADMIN_ACL; // Was SUPER_ACL prior to 10.5.2 -constexpr privilege_t PRIV_KILL_OTHER_USER_PROCESS= CONNECTION_ADMIN_ACL | SUPER_ACL; +constexpr privilege_t PRIV_KILL_OTHER_USER_PROCESS= CONNECTION_ADMIN_ACL; // Was SUPER_ACL prior to 10.5.2 constexpr privilege_t PRIV_SET_SYSTEM_GLOBAL_VAR_CONNECT_TIMEOUT= - CONNECTION_ADMIN_ACL | SUPER_ACL; + CONNECTION_ADMIN_ACL; // Was SUPER_ACL prior to 10.5.2 constexpr privilege_t PRIV_SET_SYSTEM_GLOBAL_VAR_DISCONNECT_ON_EXPIRED_PASSWORD= - CONNECTION_ADMIN_ACL | SUPER_ACL; + CONNECTION_ADMIN_ACL; // Was SUPER_ACL prior to 10.5.2 constexpr privilege_t PRIV_SET_SYSTEM_GLOBAL_VAR_EXTRA_MAX_CONNECTIONS= - CONNECTION_ADMIN_ACL | SUPER_ACL; + CONNECTION_ADMIN_ACL; // Was SUPER_ACL prior to 10.5.2 constexpr privilege_t PRIV_SET_SYSTEM_GLOBAL_VAR_INIT_CONNECT= - CONNECTION_ADMIN_ACL | SUPER_ACL; + CONNECTION_ADMIN_ACL; // Was SUPER_ACL prior to 10.5.2 constexpr privilege_t PRIV_SET_SYSTEM_GLOBAL_VAR_MAX_CONNECTIONS= - CONNECTION_ADMIN_ACL | SUPER_ACL; + CONNECTION_ADMIN_ACL; // Was SUPER_ACL prior to 10.5.2 constexpr privilege_t PRIV_SET_SYSTEM_GLOBAL_VAR_MAX_CONNECT_ERRORS= - CONNECTION_ADMIN_ACL | SUPER_ACL; + CONNECTION_ADMIN_ACL; // Was SUPER_ACL prior to 10.5.2 constexpr privilege_t PRIV_SET_SYSTEM_GLOBAL_VAR_MAX_PASSWORD_ERRORS= - CONNECTION_ADMIN_ACL | SUPER_ACL; + CONNECTION_ADMIN_ACL; // Was SUPER_ACL prior to 10.5.2 constexpr privilege_t PRIV_SET_SYSTEM_GLOBAL_VAR_PROXY_PROTOCOL_NETWORKS= - CONNECTION_ADMIN_ACL | SUPER_ACL; + CONNECTION_ADMIN_ACL; // Was SUPER_ACL prior to 10.5.2 constexpr privilege_t PRIV_SET_SYSTEM_GLOBAL_VAR_SECURE_AUTH= - CONNECTION_ADMIN_ACL | SUPER_ACL; + CONNECTION_ADMIN_ACL; // Was SUPER_ACL prior to 10.5.2 constexpr privilege_t PRIV_SET_SYSTEM_GLOBAL_VAR_SLOW_LAUNCH_TIME= - CONNECTION_ADMIN_ACL | SUPER_ACL; + CONNECTION_ADMIN_ACL; // Was SUPER_ACL prior to 10.5.2 constexpr privilege_t PRIV_SET_SYSTEM_GLOBAL_VAR_THREAD_POOL= - CONNECTION_ADMIN_ACL | SUPER_ACL; + CONNECTION_ADMIN_ACL; /* @@ -456,16 +455,16 @@ constexpr privilege_t PRIV_SET_SYSTEM_GLOBAL_VAR_THREAD_POOL= Was SUPER_ACL | REPL_CLIENT_ACL prior to 10.5.2 REPL_CLIENT_ACL was renamed to BINLOG_MONITOR_ACL. */ -constexpr privilege_t PRIV_STMT_SHOW_BINLOG_STATUS= BINLOG_MONITOR_ACL | SUPER_ACL; +constexpr privilege_t PRIV_STMT_SHOW_BINLOG_STATUS= BINLOG_MONITOR_ACL; /* Was SUPER_ACL | REPL_CLIENT_ACL prior to 10.5.2 REPL_CLIENT_ACL was renamed to BINLOG_MONITOR_ACL. */ -constexpr privilege_t PRIV_STMT_SHOW_BINARY_LOGS= BINLOG_MONITOR_ACL | SUPER_ACL; +constexpr privilege_t PRIV_STMT_SHOW_BINARY_LOGS= BINLOG_MONITOR_ACL; // Was SUPER_ACL prior to 10.5.2 -constexpr privilege_t PRIV_STMT_PURGE_BINLOG= BINLOG_ADMIN_ACL | SUPER_ACL; +constexpr privilege_t PRIV_STMT_PURGE_BINLOG= BINLOG_ADMIN_ACL; // Was REPL_SLAVE_ACL prior to 10.5.2 constexpr privilege_t PRIV_STMT_SHOW_BINLOG_EVENTS= BINLOG_MONITOR_ACL; @@ -485,39 +484,39 @@ constexpr privilege_t PRIV_STMT_SHOW_SLAVE_HOSTS= REPL_MASTER_ADMIN_ACL; Where SUPER prior to 10.5.2 */ constexpr privilege_t PRIV_SET_SYSTEM_GLOBAL_VAR_RPL_SEMI_SYNC_MASTER_ENABLED= - REPL_MASTER_ADMIN_ACL | SUPER_ACL; + REPL_MASTER_ADMIN_ACL; constexpr privilege_t PRIV_SET_SYSTEM_GLOBAL_VAR_RPL_SEMI_SYNC_MASTER_TIMEOUT= - REPL_MASTER_ADMIN_ACL | SUPER_ACL; + REPL_MASTER_ADMIN_ACL; constexpr privilege_t PRIV_SET_SYSTEM_GLOBAL_VAR_RPL_SEMI_SYNC_MASTER_WAIT_NO_SLAVE= - REPL_MASTER_ADMIN_ACL | SUPER_ACL; + REPL_MASTER_ADMIN_ACL; constexpr privilege_t PRIV_SET_SYSTEM_GLOBAL_VAR_RPL_SEMI_SYNC_MASTER_TRACE_LEVEL= - REPL_MASTER_ADMIN_ACL | SUPER_ACL; + REPL_MASTER_ADMIN_ACL; constexpr privilege_t PRIV_SET_SYSTEM_GLOBAL_VAR_RPL_SEMI_SYNC_MASTER_WAIT_POINT= - REPL_MASTER_ADMIN_ACL | SUPER_ACL; + REPL_MASTER_ADMIN_ACL; constexpr privilege_t PRIV_SET_SYSTEM_GLOBAL_VAR_MASTER_VERIFY_CHECKSUM= - REPL_MASTER_ADMIN_ACL | SUPER_ACL; + REPL_MASTER_ADMIN_ACL; constexpr privilege_t PRIV_SET_SYSTEM_GLOBAL_VAR_GTID_BINLOG_STATE= - REPL_MASTER_ADMIN_ACL | SUPER_ACL; + REPL_MASTER_ADMIN_ACL; constexpr privilege_t PRIV_SET_SYSTEM_GLOBAL_VAR_SERVER_ID= - REPL_MASTER_ADMIN_ACL | SUPER_ACL; + REPL_MASTER_ADMIN_ACL; constexpr privilege_t PRIV_SET_SYSTEM_GLOBAL_VAR_GTID_DOMAIN_ID= - REPL_MASTER_ADMIN_ACL | SUPER_ACL; + REPL_MASTER_ADMIN_ACL; /* Privileges for statements that are executed on the slave */ // Was SUPER_ACL prior to 10.5.2 -constexpr privilege_t PRIV_STMT_START_SLAVE= REPL_SLAVE_ADMIN_ACL | SUPER_ACL; +constexpr privilege_t PRIV_STMT_START_SLAVE= REPL_SLAVE_ADMIN_ACL; // Was SUPER_ACL prior to 10.5.2 -constexpr privilege_t PRIV_STMT_STOP_SLAVE= REPL_SLAVE_ADMIN_ACL | SUPER_ACL; +constexpr privilege_t PRIV_STMT_STOP_SLAVE= REPL_SLAVE_ADMIN_ACL; // Was SUPER_ACL prior to 10.5.2 -constexpr privilege_t PRIV_STMT_CHANGE_MASTER= REPL_SLAVE_ADMIN_ACL | SUPER_ACL; +constexpr privilege_t PRIV_STMT_CHANGE_MASTER= REPL_SLAVE_ADMIN_ACL; // Was (SUPER_ACL | REPL_CLIENT_ACL) prior to 10.5.2 // Was (SUPER_ACL | REPL_SLAVE_ADMIN_ACL) from 10.5.2 to 10.5.7 -constexpr privilege_t PRIV_STMT_SHOW_SLAVE_STATUS= SLAVE_MONITOR_ACL | SUPER_ACL; +constexpr privilege_t PRIV_STMT_SHOW_SLAVE_STATUS= SLAVE_MONITOR_ACL; // Was REPL_SLAVE_ACL prior to 10.5.2 // Was REPL_SLAVE_ADMIN_ACL from 10.5.2 to 10.5.7 constexpr privilege_t PRIV_STMT_SHOW_RELAYLOG_EVENTS= SLAVE_MONITOR_ACL; @@ -526,114 +525,114 @@ constexpr privilege_t PRIV_STMT_SHOW_RELAYLOG_EVENTS= SLAVE_MONITOR_ACL; Privileges related to binlog replying. Were SUPER_ACL prior to 10.5.2 */ -constexpr privilege_t PRIV_STMT_BINLOG= BINLOG_REPLAY_ACL | SUPER_ACL; +constexpr privilege_t PRIV_STMT_BINLOG= BINLOG_REPLAY_ACL; constexpr privilege_t PRIV_SET_SYSTEM_SESSION_VAR_GTID_SEQ_NO= - BINLOG_REPLAY_ACL | SUPER_ACL; + BINLOG_REPLAY_ACL; constexpr privilege_t PRIV_SET_SYSTEM_SESSION_VAR_PSEUDO_THREAD_ID= - BINLOG_REPLAY_ACL | SUPER_ACL; + BINLOG_REPLAY_ACL; constexpr privilege_t PRIV_SET_SYSTEM_SESSION_VAR_SERVER_ID= - BINLOG_REPLAY_ACL | SUPER_ACL; + BINLOG_REPLAY_ACL; constexpr privilege_t PRIV_SET_SYSTEM_SESSION_VAR_GTID_DOMAIN_ID= - BINLOG_REPLAY_ACL | SUPER_ACL; + BINLOG_REPLAY_ACL; /* Privileges for slave related global variables. Were SUPER prior to 10.5.2. */ constexpr privilege_t PRIV_SET_SYSTEM_GLOBAL_VAR_REPLICATE_EVENTS_MARKED_FOR_SKIP= - REPL_SLAVE_ADMIN_ACL | SUPER_ACL; + REPL_SLAVE_ADMIN_ACL; constexpr privilege_t PRIV_SET_SYSTEM_GLOBAL_VAR_REPLICATE_REWRITE_DB= - REPL_SLAVE_ADMIN_ACL | SUPER_ACL; + REPL_SLAVE_ADMIN_ACL; constexpr privilege_t PRIV_SET_SYSTEM_GLOBAL_VAR_REPLICATE_DO_DB= - REPL_SLAVE_ADMIN_ACL | SUPER_ACL; + REPL_SLAVE_ADMIN_ACL; constexpr privilege_t PRIV_SET_SYSTEM_GLOBAL_VAR_REPLICATE_DO_TABLE= - REPL_SLAVE_ADMIN_ACL | SUPER_ACL; + REPL_SLAVE_ADMIN_ACL; constexpr privilege_t PRIV_SET_SYSTEM_GLOBAL_VAR_REPLICATE_IGNORE_DB= - REPL_SLAVE_ADMIN_ACL | SUPER_ACL; + REPL_SLAVE_ADMIN_ACL; constexpr privilege_t PRIV_SET_SYSTEM_GLOBAL_VAR_REPLICATE_IGNORE_TABLE= - REPL_SLAVE_ADMIN_ACL | SUPER_ACL; + REPL_SLAVE_ADMIN_ACL; constexpr privilege_t PRIV_SET_SYSTEM_GLOBAL_VAR_REPLICATE_WILD_DO_TABLE= - REPL_SLAVE_ADMIN_ACL | SUPER_ACL; + REPL_SLAVE_ADMIN_ACL; constexpr privilege_t PRIV_SET_SYSTEM_GLOBAL_VAR_REPLICATE_WILD_IGNORE_TABLE= - REPL_SLAVE_ADMIN_ACL | SUPER_ACL; + REPL_SLAVE_ADMIN_ACL; constexpr privilege_t PRIV_SET_SYSTEM_GLOBAL_VAR_READ_BINLOG_SPEED_LIMIT= - REPL_SLAVE_ADMIN_ACL | SUPER_ACL; + REPL_SLAVE_ADMIN_ACL; constexpr privilege_t PRIV_SET_SYSTEM_GLOBAL_VAR_SLAVE_COMPRESSED_PROTOCOL= - REPL_SLAVE_ADMIN_ACL | SUPER_ACL; + REPL_SLAVE_ADMIN_ACL; constexpr privilege_t PRIV_SET_SYSTEM_GLOBAL_VAR_SLAVE_DDL_EXEC_MODE= - REPL_SLAVE_ADMIN_ACL | SUPER_ACL; + REPL_SLAVE_ADMIN_ACL; constexpr privilege_t PRIV_SET_SYSTEM_GLOBAL_VAR_SLAVE_DOMAIN_PARALLEL_THREADS= - REPL_SLAVE_ADMIN_ACL | SUPER_ACL; + REPL_SLAVE_ADMIN_ACL; constexpr privilege_t PRIV_SET_SYSTEM_GLOBAL_VAR_SLAVE_EXEC_MODE= - REPL_SLAVE_ADMIN_ACL | SUPER_ACL; + REPL_SLAVE_ADMIN_ACL; constexpr privilege_t PRIV_SET_SYSTEM_GLOBAL_VAR_SLAVE_MAX_ALLOWED_PACKET= - REPL_SLAVE_ADMIN_ACL | SUPER_ACL; + REPL_SLAVE_ADMIN_ACL; constexpr privilege_t PRIV_SET_SYSTEM_GLOBAL_VAR_SLAVE_MAX_STATEMENT_TIME= REPL_SLAVE_ADMIN_ACL; constexpr privilege_t PRIV_SET_SYSTEM_GLOBAL_VAR_SLAVE_NET_TIMEOUT= - REPL_SLAVE_ADMIN_ACL | SUPER_ACL; + REPL_SLAVE_ADMIN_ACL; constexpr privilege_t PRIV_SET_SYSTEM_GLOBAL_VAR_SLAVE_PARALLEL_MAX_QUEUED= - REPL_SLAVE_ADMIN_ACL | SUPER_ACL; + REPL_SLAVE_ADMIN_ACL; constexpr privilege_t PRIV_SET_SYSTEM_GLOBAL_VAR_SLAVE_PARALLEL_MODE= - REPL_SLAVE_ADMIN_ACL | SUPER_ACL; + REPL_SLAVE_ADMIN_ACL; constexpr privilege_t PRIV_SET_SYSTEM_GLOBAL_VAR_SLAVE_PARALLEL_THREADS= - REPL_SLAVE_ADMIN_ACL | SUPER_ACL; + REPL_SLAVE_ADMIN_ACL; constexpr privilege_t PRIV_SET_SYSTEM_GLOBAL_VAR_SLAVE_PARALLEL_WORKERS= - REPL_SLAVE_ADMIN_ACL | SUPER_ACL; + REPL_SLAVE_ADMIN_ACL; constexpr privilege_t PRIV_SET_SYSTEM_GLOBAL_VAR_SLAVE_RUN_TRIGGERS_FOR_RBR= - REPL_SLAVE_ADMIN_ACL | SUPER_ACL; + REPL_SLAVE_ADMIN_ACL; constexpr privilege_t PRIV_SET_SYSTEM_GLOBAL_VAR_SLAVE_SQL_VERIFY_CHECKSUM= - REPL_SLAVE_ADMIN_ACL | SUPER_ACL; + REPL_SLAVE_ADMIN_ACL; constexpr privilege_t PRIV_SET_SYSTEM_GLOBAL_VAR_SLAVE_TRANSACTION_RETRY_INTERVAL= - REPL_SLAVE_ADMIN_ACL | SUPER_ACL; + REPL_SLAVE_ADMIN_ACL; constexpr privilege_t PRIV_SET_SYSTEM_GLOBAL_VAR_SLAVE_TYPE_CONVERSIONS= - REPL_SLAVE_ADMIN_ACL | SUPER_ACL; + REPL_SLAVE_ADMIN_ACL; constexpr privilege_t PRIV_SET_SYSTEM_GLOBAL_VAR_INIT_SLAVE= - REPL_SLAVE_ADMIN_ACL | SUPER_ACL; + REPL_SLAVE_ADMIN_ACL; constexpr privilege_t PRIV_SET_SYSTEM_GLOBAL_VAR_RPL_SEMI_SYNC_SLAVE_ENABLED= - REPL_SLAVE_ADMIN_ACL | SUPER_ACL; + REPL_SLAVE_ADMIN_ACL; constexpr privilege_t PRIV_SET_SYSTEM_GLOBAL_VAR_RPL_SEMI_SYNC_SLAVE_TRACE_LEVEL= - REPL_SLAVE_ADMIN_ACL | SUPER_ACL; + REPL_SLAVE_ADMIN_ACL; constexpr privilege_t PRIV_SET_SYSTEM_GLOBAL_VAR_RPL_SEMI_SYNC_SLAVE_DELAY_MASTER= - REPL_SLAVE_ADMIN_ACL | SUPER_ACL; + REPL_SLAVE_ADMIN_ACL; constexpr privilege_t PRIV_SET_SYSTEM_GLOBAL_VAR_RPL_SEMI_SYNC_SLAVE_KILL_CONN_TIMEOUT= - REPL_SLAVE_ADMIN_ACL | SUPER_ACL; + REPL_SLAVE_ADMIN_ACL; constexpr privilege_t PRIV_SET_SYSTEM_GLOBAL_VAR_RELAY_LOG_PURGE= - REPL_SLAVE_ADMIN_ACL | SUPER_ACL; + REPL_SLAVE_ADMIN_ACL; constexpr privilege_t PRIV_SET_SYSTEM_GLOBAL_VAR_RELAY_LOG_RECOVERY= - REPL_SLAVE_ADMIN_ACL | SUPER_ACL; + REPL_SLAVE_ADMIN_ACL; constexpr privilege_t PRIV_SET_SYSTEM_GLOBAL_VAR_SYNC_MASTER_INFO= - REPL_SLAVE_ADMIN_ACL | SUPER_ACL; + REPL_SLAVE_ADMIN_ACL; constexpr privilege_t PRIV_SET_SYSTEM_GLOBAL_VAR_SYNC_RELAY_LOG= - REPL_SLAVE_ADMIN_ACL | SUPER_ACL; + REPL_SLAVE_ADMIN_ACL; constexpr privilege_t PRIV_SET_SYSTEM_GLOBAL_VAR_SYNC_RELAY_LOG_INFO= - REPL_SLAVE_ADMIN_ACL | SUPER_ACL; + REPL_SLAVE_ADMIN_ACL; constexpr privilege_t PRIV_SET_SYSTEM_GLOBAL_VAR_GTID_CLEANUP_BATCH_SIZE= - REPL_SLAVE_ADMIN_ACL | SUPER_ACL; + REPL_SLAVE_ADMIN_ACL; constexpr privilege_t PRIV_SET_SYSTEM_GLOBAL_VAR_GTID_IGNORE_DUPLICATES= - REPL_SLAVE_ADMIN_ACL | SUPER_ACL; + REPL_SLAVE_ADMIN_ACL; constexpr privilege_t PRIV_SET_SYSTEM_GLOBAL_VAR_GTID_POS_AUTO_ENGINES= - REPL_SLAVE_ADMIN_ACL | SUPER_ACL; + REPL_SLAVE_ADMIN_ACL; constexpr privilege_t PRIV_SET_SYSTEM_GLOBAL_VAR_GTID_SLAVE_POS= - REPL_SLAVE_ADMIN_ACL | SUPER_ACL; + REPL_SLAVE_ADMIN_ACL; constexpr privilege_t PRIV_SET_SYSTEM_GLOBAL_VAR_GTID_STRICT_MODE= - REPL_SLAVE_ADMIN_ACL | SUPER_ACL; + REPL_SLAVE_ADMIN_ACL; /* Privileges for federated database related statements */ // Was SUPER_ACL prior to 10.5.2 -constexpr privilege_t PRIV_STMT_CREATE_SERVER= FEDERATED_ADMIN_ACL | SUPER_ACL; +constexpr privilege_t PRIV_STMT_CREATE_SERVER= FEDERATED_ADMIN_ACL; // Was SUPER_ACL prior to 10.5.2 -constexpr privilege_t PRIV_STMT_ALTER_SERVER= FEDERATED_ADMIN_ACL | SUPER_ACL; +constexpr privilege_t PRIV_STMT_ALTER_SERVER= FEDERATED_ADMIN_ACL; // Was SUPER_ACL prior to 10.5.2 -constexpr privilege_t PRIV_STMT_DROP_SERVER= FEDERATED_ADMIN_ACL | SUPER_ACL; +constexpr privilege_t PRIV_STMT_DROP_SERVER= FEDERATED_ADMIN_ACL; /* Privileges related to processes */ diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc index 1ba056ff89e..fccf6ef304f 100644 --- a/sql/sql_acl.cc +++ b/sql/sql_acl.cc @@ -1058,7 +1058,7 @@ class User_table_tabular: public User_table access|= DELETE_HISTORY_ACL; if (access & SUPER_ACL) - access|= GLOBAL_SUPER_ADDED_SINCE_USER_TABLE_ACLS; + access|= ALLOWED_BY_SUPER_BEFORE_101100 | ALLOWED_BY_SUPER_BEFORE_110000; /* The SHOW SLAVE HOSTS statement : @@ -1545,10 +1545,15 @@ class User_table_json: public User_table { privilege_t mask= ALL_KNOWN_ACL_100304; ulonglong orig_access= access; + if (version_id < 110000) + { + if (access & SUPER_ACL) + access|= ALLOWED_BY_SUPER_BEFORE_110000; + } if (version_id < 101100) { if (access & SUPER_ACL) - access|= READ_ONLY_ADMIN_ACL; + access|= ALLOWED_BY_SUPER_BEFORE_101100; } if (version_id >= 100509) { @@ -1565,26 +1570,6 @@ class User_table_json: public User_table } else // 100501 or earlier { - /* - Address changes in SUPER and REPLICATION SLAVE made in 10.5.2. - This also covers a special case: if the user had ALL PRIVILEGES before - the upgrade, it gets ALL PRIVILEGES after the upgrade. - */ - if (access & SUPER_ACL) - { - if (access & REPL_SLAVE_ACL) - { - /* - The user could do both before the upgrade: - - set global variables (because of SUPER_ACL) - - execute "SHOW SLAVE HOSTS" (because of REPL_SLAVE_ACL) - Grant all new privileges that were splitted from SUPER (in 10.5.2), - and REPLICATION MASTER ADMIN, so it still can do "SHOW SLAVE HOSTS". - */ - access|= REPL_MASTER_ADMIN_ACL; - } - access|= GLOBAL_SUPER_ADDED_SINCE_USER_TABLE_ACLS; - } /* REPLICATION_CLIENT(BINLOG_MONITOR_ACL) should allow SHOW SLAVE STATUS REPLICATION SLAVE should allow SHOW RELAYLOG EVENTS diff --git a/sql/sql_show.cc b/sql/sql_show.cc index 9510d74c86d..1fd31bd4947 100644 --- a/sql/sql_show.cc +++ b/sql/sql_show.cc @@ -522,7 +522,7 @@ static struct show_privileges_st sys_privileges[]= {"Show databases","Server Admin","To see all databases with SHOW DATABASES"}, {"Show view","Tables","To see views with SHOW CREATE VIEW"}, {"Shutdown","Server Admin", "To shut down the server"}, - {"Super","Server Admin","To use KILL thread, SET GLOBAL, CHANGE MASTER, etc."}, + {"Super","Server Admin","To set few server variables"}, {"Trigger","Tables", "To use triggers"}, {"Create tablespace", "Server Admin", "To create/alter/drop tablespaces"}, {"Update", "Tables", "To update existing rows"},