database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-07-29 05:21:33 +03:00
Code Activity

MDEV-29668 SUPER should not allow actions that have fine-grained dedicated privileges

Browse Source 
SUPER privilege used to allow various actions that were alternatively
allowed by one of BINLOG ADMIN, BINLOG MONITOR, BINLOG REPLAY,
CONNECTION ADMIN, FEDERATED ADMIN, REPL MASTER ADMIN, REPL SLAVE ADMIN,
SET USER, SLAVE MONITOR.

Now SUPER no longer does that, one has to grant one of the fine-grained
privileges above to be to perform corresponding actions.

On upgrade from MariaDB versions 10.11 and below all the privileges
above are granted automatically if the user has SUPER.

As a side-effect, such an upgrade will allow SUPER-user to run SHOW
BINLOG EVENTS, SHOW RELAYLOG EVENTS, SHOW SLAVE HOSTS, even if he wasn't
able to do it before the upgrade.
This commit is contained in:
Sergei Golubchik
2022-12-10 12:08:31 +01:00
parent 0ac5132505
commit d6e3d89c80
142 changed files with 551 additions and 2145 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
mysql-test/main/trigger_notembedded.result
View File

@ -112,7 +112,7 @@ CREATE DEFINER='mysqltest_inv'@'localhost'
TRIGGER trg1 BEFORE INSERT ON t1
FOR EACH ROW
SET @new_sum = 0;
ERROR 42000: Access denied; you need (at least one of) the SUPER, SET USER privilege(s) for this operation
ERROR 42000: Access denied; you need (at least one of) the SET USER privilege(s) for this operation
connection default;
use mysqltest_db1;
GRANT SET USER ON *.* TO mysqltest_dfn@localhost;