mirror of
https://github.com/MariaDB/server.git
synced 2025-08-01 03:47:19 +03:00
d6e3d89c80
SUPER privilege used to allow various actions that were alternatively allowed by one of BINLOG ADMIN, BINLOG MONITOR, BINLOG REPLAY, CONNECTION ADMIN, FEDERATED ADMIN, REPL MASTER ADMIN, REPL SLAVE ADMIN, SET USER, SLAVE MONITOR. Now SUPER no longer does that, one has to grant one of the fine-grained privileges above to be to perform corresponding actions. On upgrade from MariaDB versions 10.11 and below all the privileges above are granted automatically if the user has SUPER. As a side-effect, such an upgrade will allow SUPER-user to run SHOW BINLOG EVENTS, SHOW RELAYLOG EVENTS, SHOW SLAVE HOSTS, even if he wasn't able to do it before the upgrade.
31 lines
1.1 KiB
Plaintext
31 lines
1.1 KiB
Plaintext
#
|
|
#
|
|
#
|
|
# Test that "SET sql_log_bin" is not allowed without BINLOG ADMIN
|
|
CREATE USER user1@localhost;
|
|
GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
|
|
REVOKE BINLOG ADMIN ON *.* FROM user1@localhost;
|
|
connect user1,localhost,user1,,;
|
|
connection user1;
|
|
SET sql_log_bin=1;
|
|
ERROR 42000: Access denied; you need (at least one of) the BINLOG ADMIN privilege(s) for this operation
|
|
SET GLOBAL sql_log_bin=1;
|
|
ERROR 42000: Access denied; you need (at least one of) the BINLOG ADMIN privilege(s) for this operation
|
|
SET SESSION sql_log_bin=1;
|
|
ERROR 42000: Access denied; you need (at least one of) the BINLOG ADMIN privilege(s) for this operation
|
|
disconnect user1;
|
|
connection default;
|
|
DROP USER user1@localhost;
|
|
# Test that "SET sql_log_bin" is allowed with BINLOG ADMIN
|
|
CREATE USER user1@localhost;
|
|
GRANT BINLOG ADMIN ON *.* TO user1@localhost;
|
|
connect user1,localhost,user1,,;
|
|
connection user1;
|
|
SET sql_log_bin=1;
|
|
SET GLOBAL sql_log_bin=1;
|
|
ERROR HY000: Variable 'sql_log_bin' is a SESSION variable
|
|
SET SESSION sql_log_bin=1;
|
|
disconnect user1;
|
|
connection default;
|
|
DROP USER user1@localhost;
|