database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-10-31 15:50:51 +03:00
Code Activity
Files
ffb51e1592f1243510608e91fad383ad3e4c2d0b
mariadb/mysql-test/r/lowercase_table_grant.result
unknown 6aaed7330c Fix for BUG#9412: Triggers: should have trigger privilege. 
Implement table-level TRIGGER privilege to control access to triggers.
Before this path global SUPER privilege was used for this purpose, that
was the big security problem.

In details, before this patch SUPER privilege was required:
  - for the user at CREATE TRIGGER time to create a new trigger;
  - for the user at DROP TRIGGER time to drop the existing trigger;
  - for the definer at trigger activation time to execute the trigger (if the
    definer loses SUPER privilege, all its triggers become unavailable);

This patch changes the behaviour in the following way:
  - TRIGGER privilege on the subject table for trigger is required:
    - for the user at CREATE TRIGGER time to create a new trigger;
    - for the user at DROP TRIGGER time to drop the existing trigger;
    - for the definer at trigger activation time to execute the trigger
      (if the definer loses TRIGGER privilege on the subject table, all its
      triggers on this table become unavailable).
  - SUPER privilege is still required:
    - for the user at CREATE TRIGGER time to explicitly set the trigger
      definer to the user other than CURRENT_USER().

When the server works with database of the previous version (w/o TRIGGER
privilege), or if the database is being upgraded from the previous versions,
TRIGGER privilege is granted to whose users, who have CREATE privilege.


mysql-test/r/grant.result:
  Updated the result file after adding TRIGGER privilege.
mysql-test/r/information_schema.result:
  Updated the result file after adding TRIGGER privilege.
mysql-test/r/lowercase_table_grant.result:
  Updated the result file after adding TRIGGER privilege.
mysql-test/r/ps.result:
  Updated the result file after adding TRIGGER privilege.
mysql-test/r/sp.result:
  Updated the result file after adding TRIGGER privilege.
mysql-test/r/trigger-compat.result:
  Updated the result file after adding TRIGGER privilege.
mysql-test/r/trigger-grant.result:
  Updated the result file after adding TRIGGER privilege.
mysql-test/t/trigger-compat.test:
  Grant table-level TRIGGER privilege instead of global SUPER one.
mysql-test/t/trigger-grant.test:
  1. Grant table-level TRIGGER privilege instead of global SUPER one.
  2. Updated the test case to check that SUPER is required to specify
  the user other than the current as a definer.
scripts/mysql_create_system_tables.sh:
  Added TRIGGER privilege.
scripts/mysql_fix_privilege_tables.sql:
  Added TRIGGER privilege.
sql/sql_acl.cc:
  Added TRIGGER privilege.
sql/sql_acl.h:
  Added TRIGGER privilege.
sql/sql_show.cc:
  Added TRIGGER privilege.
sql/sql_trigger.cc:
  Check TRIGGER privilege instead of SUPER.
sql/sql_yacc.yy:
  Added TRIGGER privilege.
2006-02-01 13:28:45 +03:00

24 lines
1.5 KiB
Plaintext
Raw Blame History

use mysql;
create database MYSQLtest;
grant all on MySQLtest.* to mysqltest_1@localhost;
show grants for mysqltest_1@localhost;
Grants for mysqltest_1@localhost
GRANT USAGE ON *.* TO 'mysqltest_1'@'localhost'
GRANT ALL PRIVILEGES ON `mysqltest`.* TO 'mysqltest_1'@'localhost'
select * from db where user = 'mysqltest_1';
Host Db User Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Grant_priv References_priv Index_priv Alter_priv Create_tmp_table_priv Lock_tables_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Execute_priv Event_priv Trigger_priv
localhost mysqltest mysqltest_1 Y Y Y Y Y Y N Y Y Y Y Y Y Y Y Y Y Y Y
update db set db = 'MYSQLtest' where db = 'mysqltest' and user = 'mysqltest_1' and host = 'localhost';
flush privileges;
show grants for mysqltest_1@localhost;
Grants for mysqltest_1@localhost
GRANT USAGE ON *.* TO 'mysqltest_1'@'localhost'
GRANT ALL PRIVILEGES ON `mysqltest`.* TO 'mysqltest_1'@'localhost'
select * from db where user = 'mysqltest_1';
Host Db User Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Grant_priv References_priv Index_priv Alter_priv Create_tmp_table_priv Lock_tables_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Execute_priv Event_priv Trigger_priv
localhost MYSQLtest mysqltest_1 Y Y Y Y Y Y N Y Y Y Y Y Y Y Y Y Y Y Y
delete from db where db = 'MYSQLtest' and user = 'mysqltest_1' and host = 'localhost';
flush privileges;
drop user mysqltest_1@localhost;
drop database MYSQLtest;
View Git Blame Copy Permalink