diff --git a/mysql-test/r/acl_roles_set_role-database-simple.result b/mysql-test/r/acl_roles_set_role-database-simple.result new file mode 100644 index 00000000000..758bc7340f2 --- /dev/null +++ b/mysql-test/r/acl_roles_set_role-database-simple.result @@ -0,0 +1,49 @@ +create user 'test_user'@'localhost'; +create user 'test_role1'@''; +update mysql.user set is_role='Y' where user='test_role1'; +insert into mysql.roles_mapping (HostFk, UserFk, RoleFk) values ('localhost', +'test_user', +'test_role1'); +select user, host from mysql.user where user not like 'root'; +user host +test_role1 +test_user localhost +select * from mysql.roles_mapping; +HostFk UserFk RoleFk +localhost test_user test_role1 +flush privileges; +grant select on mysql.* to test_role1@''; +grant insert, delete on mysql.roles_mapping to test_role1@''; +grant reload on *.* to test_role1@''; +select * from mysql.roles_mapping; +ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table 'roles_mapping' +set role test_role1; +select * from mysql.roles_mapping; +HostFk UserFk RoleFk +localhost test_user test_role1 +insert into mysql.user (user, host) values ('Dummy', 'Dummy'); +ERROR 42000: INSERT command denied to user 'test_user'@'localhost' for table 'user' +insert into mysql.roles_mapping (HostFk, UserFk, RoleFk) values ('localhost', +'test_user', +'test_role2'); +delete from mysql.roles_mapping where RoleFk='test_role2'; +use mysql; +set role none; +use mysql; +ERROR 42000: Access denied for user 'test_user'@'localhost' to database 'mysql' +select * from mysql.roles_mapping; +ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table 'roles_mapping' +insert into mysql.user (user, host) values ('Dummy', 'Dummy'); +ERROR 42000: INSERT command denied to user 'test_user'@'localhost' for table 'user' +insert into mysql.roles_mapping (HostFk, UserFk, RoleFk) values ('localhost', +'test_user', +'test_role2'); +ERROR 42000: INSERT command denied to user 'test_user'@'localhost' for table 'roles_mapping' +delete from mysql.roles_mapping where RoleFk='test_role2'; +ERROR 42000: DELETE command denied to user 'test_user'@'localhost' for table 'roles_mapping' +drop user 'test_user'@'localhost'; +revoke select on mysql.* from test_role1@''; +revoke insert, delete on mysql.roles_mapping from test_role1@''; +delete from mysql.user where user='test_role1'; +delete from mysql.roles_mapping where RoleFk='test_role1'; +flush privileges; diff --git a/mysql-test/t/acl_roles_set_role-database-simple.test b/mysql-test/t/acl_roles_set_role-database-simple.test new file mode 100644 index 00000000000..56237f38949 --- /dev/null +++ b/mysql-test/t/acl_roles_set_role-database-simple.test @@ -0,0 +1,58 @@ +#create a user with no privileges +create user 'test_user'@'localhost'; +create user 'test_role1'@''; + +update mysql.user set is_role='Y' where user='test_role1'; +insert into mysql.roles_mapping (HostFk, UserFk, RoleFk) values ('localhost', + 'test_user', + 'test_role1'); +--sorted_result +select user, host from mysql.user where user not like 'root'; +--sorted_result +select * from mysql.roles_mapping; +flush privileges; + +grant select on mysql.* to test_role1@''; +grant insert, delete on mysql.roles_mapping to test_role1@''; + +grant reload on *.* to test_role1@''; + +change_user 'test_user'; + +--error ER_TABLEACCESS_DENIED_ERROR +select * from mysql.roles_mapping; + +set role test_role1; +select * from mysql.roles_mapping; +--error ER_TABLEACCESS_DENIED_ERROR +insert into mysql.user (user, host) values ('Dummy', 'Dummy'); +insert into mysql.roles_mapping (HostFk, UserFk, RoleFk) values ('localhost', + 'test_user', + 'test_role2'); +delete from mysql.roles_mapping where RoleFk='test_role2'; + +use mysql; + +set role none; + +--error ER_DBACCESS_DENIED_ERROR +use mysql; +--error ER_TABLEACCESS_DENIED_ERROR +select * from mysql.roles_mapping; +--error ER_TABLEACCESS_DENIED_ERROR +insert into mysql.user (user, host) values ('Dummy', 'Dummy'); +--error ER_TABLEACCESS_DENIED_ERROR +insert into mysql.roles_mapping (HostFk, UserFk, RoleFk) values ('localhost', + 'test_user', + 'test_role2'); +--error ER_TABLEACCESS_DENIED_ERROR +delete from mysql.roles_mapping where RoleFk='test_role2'; + +change_user 'root'; +drop user 'test_user'@'localhost'; +revoke select on mysql.* from test_role1@''; +revoke insert, delete on mysql.roles_mapping from test_role1@''; +delete from mysql.user where user='test_role1'; +delete from mysql.roles_mapping where RoleFk='test_role1'; +flush privileges; +