1berry/MariaDB-server
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

add Admin_option column to mysql.roles_mapping. update tests/results

Browse Source
This commit is contained in:
Sergei Golubchik 2013-10-18 12:21:10 -07:00
parent 7dda698734
commit d0db4f2261
26 changed files with 208 additions and 260 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
mysql-test/r/acl_roles_create_and_grant_role.result
View File

@ -4,13 +4,13 @@ create user u1;
set role r1;
grant r1 to u1;
select * from mysql.roles_mapping;
Host User Role
% u1 r1
localhost root r1
Host User Role Admin_option
localhost root r1 N
% u1 r1 N
drop user u1;
select * from mysql.roles_mapping;
Host User Role
localhost root r1
Host User Role Admin_option
localhost root r1 N
show grants;
Grants for root@localhost
GRANT r1 TO 'root'@'localhost'
@ -19,7 +19,7 @@ GRANT PROXY ON ''@'%' TO 'root'@'localhost' WITH GRANT OPTION
GRANT USAGE ON *.* TO 'r1'
drop role r1;
select * from mysql.roles_mapping;
Host User Role
Host User Role Admin_option
show grants;
Grants for root@localhost
GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION

18
mysql-test/r/acl_roles_rebuild_role_grants.result
View File

@ -14,8 +14,8 @@ show grants for u2;
Grants for u2@%
GRANT USAGE ON *.* TO 'u2'@'%'
select * from mysql.roles_mapping;
Host User Role
% u1 r1
Host User Role Admin_option
% u1 r1 N
revoke r1 from u1;
revoke r1 from u1;
ERROR HY000: Cannot revoke role 'r1' from: 'u1'@'%'.
@ -23,7 +23,7 @@ show grants for u1;
Grants for u1@%
GRANT USAGE ON *.* TO 'u1'@'%'
select * from mysql.roles_mapping;
Host User Role
Host User Role Admin_option
grant r1 to u1;
grant r1 to u1;
ERROR HY000: Cannot grant role 'r1' to: 'u1'.
@ -32,23 +32,23 @@ Grants for u1@%
GRANT r1 TO 'u1'@'%'
GRANT USAGE ON *.* TO 'u1'@'%'
select * from mysql.roles_mapping;
Host User Role
% u1 r1
Host User Role Admin_option
% u1 r1 N
drop role r1;
show grants for u1;
Grants for u1@%
GRANT USAGE ON *.* TO 'u1'@'%'
select * from mysql.roles_mapping;
Host User Role
Host User Role Admin_option
create role r1;
grant r1 to u1;
select * from mysql.roles_mapping;
Host User Role
% u1 r1
Host User Role Admin_option
% u1 r1 N
drop user u1;
show grants for u1;
ERROR 42000: There is no such grant defined for user 'u1' on host '%'
select * from mysql.roles_mapping;
Host User Role
Host User Role Admin_option
drop role r1;
drop user u2;

17
mysql-test/r/acl_roles_rename_user.result
View File

@ -1,14 +1,13 @@
create user test_user@localhost;
create role test_role1;
insert into mysql.roles_mapping values ('localhost', 'test_user', 'test_role1');
grant test_role1 to test_user@localhost;
create role test_role2;
insert into mysql.roles_mapping values ('', 'test_role1', 'test_role2');
flush privileges;
grant test_role2 to test_role1;
use mysql;
select * from roles_mapping;
Host User Role
test_role1 test_role2
localhost test_user test_role1
Host User Role Admin_option
test_role1 test_role2 N
localhost test_user test_role1 N
rename user 'test_user'@'localhost' to 'test_user_rm'@'newhost';
select user, host from user where user like 'test%';
user host
@ -16,9 +15,9 @@ test_role1
test_role2
test_user_rm newhost
select * from roles_mapping;
Host User Role
test_role1 test_role2
newhost test_user_rm test_role1
Host User Role Admin_option
test_role1 test_role2 N
newhost test_user_rm test_role1 N
delete from mysql.roles_mapping;
delete from mysql.user where user like 'test%';
flush privileges;

31
mysql-test/r/acl_roles_set_role-database-recursive.result
View File

@ -1,20 +1,19 @@
create user 'test_user'@'localhost';
create role test_role1;
create role test_role2;
insert into mysql.roles_mapping values ('localhost', 'test_user', 'test_role1');
insert into mysql.roles_mapping values ('localhost', 'test_user', 'test_role2');
insert into mysql.roles_mapping values ('', 'test_role1', 'test_role2');
grant test_role1 to test_user@localhost;
grant test_role2 to test_user@localhost;
grant test_role2 to test_role1;
select user, host from mysql.user where user not like 'root';
user host
test_role1
test_role2
test_user localhost
select * from mysql.roles_mapping;
Host User Role
test_role1 test_role2
localhost test_user test_role1
localhost test_user test_role2
flush privileges;
Host User Role Admin_option
test_role1 test_role2 N
localhost test_user test_role1 N
localhost test_user test_role2 N
select user, host from mysql.db;
user host
%
@ -31,10 +30,10 @@ select current_user(), current_role();
current_user() current_role()
test_user@localhost test_role1
select * from mysql.roles_mapping;
Host User Role
test_role1 test_role2
localhost test_user test_role1
localhost test_user test_role2
Host User Role Admin_option
test_role1 test_role2 N
localhost test_user test_role1 N
localhost test_user test_role2 N
set role none;
select current_user(), current_role();
current_user() current_role()
@ -46,10 +45,10 @@ select current_user(), current_role();
current_user() current_role()
test_user@localhost test_role2
select * from mysql.roles_mapping;
Host User Role
test_role1 test_role2
localhost test_user test_role1
localhost test_user test_role2
Host User Role Admin_option
test_role1 test_role2 N
localhost test_user test_role1 N
localhost test_user test_role2 N
drop user 'test_user'@'localhost';
revoke select on mysql.* from test_role2;
delete from mysql.user where user='test_role1';

15
mysql-test/r/acl_roles_set_role-database-simple.result
View File

@ -1,14 +1,13 @@
create user 'test_user'@'localhost';
create role test_role1;
insert into mysql.roles_mapping values ('localhost', 'test_user', 'test_role1');
grant test_role1 to test_user@localhost;
select user, host from mysql.user where user not like 'root';
user host
test_role1
test_user localhost
select * from mysql.roles_mapping;
Host User Role
localhost test_user test_role1
flush privileges;
Host User Role Admin_option
localhost test_user test_role1 N
grant select on mysql.* to test_role1;
grant insert, delete on mysql.roles_mapping to test_role1;
grant reload on *.* to test_role1;
@ -22,11 +21,11 @@ select current_user(), current_role();
current_user() current_role()
test_user@localhost test_role1
select * from mysql.roles_mapping;
Host User Role
localhost test_user test_role1
Host User Role Admin_option
localhost test_user test_role1 N
insert into mysql.user (user, host) values ('Dummy', 'Dummy');
ERROR 42000: INSERT command denied to user 'test_user'@'localhost' for table 'user'
insert into mysql.roles_mapping values ('localhost', 'test_user', 'test_role2');
insert into mysql.roles_mapping values ('localhost', 'test_user', 'test_role2', 'N');
delete from mysql.roles_mapping where Role='test_role2';
use mysql;
set role none;
@ -39,7 +38,7 @@ select * from mysql.roles_mapping;
ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table 'roles_mapping'
insert into mysql.user (user, host) values ('Dummy', 'Dummy');
ERROR 42000: INSERT command denied to user 'test_user'@'localhost' for table 'user'
insert into mysql.roles_mapping values ('localhost', 'test_user', 'test_role2');
insert into mysql.roles_mapping values ('localhost', 'test_user', 'test_role2', 'N');
ERROR 42000: INSERT command denied to user 'test_user'@'localhost' for table 'roles_mapping'
delete from mysql.roles_mapping where Role='test_role2';
ERROR 42000: DELETE command denied to user 'test_user'@'localhost' for table 'roles_mapping'

92
mysql-test/r/acl_roles_set_role-multiple-role.result
View File

@ -1,47 +1,25 @@
create user 'test_user'@'localhost';
create user 'r_sel'@'';
create user 'r_ins'@'';
create user 'r_upd'@'';
create user 'r_del'@'';
create user 'r_crt'@'';
create user 'r_drp'@'';
create user 'r_rld'@'';
update mysql.user set Select_priv='Y' where user like 'r_sel';
update mysql.user set Insert_priv='Y' where user like 'r_ins';
update mysql.user set Update_priv='Y' where user like 'r_upd';
update mysql.user set Delete_priv='Y' where user like 'r_del';
update mysql.user set Create_priv='Y' where user like 'r_crt';
update mysql.user set Drop_priv ='Y' where user like 'r_drp';
update mysql.user set Reload_priv='Y' where user like 'r_rld';
update mysql.user set is_role='Y' where user like 'r\_%';
select * from mysql.user where user='r_sel';
Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections plugin authentication_string is_role
% r_sel Y N N N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0 Y
select * from mysql.user where user='r_ins';
Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections plugin authentication_string is_role
% r_ins N Y N N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0 Y
select * from mysql.user where user='r_upd';
Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections plugin authentication_string is_role
% r_upd N N Y N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0 Y
select * from mysql.user where user='r_del';
Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections plugin authentication_string is_role
% r_del N N N Y N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0 Y
select * from mysql.user where user='r_crt';
Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections plugin authentication_string is_role
% r_crt N N N N Y N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0 Y
select * from mysql.user where user='r_drp';
Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections plugin authentication_string is_role
% r_drp N N N N N Y N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0 Y
select * from mysql.user where user='r_rld';
Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections plugin authentication_string is_role
% r_rld N N N N N N Y N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0 Y
insert into mysql.roles_mapping values ('localhost', 'test_user', 'r_sel');
insert into mysql.roles_mapping values ('localhost', 'test_user', 'r_ins');
insert into mysql.roles_mapping values ('localhost', 'test_user', 'r_upd');
insert into mysql.roles_mapping values ('localhost', 'test_user', 'r_del');
insert into mysql.roles_mapping values ('localhost', 'test_user', 'r_crt');
insert into mysql.roles_mapping values ('localhost', 'test_user', 'r_drp');
insert into mysql.roles_mapping values ('localhost', 'test_user', 'r_rld');
create role r_sel;
create role r_ins;
create role r_upd;
create role r_del;
create role r_crt;
create role r_drp;
create role r_rld;
grant select on *.* to r_sel;
grant insert on *.* to r_ins;
grant update on *.* to r_upd;
grant delete on *.* to r_del;
grant create on *.* to r_crt;
grant drop on *.* to r_drp;
grant reload on *.* to r_rld;
grant r_sel to test_user@localhost;
grant r_ins to test_user@localhost;
grant r_upd to test_user@localhost;
grant r_del to test_user@localhost;
grant r_crt to test_user@localhost;
grant r_drp to test_user@localhost;
grant r_rld to test_user@localhost;
flush privileges;
select * from mysql.roles_mapping;
ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table 'roles_mapping'
@ -74,14 +52,14 @@ GRANT r_rld TO 'test_user'@'localhost'
GRANT r_sel TO 'test_user'@'localhost'
GRANT r_upd TO 'test_user'@'localhost'
select * from mysql.roles_mapping;
Host User Role
localhost test_user r_crt
localhost test_user r_del
localhost test_user r_drp
localhost test_user r_ins
localhost test_user r_rld
localhost test_user r_sel
localhost test_user r_upd
Host User Role Admin_option
localhost test_user r_crt N
localhost test_user r_del N
localhost test_user r_drp N
localhost test_user r_ins N
localhost test_user r_rld N
localhost test_user r_sel N
localhost test_user r_upd N
set role r_ins;
select current_user(), current_role();
current_user() current_role()
@ -99,7 +77,7 @@ GRANT r_sel TO 'test_user'@'localhost'
GRANT r_upd TO 'test_user'@'localhost'
select * from mysql.roles_mapping;
ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table 'roles_mapping'
insert into mysql.roles_mapping values ('', 'r_sel', 'r_rld');
insert into mysql.roles_mapping values ('', 'r_sel', 'r_rld', 'N');
flush privileges;
ERROR 42000: Access denied; you need (at least one of) the RELOAD privilege(s) for this operation
set role r_rld;
@ -122,11 +100,11 @@ set role r_ins;
select current_user(), current_role();
current_user() current_role()
test_user@localhost r_ins
insert into mysql.roles_mapping values ('', 'r_sel', 'r_upd');
insert into mysql.roles_mapping values ('', 'r_sel', 'r_del');
insert into mysql.roles_mapping values ('', 'r_sel', 'r_crt');
insert into mysql.roles_mapping values ('', 'r_sel', 'r_drp');
insert into mysql.roles_mapping values ('', 'r_del', 'r_ins');
insert into mysql.roles_mapping values ('', 'r_sel', 'r_upd', 'N');
insert into mysql.roles_mapping values ('', 'r_sel', 'r_del', 'N');
insert into mysql.roles_mapping values ('', 'r_sel', 'r_crt', 'N');
insert into mysql.roles_mapping values ('', 'r_sel', 'r_drp', 'N');
insert into mysql.roles_mapping values ('', 'r_del', 'r_ins', 'N');
set role r_rld;
select current_user(), current_role();
current_user() current_role()

40
mysql-test/r/acl_roles_set_role-recursive.result
View File

@ -1,30 +1,26 @@
create user 'test_user'@'localhost';
create user 'test_role1'@'';
update mysql.user set is_role='Y' where user='test_role1';
insert into mysql.roles_mapping values ('localhost', 'test_user', 'test_role1');
create user 'test_role2'@'';
update mysql.user set is_role='Y' where user='test_role2';
insert into mysql.roles_mapping values ('', 'test_role1', 'test_role2');
flush privileges;
create user test_user@localhost;
create role test_role1;
grant test_role1 to test_user@localhost;
create role test_role2;
grant test_role2 to test_role1@;
select user, host from mysql.user where user not like 'root';
user host
test_role1 %
test_role2 %
test_role1
test_role2
test_user localhost
select * from mysql.roles_mapping where User like 'test_user';
Host User Role
localhost test_user test_role1
Host User Role Admin_option
localhost test_user test_role1 N
select * from mysql.roles_mapping where User like 'test_role1';
Host User Role
test_role1 test_role2
grant select on *.* to 'test_role2'@'';
Host User Role Admin_option
test_role1 test_role2 N
grant select on *.* to test_role2;
select * from mysql.user where user like 'test_role1';
Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections plugin authentication_string is_role
% test_role1 N N N N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0 Y
test_role1 N N N N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0 Y
select * from mysql.user where user like 'test_role2';
Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections plugin authentication_string is_role
% test_role2 Y N N N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0 Y
flush privileges;
test_role2 Y N N N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0 Y
select * from mysql.roles_mapping;
ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table 'roles_mapping'
show grants;
@ -46,8 +42,8 @@ GRANT USAGE ON *.* TO 'test_user'@'localhost'
GRANT test_role1 TO 'test_user'@'localhost'
GRANT test_role2 TO 'test_role1'
select * from mysql.roles_mapping where Host='';
Host User Role
test_role1 test_role2
Host User Role Admin_option
test_role1 test_role2 N
show grants;
Grants for test_user@localhost
GRANT SELECT ON *.* TO 'test_role2'
@ -96,8 +92,8 @@ GRANT USAGE ON *.* TO 'test_user'@'localhost'
GRANT test_role1 TO 'test_user'@'localhost'
GRANT test_role2 TO 'test_role1'
select * from mysql.roles_mapping where Host='';
Host User Role
test_role1 test_role2
Host User Role Admin_option
test_role1 test_role2 N
show grants;
Grants for test_user@localhost
GRANT SELECT ON *.* TO 'test_role2'

14
mysql-test/r/acl_roles_set_role-routine-simple.result
View File

@ -2,9 +2,9 @@ create user 'test_user'@'localhost';
create role test_role1;
create role test_role2;
create role test_role3;
insert into mysql.roles_mapping values ('localhost', 'test_user', 'test_role1');
insert into mysql.roles_mapping values ('localhost', 'test_user', 'test_role3');
insert into mysql.roles_mapping values ('', 'test_role1', 'test_role2');
grant test_role1 to test_user@localhost;
grant test_role3 to test_user@localhost;
grant test_role2 to test_role1;
select user, host from mysql.user where user not like 'root';
user host
test_role1
@ -12,10 +12,10 @@ test_role2
test_role3
test_user localhost
select * from mysql.roles_mapping;
Host User Role
test_role1 test_role2
localhost test_user test_role1
localhost test_user test_role3
Host User Role Admin_option
test_role1 test_role2 N
localhost test_user test_role1 N
localhost test_user test_role3 N
create function mysql.test_func (s CHAR(20))
returns CHAR(50) DETERMINISTIC
return concat('Test string: ',s);

22
mysql-test/r/acl_roles_set_role-simple.result
View File

@ -1,19 +1,17 @@
create user 'test_user'@'localhost';
create user 'test_role1'@'';
update mysql.user set is_role='Y' where user='test_role1';
insert into mysql.roles_mapping values ('localhost', 'test_user', 'test_role1');
create user test_user@localhost;
create role test_role1;
grant test_role1 to test_user@localhost;
select user, host from mysql.user where user not like 'root';
user host
test_role1 %
test_role1
test_user localhost
select * from mysql.roles_mapping;
Host User Role
localhost test_user test_role1
grant select on *.* to 'test_role1'@'';
Host User Role Admin_option
localhost test_user test_role1 N
grant select on *.* to test_role1;
select * from mysql.user where user='test_role1';
Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv Event_priv Trigger_priv Create_tablespace_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections plugin authentication_string is_role
% test_role1 Y N N N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0 Y
flush privileges;
test_role1 Y N N N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0 Y
select * from mysql.roles_mapping;
ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table 'roles_mapping'
show grants;
@ -33,8 +31,8 @@ GRANT SELECT ON *.* TO 'test_role1'
GRANT USAGE ON *.* TO 'test_user'@'localhost'
GRANT test_role1 TO 'test_user'@'localhost'
select * from mysql.roles_mapping;
Host User Role
localhost test_user test_role1
Host User Role Admin_option
localhost test_user test_role1 N
set role none;
select current_user(), current_role();
current_user() current_role()

12
mysql-test/r/acl_roles_set_role-table-column-priv.result
View File

@ -1,17 +1,17 @@
create user 'test_user'@'localhost';
create user test_user@localhost;
create role test_role1;
create role test_role2;
insert into mysql.roles_mapping values ('localhost', 'test_user', 'test_role1');
insert into mysql.roles_mapping values ('', 'test_role1', 'test_role2');
grant test_role1 to test_user@localhost;
grant test_role2 to test_role1@;
select user, host from mysql.user where user not like 'root';
user host
test_role1
test_role2
test_user localhost
select * from mysql.roles_mapping;
Host User Role
test_role1 test_role2
localhost test_user test_role1
Host User Role Admin_option
test_role1 test_role2 N
localhost test_user test_role1 N
grant select (Role) on mysql.roles_mapping to test_role2;
flush privileges;
select * from mysql.roles_mapping;

18
mysql-test/r/acl_roles_set_role-table-simple.result
View File

@ -1,17 +1,17 @@
create user 'test_user'@'localhost';
create user test_user@localhost;
create role test_role1;
create role test_role2;
insert into mysql.roles_mapping values ('localhost', 'test_user', 'test_role1');
insert into mysql.roles_mapping values ('', 'test_role1', 'test_role2');
grant test_role1 to test_user@localhost;
grant test_role2 to test_role1@;
select user, host from mysql.user where user not like 'root';
user host
test_role1
test_role2
test_user localhost
select * from mysql.roles_mapping;
Host User Role
test_role1 test_role2
localhost test_user test_role1
Host User Role Admin_option
test_role1 test_role2 N
localhost test_user test_role1 N
grant select on mysql.roles_mapping to test_role2;
flush privileges;
select * from mysql.roles_mapping;
@ -36,9 +36,9 @@ GRANT USAGE ON *.* TO 'test_user'@'localhost'
GRANT test_role1 TO 'test_user'@'localhost'
GRANT test_role2 TO 'test_role1'
select * from mysql.roles_mapping;
Host User Role
test_role1 test_role2
localhost test_user test_role1
Host User Role Admin_option
test_role1 test_role2 N
localhost test_user test_role1 N
show grants;
Grants for test_user@localhost
GRANT SELECT ON `mysql`.`roles_mapping` TO 'test_role2'

17
mysql-test/r/acl_roles_show_grants.result
View File

@ -1,20 +1,19 @@
create user 'test_user'@'localhost';
create user test_user@localhost;
create role test_role1;
create role test_role2;
insert into mysql.roles_mapping values ('localhost', 'test_user', 'test_role1');
insert into mysql.roles_mapping values ('localhost', 'test_user', 'test_role2');
insert into mysql.roles_mapping values ('', 'test_role1', 'test_role2');
grant test_role1 to test_user@localhost;
grant test_role2 to test_user@localhost;
grant test_role2 to test_role1@;
select user, host from mysql.user where user not like 'root';
user host
test_role1
test_role2
test_user localhost
select * from mysql.roles_mapping;
Host User Role
test_role1 test_role2
localhost test_user test_role1
localhost test_user test_role2
flush privileges;
Host User Role Admin_option
test_role1 test_role2 N
localhost test_user test_role1 N
localhost test_user test_role2 N
select user, host from mysql.db;
user host
%

14
mysql-test/suite/funcs_1/r/is_columns_mysql.result
View File

@ -161,9 +161,10 @@ def mysql proxies_priv Proxied_user 4 NO char 16 48 NULL NULL NULL utf8 utf8_bi
def mysql proxies_priv Timestamp 7 CURRENT_TIMESTAMP NO timestamp NULL NULL NULL NULL 0 NULL NULL timestamp on update CURRENT_TIMESTAMP select,insert,update,references
def mysql proxies_priv User 2 NO char 16 48 NULL NULL NULL utf8 utf8_bin char(16) PRI select,insert,update,references
def mysql proxies_priv With_grant 5 0 NO tinyint NULL NULL 3 0 NULL NULL NULL tinyint(1) select,insert,update,references
def mysql roles_mapping Host 1 NO char 60 60 NULL NULL NULL latin1 latin1_bin char(60) PRI select,insert,update,references
def mysql roles_mapping Role 3 NO char 16 16 NULL NULL NULL latin1 latin1_bin char(16) PRI select,insert,update,references
def mysql roles_mapping User 2 NO char 16 16 NULL NULL NULL latin1 latin1_bin char(16) PRI select,insert,update,references
def mysql roles_mapping Admin_option 4 N NO enum 1 3 NULL NULL NULL utf8 utf8_general_ci enum('N','Y') select,insert,update,references
def mysql roles_mapping Host 1 NO char 60 180 NULL NULL NULL utf8 utf8_bin char(60) PRI select,insert,update,references
def mysql roles_mapping Role 3 NO char 16 48 NULL NULL NULL utf8 utf8_bin char(16) PRI select,insert,update,references
def mysql roles_mapping User 2 NO char 16 48 NULL NULL NULL utf8 utf8_bin char(16) PRI select,insert,update,references
def mysql servers Db 3 NO char 64 192 NULL NULL NULL utf8 utf8_general_ci char(64) select,insert,update,references
def mysql servers Host 2 NO char 64 192 NULL NULL NULL utf8 utf8_general_ci char(64) select,insert,update,references
def mysql servers Owner 9 NO char 64 192 NULL NULL NULL utf8 utf8_general_ci char(64) select,insert,update,references
@ -484,9 +485,10 @@ NULL mysql procs_priv Timestamp timestamp NULL NULL NULL NULL timestamp
NULL mysql proxies_priv With_grant tinyint NULL NULL NULL NULL tinyint(1)
3.0000 mysql proxies_priv Grantor char 77 231 utf8 utf8_bin char(77)
NULL mysql proxies_priv Timestamp timestamp NULL NULL NULL NULL timestamp
1.0000 mysql roles_mapping Host char 60 60 latin1 latin1_bin char(60)
1.0000 mysql roles_mapping User char 16 16 latin1 latin1_bin char(16)
1.0000 mysql roles_mapping Role char 16 16 latin1 latin1_bin char(16)
3.0000 mysql roles_mapping Host char 60 180 utf8 utf8_bin char(60)
3.0000 mysql roles_mapping User char 16 48 utf8 utf8_bin char(16)
3.0000 mysql roles_mapping Role char 16 48 utf8 utf8_bin char(16)
3.0000 mysql roles_mapping Admin_option enum 1 3 utf8 utf8_general_ci enum('N','Y')
3.0000 mysql servers Server_name char 64 192 utf8 utf8_general_ci char(64)
3.0000 mysql servers Host char 64 192 utf8 utf8_general_ci char(64)
3.0000 mysql servers Db char 64 192 utf8 utf8_general_ci char(64)

4
mysql-test/suite/funcs_1/r/is_tables_mysql.result
View File

@ -443,11 +443,11 @@ AUTO_INCREMENT NULL
CREATE_TIME #CRT#
UPDATE_TIME #UT#
CHECK_TIME #CT#
TABLE_COLLATION latin1_swedish_ci
TABLE_COLLATION utf8_bin
CHECKSUM NULL
CREATE_OPTIONS #CO#
TABLE_COMMENT #TC#
user_comment
user_comment Granted roles
Separator -----------------------------------------------------
TABLE_CATALOG def
TABLE_SCHEMA mysql

5
mysql-test/t/acl_roles_rename_user.test
View File

@ -2,10 +2,9 @@
#create a user with no privileges
create user test_user@localhost;
create role test_role1;
insert into mysql.roles_mapping values ('localhost', 'test_user', 'test_role1');
grant test_role1 to test_user@localhost;
create role test_role2;
insert into mysql.roles_mapping values ('', 'test_role1', 'test_role2');
flush privileges;
grant test_role2 to test_role1;
use mysql;
--sorted_result

7
mysql-test/t/acl_roles_set_role-database-recursive.test
View File

@ -3,14 +3,13 @@ create user 'test_user'@'localhost';
create role test_role1;
create role test_role2;
insert into mysql.roles_mapping values ('localhost', 'test_user', 'test_role1');
insert into mysql.roles_mapping values ('localhost', 'test_user', 'test_role2');
insert into mysql.roles_mapping values ('', 'test_role1', 'test_role2');
grant test_role1 to test_user@localhost;
grant test_role2 to test_user@localhost;
grant test_role2 to test_role1;
--sorted_result
select user, host from mysql.user where user not like 'root';
--sorted_result
select * from mysql.roles_mapping;
flush privileges;
--sorted_result
select user, host from mysql.db;

7
mysql-test/t/acl_roles_set_role-database-simple.test
View File

@ -2,12 +2,11 @@
create user 'test_user'@'localhost';
create role test_role1;
insert into mysql.roles_mapping values ('localhost', 'test_user', 'test_role1');
grant test_role1 to test_user@localhost;
--sorted_result
select user, host from mysql.user where user not like 'root';
--sorted_result
select * from mysql.roles_mapping;
flush privileges;
grant select on mysql.* to test_role1;
grant insert, delete on mysql.roles_mapping to test_role1;
@ -25,7 +24,7 @@ select current_user(), current_role();
select * from mysql.roles_mapping;
--error ER_TABLEACCESS_DENIED_ERROR
insert into mysql.user (user, host) values ('Dummy', 'Dummy');
insert into mysql.roles_mapping values ('localhost', 'test_user', 'test_role2');
insert into mysql.roles_mapping values ('localhost', 'test_user', 'test_role2', 'N');
delete from mysql.roles_mapping where Role='test_role2';
use mysql;
@ -40,7 +39,7 @@ select * from mysql.roles_mapping;
--error ER_TABLEACCESS_DENIED_ERROR
insert into mysql.user (user, host) values ('Dummy', 'Dummy');
--error ER_TABLEACCESS_DENIED_ERROR
insert into mysql.roles_mapping values ('localhost', 'test_user', 'test_role2');
insert into mysql.roles_mapping values ('localhost', 'test_user', 'test_role2', 'N');
--error ER_TABLEACCESS_DENIED_ERROR
delete from mysql.roles_mapping where Role='test_role2';

63
mysql-test/t/acl_roles_set_role-multiple-role.test
View File

@ -1,41 +1,32 @@
#create a user with no privileges
create user 'test_user'@'localhost';
create user 'r_sel'@'';
create user 'r_ins'@'';
create user 'r_upd'@'';
create user 'r_del'@'';
create user 'r_crt'@'';
create user 'r_drp'@'';
create user 'r_rld'@'';
update mysql.user set Select_priv='Y' where user like 'r_sel';
update mysql.user set Insert_priv='Y' where user like 'r_ins';
update mysql.user set Update_priv='Y' where user like 'r_upd';
update mysql.user set Delete_priv='Y' where user like 'r_del';
update mysql.user set Create_priv='Y' where user like 'r_crt';
update mysql.user set Drop_priv ='Y' where user like 'r_drp';
update mysql.user set Reload_priv='Y' where user like 'r_rld';
create role r_sel;
create role r_ins;
create role r_upd;
create role r_del;
create role r_crt;
create role r_drp;
create role r_rld;
update mysql.user set is_role='Y' where user like 'r\_%';
select * from mysql.user where user='r_sel';
select * from mysql.user where user='r_ins';
select * from mysql.user where user='r_upd';
select * from mysql.user where user='r_del';
select * from mysql.user where user='r_crt';
select * from mysql.user where user='r_drp';
select * from mysql.user where user='r_rld';
grant select on *.* to r_sel;
grant insert on *.* to r_ins;
grant update on *.* to r_upd;
grant delete on *.* to r_del;
grant create on *.* to r_crt;
grant drop on *.* to r_drp;
grant reload on *.* to r_rld;
#####################################
#set up roles mapping
#####################################
insert into mysql.roles_mapping values ('localhost', 'test_user', 'r_sel');
insert into mysql.roles_mapping values ('localhost', 'test_user', 'r_ins');
insert into mysql.roles_mapping values ('localhost', 'test_user', 'r_upd');
insert into mysql.roles_mapping values ('localhost', 'test_user', 'r_del');
insert into mysql.roles_mapping values ('localhost', 'test_user', 'r_crt');
insert into mysql.roles_mapping values ('localhost', 'test_user', 'r_drp');
insert into mysql.roles_mapping values ('localhost', 'test_user', 'r_rld');
grant r_sel to test_user@localhost;
grant r_ins to test_user@localhost;
grant r_upd to test_user@localhost;
grant r_del to test_user@localhost;
grant r_crt to test_user@localhost;
grant r_drp to test_user@localhost;
grant r_rld to test_user@localhost;
flush privileges;
change_user 'test_user';
@ -59,7 +50,7 @@ select current_user(), current_role();
show grants;
--error ER_TABLEACCESS_DENIED_ERROR
select * from mysql.roles_mapping;
insert into mysql.roles_mapping values ('', 'r_sel', 'r_rld');
insert into mysql.roles_mapping values ('', 'r_sel', 'r_rld', 'N');
--error ER_SPECIFIC_ACCESS_DENIED_ERROR
flush privileges;
set role r_rld;
@ -75,11 +66,11 @@ flush privileges;
set role r_ins;
select current_user(), current_role();
insert into mysql.roles_mapping values ('', 'r_sel', 'r_upd');
insert into mysql.roles_mapping values ('', 'r_sel', 'r_del');
insert into mysql.roles_mapping values ('', 'r_sel', 'r_crt');
insert into mysql.roles_mapping values ('', 'r_sel', 'r_drp');
insert into mysql.roles_mapping values ('', 'r_del', 'r_ins');
insert into mysql.roles_mapping values ('', 'r_sel', 'r_upd', 'N');
insert into mysql.roles_mapping values ('', 'r_sel', 'r_del', 'N');
insert into mysql.roles_mapping values ('', 'r_sel', 'r_crt', 'N');
insert into mysql.roles_mapping values ('', 'r_sel', 'r_drp', 'N');
insert into mysql.roles_mapping values ('', 'r_del', 'r_ins', 'N');
set role r_rld;
select current_user(), current_role();
flush privileges;

18
mysql-test/t/acl_roles_set_role-recursive.test
View File

@ -1,15 +1,10 @@
#create a user with no privileges
create user 'test_user'@'localhost';
create user 'test_role1'@'';
#manualy create role
update mysql.user set is_role='Y' where user='test_role1';
insert into mysql.roles_mapping values ('localhost', 'test_user', 'test_role1');
create user 'test_role2'@'';
#manualy create role
update mysql.user set is_role='Y' where user='test_role2';
insert into mysql.roles_mapping values ('', 'test_role1', 'test_role2');
flush privileges;
create user test_user@localhost;
create role test_role1;
grant test_role1 to test_user@localhost;
create role test_role2;
grant test_role2 to test_role1@;
--sorted_result
select user, host from mysql.user where user not like 'root';
@ -17,12 +12,11 @@ select user, host from mysql.user where user not like 'root';
select * from mysql.roles_mapping where User like 'test_user';
--sorted_result
select * from mysql.roles_mapping where User like 'test_role1';
grant select on *.* to 'test_role2'@'';
grant select on *.* to test_role2;
--sorted_result
select * from mysql.user where user like 'test_role1';
--sorted_result
select * from mysql.user where user like 'test_role2';
flush privileges;
change_user 'test_user';

7
mysql-test/t/acl_roles_set_role-routine-simple.test
View File

@ -3,10 +3,10 @@ create role test_role1;
create role test_role2;
create role test_role3;
insert into mysql.roles_mapping values ('localhost', 'test_user', 'test_role1');
insert into mysql.roles_mapping values ('localhost', 'test_user', 'test_role3');
grant test_role1 to test_user@localhost;
grant test_role3 to test_user@localhost;
grant test_role2 to test_role1;
insert into mysql.roles_mapping values ('', 'test_role1', 'test_role2');
--sorted_result
select user, host from mysql.user where user not like 'root';
--sorted_result
@ -24,7 +24,6 @@ begin
end|
delimiter ;|
grant execute on function mysql.test_func to test_role2;
grant execute on procedure mysql.test_proc to test_role2;

11
mysql-test/t/acl_roles_set_role-simple.test
View File

@ -1,18 +1,15 @@
#create a user with no privileges
create user 'test_user'@'localhost';
create user 'test_role1'@'';
#manualy create role
update mysql.user set is_role='Y' where user='test_role1';
insert into mysql.roles_mapping values ('localhost', 'test_user', 'test_role1');
create user test_user@localhost;
create role test_role1;
grant test_role1 to test_user@localhost;
--sorted_result
select user, host from mysql.user where user not like 'root';
--sorted_result
select * from mysql.roles_mapping;
grant select on *.* to 'test_role1'@'';
grant select on *.* to test_role1;
--sorted_result
select * from mysql.user where user='test_role1';
flush privileges;
change_user 'test_user';

6
mysql-test/t/acl_roles_set_role-table-column-priv.test
View File

@ -1,9 +1,9 @@
create user 'test_user'@'localhost';
create user test_user@localhost;
create role test_role1;
create role test_role2;
insert into mysql.roles_mapping values ('localhost', 'test_user', 'test_role1');
insert into mysql.roles_mapping values ('', 'test_role1', 'test_role2');
grant test_role1 to test_user@localhost;
grant test_role2 to test_role1@;
--sorted_result
select user, host from mysql.user where user not like 'root';
--sorted_result

6
mysql-test/t/acl_roles_set_role-table-simple.test
View File

@ -1,9 +1,9 @@
create user 'test_user'@'localhost';
create user test_user@localhost;
create role test_role1;
create role test_role2;
insert into mysql.roles_mapping values ('localhost', 'test_user', 'test_role1');
insert into mysql.roles_mapping values ('', 'test_role1', 'test_role2');
grant test_role1 to test_user@localhost;
grant test_role2 to test_role1@;
--sorted_result
select user, host from mysql.user where user not like 'root';
--sorted_result

9
mysql-test/t/acl_roles_show_grants.test
View File

@ -1,16 +1,15 @@
#create a user with no privileges
create user 'test_user'@'localhost';
create user test_user@localhost;
create role test_role1;
create role test_role2;
insert into mysql.roles_mapping values ('localhost', 'test_user', 'test_role1');
insert into mysql.roles_mapping values ('localhost', 'test_user', 'test_role2');
insert into mysql.roles_mapping values ('', 'test_role1', 'test_role2');
grant test_role1 to test_user@localhost;
grant test_role2 to test_user@localhost;
grant test_role2 to test_role1@;
--sorted_result
select user, host from mysql.user where user not like 'root';
--sorted_result
select * from mysql.roles_mapping;
flush privileges;
--sorted_result
select user, host from mysql.db;

2
scripts/mysql_system_tables.sql
View File

@ -41,7 +41,7 @@ CREATE TABLE IF NOT EXISTS user ( Host char(60) binary DEFAULT '' NOT NULL, Us
-- Remember for later if user table already existed
set @had_user_table= @@warning_count != 0;
CREATE TABLE IF NOT EXISTS roles_mapping (Host char(60) binary DEFAULT '' NOT NULL, User char(16) binary DEFAULT '' NOT NULL, Role char(16) binary DEFAULT '' NOT NULL, unique index (Host, User, Role));
CREATE TABLE IF NOT EXISTS roles_mapping ( Host char(60) binary DEFAULT '' NOT NULL, User char(16) binary DEFAULT '' NOT NULL, Role char(16) binary DEFAULT '' NOT NULL, Admin_option enum('N','Y') COLLATE utf8_general_ci DEFAULT 'N' NOT NULL, UNIQUE (Host, User, Role)) engine=MyISAM CHARACTER SET utf8 COLLATE utf8_bin comment='Granted roles';
CREATE TABLE IF NOT EXISTS func ( name char(64) binary DEFAULT '' NOT NULL, ret tinyint(1) DEFAULT '0' NOT NULL, dl char(128) DEFAULT '' NOT NULL, type enum ('function','aggregate') COLLATE utf8_general_ci NOT NULL, PRIMARY KEY (name) ) engine=MyISAM CHARACTER SET utf8 COLLATE utf8_bin comment='User defined functions';

1
sql/sql_acl.cc
View File

@ -3774,6 +3774,7 @@ replace_roles_mapping_table(TABLE *table, ROLE_GRANT_PAIR *pair,
system_charset_info);
table->field[2]->store(pair->r_uname, strlen(pair->r_uname),
system_charset_info);
table->field[3]->store(1);
key_copy(row_key, table->record[0], table->key_info,
table->key_info->key_length);