File: set_role-multiple-role.test

package info (click to toggle)
mariadb 1%3A11.8.3-1
  • links: PTS, VCS
  • area: main
  • in suites: sid
  • size: 772,520 kB
  • sloc: ansic: 2,414,714; cpp: 1,791,394; asm: 381,336; perl: 62,905; sh: 49,647; pascal: 40,897; java: 39,363; python: 20,791; yacc: 20,432; sql: 17,907; xml: 12,344; ruby: 8,544; cs: 6,542; makefile: 6,145; ada: 1,879; lex: 1,193; javascript: 996; objc: 80; tcl: 73; awk: 46; php: 22
file content (102 lines) | stat: -rw-r--r-- 2,901 bytes parent folder | download | duplicates (11) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
 
source include/not_embedded.inc;

#create a user with no privileges
create user 'test_user'@'localhost';

create role r_sel;
create role r_ins;
create role r_upd;
create role r_del;
create role r_crt;
create role r_drp;
create role r_rld;

grant select on *.* to r_sel;
grant insert on *.* to r_ins;
grant update on *.* to r_upd;
grant delete on *.* to r_del;
grant create on *.* to r_crt;
grant drop   on *.* to r_drp;
grant reload on *.* to r_rld;

#####################################
#set up roles mapping
#####################################
grant r_sel to test_user@localhost;
grant r_ins to test_user@localhost;
grant r_upd to test_user@localhost;
grant r_del to test_user@localhost;
grant r_crt to test_user@localhost;
grant r_drp to test_user@localhost;
grant r_rld to test_user@localhost;
flush privileges;

change_user 'test_user';

--error ER_TABLEACCESS_DENIED_ERROR
select * from mysql.roles_mapping;

--sorted_result
show grants;
select current_user(), current_role();
set role r_sel;
select current_user(), current_role();
--sorted_result
show grants;
--sorted_result
select * from mysql.roles_mapping;

set role r_ins;
select current_user(), current_role();
--sorted_result
show grants;
--error ER_TABLEACCESS_DENIED_ERROR
select * from mysql.roles_mapping;
insert into mysql.roles_mapping values ('', 'r_sel', 'r_rld', 'N');
--error ER_SPECIFIC_ACCESS_DENIED_ERROR
flush privileges;
set role r_rld;
select current_user(), current_role();
flush privileges;
set role r_sel;
select current_user(), current_role();
flush privileges;
set role none;
select current_user(), current_role();
--error ER_SPECIFIC_ACCESS_DENIED_ERROR
flush privileges;

set role r_ins;
select current_user(), current_role();
insert into mysql.roles_mapping values ('', 'r_sel', 'r_upd', 'N');
insert into mysql.roles_mapping values ('', 'r_sel', 'r_del', 'N');
insert into mysql.roles_mapping values ('', 'r_sel', 'r_crt', 'N');
insert into mysql.roles_mapping values ('', 'r_sel', 'r_drp', 'N');
insert into mysql.roles_mapping values ('', 'r_del', 'r_ins', 'N');
set role r_rld;
select current_user(), current_role();
flush privileges;
set role r_sel;
select current_user(), current_role();
update mysql.roles_mapping set Role='r_ins' where Role='r_ins_wrong';
flush privileges;
set role r_sel;
select current_user(), current_role();

create table mysql.random_test_table (id INT);
insert into mysql.random_test_table values (1);
--sorted_result
select * from mysql.random_test_table;
delete from mysql.roles_mapping where Role='r_ins';
flush privileges;
set role r_sel;
select current_user(), current_role();
--error ER_TABLEACCESS_DENIED_ERROR
insert into mysql.random_test_table values (1);
drop table mysql.random_test_table;

change_user 'root';
delete from mysql.user where user like 'r\_%';
delete from mysql.roles_mapping where Role like 'r\_%';
flush privileges;
drop user 'test_user'@'localhost';