1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
|
#
# MDEV-21960 Bind READ_ONLY ADMIN to @@read_only
#
# Test that "SET read_only" is not allowed without READ_ONLY ADMIN
CREATE USER user1@localhost;
GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
REVOKE READ_ONLY ADMIN ON *.* FROM user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL read_only=0;
ERROR 42000: Access denied; you need (at least one of) the READ_ONLY ADMIN privilege(s) for this operation
SET read_only=0;
ERROR HY000: Variable 'read_only' is a GLOBAL variable and should be set with SET GLOBAL
SET SESSION read_only=0;
ERROR HY000: Variable 'read_only' is a GLOBAL variable and should be set with SET GLOBAL
disconnect user1;
connection default;
DROP USER user1@localhost;
# Test that "SET read_only" is allowed with READ_ONLY ADMIN
CREATE USER user1@localhost;
GRANT READ_ONLY ADMIN ON *.* TO user1@localhost;
connect user1,localhost,user1,,;
connection user1;
SET GLOBAL read_only=0;
SET read_only=0;
ERROR HY000: Variable 'read_only' is a GLOBAL variable and should be set with SET GLOBAL
SET SESSION read_only=0;
ERROR HY000: Variable 'read_only' is a GLOBAL variable and should be set with SET GLOBAL
disconnect user1;
connection default;
DROP USER user1@localhost;
#
# MDEV-29632 SUPER users created before 10.11 should retain READ_ONLY ADMIN privilege upon upgrade
#
insert mysql.global_priv values ('bar', 'foo', '{"access":32768,"version_id":101000,"plugin":"mysql_native_password","authentication_string":""}');
flush privileges;
show grants for foo@bar;
Grants for foo@bar
GRANT SUPER, BINLOG MONITOR, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY, SLAVE MONITOR ON *.* TO `foo`@`bar`
drop user foo@bar;
|
