1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
|
# Testing FR2
Must have SESSION_VARIABLES_ADMIN with grant option
SHOW GRANTS FOR root@localhost;
Grants for root@localhost
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, REPLICATION CLIENT, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, CREATE ROLE, DROP ROLE ON *.* TO `root`@`localhost` WITH GRANT OPTION
GRANT APPLICATION_PASSWORD_ADMIN,AUDIT_ABORT_EXEMPT,AUDIT_ADMIN,AUTHENTICATION_POLICY_ADMIN,BACKUP_ADMIN,BINLOG_ADMIN,BINLOG_ENCRYPTION_ADMIN,CLONE_ADMIN,CONNECTION_ADMIN,ENCRYPTION_KEY_ADMIN,FIREWALL_EXEMPT,FLUSH_OPTIMIZER_COSTS,FLUSH_STATUS,FLUSH_TABLES,FLUSH_USER_RESOURCES,GROUP_REPLICATION_ADMIN,GROUP_REPLICATION_STREAM,INNODB_REDO_LOG_ARCHIVE,INNODB_REDO_LOG_ENABLE,PASSWORDLESS_USER_ADMIN,PERSIST_RO_VARIABLES_ADMIN,REPLICATION_APPLIER,REPLICATION_SLAVE_ADMIN,RESOURCE_GROUP_ADMIN,RESOURCE_GROUP_USER,ROLE_ADMIN,SENSITIVE_VARIABLES_OBSERVER,SERVICE_CONNECTION_ADMIN,SESSION_VARIABLES_ADMIN,SET_USER_ID,SHOW_ROUTINE,SYSTEM_USER,SYSTEM_VARIABLES_ADMIN,TABLE_ENCRYPTION_ADMIN,TELEMETRY_LOG_ADMIN,XA_RECOVER_ADMIN ON *.* TO `root`@`localhost` WITH GRANT OPTION
GRANT PROXY ON ``@`` TO `root`@`localhost` WITH GRANT OPTION
# Testing FR1
CREATE USER wl12217@localhost;
CREATE DATABASE wl12217;
GRANT ALL PRIVILEGES ON wl12217.* TO wl12217@localhost;
# Must work
GRANT SESSION_VARIABLES_ADMIN ON *.* TO wl12217@localhost;
# Must work again
GRANT SESSION_VARIABLES_ADMIN ON *.* TO wl12217@localhost;
# Must fail
GRANT SESSION_VARIABLES_ADMIN ON mysql.* TO wl12217@localhost;
ERROR HY000: Illegal privilege level specified for SESSION_VARIABLES_ADMIN
# Cleanup
DROP DATABASE wl12217;
DROP USER wl12217@localhost;
# Testing FR3, FR4
CREATE USER wl12217@localhost;
CREATE DATABASE wl12217;
GRANT ALL PRIVILEGES ON wl12217.* TO wl12217@localhost;
# Switch to wl12217@localhost
# Must fail
SET SESSION binlog_direct_non_transactional_updates = DEFAULT;
ERROR 42000: Access denied; you need (at least one of) the SUPER, SYSTEM_VARIABLES_ADMIN or SESSION_VARIABLES_ADMIN privilege(s) for this operation
SET SESSION binlog_format = DEFAULT;
ERROR 42000: Access denied; you need (at least one of) the SUPER, SYSTEM_VARIABLES_ADMIN or SESSION_VARIABLES_ADMIN privilege(s) for this operation
SET SESSION binlog_row_image = DEFAULT;
ERROR 42000: Access denied; you need (at least one of) the SUPER, SYSTEM_VARIABLES_ADMIN or SESSION_VARIABLES_ADMIN privilege(s) for this operation
SET SESSION binlog_row_value_options = DEFAULT;
ERROR 42000: Access denied; you need (at least one of) the SUPER, SYSTEM_VARIABLES_ADMIN or SESSION_VARIABLES_ADMIN privilege(s) for this operation
SET SESSION binlog_rows_query_log_events = DEFAULT;
ERROR 42000: Access denied; you need (at least one of) the SUPER, SYSTEM_VARIABLES_ADMIN or SESSION_VARIABLES_ADMIN privilege(s) for this operation
SET SESSION bulk_insert_buffer_size = DEFAULT;
ERROR 42000: Access denied; you need (at least one of) the SUPER, SYSTEM_VARIABLES_ADMIN or SESSION_VARIABLES_ADMIN privilege(s) for this operation
SET SESSION character_set_database = DEFAULT;
ERROR 42000: Access denied; you need (at least one of) the SUPER, SYSTEM_VARIABLES_ADMIN or SESSION_VARIABLES_ADMIN privilege(s) for this operation
SET SESSION character_set_filesystem = DEFAULT;
ERROR 42000: Access denied; you need (at least one of) the SUPER, SYSTEM_VARIABLES_ADMIN or SESSION_VARIABLES_ADMIN privilege(s) for this operation
SET SESSION pseudo_replica_mode = DEFAULT;
ERROR 42000: Access denied; you need (at least one of) the SUPER, SYSTEM_VARIABLES_ADMIN, SESSION_VARIABLES_ADMIN or REPLICATION_APPLIER privilege(s) for this operation
SET SESSION pseudo_thread_id = DEFAULT;
ERROR 42000: Access denied; you need (at least one of) the SUPER, SYSTEM_VARIABLES_ADMIN or SESSION_VARIABLES_ADMIN privilege(s) for this operation
SET SESSION transaction_write_set_extraction = DEFAULT;
ERROR 42000: Access denied; you need (at least one of) the SUPER, SYSTEM_VARIABLES_ADMIN or SESSION_VARIABLES_ADMIN privilege(s) for this operation
SET SESSION histogram_generation_max_mem_size = DEFAULT;
ERROR 42000: Access denied; you need (at least one of) the SUPER, SYSTEM_VARIABLES_ADMIN or SESSION_VARIABLES_ADMIN privilege(s) for this operation
SET SESSION sql_log_off = DEFAULT;
ERROR 42000: Access denied; you need (at least one of) the SUPER, SYSTEM_VARIABLES_ADMIN or SESSION_VARIABLES_ADMIN privilege(s) for this operation
SET SESSION original_commit_timestamp = DEFAULT;
ERROR 42000: Access denied; you need (at least one of) the SUPER, SYSTEM_VARIABLES_ADMIN, SESSION_VARIABLES_ADMIN or REPLICATION_APPLIER privilege(s) for this operation
SET SESSION sql_log_bin = DEFAULT;
ERROR 42000: Access denied; you need (at least one of) the SUPER, SYSTEM_VARIABLES_ADMIN or SESSION_VARIABLES_ADMIN privilege(s) for this operation
# Back to default connection
GRANT SESSION_VARIABLES_ADMIN ON *.* TO wl12217@localhost;
# Back to wl12217@localhost
# Must pass
SET SESSION auto_increment_increment = DEFAULT;
SET SESSION auto_increment_offset = DEFAULT;
SET SESSION binlog_direct_non_transactional_updates = DEFAULT;
SET SESSION binlog_format = DEFAULT;
Warnings:
Warning 1287 '@@binlog_format' is deprecated and will be removed in a future release.
SET SESSION binlog_row_image = DEFAULT;
SET SESSION binlog_row_value_options = DEFAULT;
SET SESSION binlog_rows_query_log_events = DEFAULT;
SET SESSION bulk_insert_buffer_size = DEFAULT;
SET SESSION character_set_database = DEFAULT;
Warnings:
Warning 1681 Updating 'character_set_database' is deprecated. It will be made read-only in a future release.
SET SESSION character_set_filesystem = DEFAULT;
SET SESSION collation_database = DEFAULT;
Warnings:
Warning 1681 Updating 'collation_database' is deprecated. It will be made read-only in a future release.
SET SESSION pseudo_replica_mode = DEFAULT;
Warnings:
Warning 1231 'pseudo_replica_mode' change was ineffective.
SET SESSION pseudo_thread_id = DEFAULT;
SET SESSION transaction_write_set_extraction = DEFAULT;
Warnings:
Warning 1287 '@@transaction_write_set_extraction' is deprecated and will be removed in a future release.
SET SESSION histogram_generation_max_mem_size = DEFAULT;
SET SESSION sql_log_off = DEFAULT;
SET SESSION original_commit_timestamp = DEFAULT;
SET SESSION default_collation_for_utf8mb4 = DEFAULT;
Warnings:
Warning 1681 Updating 'default_collation_for_utf8mb4' is deprecated. It will be made read-only in a future release.
SET SESSION explicit_defaults_for_timestamp = DEFAULT;
SET SESSION sql_log_bin = DEFAULT;
SET SESSION rbr_exec_mode = DEFAULT;
# Back to default connection
# Cleanup
DROP DATABASE wl12217;
DROP USER wl12217@localhost;
# Testing FR5
CREATE USER wl12217@localhost;
CREATE DATABASE wl12217;
GRANT ALL PRIVILEGES ON wl12217.* TO wl12217@localhost;
GRANT SYSTEM_VARIABLES_ADMIN ON *.* TO wl12217@localhost;
# Switch to wl12217@localhost
# Must pass
SET SESSION auto_increment_increment = DEFAULT;
SET SESSION auto_increment_offset = DEFAULT;
SET SESSION binlog_direct_non_transactional_updates = DEFAULT;
SET SESSION binlog_format = DEFAULT;
Warnings:
Warning 1287 '@@binlog_format' is deprecated and will be removed in a future release.
SET SESSION binlog_row_image = DEFAULT;
SET SESSION binlog_row_value_options = DEFAULT;
SET SESSION binlog_rows_query_log_events = DEFAULT;
SET SESSION bulk_insert_buffer_size = DEFAULT;
SET SESSION character_set_database = DEFAULT;
Warnings:
Warning 1681 Updating 'character_set_database' is deprecated. It will be made read-only in a future release.
SET SESSION character_set_filesystem = DEFAULT;
SET SESSION collation_database = DEFAULT;
Warnings:
Warning 1681 Updating 'collation_database' is deprecated. It will be made read-only in a future release.
SET SESSION pseudo_replica_mode = DEFAULT;
Warnings:
Warning 1231 'pseudo_replica_mode' change was ineffective.
SET SESSION pseudo_thread_id = DEFAULT;
SET SESSION transaction_write_set_extraction = DEFAULT;
Warnings:
Warning 1287 '@@transaction_write_set_extraction' is deprecated and will be removed in a future release.
SET SESSION histogram_generation_max_mem_size = DEFAULT;
SET SESSION sql_log_off = DEFAULT;
SET SESSION original_commit_timestamp = DEFAULT;
SET SESSION default_collation_for_utf8mb4 = DEFAULT;
Warnings:
Warning 1681 Updating 'default_collation_for_utf8mb4' is deprecated. It will be made read-only in a future release.
SET SESSION explicit_defaults_for_timestamp = DEFAULT;
SET SESSION sql_log_bin = DEFAULT;
SET SESSION rbr_exec_mode = DEFAULT;
# Back to default connection
# Cleanup
DROP DATABASE wl12217;
DROP USER wl12217@localhost;
# Testing FR6
CREATE USER wl12217@localhost;
CREATE DATABASE wl12217;
GRANT ALL PRIVILEGES ON wl12217.* TO wl12217@localhost;
GRANT SUPER ON *.* TO wl12217@localhost;
Warnings:
Warning 1287 The SUPER privilege identifier is deprecated
# Switch to wl12217@localhost
# Must pass
SET SESSION auto_increment_increment = DEFAULT;
SET SESSION auto_increment_offset = DEFAULT;
SET SESSION binlog_direct_non_transactional_updates = DEFAULT;
SET SESSION binlog_format = DEFAULT;
Warnings:
Warning 1287 '@@binlog_format' is deprecated and will be removed in a future release.
SET SESSION binlog_row_image = DEFAULT;
SET SESSION binlog_row_value_options = DEFAULT;
SET SESSION binlog_rows_query_log_events = DEFAULT;
SET SESSION bulk_insert_buffer_size = DEFAULT;
SET SESSION character_set_database = DEFAULT;
Warnings:
Warning 1681 Updating 'character_set_database' is deprecated. It will be made read-only in a future release.
SET SESSION character_set_filesystem = DEFAULT;
SET SESSION collation_database = DEFAULT;
Warnings:
Warning 1681 Updating 'collation_database' is deprecated. It will be made read-only in a future release.
SET SESSION pseudo_replica_mode = DEFAULT;
Warnings:
Warning 1231 'pseudo_replica_mode' change was ineffective.
SET SESSION pseudo_thread_id = DEFAULT;
SET SESSION transaction_write_set_extraction = DEFAULT;
Warnings:
Warning 1287 '@@transaction_write_set_extraction' is deprecated and will be removed in a future release.
SET SESSION histogram_generation_max_mem_size = DEFAULT;
SET SESSION sql_log_off = DEFAULT;
SET SESSION original_commit_timestamp = DEFAULT;
SET SESSION default_collation_for_utf8mb4 = DEFAULT;
Warnings:
Warning 1681 Updating 'default_collation_for_utf8mb4' is deprecated. It will be made read-only in a future release.
SET SESSION explicit_defaults_for_timestamp = DEFAULT;
SET SESSION sql_log_bin = DEFAULT;
SET SESSION rbr_exec_mode = DEFAULT;
# Back to default connection
# Cleanup
DROP DATABASE wl12217;
DROP USER wl12217@localhost;
# Testing FR7
# Must have SESSION_VARIABLES_ADMIN
SHOW GRANTS for "mysql.session"@localhost;
Grants for mysql.session@localhost
GRANT SHUTDOWN, SUPER ON *.* TO `mysql.session`@`localhost`
GRANT AUDIT_ABORT_EXEMPT,AUTHENTICATION_POLICY_ADMIN,BACKUP_ADMIN,CLONE_ADMIN,CONNECTION_ADMIN,FIREWALL_EXEMPT,PERSIST_RO_VARIABLES_ADMIN,SESSION_VARIABLES_ADMIN,SYSTEM_USER,SYSTEM_VARIABLES_ADMIN ON *.* TO `mysql.session`@`localhost`
GRANT SELECT ON `performance_schema`.* TO `mysql.session`@`localhost`
GRANT SELECT ON `mysql`.`user` TO `mysql.session`@`localhost`
#
# End of 8.0 tests
#
|
