diff options
author | Alexander Barkov <bar@mariadb.com> | 2020-03-17 19:08:28 +0400 |
---|---|---|
committer | Alexander Barkov <bar@mariadb.com> | 2020-03-17 19:08:28 +0400 |
commit | 90b7ac28a917fde7bceed573956aa4c668c7685b (patch) | |
tree | 0285afba839a1090e2acd600bc581c8de2b52e14 | |
parent | dec14dcffe08c0284daac4f93cd750956b15ca47 (diff) | |
download | mariadb-git-90b7ac28a917fde7bceed573956aa4c668c7685b.tar.gz |
MDEV-21963 Bind BINLOG ADMIN to a number of global system variables
31 files changed, 910 insertions, 14 deletions
diff --git a/mysql-test/suite/sys_vars/inc/sysvar_global_grant.inc b/mysql-test/suite/sys_vars/inc/sysvar_global_grant.inc new file mode 100644 index 00000000000..f452c1b19d9 --- /dev/null +++ b/mysql-test/suite/sys_vars/inc/sysvar_global_grant.inc @@ -0,0 +1,53 @@ +--source include/not_embedded.inc + + +--eval SET @global=@@global.$var + +--echo # Test that "SET $var" is not allowed without $grant or SUPER + +CREATE USER user1@localhost; +GRANT ALL PRIVILEGES ON *.* TO user1@localhost; +--eval REVOKE $grant, SUPER ON *.* FROM user1@localhost +--connect(user1,localhost,user1,,) +--connection user1 +--error ER_SPECIFIC_ACCESS_DENIED_ERROR +--eval SET GLOBAL $var=$value +--error ER_GLOBAL_VARIABLE +--eval SET $var=$value +--error ER_GLOBAL_VARIABLE +--eval SET SESSION $var=$value +--disconnect user1 +--connection default +DROP USER user1@localhost; + +--echo # Test that "SET $var" is allowed with $grant + +CREATE USER user1@localhost; +--eval GRANT $grant ON *.* TO user1@localhost +--connect(user1,localhost,user1,,) +--connection user1 +--eval SET GLOBAL $var=$value +--error ER_GLOBAL_VARIABLE +--eval SET $var=$value +--error ER_GLOBAL_VARIABLE +--eval SET SESSION $var=$value +--disconnect user1 +--connection default +DROP USER user1@localhost; + +--echo # Test that "SET $var" is allowed with SUPER + +CREATE USER user1@localhost; +GRANT SUPER ON *.* TO user1@localhost; +--connect(user1,localhost,user1,,) +--connection user1 +--eval SET GLOBAL $var=$value +--error ER_GLOBAL_VARIABLE +--eval SET $var=$value +--error ER_GLOBAL_VARIABLE +--eval SET SESSION $var=$value +--disconnect user1 +--connection default +DROP USER user1@localhost; + +--eval SET @@global.$var=@global diff --git a/mysql-test/suite/sys_vars/r/binlog_cache_size_grant.result b/mysql-test/suite/sys_vars/r/binlog_cache_size_grant.result new file mode 100644 index 00000000000..e6898e58968 --- /dev/null +++ b/mysql-test/suite/sys_vars/r/binlog_cache_size_grant.result @@ -0,0 +1,46 @@ +# +# MDEV-21963 Bind BINLOG ADMIN to a number of global system variables +# +SET @global=@@global.binlog_cache_size; +# Test that "SET binlog_cache_size" is not allowed without BINLOG ADMIN or SUPER +CREATE USER user1@localhost; +GRANT ALL PRIVILEGES ON *.* TO user1@localhost; +REVOKE BINLOG ADMIN, SUPER ON *.* FROM user1@localhost; +connect user1,localhost,user1,,; +connection user1; +SET GLOBAL binlog_cache_size=65536; +ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG ADMIN privilege(s) for this operation +SET binlog_cache_size=65536; +ERROR HY000: Variable 'binlog_cache_size' is a GLOBAL variable and should be set with SET GLOBAL +SET SESSION binlog_cache_size=65536; +ERROR HY000: Variable 'binlog_cache_size' is a GLOBAL variable and should be set with SET GLOBAL +disconnect user1; +connection default; +DROP USER user1@localhost; +# Test that "SET binlog_cache_size" is allowed with BINLOG ADMIN +CREATE USER user1@localhost; +GRANT BINLOG ADMIN ON *.* TO user1@localhost; +connect user1,localhost,user1,,; +connection user1; +SET GLOBAL binlog_cache_size=65536; +SET binlog_cache_size=65536; +ERROR HY000: Variable 'binlog_cache_size' is a GLOBAL variable and should be set with SET GLOBAL +SET SESSION binlog_cache_size=65536; +ERROR HY000: Variable 'binlog_cache_size' is a GLOBAL variable and should be set with SET GLOBAL +disconnect user1; +connection default; +DROP USER user1@localhost; +# Test that "SET binlog_cache_size" is allowed with SUPER +CREATE USER user1@localhost; +GRANT SUPER ON *.* TO user1@localhost; +connect user1,localhost,user1,,; +connection user1; +SET GLOBAL binlog_cache_size=65536; +SET binlog_cache_size=65536; +ERROR HY000: Variable 'binlog_cache_size' is a GLOBAL variable and should be set with SET GLOBAL +SET SESSION binlog_cache_size=65536; +ERROR HY000: Variable 'binlog_cache_size' is a GLOBAL variable and should be set with SET GLOBAL +disconnect user1; +connection default; +DROP USER user1@localhost; +SET @@global.binlog_cache_size=@global; diff --git a/mysql-test/suite/sys_vars/r/binlog_commit_wait_count_grant.result b/mysql-test/suite/sys_vars/r/binlog_commit_wait_count_grant.result new file mode 100644 index 00000000000..930772f7499 --- /dev/null +++ b/mysql-test/suite/sys_vars/r/binlog_commit_wait_count_grant.result @@ -0,0 +1,46 @@ +# +# MDEV-21963 Bind BINLOG ADMIN to a number of global system variables +# +SET @global=@@global.binlog_commit_wait_count; +# Test that "SET binlog_commit_wait_count" is not allowed without BINLOG ADMIN or SUPER +CREATE USER user1@localhost; +GRANT ALL PRIVILEGES ON *.* TO user1@localhost; +REVOKE BINLOG ADMIN, SUPER ON *.* FROM user1@localhost; +connect user1,localhost,user1,,; +connection user1; +SET GLOBAL binlog_commit_wait_count=65536; +ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG ADMIN privilege(s) for this operation +SET binlog_commit_wait_count=65536; +ERROR HY000: Variable 'binlog_commit_wait_count' is a GLOBAL variable and should be set with SET GLOBAL +SET SESSION binlog_commit_wait_count=65536; +ERROR HY000: Variable 'binlog_commit_wait_count' is a GLOBAL variable and should be set with SET GLOBAL +disconnect user1; +connection default; +DROP USER user1@localhost; +# Test that "SET binlog_commit_wait_count" is allowed with BINLOG ADMIN +CREATE USER user1@localhost; +GRANT BINLOG ADMIN ON *.* TO user1@localhost; +connect user1,localhost,user1,,; +connection user1; +SET GLOBAL binlog_commit_wait_count=65536; +SET binlog_commit_wait_count=65536; +ERROR HY000: Variable 'binlog_commit_wait_count' is a GLOBAL variable and should be set with SET GLOBAL +SET SESSION binlog_commit_wait_count=65536; +ERROR HY000: Variable 'binlog_commit_wait_count' is a GLOBAL variable and should be set with SET GLOBAL +disconnect user1; +connection default; +DROP USER user1@localhost; +# Test that "SET binlog_commit_wait_count" is allowed with SUPER +CREATE USER user1@localhost; +GRANT SUPER ON *.* TO user1@localhost; +connect user1,localhost,user1,,; +connection user1; +SET GLOBAL binlog_commit_wait_count=65536; +SET binlog_commit_wait_count=65536; +ERROR HY000: Variable 'binlog_commit_wait_count' is a GLOBAL variable and should be set with SET GLOBAL +SET SESSION binlog_commit_wait_count=65536; +ERROR HY000: Variable 'binlog_commit_wait_count' is a GLOBAL variable and should be set with SET GLOBAL +disconnect user1; +connection default; +DROP USER user1@localhost; +SET @@global.binlog_commit_wait_count=@global; diff --git a/mysql-test/suite/sys_vars/r/binlog_commit_wait_usec_grant.result b/mysql-test/suite/sys_vars/r/binlog_commit_wait_usec_grant.result new file mode 100644 index 00000000000..cfbb759e959 --- /dev/null +++ b/mysql-test/suite/sys_vars/r/binlog_commit_wait_usec_grant.result @@ -0,0 +1,46 @@ +# +# MDEV-21963 Bind BINLOG ADMIN to a number of global system variables +# +SET @global=@@global.binlog_commit_wait_usec; +# Test that "SET binlog_commit_wait_usec" is not allowed without BINLOG ADMIN or SUPER +CREATE USER user1@localhost; +GRANT ALL PRIVILEGES ON *.* TO user1@localhost; +REVOKE BINLOG ADMIN, SUPER ON *.* FROM user1@localhost; +connect user1,localhost,user1,,; +connection user1; +SET GLOBAL binlog_commit_wait_usec=65536; +ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG ADMIN privilege(s) for this operation +SET binlog_commit_wait_usec=65536; +ERROR HY000: Variable 'binlog_commit_wait_usec' is a GLOBAL variable and should be set with SET GLOBAL +SET SESSION binlog_commit_wait_usec=65536; +ERROR HY000: Variable 'binlog_commit_wait_usec' is a GLOBAL variable and should be set with SET GLOBAL +disconnect user1; +connection default; +DROP USER user1@localhost; +# Test that "SET binlog_commit_wait_usec" is allowed with BINLOG ADMIN +CREATE USER user1@localhost; +GRANT BINLOG ADMIN ON *.* TO user1@localhost; +connect user1,localhost,user1,,; +connection user1; +SET GLOBAL binlog_commit_wait_usec=65536; +SET binlog_commit_wait_usec=65536; +ERROR HY000: Variable 'binlog_commit_wait_usec' is a GLOBAL variable and should be set with SET GLOBAL +SET SESSION binlog_commit_wait_usec=65536; +ERROR HY000: Variable 'binlog_commit_wait_usec' is a GLOBAL variable and should be set with SET GLOBAL +disconnect user1; +connection default; +DROP USER user1@localhost; +# Test that "SET binlog_commit_wait_usec" is allowed with SUPER +CREATE USER user1@localhost; +GRANT SUPER ON *.* TO user1@localhost; +connect user1,localhost,user1,,; +connection user1; +SET GLOBAL binlog_commit_wait_usec=65536; +SET binlog_commit_wait_usec=65536; +ERROR HY000: Variable 'binlog_commit_wait_usec' is a GLOBAL variable and should be set with SET GLOBAL +SET SESSION binlog_commit_wait_usec=65536; +ERROR HY000: Variable 'binlog_commit_wait_usec' is a GLOBAL variable and should be set with SET GLOBAL +disconnect user1; +connection default; +DROP USER user1@localhost; +SET @@global.binlog_commit_wait_usec=@global; diff --git a/mysql-test/suite/sys_vars/r/binlog_file_cache_size_grant.result b/mysql-test/suite/sys_vars/r/binlog_file_cache_size_grant.result new file mode 100644 index 00000000000..3cd5aaf57d4 --- /dev/null +++ b/mysql-test/suite/sys_vars/r/binlog_file_cache_size_grant.result @@ -0,0 +1,46 @@ +# +# MDEV-21963 Bind BINLOG ADMIN to a number of global system variables +# +SET @global=@@global.binlog_file_cache_size; +# Test that "SET binlog_file_cache_size" is not allowed without BINLOG ADMIN or SUPER +CREATE USER user1@localhost; +GRANT ALL PRIVILEGES ON *.* TO user1@localhost; +REVOKE BINLOG ADMIN, SUPER ON *.* FROM user1@localhost; +connect user1,localhost,user1,,; +connection user1; +SET GLOBAL binlog_file_cache_size=65536; +ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG ADMIN privilege(s) for this operation +SET binlog_file_cache_size=65536; +ERROR HY000: Variable 'binlog_file_cache_size' is a GLOBAL variable and should be set with SET GLOBAL +SET SESSION binlog_file_cache_size=65536; +ERROR HY000: Variable 'binlog_file_cache_size' is a GLOBAL variable and should be set with SET GLOBAL +disconnect user1; +connection default; +DROP USER user1@localhost; +# Test that "SET binlog_file_cache_size" is allowed with BINLOG ADMIN +CREATE USER user1@localhost; +GRANT BINLOG ADMIN ON *.* TO user1@localhost; +connect user1,localhost,user1,,; +connection user1; +SET GLOBAL binlog_file_cache_size=65536; +SET binlog_file_cache_size=65536; +ERROR HY000: Variable 'binlog_file_cache_size' is a GLOBAL variable and should be set with SET GLOBAL +SET SESSION binlog_file_cache_size=65536; +ERROR HY000: Variable 'binlog_file_cache_size' is a GLOBAL variable and should be set with SET GLOBAL +disconnect user1; +connection default; +DROP USER user1@localhost; +# Test that "SET binlog_file_cache_size" is allowed with SUPER +CREATE USER user1@localhost; +GRANT SUPER ON *.* TO user1@localhost; +connect user1,localhost,user1,,; +connection user1; +SET GLOBAL binlog_file_cache_size=65536; +SET binlog_file_cache_size=65536; +ERROR HY000: Variable 'binlog_file_cache_size' is a GLOBAL variable and should be set with SET GLOBAL +SET SESSION binlog_file_cache_size=65536; +ERROR HY000: Variable 'binlog_file_cache_size' is a GLOBAL variable and should be set with SET GLOBAL +disconnect user1; +connection default; +DROP USER user1@localhost; +SET @@global.binlog_file_cache_size=@global; diff --git a/mysql-test/suite/sys_vars/r/binlog_row_metadata_grant.result b/mysql-test/suite/sys_vars/r/binlog_row_metadata_grant.result new file mode 100644 index 00000000000..43282278aa3 --- /dev/null +++ b/mysql-test/suite/sys_vars/r/binlog_row_metadata_grant.result @@ -0,0 +1,46 @@ +# +# MDEV-21963 Bind BINLOG ADMIN to a number of global system variables +# +SET @global=@@global.binlog_row_metadata; +# Test that "SET binlog_row_metadata" is not allowed without BINLOG ADMIN or SUPER +CREATE USER user1@localhost; +GRANT ALL PRIVILEGES ON *.* TO user1@localhost; +REVOKE BINLOG ADMIN, SUPER ON *.* FROM user1@localhost; +connect user1,localhost,user1,,; +connection user1; +SET GLOBAL binlog_row_metadata=NO_LOG; +ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG ADMIN privilege(s) for this operation +SET binlog_row_metadata=NO_LOG; +ERROR HY000: Variable 'binlog_row_metadata' is a GLOBAL variable and should be set with SET GLOBAL +SET SESSION binlog_row_metadata=NO_LOG; +ERROR HY000: Variable 'binlog_row_metadata' is a GLOBAL variable and should be set with SET GLOBAL +disconnect user1; +connection default; +DROP USER user1@localhost; +# Test that "SET binlog_row_metadata" is allowed with BINLOG ADMIN +CREATE USER user1@localhost; +GRANT BINLOG ADMIN ON *.* TO user1@localhost; +connect user1,localhost,user1,,; +connection user1; +SET GLOBAL binlog_row_metadata=NO_LOG; +SET binlog_row_metadata=NO_LOG; +ERROR HY000: Variable 'binlog_row_metadata' is a GLOBAL variable and should be set with SET GLOBAL +SET SESSION binlog_row_metadata=NO_LOG; +ERROR HY000: Variable 'binlog_row_metadata' is a GLOBAL variable and should be set with SET GLOBAL +disconnect user1; +connection default; +DROP USER user1@localhost; +# Test that "SET binlog_row_metadata" is allowed with SUPER +CREATE USER user1@localhost; +GRANT SUPER ON *.* TO user1@localhost; +connect user1,localhost,user1,,; +connection user1; +SET GLOBAL binlog_row_metadata=NO_LOG; +SET binlog_row_metadata=NO_LOG; +ERROR HY000: Variable 'binlog_row_metadata' is a GLOBAL variable and should be set with SET GLOBAL +SET SESSION binlog_row_metadata=NO_LOG; +ERROR HY000: Variable 'binlog_row_metadata' is a GLOBAL variable and should be set with SET GLOBAL +disconnect user1; +connection default; +DROP USER user1@localhost; +SET @@global.binlog_row_metadata=@global; diff --git a/mysql-test/suite/sys_vars/r/binlog_stmt_cache_size_grant.result b/mysql-test/suite/sys_vars/r/binlog_stmt_cache_size_grant.result new file mode 100644 index 00000000000..87070de932c --- /dev/null +++ b/mysql-test/suite/sys_vars/r/binlog_stmt_cache_size_grant.result @@ -0,0 +1,46 @@ +# +# MDEV-21963 Bind BINLOG ADMIN to a number of global system variables +# +SET @global=@@global.binlog_stmt_cache_size; +# Test that "SET binlog_stmt_cache_size" is not allowed without BINLOG ADMIN or SUPER +CREATE USER user1@localhost; +GRANT ALL PRIVILEGES ON *.* TO user1@localhost; +REVOKE BINLOG ADMIN, SUPER ON *.* FROM user1@localhost; +connect user1,localhost,user1,,; +connection user1; +SET GLOBAL binlog_stmt_cache_size=65536; +ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG ADMIN privilege(s) for this operation +SET binlog_stmt_cache_size=65536; +ERROR HY000: Variable 'binlog_stmt_cache_size' is a GLOBAL variable and should be set with SET GLOBAL +SET SESSION binlog_stmt_cache_size=65536; +ERROR HY000: Variable 'binlog_stmt_cache_size' is a GLOBAL variable and should be set with SET GLOBAL +disconnect user1; +connection default; +DROP USER user1@localhost; +# Test that "SET binlog_stmt_cache_size" is allowed with BINLOG ADMIN +CREATE USER user1@localhost; +GRANT BINLOG ADMIN ON *.* TO user1@localhost; +connect user1,localhost,user1,,; +connection user1; +SET GLOBAL binlog_stmt_cache_size=65536; +SET binlog_stmt_cache_size=65536; +ERROR HY000: Variable 'binlog_stmt_cache_size' is a GLOBAL variable and should be set with SET GLOBAL +SET SESSION binlog_stmt_cache_size=65536; +ERROR HY000: Variable 'binlog_stmt_cache_size' is a GLOBAL variable and should be set with SET GLOBAL +disconnect user1; +connection default; +DROP USER user1@localhost; +# Test that "SET binlog_stmt_cache_size" is allowed with SUPER +CREATE USER user1@localhost; +GRANT SUPER ON *.* TO user1@localhost; +connect user1,localhost,user1,,; +connection user1; +SET GLOBAL binlog_stmt_cache_size=65536; +SET binlog_stmt_cache_size=65536; +ERROR HY000: Variable 'binlog_stmt_cache_size' is a GLOBAL variable and should be set with SET GLOBAL +SET SESSION binlog_stmt_cache_size=65536; +ERROR HY000: Variable 'binlog_stmt_cache_size' is a GLOBAL variable and should be set with SET GLOBAL +disconnect user1; +connection default; +DROP USER user1@localhost; +SET @@global.binlog_stmt_cache_size=@global; diff --git a/mysql-test/suite/sys_vars/r/expire_logs_days_grant.result b/mysql-test/suite/sys_vars/r/expire_logs_days_grant.result new file mode 100644 index 00000000000..f7a3ddc76c1 --- /dev/null +++ b/mysql-test/suite/sys_vars/r/expire_logs_days_grant.result @@ -0,0 +1,46 @@ +# +# MDEV-21963 Bind BINLOG ADMIN to a number of global system variables +# +SET @global=@@global.expire_logs_days; +# Test that "SET expire_logs_days" is not allowed without BINLOG ADMIN or SUPER +CREATE USER user1@localhost; +GRANT ALL PRIVILEGES ON *.* TO user1@localhost; +REVOKE BINLOG ADMIN, SUPER ON *.* FROM user1@localhost; +connect user1,localhost,user1,,; +connection user1; +SET GLOBAL expire_logs_days=33; +ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG ADMIN privilege(s) for this operation +SET expire_logs_days=33; +ERROR HY000: Variable 'expire_logs_days' is a GLOBAL variable and should be set with SET GLOBAL +SET SESSION expire_logs_days=33; +ERROR HY000: Variable 'expire_logs_days' is a GLOBAL variable and should be set with SET GLOBAL +disconnect user1; +connection default; +DROP USER user1@localhost; +# Test that "SET expire_logs_days" is allowed with BINLOG ADMIN +CREATE USER user1@localhost; +GRANT BINLOG ADMIN ON *.* TO user1@localhost; +connect user1,localhost,user1,,; +connection user1; +SET GLOBAL expire_logs_days=33; +SET expire_logs_days=33; +ERROR HY000: Variable 'expire_logs_days' is a GLOBAL variable and should be set with SET GLOBAL +SET SESSION expire_logs_days=33; +ERROR HY000: Variable 'expire_logs_days' is a GLOBAL variable and should be set with SET GLOBAL +disconnect user1; +connection default; +DROP USER user1@localhost; +# Test that "SET expire_logs_days" is allowed with SUPER +CREATE USER user1@localhost; +GRANT SUPER ON *.* TO user1@localhost; +connect user1,localhost,user1,,; +connection user1; +SET GLOBAL expire_logs_days=33; +SET expire_logs_days=33; +ERROR HY000: Variable 'expire_logs_days' is a GLOBAL variable and should be set with SET GLOBAL +SET SESSION expire_logs_days=33; +ERROR HY000: Variable 'expire_logs_days' is a GLOBAL variable and should be set with SET GLOBAL +disconnect user1; +connection default; +DROP USER user1@localhost; +SET @@global.expire_logs_days=@global; diff --git a/mysql-test/suite/sys_vars/r/log_bin_compress_grant.result b/mysql-test/suite/sys_vars/r/log_bin_compress_grant.result new file mode 100644 index 00000000000..f75f22a75f8 --- /dev/null +++ b/mysql-test/suite/sys_vars/r/log_bin_compress_grant.result @@ -0,0 +1,46 @@ +# +# MDEV-21963 Bind BINLOG ADMIN to a number of global system variables +# +SET @global=@@global.log_bin_compress; +# Test that "SET log_bin_compress" is not allowed without BINLOG ADMIN or SUPER +CREATE USER user1@localhost; +GRANT ALL PRIVILEGES ON *.* TO user1@localhost; +REVOKE BINLOG ADMIN, SUPER ON *.* FROM user1@localhost; +connect user1,localhost,user1,,; +connection user1; +SET GLOBAL log_bin_compress=1; +ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG ADMIN privilege(s) for this operation +SET log_bin_compress=1; +ERROR HY000: Variable 'log_bin_compress' is a GLOBAL variable and should be set with SET GLOBAL +SET SESSION log_bin_compress=1; +ERROR HY000: Variable 'log_bin_compress' is a GLOBAL variable and should be set with SET GLOBAL +disconnect user1; +connection default; +DROP USER user1@localhost; +# Test that "SET log_bin_compress" is allowed with BINLOG ADMIN +CREATE USER user1@localhost; +GRANT BINLOG ADMIN ON *.* TO user1@localhost; +connect user1,localhost,user1,,; +connection user1; +SET GLOBAL log_bin_compress=1; +SET log_bin_compress=1; +ERROR HY000: Variable 'log_bin_compress' is a GLOBAL variable and should be set with SET GLOBAL +SET SESSION log_bin_compress=1; +ERROR HY000: Variable 'log_bin_compress' is a GLOBAL variable and should be set with SET GLOBAL +disconnect user1; +connection default; +DROP USER user1@localhost; +# Test that "SET log_bin_compress" is allowed with SUPER +CREATE USER user1@localhost; +GRANT SUPER ON *.* TO user1@localhost; +connect user1,localhost,user1,,; +connection user1; +SET GLOBAL log_bin_compress=1; +SET log_bin_compress=1; +ERROR HY000: Variable 'log_bin_compress' is a GLOBAL variable and should be set with SET GLOBAL +SET SESSION log_bin_compress=1; +ERROR HY000: Variable 'log_bin_compress' is a GLOBAL variable and should be set with SET GLOBAL +disconnect user1; +connection default; +DROP USER user1@localhost; +SET @@global.log_bin_compress=@global; diff --git a/mysql-test/suite/sys_vars/r/log_bin_compress_min_len_grant.result b/mysql-test/suite/sys_vars/r/log_bin_compress_min_len_grant.result new file mode 100644 index 00000000000..b1ccafb1dd2 --- /dev/null +++ b/mysql-test/suite/sys_vars/r/log_bin_compress_min_len_grant.result @@ -0,0 +1,46 @@ +# +# MDEV-21963 Bind BINLOG ADMIN to a number of global system variables +# +SET @global=@@global.log_bin_compress_min_len; +# Test that "SET log_bin_compress_min_len" is not allowed without BINLOG ADMIN or SUPER +CREATE USER user1@localhost; +GRANT ALL PRIVILEGES ON *.* TO user1@localhost; +REVOKE BINLOG ADMIN, SUPER ON *.* FROM user1@localhost; +connect user1,localhost,user1,,; +connection user1; +SET GLOBAL log_bin_compress_min_len=512; +ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG ADMIN privilege(s) for this operation +SET log_bin_compress_min_len=512; +ERROR HY000: Variable 'log_bin_compress_min_len' is a GLOBAL variable and should be set with SET GLOBAL +SET SESSION log_bin_compress_min_len=512; +ERROR HY000: Variable 'log_bin_compress_min_len' is a GLOBAL variable and should be set with SET GLOBAL +disconnect user1; +connection default; +DROP USER user1@localhost; +# Test that "SET log_bin_compress_min_len" is allowed with BINLOG ADMIN +CREATE USER user1@localhost; +GRANT BINLOG ADMIN ON *.* TO user1@localhost; +connect user1,localhost,user1,,; +connection user1; +SET GLOBAL log_bin_compress_min_len=512; +SET log_bin_compress_min_len=512; +ERROR HY000: Variable 'log_bin_compress_min_len' is a GLOBAL variable and should be set with SET GLOBAL +SET SESSION log_bin_compress_min_len=512; +ERROR HY000: Variable 'log_bin_compress_min_len' is a GLOBAL variable and should be set with SET GLOBAL +disconnect user1; +connection default; +DROP USER user1@localhost; +# Test that "SET log_bin_compress_min_len" is allowed with SUPER +CREATE USER user1@localhost; +GRANT SUPER ON *.* TO user1@localhost; +connect user1,localhost,user1,,; +connection user1; +SET GLOBAL log_bin_compress_min_len=512; +SET log_bin_compress_min_len=512; +ERROR HY000: Variable 'log_bin_compress_min_len' is a GLOBAL variable and should be set with SET GLOBAL +SET SESSION log_bin_compress_min_len=512; +ERROR HY000: Variable 'log_bin_compress_min_len' is a GLOBAL variable and should be set with SET GLOBAL +disconnect user1; +connection default; +DROP USER user1@localhost; +SET @@global.log_bin_compress_min_len=@global; diff --git a/mysql-test/suite/sys_vars/r/log_bin_trust_function_creators_grant.result b/mysql-test/suite/sys_vars/r/log_bin_trust_function_creators_grant.result new file mode 100644 index 00000000000..ef9af94d8f6 --- /dev/null +++ b/mysql-test/suite/sys_vars/r/log_bin_trust_function_creators_grant.result @@ -0,0 +1,46 @@ +# +# MDEV-21963 Bind BINLOG ADMIN to a number of global system variables +# +SET @global=@@global.log_bin_trust_function_creators; +# Test that "SET log_bin_trust_function_creators" is not allowed without BINLOG ADMIN or SUPER +CREATE USER user1@localhost; +GRANT ALL PRIVILEGES ON *.* TO user1@localhost; +REVOKE BINLOG ADMIN, SUPER ON *.* FROM user1@localhost; +connect user1,localhost,user1,,; +connection user1; +SET GLOBAL log_bin_trust_function_creators=1; +ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG ADMIN privilege(s) for this operation +SET log_bin_trust_function_creators=1; +ERROR HY000: Variable 'log_bin_trust_function_creators' is a GLOBAL variable and should be set with SET GLOBAL +SET SESSION log_bin_trust_function_creators=1; +ERROR HY000: Variable 'log_bin_trust_function_creators' is a GLOBAL variable and should be set with SET GLOBAL +disconnect user1; +connection default; +DROP USER user1@localhost; +# Test that "SET log_bin_trust_function_creators" is allowed with BINLOG ADMIN +CREATE USER user1@localhost; +GRANT BINLOG ADMIN ON *.* TO user1@localhost; +connect user1,localhost,user1,,; +connection user1; +SET GLOBAL log_bin_trust_function_creators=1; +SET log_bin_trust_function_creators=1; +ERROR HY000: Variable 'log_bin_trust_function_creators' is a GLOBAL variable and should be set with SET GLOBAL +SET SESSION log_bin_trust_function_creators=1; +ERROR HY000: Variable 'log_bin_trust_function_creators' is a GLOBAL variable and should be set with SET GLOBAL +disconnect user1; +connection default; +DROP USER user1@localhost; +# Test that "SET log_bin_trust_function_creators" is allowed with SUPER +CREATE USER user1@localhost; +GRANT SUPER ON *.* TO user1@localhost; +connect user1,localhost,user1,,; +connection user1; +SET GLOBAL log_bin_trust_function_creators=1; +SET log_bin_trust_function_creators=1; +ERROR HY000: Variable 'log_bin_trust_function_creators' is a GLOBAL variable and should be set with SET GLOBAL +SET SESSION log_bin_trust_function_creators=1; +ERROR HY000: Variable 'log_bin_trust_function_creators' is a GLOBAL variable and should be set with SET GLOBAL +disconnect user1; +connection default; +DROP USER user1@localhost; +SET @@global.log_bin_trust_function_creators=@global; diff --git a/mysql-test/suite/sys_vars/r/max_binlog_cache_size_grant.result b/mysql-test/suite/sys_vars/r/max_binlog_cache_size_grant.result new file mode 100644 index 00000000000..350194c46cc --- /dev/null +++ b/mysql-test/suite/sys_vars/r/max_binlog_cache_size_grant.result @@ -0,0 +1,46 @@ +# +# MDEV-21963 Bind BINLOG ADMIN to a number of global system variables +# +SET @global=@@global.max_binlog_cache_size; +# Test that "SET max_binlog_cache_size" is not allowed without BINLOG ADMIN or SUPER +CREATE USER user1@localhost; +GRANT ALL PRIVILEGES ON *.* TO user1@localhost; +REVOKE BINLOG ADMIN, SUPER ON *.* FROM user1@localhost; +connect user1,localhost,user1,,; +connection user1; +SET GLOBAL max_binlog_cache_size=4096; +ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG ADMIN privilege(s) for this operation +SET max_binlog_cache_size=4096; +ERROR HY000: Variable 'max_binlog_cache_size' is a GLOBAL variable and should be set with SET GLOBAL +SET SESSION max_binlog_cache_size=4096; +ERROR HY000: Variable 'max_binlog_cache_size' is a GLOBAL variable and should be set with SET GLOBAL +disconnect user1; +connection default; +DROP USER user1@localhost; +# Test that "SET max_binlog_cache_size" is allowed with BINLOG ADMIN +CREATE USER user1@localhost; +GRANT BINLOG ADMIN ON *.* TO user1@localhost; +connect user1,localhost,user1,,; +connection user1; +SET GLOBAL max_binlog_cache_size=4096; +SET max_binlog_cache_size=4096; +ERROR HY000: Variable 'max_binlog_cache_size' is a GLOBAL variable and should be set with SET GLOBAL +SET SESSION max_binlog_cache_size=4096; +ERROR HY000: Variable 'max_binlog_cache_size' is a GLOBAL variable and should be set with SET GLOBAL +disconnect user1; +connection default; +DROP USER user1@localhost; +# Test that "SET max_binlog_cache_size" is allowed with SUPER +CREATE USER user1@localhost; +GRANT SUPER ON *.* TO user1@localhost; +connect user1,localhost,user1,,; +connection user1; +SET GLOBAL max_binlog_cache_size=4096; +SET max_binlog_cache_size=4096; +ERROR HY000: Variable 'max_binlog_cache_size' is a GLOBAL variable and should be set with SET GLOBAL +SET SESSION max_binlog_cache_size=4096; +ERROR HY000: Variable 'max_binlog_cache_size' is a GLOBAL variable and should be set with SET GLOBAL +disconnect user1; +connection default; +DROP USER user1@localhost; +SET @@global.max_binlog_cache_size=@global; diff --git a/mysql-test/suite/sys_vars/r/max_binlog_size_grant.result b/mysql-test/suite/sys_vars/r/max_binlog_size_grant.result new file mode 100644 index 00000000000..34e1fde76fe --- /dev/null +++ b/mysql-test/suite/sys_vars/r/max_binlog_size_grant.result @@ -0,0 +1,46 @@ +# +# MDEV-21963 Bind BINLOG ADMIN to a number of global system variables +# +SET @global=@@global.max_binlog_size; +# Test that "SET max_binlog_size" is not allowed without BINLOG ADMIN or SUPER +CREATE USER user1@localhost; +GRANT ALL PRIVILEGES ON *.* TO user1@localhost; +REVOKE BINLOG ADMIN, SUPER ON *.* FROM user1@localhost; +connect user1,localhost,user1,,; +connection user1; +SET GLOBAL max_binlog_size=4096; +ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG ADMIN privilege(s) for this operation +SET max_binlog_size=4096; +ERROR HY000: Variable 'max_binlog_size' is a GLOBAL variable and should be set with SET GLOBAL +SET SESSION max_binlog_size=4096; +ERROR HY000: Variable 'max_binlog_size' is a GLOBAL variable and should be set with SET GLOBAL +disconnect user1; +connection default; +DROP USER user1@localhost; +# Test that "SET max_binlog_size" is allowed with BINLOG ADMIN +CREATE USER user1@localhost; +GRANT BINLOG ADMIN ON *.* TO user1@localhost; +connect user1,localhost,user1,,; +connection user1; +SET GLOBAL max_binlog_size=4096; +SET max_binlog_size=4096; +ERROR HY000: Variable 'max_binlog_size' is a GLOBAL variable and should be set with SET GLOBAL +SET SESSION max_binlog_size=4096; +ERROR HY000: Variable 'max_binlog_size' is a GLOBAL variable and should be set with SET GLOBAL +disconnect user1; +connection default; +DROP USER user1@localhost; +# Test that "SET max_binlog_size" is allowed with SUPER +CREATE USER user1@localhost; +GRANT SUPER ON *.* TO user1@localhost; +connect user1,localhost,user1,,; +connection user1; +SET GLOBAL max_binlog_size=4096; +SET max_binlog_size=4096; +ERROR HY000: Variable 'max_binlog_size' is a GLOBAL variable and should be set with SET GLOBAL +SET SESSION max_binlog_size=4096; +ERROR HY000: Variable 'max_binlog_size' is a GLOBAL variable and should be set with SET GLOBAL +disconnect user1; +connection default; +DROP USER user1@localhost; +SET @@global.max_binlog_size=@global; diff --git a/mysql-test/suite/sys_vars/r/max_binlog_stmt_cache_size_grant.result b/mysql-test/suite/sys_vars/r/max_binlog_stmt_cache_size_grant.result new file mode 100644 index 00000000000..2ddd164f7c1 --- /dev/null +++ b/mysql-test/suite/sys_vars/r/max_binlog_stmt_cache_size_grant.result @@ -0,0 +1,46 @@ +# +# MDEV-21963 Bind BINLOG ADMIN to a number of global system variables +# +SET @global=@@global.max_binlog_stmt_cache_size; +# Test that "SET max_binlog_stmt_cache_size" is not allowed without BINLOG ADMIN or SUPER +CREATE USER user1@localhost; +GRANT ALL PRIVILEGES ON *.* TO user1@localhost; +REVOKE BINLOG ADMIN, SUPER ON *.* FROM user1@localhost; +connect user1,localhost,user1,,; +connection user1; +SET GLOBAL max_binlog_stmt_cache_size=4096; +ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG ADMIN privilege(s) for this operation +SET max_binlog_stmt_cache_size=4096; +ERROR HY000: Variable 'max_binlog_stmt_cache_size' is a GLOBAL variable and should be set with SET GLOBAL +SET SESSION max_binlog_stmt_cache_size=4096; +ERROR HY000: Variable 'max_binlog_stmt_cache_size' is a GLOBAL variable and should be set with SET GLOBAL +disconnect user1; +connection default; +DROP USER user1@localhost; +# Test that "SET max_binlog_stmt_cache_size" is allowed with BINLOG ADMIN +CREATE USER user1@localhost; +GRANT BINLOG ADMIN ON *.* TO user1@localhost; +connect user1,localhost,user1,,; +connection user1; +SET GLOBAL max_binlog_stmt_cache_size=4096; +SET max_binlog_stmt_cache_size=4096; +ERROR HY000: Variable 'max_binlog_stmt_cache_size' is a GLOBAL variable and should be set with SET GLOBAL +SET SESSION max_binlog_stmt_cache_size=4096; +ERROR HY000: Variable 'max_binlog_stmt_cache_size' is a GLOBAL variable and should be set with SET GLOBAL +disconnect user1; +connection default; +DROP USER user1@localhost; +# Test that "SET max_binlog_stmt_cache_size" is allowed with SUPER +CREATE USER user1@localhost; +GRANT SUPER ON *.* TO user1@localhost; +connect user1,localhost,user1,,; +connection user1; +SET GLOBAL max_binlog_stmt_cache_size=4096; +SET max_binlog_stmt_cache_size=4096; +ERROR HY000: Variable 'max_binlog_stmt_cache_size' is a GLOBAL variable and should be set with SET GLOBAL +SET SESSION max_binlog_stmt_cache_size=4096; +ERROR HY000: Variable 'max_binlog_stmt_cache_size' is a GLOBAL variable and should be set with SET GLOBAL +disconnect user1; +connection default; +DROP USER user1@localhost; +SET @@global.max_binlog_stmt_cache_size=@global; diff --git a/mysql-test/suite/sys_vars/r/sync_binlog_grant.result b/mysql-test/suite/sys_vars/r/sync_binlog_grant.result new file mode 100644 index 00000000000..1fcdf8b000e --- /dev/null +++ b/mysql-test/suite/sys_vars/r/sync_binlog_grant.result @@ -0,0 +1,46 @@ +# +# MDEV-21963 Bind BINLOG ADMIN to a number of global system variables +# +SET @global=@@global.sync_binlog; +# Test that "SET sync_binlog" is not allowed without BINLOG ADMIN or SUPER +CREATE USER user1@localhost; +GRANT ALL PRIVILEGES ON *.* TO user1@localhost; +REVOKE BINLOG ADMIN, SUPER ON *.* FROM user1@localhost; +connect user1,localhost,user1,,; +connection user1; +SET GLOBAL sync_binlog=10; +ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG ADMIN privilege(s) for this operation +SET sync_binlog=10; +ERROR HY000: Variable 'sync_binlog' is a GLOBAL variable and should be set with SET GLOBAL +SET SESSION sync_binlog=10; +ERROR HY000: Variable 'sync_binlog' is a GLOBAL variable and should be set with SET GLOBAL +disconnect user1; +connection default; +DROP USER user1@localhost; +# Test that "SET sync_binlog" is allowed with BINLOG ADMIN +CREATE USER user1@localhost; +GRANT BINLOG ADMIN ON *.* TO user1@localhost; +connect user1,localhost,user1,,; +connection user1; +SET GLOBAL sync_binlog=10; +SET sync_binlog=10; +ERROR HY000: Variable 'sync_binlog' is a GLOBAL variable and should be set with SET GLOBAL +SET SESSION sync_binlog=10; +ERROR HY000: Variable 'sync_binlog' is a GLOBAL variable and should be set with SET GLOBAL +disconnect user1; +connection default; +DROP USER user1@localhost; +# Test that "SET sync_binlog" is allowed with SUPER +CREATE USER user1@localhost; +GRANT SUPER ON *.* TO user1@localhost; +connect user1,localhost,user1,,; +connection user1; +SET GLOBAL sync_binlog=10; +SET sync_binlog=10; +ERROR HY000: Variable 'sync_binlog' is a GLOBAL variable and should be set with SET GLOBAL +SET SESSION sync_binlog=10; +ERROR HY000: Variable 'sync_binlog' is a GLOBAL variable and should be set with SET GLOBAL +disconnect user1; +connection default; +DROP USER user1@localhost; +SET @@global.sync_binlog=@global; diff --git a/mysql-test/suite/sys_vars/t/binlog_cache_size_grant.test b/mysql-test/suite/sys_vars/t/binlog_cache_size_grant.test new file mode 100644 index 00000000000..bad55766f6e --- /dev/null +++ b/mysql-test/suite/sys_vars/t/binlog_cache_size_grant.test @@ -0,0 +1,9 @@ +--echo # +--echo # MDEV-21963 Bind BINLOG ADMIN to a number of global system variables +--echo # + +--let var = binlog_cache_size +--let grant = BINLOG ADMIN +--let value = 65536 + +--source suite/sys_vars/inc/sysvar_global_grant.inc diff --git a/mysql-test/suite/sys_vars/t/binlog_commit_wait_count_grant.test b/mysql-test/suite/sys_vars/t/binlog_commit_wait_count_grant.test new file mode 100644 index 00000000000..5095747ddb1 --- /dev/null +++ b/mysql-test/suite/sys_vars/t/binlog_commit_wait_count_grant.test @@ -0,0 +1,9 @@ +--echo # +--echo # MDEV-21963 Bind BINLOG ADMIN to a number of global system variables +--echo # + +--let var = binlog_commit_wait_count +--let grant = BINLOG ADMIN +--let value = 65536 + +--source suite/sys_vars/inc/sysvar_global_grant.inc diff --git a/mysql-test/suite/sys_vars/t/binlog_commit_wait_usec_grant.test b/mysql-test/suite/sys_vars/t/binlog_commit_wait_usec_grant.test new file mode 100644 index 00000000000..87a8cd20e20 --- /dev/null +++ b/mysql-test/suite/sys_vars/t/binlog_commit_wait_usec_grant.test @@ -0,0 +1,9 @@ +--echo # +--echo # MDEV-21963 Bind BINLOG ADMIN to a number of global system variables +--echo # + +--let var = binlog_commit_wait_usec +--let grant = BINLOG ADMIN +--let value = 65536 + +--source suite/sys_vars/inc/sysvar_global_grant.inc diff --git a/mysql-test/suite/sys_vars/t/binlog_file_cache_size_grant.test b/mysql-test/suite/sys_vars/t/binlog_file_cache_size_grant.test new file mode 100644 index 00000000000..b6362d14562 --- /dev/null +++ b/mysql-test/suite/sys_vars/t/binlog_file_cache_size_grant.test @@ -0,0 +1,9 @@ +--echo # +--echo # MDEV-21963 Bind BINLOG ADMIN to a number of global system variables +--echo # + +--let var = binlog_file_cache_size +--let grant = BINLOG ADMIN +--let value = 65536 + +--source suite/sys_vars/inc/sysvar_global_grant.inc diff --git a/mysql-test/suite/sys_vars/t/binlog_row_metadata_grant.test b/mysql-test/suite/sys_vars/t/binlog_row_metadata_grant.test new file mode 100644 index 00000000000..8dac8218617 --- /dev/null +++ b/mysql-test/suite/sys_vars/t/binlog_row_metadata_grant.test @@ -0,0 +1,9 @@ +--echo # +--echo # MDEV-21963 Bind BINLOG ADMIN to a number of global system variables +--echo # + +--let var = binlog_row_metadata +--let grant = BINLOG ADMIN +--let value = NO_LOG + +--source suite/sys_vars/inc/sysvar_global_grant.inc diff --git a/mysql-test/suite/sys_vars/t/binlog_stmt_cache_size_grant.test b/mysql-test/suite/sys_vars/t/binlog_stmt_cache_size_grant.test new file mode 100644 index 00000000000..9b9afad12b7 --- /dev/null +++ b/mysql-test/suite/sys_vars/t/binlog_stmt_cache_size_grant.test @@ -0,0 +1,9 @@ +--echo # +--echo # MDEV-21963 Bind BINLOG ADMIN to a number of global system variables +--echo # + +--let var = binlog_stmt_cache_size +--let grant = BINLOG ADMIN +--let value = 65536 + +--source suite/sys_vars/inc/sysvar_global_grant.inc diff --git a/mysql-test/suite/sys_vars/t/expire_logs_days_grant.test b/mysql-test/suite/sys_vars/t/expire_logs_days_grant.test new file mode 100644 index 00000000000..65099b745f8 --- /dev/null +++ b/mysql-test/suite/sys_vars/t/expire_logs_days_grant.test @@ -0,0 +1,9 @@ +--echo # +--echo # MDEV-21963 Bind BINLOG ADMIN to a number of global system variables +--echo # + +--let var = expire_logs_days +--let grant = BINLOG ADMIN +--let value = 33 + +--source suite/sys_vars/inc/sysvar_global_grant.inc diff --git a/mysql-test/suite/sys_vars/t/log_bin_compress_grant.test b/mysql-test/suite/sys_vars/t/log_bin_compress_grant.test new file mode 100644 index 00000000000..3b2c7849948 --- /dev/null +++ b/mysql-test/suite/sys_vars/t/log_bin_compress_grant.test @@ -0,0 +1,9 @@ +--echo # +--echo # MDEV-21963 Bind BINLOG ADMIN to a number of global system variables +--echo # + +--let var = log_bin_compress +--let grant = BINLOG ADMIN +--let value = 1 + +--source suite/sys_vars/inc/sysvar_global_grant.inc diff --git a/mysql-test/suite/sys_vars/t/log_bin_compress_min_len_grant.test b/mysql-test/suite/sys_vars/t/log_bin_compress_min_len_grant.test new file mode 100644 index 00000000000..26eff8c9b30 --- /dev/null +++ b/mysql-test/suite/sys_vars/t/log_bin_compress_min_len_grant.test @@ -0,0 +1,9 @@ +--echo # +--echo # MDEV-21963 Bind BINLOG ADMIN to a number of global system variables +--echo # + +--let var = log_bin_compress_min_len +--let grant = BINLOG ADMIN +--let value = 512 + +--source suite/sys_vars/inc/sysvar_global_grant.inc diff --git a/mysql-test/suite/sys_vars/t/log_bin_trust_function_creators_grant.test b/mysql-test/suite/sys_vars/t/log_bin_trust_function_creators_grant.test new file mode 100644 index 00000000000..0744987e189 --- /dev/null +++ b/mysql-test/suite/sys_vars/t/log_bin_trust_function_creators_grant.test @@ -0,0 +1,9 @@ +--echo # +--echo # MDEV-21963 Bind BINLOG ADMIN to a number of global system variables +--echo # + +--let var = log_bin_trust_function_creators +--let grant = BINLOG ADMIN +--let value = 1 + +--source suite/sys_vars/inc/sysvar_global_grant.inc diff --git a/mysql-test/suite/sys_vars/t/max_binlog_cache_size_grant.test b/mysql-test/suite/sys_vars/t/max_binlog_cache_size_grant.test new file mode 100644 index 00000000000..ae1178ca82c --- /dev/null +++ b/mysql-test/suite/sys_vars/t/max_binlog_cache_size_grant.test @@ -0,0 +1,9 @@ +--echo # +--echo # MDEV-21963 Bind BINLOG ADMIN to a number of global system variables +--echo # + +--let var = max_binlog_cache_size +--let grant = BINLOG ADMIN +--let value = 4096 + +--source suite/sys_vars/inc/sysvar_global_grant.inc diff --git a/mysql-test/suite/sys_vars/t/max_binlog_size_grant.test b/mysql-test/suite/sys_vars/t/max_binlog_size_grant.test new file mode 100644 index 00000000000..05b7b2669fd --- /dev/null +++ b/mysql-test/suite/sys_vars/t/max_binlog_size_grant.test @@ -0,0 +1,9 @@ +--echo # +--echo # MDEV-21963 Bind BINLOG ADMIN to a number of global system variables +--echo # + +--let var = max_binlog_size +--let grant = BINLOG ADMIN +--let value = 4096 + +--source suite/sys_vars/inc/sysvar_global_grant.inc diff --git a/mysql-test/suite/sys_vars/t/max_binlog_stmt_cache_size_grant.test b/mysql-test/suite/sys_vars/t/max_binlog_stmt_cache_size_grant.test new file mode 100644 index 00000000000..d9decb6e40f --- /dev/null +++ b/mysql-test/suite/sys_vars/t/max_binlog_stmt_cache_size_grant.test @@ -0,0 +1,9 @@ +--echo # +--echo # MDEV-21963 Bind BINLOG ADMIN to a number of global system variables +--echo # + +--let var = max_binlog_stmt_cache_size +--let grant = BINLOG ADMIN +--let value = 4096 + +--source suite/sys_vars/inc/sysvar_global_grant.inc diff --git a/mysql-test/suite/sys_vars/t/sync_binlog_grant.test b/mysql-test/suite/sys_vars/t/sync_binlog_grant.test new file mode 100644 index 00000000000..114be48e19f --- /dev/null +++ b/mysql-test/suite/sys_vars/t/sync_binlog_grant.test @@ -0,0 +1,9 @@ +--echo # +--echo # MDEV-21963 Bind BINLOG ADMIN to a number of global system variables +--echo # + +--let var = sync_binlog +--let grant = BINLOG ADMIN +--let value = 10 + +--source suite/sys_vars/inc/sysvar_global_grant.inc diff --git a/sql/privilege.h b/sql/privilege.h index 6d5612e5c4b..fef44315d4f 100644 --- a/sql/privilege.h +++ b/sql/privilege.h @@ -318,11 +318,56 @@ constexpr privilege_t PRIV_SET_RESTRICTED_SESSION_SYSTEM_VARIABLE= SUPER_ACL; /* The following variables respected only SUPER_ACL prior to 10.5.2 */ constexpr privilege_t PRIV_SET_SYSTEM_VAR_BINLOG_FORMAT= SUPER_ACL | BINLOG_ADMIN_ACL; + constexpr privilege_t PRIV_SET_SYSTEM_VAR_BINLOG_DIRECT_NON_TRANSACTIONAL_UPDATES= SUPER_ACL | BINLOG_ADMIN_ACL; + constexpr privilege_t PRIV_SET_SYSTEM_VAR_SQL_LOG_BIN= SUPER_ACL | BINLOG_ADMIN_ACL; +constexpr privilege_t PRIV_SET_SYSTEM_GLOBAL_VAR_BINLOG_CACHE_SIZE= + SUPER_ACL | BINLOG_ADMIN_ACL; + +constexpr privilege_t PRIV_SET_SYSTEM_GLOBAL_VAR_BINLOG_FILE_CACHE_SIZE= + SUPER_ACL | BINLOG_ADMIN_ACL; + +constexpr privilege_t PRIV_SET_SYSTEM_GLOBAL_VAR_BINLOG_STMT_CACHE_SIZE= + SUPER_ACL | BINLOG_ADMIN_ACL; + +constexpr privilege_t PRIV_SET_SYSTEM_GLOBAL_VAR_BINLOG_COMMIT_WAIT_COUNT= + SUPER_ACL | BINLOG_ADMIN_ACL; + +constexpr privilege_t PRIV_SET_SYSTEM_GLOBAL_VAR_BINLOG_COMMIT_WAIT_USEC= + SUPER_ACL | BINLOG_ADMIN_ACL; + +constexpr privilege_t PRIV_SET_SYSTEM_GLOBAL_VAR_BINLOG_ROW_METADATA= + SUPER_ACL | BINLOG_ADMIN_ACL; + +constexpr privilege_t PRIV_SET_SYSTEM_GLOBAL_VAR_EXPIRE_LOGS_DAYS= + SUPER_ACL | BINLOG_ADMIN_ACL; + +constexpr privilege_t PRIV_SET_SYSTEM_GLOBAL_VAR_LOG_BIN_COMPRESS= + SUPER_ACL | BINLOG_ADMIN_ACL; + +constexpr privilege_t PRIV_SET_SYSTEM_GLOBAL_VAR_LOG_BIN_COMPRESS_MIN_LEN= + SUPER_ACL | BINLOG_ADMIN_ACL; + +constexpr privilege_t PRIV_SET_SYSTEM_GLOBAL_VAR_LOG_BIN_TRUST_FUNCTION_CREATORS= + SUPER_ACL | BINLOG_ADMIN_ACL; + +constexpr privilege_t PRIV_SET_SYSTEM_GLOBAL_VAR_MAX_BINLOG_CACHE_SIZE= + SUPER_ACL | BINLOG_ADMIN_ACL; + +constexpr privilege_t PRIV_SET_SYSTEM_GLOBAL_VAR_MAX_BINLOG_STMT_CACHE_SIZE= + SUPER_ACL | BINLOG_ADMIN_ACL; + +constexpr privilege_t PRIV_SET_SYSTEM_GLOBAL_VAR_MAX_BINLOG_SIZE= + SUPER_ACL | BINLOG_ADMIN_ACL; + +constexpr privilege_t PRIV_SET_SYSTEM_GLOBAL_VAR_SYNC_BINLOG= + SUPER_ACL | BINLOG_ADMIN_ACL; + + /* Privileges related to --read-only */ // Was super prior to 10.5.2 diff --git a/sql/sys_vars.cc b/sql/sys_vars.cc index 4d5c7a3c18d..87e7da9dedd 100644 --- a/sql/sys_vars.cc +++ b/sql/sys_vars.cc @@ -526,7 +526,9 @@ static Sys_var_enum Sys_vers_alter_history( SESSION_VAR(vers_alter_history), CMD_LINE(REQUIRED_ARG), vers_alter_history_keywords, DEFAULT(VERS_ALTER_HISTORY_ERROR)); -static Sys_var_ulonglong Sys_binlog_cache_size( +static Sys_var_on_access_global<Sys_var_ulonglong, + PRIV_SET_SYSTEM_GLOBAL_VAR_BINLOG_CACHE_SIZE> +Sys_binlog_cache_size( "binlog_cache_size", "The size of the transactional cache for " "updates to transactional engines for the binary log. " "If you often use transactions containing many statements, " @@ -535,14 +537,18 @@ static Sys_var_ulonglong Sys_binlog_cache_size( CMD_LINE(REQUIRED_ARG), VALID_RANGE(IO_SIZE, SIZE_T_MAX), DEFAULT(32768), BLOCK_SIZE(IO_SIZE)); -static Sys_var_ulonglong Sys_binlog_file_cache_size( +static Sys_var_on_access_global<Sys_var_ulonglong, + PRIV_SET_SYSTEM_GLOBAL_VAR_BINLOG_FILE_CACHE_SIZE> +Sys_binlog_file_cache_size( "binlog_file_cache_size", "The size of file cache for the binary log", GLOBAL_VAR(binlog_file_cache_size), CMD_LINE(REQUIRED_ARG), VALID_RANGE(IO_SIZE*2, SIZE_T_MAX), DEFAULT(IO_SIZE*4), BLOCK_SIZE(IO_SIZE)); -static Sys_var_ulonglong Sys_binlog_stmt_cache_size( +static Sys_var_on_access_global<Sys_var_ulonglong, + PRIV_SET_SYSTEM_GLOBAL_VAR_BINLOG_STMT_CACHE_SIZE> +Sys_binlog_stmt_cache_size( "binlog_stmt_cache_size", "The size of the statement cache for " "updates to non-transactional engines for the binary log. " "If you often use statements updating a great number of rows, " @@ -1150,7 +1156,9 @@ static Sys_var_enum Sys_event_scheduler( ON_CHECK(event_scheduler_check), ON_UPDATE(event_scheduler_update)); #endif -static Sys_var_ulong Sys_expire_logs_days( +static Sys_var_on_access_global<Sys_var_ulong, + PRIV_SET_SYSTEM_GLOBAL_VAR_EXPIRE_LOGS_DAYS> +Sys_expire_logs_days( "expire_logs_days", "If non-zero, binary logs will be purged after expire_logs_days " "days; possible purges happen at startup and at binary log rotation", @@ -1393,19 +1401,25 @@ static Sys_var_mybool Sys_log_bin( "log_bin", "Whether the binary log is enabled", READ_ONLY GLOBAL_VAR(opt_bin_log), NO_CMD_LINE, DEFAULT(FALSE)); -static Sys_var_mybool Sys_log_bin_compress( +static Sys_var_on_access_global<Sys_var_mybool, + PRIV_SET_SYSTEM_GLOBAL_VAR_LOG_BIN_COMPRESS> +Sys_log_bin_compress( "log_bin_compress", "Whether the binary log can be compressed", GLOBAL_VAR(opt_bin_log_compress), CMD_LINE(OPT_ARG), DEFAULT(FALSE)); /* the min length is 10, means that Begin/Commit/Rollback would never be compressed! */ -static Sys_var_uint Sys_log_bin_compress_min_len( +static Sys_var_on_access_global<Sys_var_uint, + PRIV_SET_SYSTEM_GLOBAL_VAR_LOG_BIN_COMPRESS_MIN_LEN> +Sys_log_bin_compress_min_len( "log_bin_compress_min_len", "Minimum length of sql statement(in statement mode) or record(in row mode)" "that can be compressed.", GLOBAL_VAR(opt_bin_log_compress_min_len), CMD_LINE(OPT_ARG), VALID_RANGE(10, 1024), DEFAULT(256), BLOCK_SIZE(1)); -static Sys_var_mybool Sys_trust_function_creators( +static Sys_var_on_access_global<Sys_var_mybool, + PRIV_SET_SYSTEM_GLOBAL_VAR_LOG_BIN_TRUST_FUNCTION_CREATORS> +Sys_trust_function_creators( "log_bin_trust_function_creators", "If set to FALSE (the default), then when --log-bin is used, creation " "of a stored function (or trigger) is allowed only to users having the " @@ -1586,14 +1600,18 @@ static Sys_var_ulong Sys_slave_max_allowed_packet( VALID_RANGE(1024, MAX_MAX_ALLOWED_PACKET), DEFAULT(MAX_MAX_ALLOWED_PACKET), BLOCK_SIZE(1024)); -static Sys_var_ulonglong Sys_max_binlog_cache_size( +static Sys_var_on_access_global<Sys_var_ulonglong, + PRIV_SET_SYSTEM_GLOBAL_VAR_MAX_BINLOG_CACHE_SIZE> +Sys_max_binlog_cache_size( "max_binlog_cache_size", "Sets the total size of the transactional cache", GLOBAL_VAR(max_binlog_cache_size), CMD_LINE(REQUIRED_ARG), VALID_RANGE(IO_SIZE, SIZE_T_MAX), DEFAULT((SIZE_T_MAX/IO_SIZE)*IO_SIZE), BLOCK_SIZE(IO_SIZE)); -static Sys_var_ulonglong Sys_max_binlog_stmt_cache_size( +static Sys_var_on_access_global<Sys_var_ulonglong, + PRIV_SET_SYSTEM_GLOBAL_VAR_MAX_BINLOG_STMT_CACHE_SIZE> +Sys_max_binlog_stmt_cache_size( "max_binlog_stmt_cache_size", "Sets the total size of the statement cache", GLOBAL_VAR(max_binlog_stmt_cache_size), CMD_LINE(REQUIRED_ARG), @@ -1605,7 +1623,9 @@ static bool fix_max_binlog_size(sys_var *self, THD *thd, enum_var_type type) mysql_bin_log.set_max_size(max_binlog_size); return false; } -static Sys_var_ulong Sys_max_binlog_size( +static Sys_var_on_access_global<Sys_var_ulong, + PRIV_SET_SYSTEM_GLOBAL_VAR_MAX_BINLOG_SIZE> +Sys_max_binlog_size( "max_binlog_size", "Binary log will be rotated automatically when the size exceeds this " "value.", @@ -2346,7 +2366,9 @@ static Sys_var_mybool Sys_gtid_ignore_duplicates( #endif -static Sys_var_ulong Sys_binlog_commit_wait_count( +static Sys_var_on_access_global<Sys_var_ulong, + PRIV_SET_SYSTEM_GLOBAL_VAR_BINLOG_COMMIT_WAIT_COUNT> +Sys_binlog_commit_wait_count( "binlog_commit_wait_count", "If non-zero, binlog write will wait at most binlog_commit_wait_usec " "microseconds for at least this many commits to queue up for group " @@ -2357,7 +2379,9 @@ static Sys_var_ulong Sys_binlog_commit_wait_count( VALID_RANGE(0, ULONG_MAX), DEFAULT(0), BLOCK_SIZE(1)); -static Sys_var_ulong Sys_binlog_commit_wait_usec( +static Sys_var_on_access_global<Sys_var_ulong, + PRIV_SET_SYSTEM_GLOBAL_VAR_BINLOG_COMMIT_WAIT_USEC> +Sys_binlog_commit_wait_usec( "binlog_commit_wait_usec", "Maximum time, in microseconds, to wait for more commits to queue up " "for binlog group commit. Only takes effect if the value of " @@ -5408,7 +5432,9 @@ static Sys_var_uint Sys_sync_relayloginfo_period( VALID_RANGE(0, UINT_MAX), DEFAULT(10000), BLOCK_SIZE(1)); #endif -static Sys_var_uint Sys_sync_binlog_period( +static Sys_var_on_access_global<Sys_var_uint, + PRIV_SET_SYSTEM_GLOBAL_VAR_SYNC_BINLOG> +Sys_sync_binlog_period( "sync_binlog", "Synchronously flush binary log to disk after " "every #th event. Use 0 (default) to disable synchronous flushing", GLOBAL_VAR(sync_binlog_period), CMD_LINE(REQUIRED_ARG), @@ -6348,7 +6374,9 @@ static Sys_var_enum Sys_binlog_row_image( binlog_row_image_names, DEFAULT(BINLOG_ROW_IMAGE_FULL)); static const char *binlog_row_metadata_names[]= {"NO_LOG", "MINIMAL", "FULL", NullS}; -static Sys_var_enum Sys_binlog_row_metadata( +static Sys_var_on_access_global<Sys_var_enum, + PRIV_SET_SYSTEM_GLOBAL_VAR_BINLOG_ROW_METADATA> +Sys_binlog_row_metadata( "binlog_row_metadata", "Controls whether metadata is logged using FULL , MINIMAL format and NO_LOG." "FULL causes all metadata to be logged; MINIMAL means that only " |