diff options
| author | Alexander Barkov <bar@mariadb.org> | 2014-12-10 10:40:35 +0400 |
|---|---|---|
| committer | Alexander Barkov <bar@mariadb.org> | 2014-12-10 10:40:35 +0400 |
| commit | 92a523e5d56264702982435fdd01eb63e37cc4da (patch) | |
| tree | 32f4677ee9749d0ecea3aecd4093c0f5a89a3f63 /mysql-test/t | |
| parent | 31c7458e1a62ec4961d914b0eb376319a350cca1 (diff) | |
| download | mariadb-git-92a523e5d56264702982435fdd01eb63e37cc4da.tar.gz | |
MDEV-7280 DATABASE: CREATE OR REPLACE
A clean-up: require CREATE+DROP privileges for "CREATE OR REPLACE DATABASE",
instead of just CREATE privilege.
Diffstat (limited to 'mysql-test/t')
| -rw-r--r-- | mysql-test/t/create_or_replace_permission.test | 67 |
1 files changed, 67 insertions, 0 deletions
diff --git a/mysql-test/t/create_or_replace_permission.test b/mysql-test/t/create_or_replace_permission.test new file mode 100644 index 00000000000..3bb72fba6af --- /dev/null +++ b/mysql-test/t/create_or_replace_permission.test @@ -0,0 +1,67 @@ +# Grant tests not performed with embedded server +-- source include/not_embedded.inc + +--echo # +--echo # Tests for checking permission denied on CREATE OR REPLACE if DROP +--echo # access is revoked +--echo # + +--echo # These statements do not need special tests for CREATE OR REPLACE, +--echo # because they do not have separate permissions for create and drop: +--echo # CREATE OR REPLACE EVENT (uses EVENT_ACL for both CREATE and DROP) +--echo # CREATE OR DROP SERVER (uses SUPER_ALC for both CREATE and DROP) +--echo # CREATE OR DROP TRIGGER (uses TRIGGER_ACL for both CREATE and DROP) + +SELECT CURRENT_USER; +CREATE DATABASE db1; +GRANT ALL ON db1.* TO mysqltest_1@localhost; +REVOKE DROP ON db1.* FROM mysqltest_1@localhost; +REVOKE ALTER ROUTINE ON db1.* FROM mysqltest_1@localhost; +GRANT DELETE ON mysql.* TO mysqltest_1@localhost; +REVOKE DELETE ON mysql.* FROM mysqltest_1@localhost; +FLUSH PRIVILEGES; + +connect (user_a, localhost, mysqltest_1,,); +connection user_a; +SELECT CURRENT_USER; + +# mysqltest_1 has CREATE privilege on db1 +--error ER_DB_CREATE_EXISTS +CREATE DATABASE db1; + +# mysqltest_1 has no DROP privilege on db1 +--error ER_DBACCESS_DENIED_ERROR +CREATE OR REPLACE DATABASE db1; + +# mysqltest_1 has no any privileges on db2 +--error ER_DBACCESS_DENIED_ERROR +CREATE OR REPLACE DATABASE db2; + +USE db1; +--error ER_TABLEACCESS_DENIED_ERROR +CREATE OR REPLACE TABLE t1(id INT); + +#TODO: add this when "MDEV-5359 CREATE OR REPLACE..." is done +#DELIMITER $; +#--error ER_PROCACCESS_DENIED_ERROR +#CREATE OR REPLACE PROCEDURE proc1 (OUT cnt INT) BEGIN SELECT COUNT(*) INTO cnt FROM t1; END$ +#DELIMITER ;$ +# +#--error ER_DBACCESS_DENIED_ERROR +#CREATE OR REPLACE FUNCTION lookup RETURNS STRING SONAME "udf_example.so"; +# +#--error ER_PROCACCESS_DENIED_ERROR +#CREATE OR REPLACE FUNCTION hello(str char(20)) RETURNS TEXT RETURN CONCAT('Hello, ', str, '!'); +# +#--error ER_SPECIFIC_ACCESS_DENIED_ERROR +#CREATE OR REPLACE USER u1@localhost; +# +#--error ER_SPECIFIC_ACCESS_DENIED_ERROR +#CREATE OR REPLACE ROLE developer; + +connection default; +SELECT CURRENT_USER; +REVOKE ALL ON db1.* FROM mysqltest_1@localhost; +DROP DATABASE IF EXISTS db2; +DROP DATABASE db1; +DROP USER mysqltest_1@localhost; |