1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
|
-- source include/have_partition.inc
# Grant tests not performed with embedded server
-- source include/not_embedded.inc
--disable_warnings
drop schema if exists mysqltest_1;
--enable_warnings
#
# Bug #17139: ALTER TABLE ... DROP PARTITION should require DROP privilege
#
create schema mysqltest_1;
use mysqltest_1;
create table t1 (a int) partition by list (a) (partition p1 values in (1), partition p2 values in (2), partition p3 values in (3));
insert into t1 values (1),(2);
# We don't have DROP USER IF EXISTS. Use this workaround to
# cleanup possible grants for mysqltest_1 left by previous tests
# and ensure consistent results of SHOW GRANTS command below.
--disable_warnings
create user mysqltest_1@localhost;
grant usage on *.* to mysqltest_1@localhost;
revoke all privileges on *.* from mysqltest_1@localhost;
--enable_warnings
grant select,alter on mysqltest_1.* to mysqltest_1@localhost;
connect (conn1,localhost,mysqltest_1,,mysqltest_1);
show grants for current_user;
alter table t1 add b int;
--error ER_TABLEACCESS_DENIED_ERROR
alter table t1 drop partition p2;
disconnect conn1;
connection default;
grant drop on mysqltest_1.* to mysqltest_1@localhost;
connect (conn2,localhost,mysqltest_1,,mysqltest_1);
alter table t1 drop partition p2;
disconnect conn2;
connection default;
revoke alter on mysqltest_1.* from mysqltest_1@localhost;
connect (conn3,localhost,mysqltest_1,,mysqltest_1);
--error ER_TABLEACCESS_DENIED_ERROR
alter table t1 drop partition p3;
disconnect conn3;
connection default;
revoke select,alter,drop on mysqltest_1.* from mysqltest_1@localhost;
drop table t1;
#
# Bug #23675 Partitions: possible security breach via alter
#
create table t1 (s1 int);
insert into t1 values (1);
grant alter on mysqltest_1.* to mysqltest_1@localhost;
connect (conn4,localhost,mysqltest_1,,mysqltest_1);
connection conn4;
--error ER_NO_PARTITION_FOR_GIVEN_VALUE
alter table t1 partition by list (s1) (partition p1 values in (2));
connection default;
grant select, alter on mysqltest_1.* to mysqltest_1@localhost;
disconnect conn4;
connect (conn5,localhost,mysqltest_1,,mysqltest_1);
--error ER_NO_PARTITION_FOR_GIVEN_VALUE
alter table t1 partition by list (s1) (partition p1 values in (2));
disconnect conn5;
connection default;
drop table t1;
drop user mysqltest_1@localhost;
drop schema mysqltest_1;
--echo End of 5.1 tests
|