Loading mysql-test/r/grant.result +24 −10 Original line number Diff line number Diff line Loading @@ -357,12 +357,12 @@ show grants for grant_user@localhost; Grants for grant_user@localhost GRANT USAGE ON *.* TO 'grant_user'@'localhost' GRANT INSERT (a, d, c, b) ON `test`.`t1` TO 'grant_user'@'localhost' select Host,Db,User,Table_name,Column_name,Column_priv from mysql.columns_priv; select Host,Db,User,Table_name,Column_name,Column_priv from mysql.columns_priv order by Column_name; Host Db User Table_name Column_name Column_priv localhost test grant_user t1 b Insert localhost test grant_user t1 d Insert localhost test grant_user t1 a Insert localhost test grant_user t1 b Insert localhost test grant_user t1 c Insert localhost test grant_user t1 d Insert revoke ALL PRIVILEGES on t1 from grant_user@localhost; show grants for grant_user@localhost; Grants for grant_user@localhost Loading @@ -381,13 +381,27 @@ grant update (a) on mysqltest_1.t1 to mysqltest_3@localhost; grant select (b) on mysqltest_1.t2 to mysqltest_3@localhost; grant select (c) on mysqltest_2.t1 to mysqltest_3@localhost; grant update (d) on mysqltest_2.t2 to mysqltest_3@localhost; show grants for mysqltest_3@localhost; Grants for mysqltest_3@localhost GRANT USAGE ON *.* TO 'mysqltest_3'@'localhost' GRANT SELECT (b) ON `mysqltest_1`.`t2` TO 'mysqltest_3'@'localhost' GRANT UPDATE (a) ON `mysqltest_1`.`t1` TO 'mysqltest_3'@'localhost' GRANT UPDATE (d) ON `mysqltest_2`.`t2` TO 'mysqltest_3'@'localhost' GRANT SELECT (c) ON `mysqltest_2`.`t1` TO 'mysqltest_3'@'localhost' SELECT * FROM INFORMATION_SCHEMA.COLUMN_PRIVILEGES WHERE GRANTEE = '''mysqltest_3''@''localhost''' ORDER BY TABLE_NAME,COLUMN_NAME,PRIVILEGE_TYPE; GRANTEE TABLE_CATALOG TABLE_SCHEMA TABLE_NAME COLUMN_NAME PRIVILEGE_TYPE IS_GRANTABLE 'mysqltest_3'@'localhost' NULL mysqltest_1 t1 a UPDATE NO 'mysqltest_3'@'localhost' NULL mysqltest_2 t1 c SELECT NO 'mysqltest_3'@'localhost' NULL mysqltest_1 t2 b SELECT NO 'mysqltest_3'@'localhost' NULL mysqltest_2 t2 d UPDATE NO SELECT * FROM INFORMATION_SCHEMA.TABLE_PRIVILEGES WHERE GRANTEE = '''mysqltest_3''@''localhost''' ORDER BY TABLE_NAME,PRIVILEGE_TYPE; GRANTEE TABLE_CATALOG TABLE_SCHEMA TABLE_NAME PRIVILEGE_TYPE IS_GRANTABLE SELECT * from INFORMATION_SCHEMA.SCHEMA_PRIVILEGES WHERE GRANTEE = '''mysqltest_3''@''localhost''' ORDER BY TABLE_SCHEMA,PRIVILEGE_TYPE; GRANTEE TABLE_CATALOG TABLE_SCHEMA PRIVILEGE_TYPE IS_GRANTABLE SELECT * from INFORMATION_SCHEMA.USER_PRIVILEGES WHERE GRANTEE = '''mysqltest_3''@''localhost''' ORDER BY TABLE_CATALOG,PRIVILEGE_TYPE; GRANTEE TABLE_CATALOG PRIVILEGE_TYPE IS_GRANTABLE 'mysqltest_3'@'localhost' NULL USAGE NO update mysqltest_1.t1, mysqltest_1.t2 set q=10 where b=1; ERROR 42000: UPDATE command denied to user 'mysqltest_3'@'localhost' for column 'q' in table 't1' update mysqltest_1.t2, mysqltest_2.t2 set d=20 where d=1; Loading mysql-test/r/view_grant.result +85 −0 Original line number Diff line number Diff line Loading @@ -533,3 +533,88 @@ View Create View v2 CREATE ALGORITHM=UNDEFINED DEFINER=`some_user`@`localhost` SQL SECURITY INVOKER VIEW `v2` AS select 1 AS `1` drop view v1; drop view v2; CREATE DATABASE mysqltest1; CREATE USER readonly@localhost; CREATE TABLE mysqltest1.t1 (x INT); INSERT INTO mysqltest1.t1 VALUES (1), (2); CREATE SQL SECURITY INVOKER VIEW mysqltest1.v_t1 AS SELECT * FROM mysqltest1.t1; CREATE SQL SECURITY DEFINER VIEW mysqltest1.v_ts AS SELECT * FROM mysqltest1.t1; CREATE SQL SECURITY DEFINER VIEW mysqltest1.v_ti AS SELECT * FROM mysqltest1.t1; CREATE SQL SECURITY DEFINER VIEW mysqltest1.v_tu AS SELECT * FROM mysqltest1.t1; CREATE SQL SECURITY DEFINER VIEW mysqltest1.v_tus AS SELECT * FROM mysqltest1.t1; CREATE SQL SECURITY DEFINER VIEW mysqltest1.v_td AS SELECT * FROM mysqltest1.t1; CREATE SQL SECURITY DEFINER VIEW mysqltest1.v_tds AS SELECT * FROM mysqltest1.t1; GRANT SELECT, INSERT, UPDATE, DELETE ON mysqltest1.v_t1 TO readonly; GRANT SELECT ON mysqltest1.v_ts TO readonly; GRANT INSERT ON mysqltest1.v_ti TO readonly; GRANT UPDATE ON mysqltest1.v_tu TO readonly; GRANT UPDATE,SELECT ON mysqltest1.v_tus TO readonly; GRANT DELETE ON mysqltest1.v_td TO readonly; GRANT DELETE,SELECT ON mysqltest1.v_tds TO readonly; SELECT * FROM mysqltest1.v_t1; ERROR HY000: View 'mysqltest1.v_t1' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them INSERT INTO mysqltest1.v_t1 VALUES(4); ERROR HY000: View 'mysqltest1.v_t1' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them DELETE FROM mysqltest1.v_t1 WHERE x = 1; ERROR HY000: View 'mysqltest1.v_t1' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them UPDATE mysqltest1.v_t1 SET x = 3 WHERE x = 2; ERROR HY000: View 'mysqltest1.v_t1' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them UPDATE mysqltest1.v_t1 SET x = 3; ERROR HY000: View 'mysqltest1.v_t1' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them DELETE FROM mysqltest1.v_t1; ERROR HY000: View 'mysqltest1.v_t1' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them SELECT 1 FROM mysqltest1.v_t1; ERROR HY000: View 'mysqltest1.v_t1' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them SELECT * FROM mysqltest1.t1; ERROR 42000: SELECT command denied to user 'readonly'@'localhost' for table 't1' SELECT * FROM mysqltest1.v_ts; x 1 2 SELECT * FROM mysqltest1.v_ts, mysqltest1.t1 WHERE mysqltest1.t1.x = mysqltest1.v_ts.x; ERROR 42000: SELECT command denied to user 'readonly'@'localhost' for table 't1' SELECT * FROM mysqltest1.v_ti; ERROR 42000: SELECT command denied to user 'readonly'@'localhost' for table 'v_ti' INSERT INTO mysqltest1.v_ts VALUES (100); ERROR 42000: INSERT command denied to user 'readonly'@'localhost' for table 'v_ts' INSERT INTO mysqltest1.v_ti VALUES (100); UPDATE mysqltest1.v_ts SET x= 200 WHERE x = 100; ERROR 42000: UPDATE command denied to user 'readonly'@'localhost' for table 'v_ts' UPDATE mysqltest1.v_ts SET x= 200; ERROR 42000: UPDATE command denied to user 'readonly'@'localhost' for table 'v_ts' UPDATE mysqltest1.v_tu SET x= 200 WHERE x = 100; UPDATE mysqltest1.v_tus SET x= 200 WHERE x = 100; UPDATE mysqltest1.v_tu SET x= 200; DELETE FROM mysqltest1.v_ts WHERE x= 200; ERROR 42000: DELETE command denied to user 'readonly'@'localhost' for table 'v_ts' DELETE FROM mysqltest1.v_ts; ERROR 42000: DELETE command denied to user 'readonly'@'localhost' for table 'v_ts' DELETE FROM mysqltest1.v_td WHERE x= 200; ERROR 42000: SELECT command denied to user 'readonly'@'localhost' for column 'x' in table 'v_td' DELETE FROM mysqltest1.v_tds WHERE x= 200; DELETE FROM mysqltest1.v_td; DROP VIEW mysqltest1.v_tds; DROP VIEW mysqltest1.v_td; DROP VIEW mysqltest1.v_tus; DROP VIEW mysqltest1.v_tu; DROP VIEW mysqltest1.v_ti; DROP VIEW mysqltest1.v_ts; DROP VIEW mysqltest1.v_t1; DROP TABLE mysqltest1.t1; DROP USER readonly@localhost; DROP DATABASE mysqltest1; CREATE TABLE t1 (a INT PRIMARY KEY); INSERT INTO t1 VALUES (1), (2), (3); CREATE DEFINER = 'no-such-user'@localhost VIEW v AS SELECT a from t1; Warnings: Note 1449 There is no 'no-such-user'@'localhost' registered SHOW CREATE VIEW v; View Create View v CREATE ALGORITHM=UNDEFINED DEFINER=`no-such-user`@`localhost` SQL SECURITY DEFINER VIEW `v` AS select `t1`.`a` AS `a` from `t1` Warnings: Note 1449 There is no 'no-such-user'@'localhost' registered SELECT * FROM v; ERROR HY000: There is no 'no-such-user'@'localhost' registered DROP VIEW v; DROP TABLE t1; USE test; mysql-test/t/grant.test +13 −2 Original line number Diff line number Diff line Loading @@ -302,7 +302,7 @@ DROP DATABASE testdb10; create table t1(a int, b int, c int, d int); grant insert(b), insert(c), insert(d), insert(a) on t1 to grant_user@localhost; show grants for grant_user@localhost; select Host,Db,User,Table_name,Column_name,Column_priv from mysql.columns_priv; select Host,Db,User,Table_name,Column_name,Column_priv from mysql.columns_priv order by Column_name; revoke ALL PRIVILEGES on t1 from grant_user@localhost; show grants for grant_user@localhost; select Host,Db,User,Table_name,Column_name,Column_priv from mysql.columns_priv; Loading @@ -326,7 +326,18 @@ grant select (c) on mysqltest_2.t1 to mysqltest_3@localhost; grant update (d) on mysqltest_2.t2 to mysqltest_3@localhost; connect (conn1,localhost,mysqltest_3,,); connection conn1; show grants for mysqltest_3@localhost; SELECT * FROM INFORMATION_SCHEMA.COLUMN_PRIVILEGES WHERE GRANTEE = '''mysqltest_3''@''localhost''' ORDER BY TABLE_NAME,COLUMN_NAME,PRIVILEGE_TYPE; SELECT * FROM INFORMATION_SCHEMA.TABLE_PRIVILEGES WHERE GRANTEE = '''mysqltest_3''@''localhost''' ORDER BY TABLE_NAME,PRIVILEGE_TYPE; SELECT * from INFORMATION_SCHEMA.SCHEMA_PRIVILEGES WHERE GRANTEE = '''mysqltest_3''@''localhost''' ORDER BY TABLE_SCHEMA,PRIVILEGE_TYPE; SELECT * from INFORMATION_SCHEMA.USER_PRIVILEGES WHERE GRANTEE = '''mysqltest_3''@''localhost''' ORDER BY TABLE_CATALOG,PRIVILEGE_TYPE; --error 1143 update mysqltest_1.t1, mysqltest_1.t2 set q=10 where b=1; --error 1143 Loading mysql-test/t/view_grant.test +95 −0 Original line number Diff line number Diff line Loading @@ -712,3 +712,98 @@ show create view v1; show create view v2; drop view v1; drop view v2; # # Bug#18681: View privileges are broken # CREATE DATABASE mysqltest1; CREATE USER readonly@localhost; CREATE TABLE mysqltest1.t1 (x INT); INSERT INTO mysqltest1.t1 VALUES (1), (2); CREATE SQL SECURITY INVOKER VIEW mysqltest1.v_t1 AS SELECT * FROM mysqltest1.t1; CREATE SQL SECURITY DEFINER VIEW mysqltest1.v_ts AS SELECT * FROM mysqltest1.t1; CREATE SQL SECURITY DEFINER VIEW mysqltest1.v_ti AS SELECT * FROM mysqltest1.t1; CREATE SQL SECURITY DEFINER VIEW mysqltest1.v_tu AS SELECT * FROM mysqltest1.t1; CREATE SQL SECURITY DEFINER VIEW mysqltest1.v_tus AS SELECT * FROM mysqltest1.t1; CREATE SQL SECURITY DEFINER VIEW mysqltest1.v_td AS SELECT * FROM mysqltest1.t1; CREATE SQL SECURITY DEFINER VIEW mysqltest1.v_tds AS SELECT * FROM mysqltest1.t1; GRANT SELECT, INSERT, UPDATE, DELETE ON mysqltest1.v_t1 TO readonly; GRANT SELECT ON mysqltest1.v_ts TO readonly; GRANT INSERT ON mysqltest1.v_ti TO readonly; GRANT UPDATE ON mysqltest1.v_tu TO readonly; GRANT UPDATE,SELECT ON mysqltest1.v_tus TO readonly; GRANT DELETE ON mysqltest1.v_td TO readonly; GRANT DELETE,SELECT ON mysqltest1.v_tds TO readonly; CONNECT (n1,localhost,readonly,,); CONNECTION n1; --error 1356 SELECT * FROM mysqltest1.v_t1; --error 1356 INSERT INTO mysqltest1.v_t1 VALUES(4); --error 1356 DELETE FROM mysqltest1.v_t1 WHERE x = 1; --error 1356 UPDATE mysqltest1.v_t1 SET x = 3 WHERE x = 2; --error 1356 UPDATE mysqltest1.v_t1 SET x = 3; --error 1356 DELETE FROM mysqltest1.v_t1; --error 1356 SELECT 1 FROM mysqltest1.v_t1; --error 1142 SELECT * FROM mysqltest1.t1; SELECT * FROM mysqltest1.v_ts; --error 1142 SELECT * FROM mysqltest1.v_ts, mysqltest1.t1 WHERE mysqltest1.t1.x = mysqltest1.v_ts.x; --error 1142 SELECT * FROM mysqltest1.v_ti; --error 1142 INSERT INTO mysqltest1.v_ts VALUES (100); INSERT INTO mysqltest1.v_ti VALUES (100); --error 1142 UPDATE mysqltest1.v_ts SET x= 200 WHERE x = 100; --error 1142 UPDATE mysqltest1.v_ts SET x= 200; UPDATE mysqltest1.v_tu SET x= 200 WHERE x = 100; UPDATE mysqltest1.v_tus SET x= 200 WHERE x = 100; UPDATE mysqltest1.v_tu SET x= 200; --error 1142 DELETE FROM mysqltest1.v_ts WHERE x= 200; --error 1142 DELETE FROM mysqltest1.v_ts; --error 1143 DELETE FROM mysqltest1.v_td WHERE x= 200; DELETE FROM mysqltest1.v_tds WHERE x= 200; DELETE FROM mysqltest1.v_td; CONNECTION default; DROP VIEW mysqltest1.v_tds; DROP VIEW mysqltest1.v_td; DROP VIEW mysqltest1.v_tus; DROP VIEW mysqltest1.v_tu; DROP VIEW mysqltest1.v_ti; DROP VIEW mysqltest1.v_ts; DROP VIEW mysqltest1.v_t1; DROP TABLE mysqltest1.t1; DROP USER readonly@localhost; DROP DATABASE mysqltest1; # # BUG#14875: Bad view DEFINER makes SHOW CREATE VIEW fail # CREATE TABLE t1 (a INT PRIMARY KEY); INSERT INTO t1 VALUES (1), (2), (3); CREATE DEFINER = 'no-such-user'@localhost VIEW v AS SELECT a from t1; --warning 1448 SHOW CREATE VIEW v; --error 1449 SELECT * FROM v; DROP VIEW v; DROP TABLE t1; USE test; sql/mysql_priv.h +7 −0 Original line number Diff line number Diff line Loading @@ -947,6 +947,13 @@ bool insert_fields(THD *thd, Name_resolution_context *context, bool setup_tables(THD *thd, Name_resolution_context *context, List<TABLE_LIST> *from_clause, TABLE_LIST *tables, Item **conds, TABLE_LIST **leaves, bool select_insert); bool setup_tables_and_check_access (THD *thd, Name_resolution_context *context, List<TABLE_LIST> *from_clause, TABLE_LIST *tables, Item **conds, TABLE_LIST **leaves, bool select_insert, ulong want_access); int setup_wild(THD *thd, TABLE_LIST *tables, List<Item> &fields, List<Item> *sum_func_list, uint wild_num); bool setup_fields(THD *thd, Item** ref_pointer_array, Loading Loading
mysql-test/r/grant.result +24 −10 Original line number Diff line number Diff line Loading @@ -357,12 +357,12 @@ show grants for grant_user@localhost; Grants for grant_user@localhost GRANT USAGE ON *.* TO 'grant_user'@'localhost' GRANT INSERT (a, d, c, b) ON `test`.`t1` TO 'grant_user'@'localhost' select Host,Db,User,Table_name,Column_name,Column_priv from mysql.columns_priv; select Host,Db,User,Table_name,Column_name,Column_priv from mysql.columns_priv order by Column_name; Host Db User Table_name Column_name Column_priv localhost test grant_user t1 b Insert localhost test grant_user t1 d Insert localhost test grant_user t1 a Insert localhost test grant_user t1 b Insert localhost test grant_user t1 c Insert localhost test grant_user t1 d Insert revoke ALL PRIVILEGES on t1 from grant_user@localhost; show grants for grant_user@localhost; Grants for grant_user@localhost Loading @@ -381,13 +381,27 @@ grant update (a) on mysqltest_1.t1 to mysqltest_3@localhost; grant select (b) on mysqltest_1.t2 to mysqltest_3@localhost; grant select (c) on mysqltest_2.t1 to mysqltest_3@localhost; grant update (d) on mysqltest_2.t2 to mysqltest_3@localhost; show grants for mysqltest_3@localhost; Grants for mysqltest_3@localhost GRANT USAGE ON *.* TO 'mysqltest_3'@'localhost' GRANT SELECT (b) ON `mysqltest_1`.`t2` TO 'mysqltest_3'@'localhost' GRANT UPDATE (a) ON `mysqltest_1`.`t1` TO 'mysqltest_3'@'localhost' GRANT UPDATE (d) ON `mysqltest_2`.`t2` TO 'mysqltest_3'@'localhost' GRANT SELECT (c) ON `mysqltest_2`.`t1` TO 'mysqltest_3'@'localhost' SELECT * FROM INFORMATION_SCHEMA.COLUMN_PRIVILEGES WHERE GRANTEE = '''mysqltest_3''@''localhost''' ORDER BY TABLE_NAME,COLUMN_NAME,PRIVILEGE_TYPE; GRANTEE TABLE_CATALOG TABLE_SCHEMA TABLE_NAME COLUMN_NAME PRIVILEGE_TYPE IS_GRANTABLE 'mysqltest_3'@'localhost' NULL mysqltest_1 t1 a UPDATE NO 'mysqltest_3'@'localhost' NULL mysqltest_2 t1 c SELECT NO 'mysqltest_3'@'localhost' NULL mysqltest_1 t2 b SELECT NO 'mysqltest_3'@'localhost' NULL mysqltest_2 t2 d UPDATE NO SELECT * FROM INFORMATION_SCHEMA.TABLE_PRIVILEGES WHERE GRANTEE = '''mysqltest_3''@''localhost''' ORDER BY TABLE_NAME,PRIVILEGE_TYPE; GRANTEE TABLE_CATALOG TABLE_SCHEMA TABLE_NAME PRIVILEGE_TYPE IS_GRANTABLE SELECT * from INFORMATION_SCHEMA.SCHEMA_PRIVILEGES WHERE GRANTEE = '''mysqltest_3''@''localhost''' ORDER BY TABLE_SCHEMA,PRIVILEGE_TYPE; GRANTEE TABLE_CATALOG TABLE_SCHEMA PRIVILEGE_TYPE IS_GRANTABLE SELECT * from INFORMATION_SCHEMA.USER_PRIVILEGES WHERE GRANTEE = '''mysqltest_3''@''localhost''' ORDER BY TABLE_CATALOG,PRIVILEGE_TYPE; GRANTEE TABLE_CATALOG PRIVILEGE_TYPE IS_GRANTABLE 'mysqltest_3'@'localhost' NULL USAGE NO update mysqltest_1.t1, mysqltest_1.t2 set q=10 where b=1; ERROR 42000: UPDATE command denied to user 'mysqltest_3'@'localhost' for column 'q' in table 't1' update mysqltest_1.t2, mysqltest_2.t2 set d=20 where d=1; Loading
mysql-test/r/view_grant.result +85 −0 Original line number Diff line number Diff line Loading @@ -533,3 +533,88 @@ View Create View v2 CREATE ALGORITHM=UNDEFINED DEFINER=`some_user`@`localhost` SQL SECURITY INVOKER VIEW `v2` AS select 1 AS `1` drop view v1; drop view v2; CREATE DATABASE mysqltest1; CREATE USER readonly@localhost; CREATE TABLE mysqltest1.t1 (x INT); INSERT INTO mysqltest1.t1 VALUES (1), (2); CREATE SQL SECURITY INVOKER VIEW mysqltest1.v_t1 AS SELECT * FROM mysqltest1.t1; CREATE SQL SECURITY DEFINER VIEW mysqltest1.v_ts AS SELECT * FROM mysqltest1.t1; CREATE SQL SECURITY DEFINER VIEW mysqltest1.v_ti AS SELECT * FROM mysqltest1.t1; CREATE SQL SECURITY DEFINER VIEW mysqltest1.v_tu AS SELECT * FROM mysqltest1.t1; CREATE SQL SECURITY DEFINER VIEW mysqltest1.v_tus AS SELECT * FROM mysqltest1.t1; CREATE SQL SECURITY DEFINER VIEW mysqltest1.v_td AS SELECT * FROM mysqltest1.t1; CREATE SQL SECURITY DEFINER VIEW mysqltest1.v_tds AS SELECT * FROM mysqltest1.t1; GRANT SELECT, INSERT, UPDATE, DELETE ON mysqltest1.v_t1 TO readonly; GRANT SELECT ON mysqltest1.v_ts TO readonly; GRANT INSERT ON mysqltest1.v_ti TO readonly; GRANT UPDATE ON mysqltest1.v_tu TO readonly; GRANT UPDATE,SELECT ON mysqltest1.v_tus TO readonly; GRANT DELETE ON mysqltest1.v_td TO readonly; GRANT DELETE,SELECT ON mysqltest1.v_tds TO readonly; SELECT * FROM mysqltest1.v_t1; ERROR HY000: View 'mysqltest1.v_t1' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them INSERT INTO mysqltest1.v_t1 VALUES(4); ERROR HY000: View 'mysqltest1.v_t1' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them DELETE FROM mysqltest1.v_t1 WHERE x = 1; ERROR HY000: View 'mysqltest1.v_t1' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them UPDATE mysqltest1.v_t1 SET x = 3 WHERE x = 2; ERROR HY000: View 'mysqltest1.v_t1' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them UPDATE mysqltest1.v_t1 SET x = 3; ERROR HY000: View 'mysqltest1.v_t1' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them DELETE FROM mysqltest1.v_t1; ERROR HY000: View 'mysqltest1.v_t1' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them SELECT 1 FROM mysqltest1.v_t1; ERROR HY000: View 'mysqltest1.v_t1' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them SELECT * FROM mysqltest1.t1; ERROR 42000: SELECT command denied to user 'readonly'@'localhost' for table 't1' SELECT * FROM mysqltest1.v_ts; x 1 2 SELECT * FROM mysqltest1.v_ts, mysqltest1.t1 WHERE mysqltest1.t1.x = mysqltest1.v_ts.x; ERROR 42000: SELECT command denied to user 'readonly'@'localhost' for table 't1' SELECT * FROM mysqltest1.v_ti; ERROR 42000: SELECT command denied to user 'readonly'@'localhost' for table 'v_ti' INSERT INTO mysqltest1.v_ts VALUES (100); ERROR 42000: INSERT command denied to user 'readonly'@'localhost' for table 'v_ts' INSERT INTO mysqltest1.v_ti VALUES (100); UPDATE mysqltest1.v_ts SET x= 200 WHERE x = 100; ERROR 42000: UPDATE command denied to user 'readonly'@'localhost' for table 'v_ts' UPDATE mysqltest1.v_ts SET x= 200; ERROR 42000: UPDATE command denied to user 'readonly'@'localhost' for table 'v_ts' UPDATE mysqltest1.v_tu SET x= 200 WHERE x = 100; UPDATE mysqltest1.v_tus SET x= 200 WHERE x = 100; UPDATE mysqltest1.v_tu SET x= 200; DELETE FROM mysqltest1.v_ts WHERE x= 200; ERROR 42000: DELETE command denied to user 'readonly'@'localhost' for table 'v_ts' DELETE FROM mysqltest1.v_ts; ERROR 42000: DELETE command denied to user 'readonly'@'localhost' for table 'v_ts' DELETE FROM mysqltest1.v_td WHERE x= 200; ERROR 42000: SELECT command denied to user 'readonly'@'localhost' for column 'x' in table 'v_td' DELETE FROM mysqltest1.v_tds WHERE x= 200; DELETE FROM mysqltest1.v_td; DROP VIEW mysqltest1.v_tds; DROP VIEW mysqltest1.v_td; DROP VIEW mysqltest1.v_tus; DROP VIEW mysqltest1.v_tu; DROP VIEW mysqltest1.v_ti; DROP VIEW mysqltest1.v_ts; DROP VIEW mysqltest1.v_t1; DROP TABLE mysqltest1.t1; DROP USER readonly@localhost; DROP DATABASE mysqltest1; CREATE TABLE t1 (a INT PRIMARY KEY); INSERT INTO t1 VALUES (1), (2), (3); CREATE DEFINER = 'no-such-user'@localhost VIEW v AS SELECT a from t1; Warnings: Note 1449 There is no 'no-such-user'@'localhost' registered SHOW CREATE VIEW v; View Create View v CREATE ALGORITHM=UNDEFINED DEFINER=`no-such-user`@`localhost` SQL SECURITY DEFINER VIEW `v` AS select `t1`.`a` AS `a` from `t1` Warnings: Note 1449 There is no 'no-such-user'@'localhost' registered SELECT * FROM v; ERROR HY000: There is no 'no-such-user'@'localhost' registered DROP VIEW v; DROP TABLE t1; USE test;
mysql-test/t/grant.test +13 −2 Original line number Diff line number Diff line Loading @@ -302,7 +302,7 @@ DROP DATABASE testdb10; create table t1(a int, b int, c int, d int); grant insert(b), insert(c), insert(d), insert(a) on t1 to grant_user@localhost; show grants for grant_user@localhost; select Host,Db,User,Table_name,Column_name,Column_priv from mysql.columns_priv; select Host,Db,User,Table_name,Column_name,Column_priv from mysql.columns_priv order by Column_name; revoke ALL PRIVILEGES on t1 from grant_user@localhost; show grants for grant_user@localhost; select Host,Db,User,Table_name,Column_name,Column_priv from mysql.columns_priv; Loading @@ -326,7 +326,18 @@ grant select (c) on mysqltest_2.t1 to mysqltest_3@localhost; grant update (d) on mysqltest_2.t2 to mysqltest_3@localhost; connect (conn1,localhost,mysqltest_3,,); connection conn1; show grants for mysqltest_3@localhost; SELECT * FROM INFORMATION_SCHEMA.COLUMN_PRIVILEGES WHERE GRANTEE = '''mysqltest_3''@''localhost''' ORDER BY TABLE_NAME,COLUMN_NAME,PRIVILEGE_TYPE; SELECT * FROM INFORMATION_SCHEMA.TABLE_PRIVILEGES WHERE GRANTEE = '''mysqltest_3''@''localhost''' ORDER BY TABLE_NAME,PRIVILEGE_TYPE; SELECT * from INFORMATION_SCHEMA.SCHEMA_PRIVILEGES WHERE GRANTEE = '''mysqltest_3''@''localhost''' ORDER BY TABLE_SCHEMA,PRIVILEGE_TYPE; SELECT * from INFORMATION_SCHEMA.USER_PRIVILEGES WHERE GRANTEE = '''mysqltest_3''@''localhost''' ORDER BY TABLE_CATALOG,PRIVILEGE_TYPE; --error 1143 update mysqltest_1.t1, mysqltest_1.t2 set q=10 where b=1; --error 1143 Loading
mysql-test/t/view_grant.test +95 −0 Original line number Diff line number Diff line Loading @@ -712,3 +712,98 @@ show create view v1; show create view v2; drop view v1; drop view v2; # # Bug#18681: View privileges are broken # CREATE DATABASE mysqltest1; CREATE USER readonly@localhost; CREATE TABLE mysqltest1.t1 (x INT); INSERT INTO mysqltest1.t1 VALUES (1), (2); CREATE SQL SECURITY INVOKER VIEW mysqltest1.v_t1 AS SELECT * FROM mysqltest1.t1; CREATE SQL SECURITY DEFINER VIEW mysqltest1.v_ts AS SELECT * FROM mysqltest1.t1; CREATE SQL SECURITY DEFINER VIEW mysqltest1.v_ti AS SELECT * FROM mysqltest1.t1; CREATE SQL SECURITY DEFINER VIEW mysqltest1.v_tu AS SELECT * FROM mysqltest1.t1; CREATE SQL SECURITY DEFINER VIEW mysqltest1.v_tus AS SELECT * FROM mysqltest1.t1; CREATE SQL SECURITY DEFINER VIEW mysqltest1.v_td AS SELECT * FROM mysqltest1.t1; CREATE SQL SECURITY DEFINER VIEW mysqltest1.v_tds AS SELECT * FROM mysqltest1.t1; GRANT SELECT, INSERT, UPDATE, DELETE ON mysqltest1.v_t1 TO readonly; GRANT SELECT ON mysqltest1.v_ts TO readonly; GRANT INSERT ON mysqltest1.v_ti TO readonly; GRANT UPDATE ON mysqltest1.v_tu TO readonly; GRANT UPDATE,SELECT ON mysqltest1.v_tus TO readonly; GRANT DELETE ON mysqltest1.v_td TO readonly; GRANT DELETE,SELECT ON mysqltest1.v_tds TO readonly; CONNECT (n1,localhost,readonly,,); CONNECTION n1; --error 1356 SELECT * FROM mysqltest1.v_t1; --error 1356 INSERT INTO mysqltest1.v_t1 VALUES(4); --error 1356 DELETE FROM mysqltest1.v_t1 WHERE x = 1; --error 1356 UPDATE mysqltest1.v_t1 SET x = 3 WHERE x = 2; --error 1356 UPDATE mysqltest1.v_t1 SET x = 3; --error 1356 DELETE FROM mysqltest1.v_t1; --error 1356 SELECT 1 FROM mysqltest1.v_t1; --error 1142 SELECT * FROM mysqltest1.t1; SELECT * FROM mysqltest1.v_ts; --error 1142 SELECT * FROM mysqltest1.v_ts, mysqltest1.t1 WHERE mysqltest1.t1.x = mysqltest1.v_ts.x; --error 1142 SELECT * FROM mysqltest1.v_ti; --error 1142 INSERT INTO mysqltest1.v_ts VALUES (100); INSERT INTO mysqltest1.v_ti VALUES (100); --error 1142 UPDATE mysqltest1.v_ts SET x= 200 WHERE x = 100; --error 1142 UPDATE mysqltest1.v_ts SET x= 200; UPDATE mysqltest1.v_tu SET x= 200 WHERE x = 100; UPDATE mysqltest1.v_tus SET x= 200 WHERE x = 100; UPDATE mysqltest1.v_tu SET x= 200; --error 1142 DELETE FROM mysqltest1.v_ts WHERE x= 200; --error 1142 DELETE FROM mysqltest1.v_ts; --error 1143 DELETE FROM mysqltest1.v_td WHERE x= 200; DELETE FROM mysqltest1.v_tds WHERE x= 200; DELETE FROM mysqltest1.v_td; CONNECTION default; DROP VIEW mysqltest1.v_tds; DROP VIEW mysqltest1.v_td; DROP VIEW mysqltest1.v_tus; DROP VIEW mysqltest1.v_tu; DROP VIEW mysqltest1.v_ti; DROP VIEW mysqltest1.v_ts; DROP VIEW mysqltest1.v_t1; DROP TABLE mysqltest1.t1; DROP USER readonly@localhost; DROP DATABASE mysqltest1; # # BUG#14875: Bad view DEFINER makes SHOW CREATE VIEW fail # CREATE TABLE t1 (a INT PRIMARY KEY); INSERT INTO t1 VALUES (1), (2), (3); CREATE DEFINER = 'no-such-user'@localhost VIEW v AS SELECT a from t1; --warning 1448 SHOW CREATE VIEW v; --error 1449 SELECT * FROM v; DROP VIEW v; DROP TABLE t1; USE test;
sql/mysql_priv.h +7 −0 Original line number Diff line number Diff line Loading @@ -947,6 +947,13 @@ bool insert_fields(THD *thd, Name_resolution_context *context, bool setup_tables(THD *thd, Name_resolution_context *context, List<TABLE_LIST> *from_clause, TABLE_LIST *tables, Item **conds, TABLE_LIST **leaves, bool select_insert); bool setup_tables_and_check_access (THD *thd, Name_resolution_context *context, List<TABLE_LIST> *from_clause, TABLE_LIST *tables, Item **conds, TABLE_LIST **leaves, bool select_insert, ulong want_access); int setup_wild(THD *thd, TABLE_LIST *tables, List<Item> &fields, List<Item> *sum_func_list, uint wild_num); bool setup_fields(THD *thd, Item** ref_pointer_array, Loading
