1
# suite/funcs_1/t/is_user_privileges.test
3
# Check the layout of information_schema.user_privileges, permissions and
4
# the impact of CREATE/ALTER/DROP SCHEMA on it.
7
# This test is not intended
8
# - to show information about the all time existing tables
9
# within the databases information_schema and mysql
10
# - for checking storage engine properties
11
# Therefore please do not alter $engine_type and $other_engine_type.
14
# 2008-01-23 mleich WL#4203 Reorganize and fix the data dictionary tests of
16
# Create this script based on older scripts and new code.
19
# --source suite/funcs_1/datadict/datadict.pre
21
let $engine_type = MEMORY;
22
let $other_engine_type = MyISAM;
24
let $is_table = USER_PRIVILEGES;
26
# The table INFORMATION_SCHEMA.USER_PRIVILEGES must exist
27
eval SHOW TABLES FROM information_schema LIKE '$is_table';
29
--echo #######################################################################
30
--echo # Testcase 3.2.1.1: INFORMATION_SCHEMA tables can be queried via SELECT
31
--echo #######################################################################
32
# Ensure that every INFORMATION_SCHEMA table can be queried with a SELECT
33
# statement, just as if it were an ordinary user-defined table.
35
--source suite/funcs_1/datadict/is_table_query.inc
38
--echo #########################################################################
39
--echo # Testcase 3.2.16.1: INFORMATION_SCHEMA.USER_PRIVILEGES layout
40
--echo #########################################################################
41
# Ensure that the INFORMATION_SCHEMA.USER_PRIVILEGES table has the following columns,
42
# in the following order:
44
# GRANTEE (shows a user to whom a user privilege has been granted),
45
# TABLE_CATALOG (always shows NULL),
46
# PRIVILEGE_TYPE (shows the granted privilege),
47
# IS_GRANTABLE (shows whether the privilege was granted WITH GRANT OPTION).
49
--source suite/funcs_1/datadict/datadict_bug_12777.inc
50
eval DESCRIBE information_schema.$is_table;
51
--source suite/funcs_1/datadict/datadict_bug_12777.inc
52
eval SHOW CREATE TABLE information_schema.$is_table;
53
--source suite/funcs_1/datadict/datadict_bug_12777.inc
54
eval SHOW COLUMNS FROM information_schema.$is_table;
56
# Note: Retrieval of information within information_schema.columns about
57
# information_schema.user_privileges is in is_columns_is.test.
59
# Show that TABLE_CATALOG is always NULL.
60
SELECT grantee, table_catalog, privilege_type
61
FROM information_schema.user_privileges
62
WHERE table_catalog IS NOT NULL;
65
--echo ##########################################################################
66
--echo # Testcases 3.2.16.2+3.2.16.3+3.2.16.4: INFORMATION_SCHEMA.USER_PRIVILEGES
67
--echo # accessible information
68
--echo ##########################################################################
69
# 3.2.16.2: Ensure that the table shows the relevant information on every user
70
# privilege which has been granted to the current user or to PUBLIC,
71
# or has been granted by the current user.
72
# 3.2.16.3: Ensure that the table does not show any information on any user
73
# privileges which have been granted to users other than the current
74
# user or have been granted by any user other than the current user.
75
# 3.2.16.4: Ensure that the table does not show any information on any
76
# privileges that are not user privileges for the current user.
79
DROP DATABASE IF EXISTS db_datadict;
81
CREATE DATABASE db_datadict;
83
--error 0,ER_CANNOT_USER
84
DROP USER 'testuser1'@'localhost';
85
CREATE USER 'testuser1'@'localhost';
86
--error 0,ER_CANNOT_USER
87
DROP USER 'testuser2'@'localhost';
88
CREATE USER 'testuser2'@'localhost';
89
--error 0,ER_CANNOT_USER
90
DROP USER 'testuser3'@'localhost';
91
CREATE USER 'testuser3'@'localhost';
93
GRANT SELECT ON db_datadict.* TO 'testuser1'@'localhost';
94
GRANT SELECT ON mysql.user TO 'testuser1'@'localhost';
96
GRANT INSERT ON *.* TO 'testuser2'@'localhost';
97
GRANT UPDATE ON *.* TO 'testuser2'@'localhost';
99
let $my_select1= SELECT * FROM information_schema.user_privileges
100
WHERE grantee LIKE '''testuser%'''
101
ORDER BY grantee, table_catalog, privilege_type;
102
let $my_select2= SELECT * FROM mysql.user
103
WHERE user LIKE 'testuser%' ORDER BY host, user;
104
let $my_show= SHOW GRANTS;
109
--echo # Add GRANT OPTION db_datadict.* to testuser1;
110
GRANT UPDATE ON db_datadict.* TO 'testuser1'@'localhost' WITH GRANT OPTION;
114
--echo # Establish connection testuser1 (user=testuser1)
115
--replace_result $MASTER_MYPORT MYSQL_PORT $MASTER_MYSOCK MYSQL_SOCK
116
connect (testuser1, localhost, testuser1, , db_datadict);
122
--echo # Now add SELECT on *.* to testuser1;
124
--echo # Switch to connection default
126
GRANT SELECT ON *.* TO 'testuser1'@'localhost';
128
--echo # Here <SELECT NO> is shown correctly for testuser1;
132
GRANT SELECT ON *.* TO 'testuser1'@'localhost' WITH GRANT OPTION;
134
--echo # Here <SELECT YES> is shown correctly for testuser1;
138
--echo # Switch to connection testuser1
139
# check that this appears
140
connection testuser1;
145
--echo # Establish connection testuser2 (user=testuser2)
146
--replace_result $MASTER_MYPORT MYSQL_PORT $MASTER_MYSOCK MYSQL_SOCK
147
connect (testuser2, localhost, testuser2, , db_datadict);
149
--error ER_TABLEACCESS_DENIED_ERROR
153
--echo # Establish connection testuser3 (user=testuser3)
154
--replace_result $MASTER_MYPORT MYSQL_PORT $MASTER_MYSOCK MYSQL_SOCK
155
connect (testuser3, localhost, testuser3, , test);
157
--error ER_TABLEACCESS_DENIED_ERROR
162
--echo # Revoke privileges from testuser1;
163
--echo # Switch to connection default
165
REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'testuser1'@'localhost';
169
--echo # Switch to connection testuser1
171
connection testuser1;
173
--error ER_TABLEACCESS_DENIED_ERROR
177
# OK, testuser1 has no privs here
178
--error ER_TABLEACCESS_DENIED_ERROR
179
CREATE TABLE db_datadict.tb_55 ( c1 TEXT );
181
--error ER_TABLEACCESS_DENIED_ERROR
184
# OK, testuser1 has no privs here
185
--error ER_TABLEACCESS_DENIED_ERROR
186
CREATE TABLE db_datadict.tb_66 ( c1 TEXT );
189
--echo # Add ALL on db_datadict.* (and select on mysql.user) to testuser1;
190
--echo # Switch to connection default
192
GRANT ALL ON db_datadict.* TO 'testuser1'@'localhost' WITH GRANT OPTION;
193
GRANT SELECT ON mysql.user TO 'testuser1'@'localhost';
197
--echo # Switch to connection testuser1
198
connection testuser1;
203
# OK, testuser1 has no privs here
204
--error ER_TABLEACCESS_DENIED_ERROR
205
CREATE TABLE db_datadict.tb_56 ( c1 TEXT );
207
# using 'USE' lets the server read the privileges new, so now the CREATE works
212
--replace_result $other_engine_type <other_engine_type>
214
CREATE TABLE tb_57 ( c1 TEXT )
215
ENGINE = $other_engine_type;
218
--echo # Revoke privileges from testuser1;
219
--echo # Switch to connection default
221
REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'testuser1'@'localhost';
225
--echo # Switch to connection testuser1
227
connection testuser1;
229
--error ER_TABLEACCESS_DENIED_ERROR
232
# WORKS, as the existing old privileges are used!
233
--replace_result $other_engine_type <other_engine_type>
235
CREATE TABLE db_datadict.tb_58 ( c1 TEXT )
236
ENGINE = $other_engine_type;
237
# existing privileges are "read" new when USE is called, user has no privileges
238
--error ER_DBACCESS_DENIED_ERROR
240
#FIXME 3.2.16: check that it is correct that this now 'works': --error ER_TABLEACCESS_DENIED_ERROR
241
--replace_result $other_engine_type <other_engine_type>
243
CREATE TABLE db_datadict.tb_59 ( c1 TEXT )
244
ENGINE = $other_engine_type;
247
--echo # Switch to connection default and close connections testuser1,testuser2,testuser3
249
disconnect testuser1;
250
disconnect testuser2;
251
disconnect testuser3;
252
DROP USER 'testuser1'@'localhost';
253
DROP USER 'testuser2'@'localhost';
254
DROP USER 'testuser3'@'localhost';
255
DROP DATABASE IF EXISTS db_datadict;
258
--echo ########################################################################################
259
--echo # Testcases 3.2.1.13+3.2.1.14+3.2.1.15: INFORMATION_SCHEMA.USER_PRIVILEGES modifications
260
--echo ########################################################################################
261
# 3.2.1.13: Ensure that the creation of any new database object (e.g. table or
262
# column) automatically inserts all relevant information on that
263
# object into every appropriate INFORMATION_SCHEMA table.
264
# 3.2.1.14: Ensure that the alteration of any existing database object
265
# automatically updates all relevant information on that object in
266
# every appropriate INFORMATION_SCHEMA table.
267
# 3.2.1.15: Ensure that the dropping of any existing database object
268
# automatically deletes all relevant information on that object from
269
# every appropriate INFORMATION_SCHEMA table.
271
let $my_select = SELECT * FROM information_schema.user_privileges
272
WHERE grantee = '''testuser1''@''localhost''';
273
let $my_show = SHOW GRANTS FOR 'testuser1'@'localhost';
275
--error ER_NONEXISTING_GRANT
277
--error 0,ER_CANNOT_USER
278
DROP USER 'testuser1'@'localhost';
279
CREATE USER 'testuser1'@'localhost';
282
GRANT SELECT, FILE ON *.* TO 'testuser1'@'localhost';
285
DROP USER 'testuser1'@'localhost';
287
--error ER_NONEXISTING_GRANT
291
--echo ########################################################################
292
--echo # Testcases 3.2.1.3-3.2.1.5 + 3.2.1.8-3.2.1.12: INSERT/UPDATE/DELETE and
293
--echo # DDL on INFORMATION_SCHEMA tables are not supported
294
--echo ########################################################################
295
# 3.2.1.3: Ensure that no user may execute an INSERT statement on any
296
# INFORMATION_SCHEMA table.
297
# 3.2.1.4: Ensure that no user may execute an UPDATE statement on any
298
# INFORMATION_SCHEMA table.
299
# 3.2.1.5: Ensure that no user may execute a DELETE statement on any
300
# INFORMATION_SCHEMA table.
301
# 3.2.1.8: Ensure that no user may create an index on an
302
# INFORMATION_SCHEMA table.
303
# 3.2.1.9: Ensure that no user may alter the definition of an
304
# INFORMATION_SCHEMA table.
305
# 3.2.1.10: Ensure that no user may drop an INFORMATION_SCHEMA table.
306
# 3.2.1.11: Ensure that no user may move an INFORMATION_SCHEMA table to any
308
# 3.2.1.12: Ensure that no user may directly add to, alter, or delete any data
309
# in an INFORMATION_SCHEMA table.
311
--error 0,ER_CANNOT_USER
312
DROP USER 'testuser1'@'localhost';
313
CREATE USER 'testuser1'@'localhost';
315
--error ER_DBACCESS_DENIED_ERROR
316
INSERT INTO information_schema.user_privileges
317
SELECT * FROM information_schema.user_privileges;
319
--error ER_DBACCESS_DENIED_ERROR
320
UPDATE information_schema.user_privileges
321
SET PRIVILEGE_TYPE = 'gaming';
323
--error ER_DBACCESS_DENIED_ERROR
324
DELETE FROM information_schema.user_privileges
325
WHERE grantee = '''testuser1''@''localhost''';
326
--error ER_DBACCESS_DENIED_ERROR
327
TRUNCATE information_schema.user_privileges;
329
--error ER_DBACCESS_DENIED_ERROR
330
CREATE INDEX i1 ON information_schema.user_privileges(grantee);
332
--error ER_DBACCESS_DENIED_ERROR
333
ALTER TABLE information_schema.user_privileges ADD f1 INT;
335
--error ER_DBACCESS_DENIED_ERROR
336
DROP TABLE information_schema.user_privileges;
338
--error ER_DBACCESS_DENIED_ERROR
339
ALTER TABLE information_schema.user_privileges
340
RENAME db_datadict.user_privileges;
341
--error ER_DBACCESS_DENIED_ERROR
342
ALTER TABLE information_schema.user_privileges
343
RENAME information_schema.xuser_privileges;
346
DROP USER 'testuser1'@'localhost';