1
# suite/funcs_1/t/is_column_privileges.test
3
# Check the layout of information_schema.column_privileges and the impact of
4
# CREATE/ALTER/DROP TABLE/VIEW/SCHEMA ... on it.
7
# This test is not intended
8
# - to show information about the all time existing tables
9
# within the databases information_schema and mysql
10
# - for checking storage engine properties
11
# Therefore please do not alter $engine_type and $other_engine_type.
14
# 2008-01-23 mleich WL#4203 Reorganize and fix the data dictionary tests of
16
# Create this script based on older scripts and new code.
19
# --source suite/funcs_1/datadict/datadict.pre
21
let $engine_type = MEMORY;
22
let $other_engine_type = MyISAM;
24
let $is_table = COLUMN_PRIVILEGES;
26
# The table INFORMATION_SCHEMA.COLUMN_PRIVILEGES must exist
27
eval SHOW TABLES FROM information_schema LIKE '$is_table';
29
--echo #######################################################################
30
--echo # Testcase 3.2.1.1: INFORMATION_SCHEMA tables can be queried via SELECT
31
--echo #######################################################################
32
# Ensure that every INFORMATION_SCHEMA table can be queried with a SELECT
33
# statement, just as if it were an ordinary user-defined table.
35
--source suite/funcs_1/datadict/is_table_query.inc
38
--echo #########################################################################
39
--echo # Testcase 3.2.5.1: INFORMATION_SCHEMA.COLUMN_PRIVILEGES layout
40
--echo #########################################################################
41
# Ensure that the INFORMATION_SCHEMA.COLUMN_PRIVILEGES table has the following
42
# columns, in the following order:
44
# GRANTEE (shows the name of a user who has either granted,
45
# or been granted a column privilege),
46
# TABLE_CATALOG (always shows NULL),
47
# TABLE_SCHEMA (shows the name of the schema, or database, in which the table
48
# for which a column privilege has been granted resides),
49
# TABLE_NAME (shows the name of the table),
50
# COLUMN_NAME (shows the name of the column on which a column privilege has
52
# PRIVILEGE_TYPE (shows the type of privilege that was granted; must be either
53
# SELECT, INSERT, UPDATE, or REFERENCES),
54
# IS_GRANTABLE (shows whether that privilege was granted WITH GRANT OPTION).
56
--source suite/funcs_1/datadict/datadict_bug_12777.inc
57
eval DESCRIBE information_schema.$is_table;
58
--source suite/funcs_1/datadict/datadict_bug_12777.inc
59
eval SHOW CREATE TABLE information_schema.$is_table;
60
--source suite/funcs_1/datadict/datadict_bug_12777.inc
61
eval SHOW COLUMNS FROM information_schema.$is_table;
63
# Note: Retrieval of information within information_schema.columns
64
# about information_schema.column_privileges is in is_columns_is.test.
66
# Show that TABLE_CATALOG is always NULL.
67
SELECT table_catalog, table_schema, table_name, column_name, privilege_type
68
FROM information_schema.column_privileges WHERE table_catalog IS NOT NULL;
71
--echo ######################################################################
72
--echo # Testcase 3.2.5.2+3.2.5.3+3.2.5.4:
73
--echo # INFORMATION_SCHEMA.COLUMN_PRIVILEGES accessible information
74
--echo ######################################################################
75
# 3.2.5.2: Ensure that the table shows the relevant information on every
76
# column privilege which has been granted to the current user or
77
# PUBLIC, or which was granted by the current user.
78
# 3.2.5.3: Ensure that the table does not show any information on any column
79
# privilege which was granted to any user other than the current user
80
# or PUBLIC, or which was granted by any user other than
82
# 3.2.5.4: Ensure that the table does not show any information on any
83
# privileges that are not column privileges for the current user.
85
# Note: Check of content within information_schema.column_privileges about the
86
# databases information_schema, mysql and test is in
87
# is_column_privileges_is_mysql_test.test
90
DROP DATABASE IF EXISTS db_datadict;
92
CREATE DATABASE db_datadict;
93
--replace_result $other_engine_type <other_engine_type>
95
CREATE TABLE db_datadict.t1 (f1 INT, f2 DECIMAL, f3 TEXT)
96
ENGINE = $other_engine_type;
99
--error 0,ER_CANNOT_USER
100
DROP USER 'testuser1'@'localhost';
101
CREATE USER 'testuser1'@'localhost';
102
--error 0,ER_CANNOT_USER
103
DROP USER 'testuser2'@'localhost';
104
CREATE USER 'testuser2'@'localhost';
105
--error 0,ER_CANNOT_USER
106
DROP USER 'testuser3'@'localhost';
107
CREATE USER 'testuser3'@'localhost';
109
GRANT SELECT(f1, f3) ON db_datadict.t1 TO 'testuser1'@'localhost';
110
GRANT INSERT(f1) ON db_datadict.t1 TO 'testuser1'@'localhost';
111
GRANT UPDATE(f2) ON db_datadict.t1 TO 'testuser1'@'localhost';
112
GRANT SELECT(f2) ON db_datadict.t1 TO 'testuser2'@'localhost';
113
GRANT INSERT, SELECT ON db_datadict.t1 TO 'testuser3'@'localhost';
114
GRANT SELECT(f3) ON db_datadict.t1 TO 'testuser3'@'localhost';
116
GRANT INSERT, SELECT ON db_datadict.t1 TO 'testuser3'@'localhost'
118
GRANT ALL ON db_datadict.* TO 'testuser3'@'localhost';
120
let $select= SELECT * FROM information_schema.column_privileges
121
WHERE grantee LIKE '''testuser%'''
122
ORDER BY grantee, table_schema,table_name,column_name,privilege_type;
125
# Note: WITH GRANT OPTION applies to all privileges on this table
126
# and not to the columns mentioned only.
127
GRANT UPDATE(f3) ON db_datadict.t1 TO 'testuser1'@'localhost'
132
--echo # Establish connection testuser1 (user=testuser1)
133
--replace_result $MASTER_MYPORT MYSQL_PORT $MASTER_MYSOCK MYSQL_SOCK
134
connect (testuser1, localhost, testuser1, , db_datadict);
137
--echo # Establish connection testuser2 (user=testuser2)
138
--replace_result $MASTER_MYPORT MYSQL_PORT $MASTER_MYSOCK MYSQL_SOCK
139
connect (testuser2, localhost, testuser2, , db_datadict);
142
--echo # Establish connection testuser3 (user=testuser3)
143
--replace_result $MASTER_MYPORT MYSQL_PORT $MASTER_MYSOCK MYSQL_SOCK
144
connect (testuser3, localhost, testuser3, , db_datadict);
146
--echo # FIXME: Is it correct that granted TABLES do not occur in COLUMN_PRIVILEGES?
147
SELECT * FROM information_schema.table_privileges
148
WHERE grantee LIKE '''testuser%'''
149
ORDER BY grantee,table_schema,table_name,privilege_type;
150
SELECT * FROM information_schema.schema_privileges
151
WHERE grantee LIKE '''testuser%'''
152
ORDER BY grantee,table_schema,privilege_type;
154
GRANT SELECT(f1, f3) ON db_datadict.t1 TO 'testuser2'@'localhost';
156
--echo # FIXME: Is it intended that *my* grants to others are *NOT* shown here?
159
--echo # Switch to connection testuser2 (user=testuser2)
160
connection testuser2;
164
--echo # Switch to connection default and close connections testuser1,testuser2,testuser3
166
disconnect testuser1;
167
disconnect testuser2;
168
disconnect testuser3;
169
DROP DATABASE db_datadict;
170
DROP USER 'testuser1'@'localhost';
171
DROP USER 'testuser2'@'localhost';
172
DROP USER 'testuser3'@'localhost';
175
--echo ################################################################################
176
--echo # 3.2.1.13+3.2.1.14+3.2.1.15: INFORMATION_SCHEMA.COLUMN_PRIVILEGES modifications
177
--echo ################################################################################
178
# 3.2.1.13: Ensure that the creation of any new database object (e.g. table or
179
# column) automatically inserts all relevant information on that
180
# object into every appropriate INFORMATION_SCHEMA table.
181
# 3.2.1.14: Ensure that the alteration of any existing database object
182
# automatically updates all relevant information on that object in
183
# every appropriate INFORMATION_SCHEMA table.
184
# 3.2.1.15: Ensure that the dropping of any existing database object
185
# automatically deletes all relevant information on that object from
186
# every appropriate INFORMATION_SCHEMA table.
189
# The MySQL privilege system allows to GRANT objects before they exist.
190
# (Exception: Grant privileges for columns of not existing tables/views.)
191
# There is also no migration of privileges if objects (tables, views, columns)
192
# are moved to other databases (tables only), renamed or dropped.
195
DROP DATABASE IF EXISTS db_datadict;
197
CREATE DATABASE db_datadict;
198
--replace_result $engine_type <engine_type>
200
CREATE TABLE db_datadict.my_table (f1 BIGINT, f2 CHAR(10), f3 DATE)
201
ENGINE = $engine_type;
203
--error 0,ER_CANNOT_USER
204
DROP USER 'testuser1'@'localhost';
205
CREATE USER 'testuser1'@'localhost';
206
GRANT ALL ON test.* TO 'testuser1'@'localhost';
208
let $my_select = SELECT * FROM information_schema.column_privileges
209
WHERE table_name = 'my_table'
210
ORDER BY grantee, table_schema,table_name,column_name,privilege_type;
211
let $my_show = SHOW GRANTS FOR 'testuser1'@'localhost';
215
--echo # Establish connection testuser1 (user=testuser1)
216
--replace_result $MASTER_MYPORT MYSQL_PORT $MASTER_MYSOCK MYSQL_SOCK
217
connect (testuser1, localhost, testuser1, , test);
221
--echo # Switch to connection default
223
GRANT SELECT (f1,f3) ON db_datadict.my_table TO 'testuser1'@'localhost';
227
--echo # Switch to connection testuser1
228
connection testuser1;
232
--echo # Switch to connection default
234
ALTER TABLE db_datadict.my_table DROP COLUMN f3;
235
GRANT UPDATE (f1) ON db_datadict.my_table TO 'testuser1'@'localhost';
239
--echo # Switch to connection testuser1
240
connection testuser1;
243
--error ER_BAD_FIELD_ERROR
244
SELECT f1, f3 FROM db_datadict.my_table;
246
--echo # Switch to connection default
248
ALTER TABLE db_datadict.my_table CHANGE COLUMN f1 my_col BIGINT;
252
--echo # Switch to connection testuser1
253
connection testuser1;
257
--echo # Switch to connection default
259
DROP TABLE db_datadict.my_table;
263
--echo # Switch to connection testuser1
264
connection testuser1;
268
--echo # Switch to connection default
270
REVOKE ALL ON db_datadict.my_table FROM 'testuser1'@'localhost';
274
--echo # Switch to connection testuser1
275
connection testuser1;
279
--echo # Switch to connection default and close connection testuser1
281
disconnect testuser1;
282
DROP USER 'testuser1'@'localhost';
283
DROP DATABASE db_datadict;
286
--echo ########################################################################
287
--echo # Testcases 3.2.1.3-3.2.1.5 + 3.2.1.8-3.2.1.12: INSERT/UPDATE/DELETE and
288
--echo # DDL on INFORMATION_SCHEMA table are not supported
289
--echo ########################################################################
290
# 3.2.1.3: Ensure that no user may execute an INSERT statement on any
291
# INFORMATION_SCHEMA table.
292
# 3.2.1.4: Ensure that no user may execute an UPDATE statement on any
293
# INFORMATION_SCHEMA table.
294
# 3.2.1.5: Ensure that no user may execute a DELETE statement on any
295
# INFORMATION_SCHEMA table.
296
# 3.2.1.8: Ensure that no user may create an index on an
297
# INFORMATION_SCHEMA table.
298
# 3.2.1.9: Ensure that no user may alter the definition of an
299
# INFORMATION_SCHEMA table.
300
# 3.2.1.10: Ensure that no user may drop an INFORMATION_SCHEMA table.
301
# 3.2.1.11: Ensure that no user may move an INFORMATION_SCHEMA table to any
303
# 3.2.1.12: Ensure that no user may directly add to, alter, or delete any data
304
# in an INFORMATION_SCHEMA table.
307
DROP DATABASE IF EXISTS db_datadict;
309
CREATE DATABASE db_datadict;
310
--replace_result $engine_type <engine_type>
312
CREATE TABLE db_datadict.t1 (f1 BIGINT, f2 BIGINT)
313
ENGINE = $engine_type;
314
--error 0,ER_CANNOT_USER
315
DROP USER 'testuser1'@'localhost';
316
CREATE USER 'testuser1'@'localhost';
317
GRANT SELECT (f1) ON db_datadict.t1 TO 'testuser1'@'localhost';
319
--error ER_DBACCESS_DENIED_ERROR
320
INSERT INTO information_schema.column_privileges
321
SELECT * FROM information_schema.column_privileges;
323
--error ER_DBACCESS_DENIED_ERROR
324
UPDATE information_schema.column_privileges SET table_schema = 'test'
325
WHERE table_name = 't1';
327
--error ER_DBACCESS_DENIED_ERROR
328
DELETE FROM information_schema.column_privileges WHERE table_name = 't1';
329
--error ER_DBACCESS_DENIED_ERROR
330
TRUNCATE information_schema.column_privileges;
332
--error ER_DBACCESS_DENIED_ERROR
333
CREATE INDEX my_idx_on_tables
334
ON information_schema.column_privileges(table_schema);
335
--error ER_DBACCESS_DENIED_ERROR
336
ALTER TABLE information_schema.column_privileges ADD f1 INT;
338
--error ER_DBACCESS_DENIED_ERROR
339
DROP TABLE information_schema.column_privileges;
341
--error ER_DBACCESS_DENIED_ERROR
342
ALTER TABLE information_schema.column_privileges
343
RENAME db_datadict.column_privileges;
344
--error ER_DBACCESS_DENIED_ERROR
345
ALTER TABLE information_schema.column_privileges
346
RENAME information_schema.xcolumn_privileges;
349
DROP DATABASE db_datadict;
350
DROP USER 'testuser1'@'localhost';