guoxin
/
test-example-projects
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
用于EagleEye3.0 规则集漏报和误报测试的示例项目,项目收集于github和gitee
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3 Commits
1 Branch
0 Tags
722 MiB
 
 
 
 
 
 
Tag: Branch: Tree: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
test-example-projects/c++_projects/280w-mysql-8.0.18/mysql-test/r/grant.result

2799 lines
124 KiB
Raw Permalink Blame History Escape

SET @old_log_bin_trust_function_creators= @@global.log_bin_trust_function_creators;
SET GLOBAL log_bin_trust_function_creators = 1;
set @orig_sql_mode_session= @@SESSION.sql_mode;
set @orig_sql_mode_global= @@GLOBAL.sql_mode;
drop table if exists t1;
drop database if exists mysqltest;
SET NAMES binary;
create user mysqltest_1@localhost;
grant CREATE TEMPORARY TABLES, LOCK TABLES on mysqltest.* to mysqltest_1@localhost;
show grants for mysqltest_1@localhost;
Grants for mysqltest_1@localhost
GRANT USAGE ON *.* TO `mysqltest_1`@`localhost`
GRANT CREATE TEMPORARY TABLES, LOCK TABLES ON `mysqltest`.* TO `mysqltest_1`@`localhost`
flush privileges;
show grants for mysqltest_1@localhost;
Grants for mysqltest_1@localhost
GRANT USAGE ON *.* TO `mysqltest_1`@`localhost`
GRANT CREATE TEMPORARY TABLES, LOCK TABLES ON `mysqltest`.* TO `mysqltest_1`@`localhost`
revoke CREATE TEMPORARY TABLES on mysqltest.* from mysqltest_1@localhost;
show grants for mysqltest_1@localhost;
Grants for mysqltest_1@localhost
GRANT USAGE ON *.* TO `mysqltest_1`@`localhost`
GRANT LOCK TABLES ON `mysqltest`.* TO `mysqltest_1`@`localhost`
grant ALL PRIVILEGES on mysqltest.* to mysqltest_1@localhost with GRANT OPTION;
flush privileges;
show grants for mysqltest_1@localhost;
Grants for mysqltest_1@localhost
GRANT USAGE ON *.* TO `mysqltest_1`@`localhost`
GRANT ALL PRIVILEGES ON `mysqltest`.* TO `mysqltest_1`@`localhost` WITH GRANT OPTION
revoke LOCK TABLES, ALTER on mysqltest.* from mysqltest_1@localhost;
show grants for mysqltest_1@localhost;
Grants for mysqltest_1@localhost
GRANT USAGE ON *.* TO `mysqltest_1`@`localhost`
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, REFERENCES, INDEX, CREATE TEMPORARY TABLES, EXECUTE, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, EVENT, TRIGGER ON `mysqltest`.* TO `mysqltest_1`@`localhost` WITH GRANT OPTION
revoke all privileges on mysqltest.* from mysqltest_1@localhost;
drop user mysqltest_1@localhost;
flush privileges;
create user mysqltest_1@localhost;
grant usage on test.* to mysqltest_1@localhost with grant option;
show grants for mysqltest_1@localhost;
Grants for mysqltest_1@localhost
GRANT USAGE ON *.* TO `mysqltest_1`@`localhost`
GRANT USAGE ON `test`.* TO `mysqltest_1`@`localhost` WITH GRANT OPTION
delete from mysql.user where user='mysqltest_1';
delete from mysql.db where user='mysqltest_1';
delete from mysql.tables_priv where user='mysqltest_1';
delete from mysql.columns_priv where user='mysqltest_1';
flush privileges;
show grants for mysqltest_1@localhost;
ERROR 42000: There is no such grant defined for user 'mysqltest_1' on host 'localhost'
create user mysqltest_1@localhost;
create table t1 (a int);
GRANT select,update,insert on t1 to mysqltest_1@localhost;
GRANT select (a), update (a),insert(a), references(a) on t1 to mysqltest_1@localhost;
show grants for mysqltest_1@localhost;
Grants for mysqltest_1@localhost
GRANT USAGE ON *.* TO `mysqltest_1`@`localhost`
GRANT SELECT, SELECT (`a`), INSERT, INSERT (`a`), UPDATE, UPDATE (`a`), REFERENCES (`a`) ON `test`.`t1` TO `mysqltest_1`@`localhost`
select table_priv,column_priv from mysql.tables_priv where user="mysqltest_1";
table_priv column_priv
Select,Insert,Update Select,Insert,Update,References
REVOKE select (a), update on t1 from mysqltest_1@localhost;
show grants for mysqltest_1@localhost;
Grants for mysqltest_1@localhost
GRANT USAGE ON *.* TO `mysqltest_1`@`localhost`
GRANT SELECT, INSERT, INSERT (`a`), REFERENCES (`a`) ON `test`.`t1` TO `mysqltest_1`@`localhost`
REVOKE select,update,insert,insert (a) on t1 from mysqltest_1@localhost;
show grants for mysqltest_1@localhost;
Grants for mysqltest_1@localhost
GRANT USAGE ON *.* TO `mysqltest_1`@`localhost`
GRANT REFERENCES (`a`) ON `test`.`t1` TO `mysqltest_1`@`localhost`
GRANT select,references on t1 to mysqltest_1@localhost;
select table_priv,column_priv from mysql.tables_priv where user="mysqltest_1";
table_priv column_priv
Select,References References
create user mysqltest_2@localhost, mysqltest_3@localhost;
grant all on test.* to mysqltest_3@localhost with grant option;
revoke all on test.* from mysqltest_3@localhost;
show grants for mysqltest_3@localhost;
Grants for mysqltest_3@localhost
GRANT USAGE ON *.* TO `mysqltest_3`@`localhost`
GRANT USAGE ON `test`.* TO `mysqltest_3`@`localhost` WITH GRANT OPTION
revoke grant option on test.* from mysqltest_3@localhost;
show grants for mysqltest_3@localhost;
Grants for mysqltest_3@localhost
GRANT USAGE ON *.* TO `mysqltest_3`@`localhost`
grant all on test.t1 to mysqltest_2@localhost with grant option;
revoke all on test.t1 from mysqltest_2@localhost;
show grants for mysqltest_2@localhost;
Grants for mysqltest_2@localhost
GRANT USAGE ON *.* TO `mysqltest_2`@`localhost`
GRANT USAGE ON `test`.`t1` TO `mysqltest_2`@`localhost` WITH GRANT OPTION
revoke grant option on test.t1 from mysqltest_2@localhost;
show grants for mysqltest_2@localhost;
Grants for mysqltest_2@localhost
GRANT USAGE ON *.* TO `mysqltest_2`@`localhost`
delete from mysql.user where user='mysqltest_1' or user="mysqltest_2" or user="mysqltest_3";
delete from mysql.db where user='mysqltest_1' or user="mysqltest_2" or user="mysqltest_3";
delete from mysql.tables_priv where user='mysqltest_1' or user="mysqltest_2" or user="mysqltest_3";
delete from mysql.columns_priv where user='mysqltest_1' or user="mysqltest_2" or user="mysqltest_3";
flush privileges;
drop table t1;
create user mysqltest_1@localhost;
create table t1 (abcdefghijklmnopqrstuvwxyz int);
GRANT select (abcdefghijklmnopqrstuvwxyz) on t1 to mysqltest_1@localhost;
show grants for mysqltest_1@localhost;
Grants for mysqltest_1@localhost
GRANT USAGE ON *.* TO `mysqltest_1`@`localhost`
GRANT SELECT (`abcdefghijklmnopqrstuvwxyz`) ON `test`.`t1` TO `mysqltest_1`@`localhost`
select table_priv,column_priv from mysql.tables_priv where user="mysqltest_1";
table_priv column_priv
Select
drop table t1;
GRANT FILE on mysqltest.* to mysqltest_1@localhost;
ERROR HY000: Incorrect usage of DB GRANT and GLOBAL PRIVILEGES
select 1;
1
1
drop user mysqltest_1@localhost;
insert ignore into mysql.user (host, user) values ('localhost', 'test11');
Warnings:
Warning 1364 Field 'ssl_cipher' doesn't have a default value
Warning 1364 Field 'x509_issuer' doesn't have a default value
Warning 1364 Field 'x509_subject' doesn't have a default value
insert into mysql.db (host, db, user, select_priv) values
('localhost', 'a%', 'test11', 'Y'), ('localhost', 'ab%', 'test11', 'Y');
alter table mysql.db order by db asc;
Warnings:
Warning 1105 ORDER BY ignored as there is a user-defined clustered index in the table 'db'
flush privileges;
show grants for test11@localhost;
Grants for test11@localhost
GRANT USAGE ON *.* TO `test11`@`localhost`
GRANT SELECT ON `a%`.* TO `test11`@`localhost`
GRANT SELECT ON `ab%`.* TO `test11`@`localhost`
alter table mysql.db order by db desc;
Warnings:
Warning 1105 ORDER BY ignored as there is a user-defined clustered index in the table 'db'
flush privileges;
show grants for test11@localhost;
Grants for test11@localhost
GRANT USAGE ON *.* TO `test11`@`localhost`
GRANT SELECT ON `a%`.* TO `test11`@`localhost`
GRANT SELECT ON `ab%`.* TO `test11`@`localhost`
delete from mysql.user where user='test11';
delete from mysql.db where user='test11';
create user test6123 identified by 'magic123';
create database mysqltest1;
grant usage on mysqltest1.* to test6123;
select host,db,user,select_priv,insert_priv from mysql.db where db="mysqltest1";
host db user select_priv insert_priv
delete from mysql.user where user='test6123';
drop database mysqltest1;
flush privileges;
create user drop_user@localhost, drop_user2@localhost;
create table t1 (a int);
grant ALL PRIVILEGES on *.* to drop_user2@localhost with GRANT OPTION;
show grants for drop_user2@localhost;
Grants for drop_user2@localhost
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, REPLICATION CLIENT, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, CREATE ROLE, DROP ROLE ON *.* TO `drop_user2`@`localhost` WITH GRANT OPTION
GRANT APPLICATION_PASSWORD_ADMIN,AUDIT_ADMIN,BACKUP_ADMIN,BINLOG_ADMIN,BINLOG_ENCRYPTION_ADMIN,CLONE_ADMIN,CONNECTION_ADMIN,ENCRYPTION_KEY_ADMIN,GROUP_REPLICATION_ADMIN,INNODB_REDO_LOG_ARCHIVE,PERSIST_RO_VARIABLES_ADMIN,REPLICATION_APPLIER,REPLICATION_SLAVE_ADMIN,RESOURCE_GROUP_ADMIN,RESOURCE_GROUP_USER,ROLE_ADMIN,SERVICE_CONNECTION_ADMIN,SESSION_VARIABLES_ADMIN,SET_USER_ID,SYSTEM_USER,SYSTEM_VARIABLES_ADMIN,TABLE_ENCRYPTION_ADMIN,XA_RECOVER_ADMIN ON *.* TO `drop_user2`@`localhost` WITH GRANT OPTION
revoke all privileges, grant option from drop_user2@localhost;
grant ALL PRIVILEGES on *.* to drop_user@localhost with GRANT OPTION;
grant ALL PRIVILEGES on test.* to drop_user@localhost with GRANT OPTION;
grant select(a) on test.t1 to drop_user@localhost;
show grants for drop_user@localhost;
Grants for drop_user@localhost
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, REPLICATION CLIENT, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, CREATE ROLE, DROP ROLE ON *.* TO `drop_user`@`localhost` WITH GRANT OPTION
GRANT APPLICATION_PASSWORD_ADMIN,AUDIT_ADMIN,BACKUP_ADMIN,BINLOG_ADMIN,BINLOG_ENCRYPTION_ADMIN,CLONE_ADMIN,CONNECTION_ADMIN,ENCRYPTION_KEY_ADMIN,GROUP_REPLICATION_ADMIN,INNODB_REDO_LOG_ARCHIVE,PERSIST_RO_VARIABLES_ADMIN,REPLICATION_APPLIER,REPLICATION_SLAVE_ADMIN,RESOURCE_GROUP_ADMIN,RESOURCE_GROUP_USER,ROLE_ADMIN,SERVICE_CONNECTION_ADMIN,SESSION_VARIABLES_ADMIN,SET_USER_ID,SYSTEM_USER,SYSTEM_VARIABLES_ADMIN,TABLE_ENCRYPTION_ADMIN,XA_RECOVER_ADMIN ON *.* TO `drop_user`@`localhost` WITH GRANT OPTION
GRANT ALL PRIVILEGES ON `test`.* TO `drop_user`@`localhost` WITH GRANT OPTION
GRANT SELECT (`a`) ON `test`.`t1` TO `drop_user`@`localhost`
set sql_mode=ansi_quotes;
show grants for drop_user@localhost;
Grants for drop_user@localhost
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, REPLICATION CLIENT, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, CREATE ROLE, DROP ROLE ON *.* TO "drop_user"@"localhost" WITH GRANT OPTION
GRANT APPLICATION_PASSWORD_ADMIN,AUDIT_ADMIN,BACKUP_ADMIN,BINLOG_ADMIN,BINLOG_ENCRYPTION_ADMIN,CLONE_ADMIN,CONNECTION_ADMIN,ENCRYPTION_KEY_ADMIN,GROUP_REPLICATION_ADMIN,INNODB_REDO_LOG_ARCHIVE,PERSIST_RO_VARIABLES_ADMIN,REPLICATION_APPLIER,REPLICATION_SLAVE_ADMIN,RESOURCE_GROUP_ADMIN,RESOURCE_GROUP_USER,ROLE_ADMIN,SERVICE_CONNECTION_ADMIN,SESSION_VARIABLES_ADMIN,SET_USER_ID,SYSTEM_USER,SYSTEM_VARIABLES_ADMIN,TABLE_ENCRYPTION_ADMIN,XA_RECOVER_ADMIN ON *.* TO "drop_user"@"localhost" WITH GRANT OPTION
GRANT ALL PRIVILEGES ON "test".* TO "drop_user"@"localhost" WITH GRANT OPTION
GRANT SELECT ("a") ON "test"."t1" TO "drop_user"@"localhost"
set sql_mode=default;
set sql_quote_show_create=0;
show grants for drop_user@localhost;
Grants for drop_user@localhost
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, REPLICATION CLIENT, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, CREATE ROLE, DROP ROLE ON *.* TO drop_user@localhost WITH GRANT OPTION
GRANT APPLICATION_PASSWORD_ADMIN,AUDIT_ADMIN,BACKUP_ADMIN,BINLOG_ADMIN,BINLOG_ENCRYPTION_ADMIN,CLONE_ADMIN,CONNECTION_ADMIN,ENCRYPTION_KEY_ADMIN,GROUP_REPLICATION_ADMIN,INNODB_REDO_LOG_ARCHIVE,PERSIST_RO_VARIABLES_ADMIN,REPLICATION_APPLIER,REPLICATION_SLAVE_ADMIN,RESOURCE_GROUP_ADMIN,RESOURCE_GROUP_USER,ROLE_ADMIN,SERVICE_CONNECTION_ADMIN,SESSION_VARIABLES_ADMIN,SET_USER_ID,SYSTEM_USER,SYSTEM_VARIABLES_ADMIN,TABLE_ENCRYPTION_ADMIN,XA_RECOVER_ADMIN ON *.* TO drop_user@localhost WITH GRANT OPTION
GRANT ALL PRIVILEGES ON test.* TO drop_user@localhost WITH GRANT OPTION
GRANT SELECT (a) ON test.t1 TO drop_user@localhost
set sql_mode="ansi_quotes";
show grants for drop_user@localhost;
Grants for drop_user@localhost
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, REPLICATION CLIENT, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, CREATE ROLE, DROP ROLE ON *.* TO drop_user@localhost WITH GRANT OPTION
GRANT APPLICATION_PASSWORD_ADMIN,AUDIT_ADMIN,BACKUP_ADMIN,BINLOG_ADMIN,BINLOG_ENCRYPTION_ADMIN,CLONE_ADMIN,CONNECTION_ADMIN,ENCRYPTION_KEY_ADMIN,GROUP_REPLICATION_ADMIN,INNODB_REDO_LOG_ARCHIVE,PERSIST_RO_VARIABLES_ADMIN,REPLICATION_APPLIER,REPLICATION_SLAVE_ADMIN,RESOURCE_GROUP_ADMIN,RESOURCE_GROUP_USER,ROLE_ADMIN,SERVICE_CONNECTION_ADMIN,SESSION_VARIABLES_ADMIN,SET_USER_ID,SYSTEM_USER,SYSTEM_VARIABLES_ADMIN,TABLE_ENCRYPTION_ADMIN,XA_RECOVER_ADMIN ON *.* TO drop_user@localhost WITH GRANT OPTION
GRANT ALL PRIVILEGES ON test.* TO drop_user@localhost WITH GRANT OPTION
GRANT SELECT (a) ON test.t1 TO drop_user@localhost
set sql_quote_show_create=1;
show grants for drop_user@localhost;
Grants for drop_user@localhost
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, REPLICATION CLIENT, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, CREATE ROLE, DROP ROLE ON *.* TO "drop_user"@"localhost" WITH GRANT OPTION
GRANT APPLICATION_PASSWORD_ADMIN,AUDIT_ADMIN,BACKUP_ADMIN,BINLOG_ADMIN,BINLOG_ENCRYPTION_ADMIN,CLONE_ADMIN,CONNECTION_ADMIN,ENCRYPTION_KEY_ADMIN,GROUP_REPLICATION_ADMIN,INNODB_REDO_LOG_ARCHIVE,PERSIST_RO_VARIABLES_ADMIN,REPLICATION_APPLIER,REPLICATION_SLAVE_ADMIN,RESOURCE_GROUP_ADMIN,RESOURCE_GROUP_USER,ROLE_ADMIN,SERVICE_CONNECTION_ADMIN,SESSION_VARIABLES_ADMIN,SET_USER_ID,SYSTEM_USER,SYSTEM_VARIABLES_ADMIN,TABLE_ENCRYPTION_ADMIN,XA_RECOVER_ADMIN ON *.* TO "drop_user"@"localhost" WITH GRANT OPTION
GRANT ALL PRIVILEGES ON "test".* TO "drop_user"@"localhost" WITH GRANT OPTION
GRANT SELECT ("a") ON "test"."t1" TO "drop_user"@"localhost"
set sql_mode="";
show grants for drop_user@localhost;
Grants for drop_user@localhost
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, REPLICATION CLIENT, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, CREATE ROLE, DROP ROLE ON *.* TO `drop_user`@`localhost` WITH GRANT OPTION
GRANT APPLICATION_PASSWORD_ADMIN,AUDIT_ADMIN,BACKUP_ADMIN,BINLOG_ADMIN,BINLOG_ENCRYPTION_ADMIN,CLONE_ADMIN,CONNECTION_ADMIN,ENCRYPTION_KEY_ADMIN,GROUP_REPLICATION_ADMIN,INNODB_REDO_LOG_ARCHIVE,PERSIST_RO_VARIABLES_ADMIN,REPLICATION_APPLIER,REPLICATION_SLAVE_ADMIN,RESOURCE_GROUP_ADMIN,RESOURCE_GROUP_USER,ROLE_ADMIN,SERVICE_CONNECTION_ADMIN,SESSION_VARIABLES_ADMIN,SET_USER_ID,SYSTEM_USER,SYSTEM_VARIABLES_ADMIN,TABLE_ENCRYPTION_ADMIN,XA_RECOVER_ADMIN ON *.* TO `drop_user`@`localhost` WITH GRANT OPTION
GRANT ALL PRIVILEGES ON `test`.* TO `drop_user`@`localhost` WITH GRANT OPTION
GRANT SELECT (`a`) ON `test`.`t1` TO `drop_user`@`localhost`
revoke all privileges, grant option from drop_user@localhost;
show grants for drop_user@localhost;
Grants for drop_user@localhost
GRANT USAGE ON *.* TO `drop_user`@`localhost`
drop user drop_user@localhost;
revoke all privileges, grant option from drop_user@localhost;
ERROR HY000: Can't revoke all privileges for one or more of the requested users
create user drop_user1@localhost, drop_user3@localhost, drop_user4@localhost;
grant select(a) on test.t1 to drop_user1@localhost;
grant select on test.t1 to drop_user2@localhost;
grant select on test.* to drop_user3@localhost;
grant select on *.* to drop_user4@localhost;
drop user drop_user1@localhost, drop_user2@localhost, drop_user3@localhost,
drop_user4@localhost;
revoke all privileges, grant option from drop_user1@localhost, drop_user2@localhost,
drop_user3@localhost, drop_user4@localhost;
ERROR HY000: Can't revoke all privileges for one or more of the requested users
drop user drop_user1@localhost, drop_user2@localhost, drop_user3@localhost,
drop_user4@localhost;
ERROR HY000: Operation DROP USER failed for 'drop_user1'@'localhost','drop_user2'@'localhost','drop_user3'@'localhost','drop_user4'@'localhost'
drop table t1;
create user mysqltest_1@localhost identified by "password";
grant select, update, insert on test.* to mysqltest_1@localhost;
show grants for mysqltest_1@localhost;
Grants for mysqltest_1@localhost
GRANT USAGE ON *.* TO `mysqltest_1`@`localhost`
GRANT SELECT, INSERT, UPDATE ON `test`.* TO `mysqltest_1`@`localhost`
drop user mysqltest_1@localhost;
SET NAMES koi8r;
CREATE DATABASE <EFBFBD><EFBFBD>;
USE <EFBFBD><EFBFBD>;
CREATE TABLE <EFBFBD><EFBFBD><EFBFBD> (<EFBFBD><EFBFBD><EFBFBD> INT);
CREATE USER <EFBFBD><EFBFBD><EFBFBD><EFBFBD>@localhost;
GRANT SELECT ON <EFBFBD><EFBFBD>.* TO <EFBFBD><EFBFBD><EFBFBD><EFBFBD>@localhost;
SHOW GRANTS FOR <EFBFBD><EFBFBD><EFBFBD><EFBFBD>@localhost;
Grants for <EFBFBD><EFBFBD><EFBFBD><EFBFBD>@localhost
GRANT USAGE ON *.* TO `юзер`@`localhost`
GRANT SELECT ON `бд`.* TO `юзер`@`localhost`
REVOKE SELECT ON <EFBFBD><EFBFBD>.* FROM <EFBFBD><EFBFBD><EFBFBD><EFBFBD>@localhost;
GRANT SELECT ON <EFBFBD><EFBFBD>.<EFBFBD><EFBFBD><EFBFBD> TO <EFBFBD><EFBFBD><EFBFBD><EFBFBD>@localhost;
SHOW GRANTS FOR <EFBFBD><EFBFBD><EFBFBD><EFBFBD>@localhost;
Grants for <EFBFBD><EFBFBD><EFBFBD><EFBFBD>@localhost
GRANT USAGE ON *.* TO `юзер`@`localhost`
GRANT SELECT ON `бд`.`таб` TO `юзер`@`localhost`
REVOKE SELECT ON <EFBFBD><EFBFBD>.<EFBFBD><EFBFBD><EFBFBD> FROM <EFBFBD><EFBFBD><EFBFBD><EFBFBD>@localhost;
GRANT SELECT (<EFBFBD><EFBFBD><EFBFBD>) ON <EFBFBD><EFBFBD>.<EFBFBD><EFBFBD><EFBFBD> TO <EFBFBD><EFBFBD><EFBFBD><EFBFBD>@localhost;
SHOW GRANTS FOR <EFBFBD><EFBFBD><EFBFBD><EFBFBD>@localhost;
Grants for <EFBFBD><EFBFBD><EFBFBD><EFBFBD>@localhost
GRANT USAGE ON *.* TO `юзер`@`localhost`
GRANT SELECT (`кол`) ON `бд`.`таб` TO `юзер`@`localhost`
REVOKE SELECT (<EFBFBD><EFBFBD><EFBFBD>) ON <EFBFBD><EFBFBD>.<EFBFBD><EFBFBD><EFBFBD> FROM <EFBFBD><EFBFBD><EFBFBD><EFBFBD>@localhost;
DROP USER <EFBFBD><EFBFBD><EFBFBD><EFBFBD>@localhost;
DROP DATABASE <EFBFBD><EFBFBD>;
SET NAMES latin1;
USE test;
create user testuser@localhost;
CREATE TABLE t1 (a int );
CREATE TABLE t2 LIKE t1;
CREATE TABLE t3 LIKE t1;
CREATE TABLE t4 LIKE t1;
CREATE TABLE t5 LIKE t1;
CREATE TABLE t6 LIKE t1;
CREATE TABLE t7 LIKE t1;
CREATE TABLE t8 LIKE t1;
CREATE TABLE t9 LIKE t1;
CREATE TABLE t10 LIKE t1;
CREATE DATABASE testdb1;
CREATE DATABASE testdb2;
CREATE DATABASE testdb3;
CREATE DATABASE testdb4;
CREATE DATABASE testdb5;
CREATE DATABASE testdb6;
CREATE DATABASE testdb7;
CREATE DATABASE testdb8;
CREATE DATABASE testdb9;
CREATE DATABASE testdb10;
GRANT ALL ON testdb1.* TO testuser@localhost;
GRANT ALL ON testdb2.* TO testuser@localhost;
GRANT ALL ON testdb3.* TO testuser@localhost;
GRANT ALL ON testdb4.* TO testuser@localhost;
GRANT ALL ON testdb5.* TO testuser@localhost;
GRANT ALL ON testdb6.* TO testuser@localhost;
GRANT ALL ON testdb7.* TO testuser@localhost;
GRANT ALL ON testdb8.* TO testuser@localhost;
GRANT ALL ON testdb9.* TO testuser@localhost;
GRANT ALL ON testdb10.* TO testuser@localhost;
GRANT SELECT ON test.t1 TO testuser@localhost;
GRANT SELECT ON test.t2 TO testuser@localhost;
GRANT SELECT ON test.t3 TO testuser@localhost;
GRANT SELECT ON test.t4 TO testuser@localhost;
GRANT SELECT ON test.t5 TO testuser@localhost;
GRANT SELECT ON test.t6 TO testuser@localhost;
GRANT SELECT ON test.t7 TO testuser@localhost;
GRANT SELECT ON test.t8 TO testuser@localhost;
GRANT SELECT ON test.t9 TO testuser@localhost;
GRANT SELECT ON test.t10 TO testuser@localhost;
GRANT SELECT (a) ON test.t1 TO testuser@localhost;
GRANT SELECT (a) ON test.t2 TO testuser@localhost;
GRANT SELECT (a) ON test.t3 TO testuser@localhost;
GRANT SELECT (a) ON test.t4 TO testuser@localhost;
GRANT SELECT (a) ON test.t5 TO testuser@localhost;
GRANT SELECT (a) ON test.t6 TO testuser@localhost;
GRANT SELECT (a) ON test.t7 TO testuser@localhost;
GRANT SELECT (a) ON test.t8 TO testuser@localhost;
GRANT SELECT (a) ON test.t9 TO testuser@localhost;
GRANT SELECT (a) ON test.t10 TO testuser@localhost;
REVOKE ALL PRIVILEGES, GRANT OPTION FROM testuser@localhost;
SHOW GRANTS FOR testuser@localhost;
Grants for testuser@localhost
GRANT USAGE ON *.* TO `testuser`@`localhost`
DROP USER testuser@localhost;
DROP TABLE t1,t2,t3,t4,t5,t6,t7,t8,t9,t10;
DROP DATABASE testdb1;
DROP DATABASE testdb2;
DROP DATABASE testdb3;
DROP DATABASE testdb4;
DROP DATABASE testdb5;
DROP DATABASE testdb6;
DROP DATABASE testdb7;
DROP DATABASE testdb8;
DROP DATABASE testdb9;
DROP DATABASE testdb10;
create table t1(a int, b int, c int, d int);
create user grant_user@localhost;
grant insert(b), insert(c), insert(d), insert(a) on t1 to grant_user@localhost;
show grants for grant_user@localhost;
Grants for grant_user@localhost
GRANT USAGE ON *.* TO `grant_user`@`localhost`
GRANT INSERT (`a`, `b`, `c`, `d`) ON `test`.`t1` TO `grant_user`@`localhost`
select Host,Db,User,Table_name,Column_name,Column_priv from mysql.columns_priv order by Column_name;
Host Db User Table_name Column_name Column_priv
localhost test grant_user t1 a Insert
localhost test grant_user t1 b Insert
localhost test grant_user t1 c Insert
localhost test grant_user t1 d Insert
revoke ALL PRIVILEGES on t1 from grant_user@localhost;
show grants for grant_user@localhost;
Grants for grant_user@localhost
GRANT USAGE ON *.* TO `grant_user`@`localhost`
select Host,Db,User,Table_name,Column_name,Column_priv from mysql.columns_priv;
Host Db User Table_name Column_name Column_priv
drop user grant_user@localhost;
drop table t1;
create database mysqltest_1;
create database mysqltest_2;
create table mysqltest_1.t1 select 1 a, 2 q;
create table mysqltest_1.t2 select 1 b, 2 r;
create table mysqltest_2.t1 select 1 c, 2 s;
create table mysqltest_2.t2 select 1 d, 2 t;
create user mysqltest_3@localhost;
grant update (a) on mysqltest_1.t1 to mysqltest_3@localhost;
grant select (b) on mysqltest_1.t2 to mysqltest_3@localhost;
grant select (c) on mysqltest_2.t1 to mysqltest_3@localhost;
grant update (d) on mysqltest_2.t2 to mysqltest_3@localhost;
SELECT * FROM INFORMATION_SCHEMA.COLUMN_PRIVILEGES
WHERE GRANTEE = '''mysqltest_3''@''localhost'''
ORDER BY TABLE_NAME,COLUMN_NAME,PRIVILEGE_TYPE;
GRANTEE TABLE_CATALOG TABLE_SCHEMA TABLE_NAME COLUMN_NAME PRIVILEGE_TYPE IS_GRANTABLE
'mysqltest_3'@'localhost' def mysqltest_1 t1 a UPDATE NO
'mysqltest_3'@'localhost' def mysqltest_2 t1 c SELECT NO
'mysqltest_3'@'localhost' def mysqltest_1 t2 b SELECT NO
'mysqltest_3'@'localhost' def mysqltest_2 t2 d UPDATE NO
SELECT * FROM INFORMATION_SCHEMA.TABLE_PRIVILEGES
WHERE GRANTEE = '''mysqltest_3''@''localhost'''
ORDER BY TABLE_NAME,PRIVILEGE_TYPE;
GRANTEE TABLE_CATALOG TABLE_SCHEMA TABLE_NAME PRIVILEGE_TYPE IS_GRANTABLE
SELECT * from INFORMATION_SCHEMA.SCHEMA_PRIVILEGES
WHERE GRANTEE = '''mysqltest_3''@''localhost'''
ORDER BY TABLE_SCHEMA,PRIVILEGE_TYPE;
GRANTEE TABLE_CATALOG TABLE_SCHEMA PRIVILEGE_TYPE IS_GRANTABLE
SELECT * from INFORMATION_SCHEMA.USER_PRIVILEGES
WHERE GRANTEE = '''mysqltest_3''@''localhost'''
ORDER BY TABLE_CATALOG,PRIVILEGE_TYPE;
GRANTEE TABLE_CATALOG PRIVILEGE_TYPE IS_GRANTABLE
'mysqltest_3'@'localhost' def USAGE NO
update mysqltest_1.t1, mysqltest_1.t2 set q=10 where b=1;
ERROR 42000: UPDATE command denied to user 'mysqltest_3'@'localhost' for column 'q' in table 't1'
update mysqltest_1.t2, mysqltest_2.t2 set d=20 where d=1;
ERROR 42000: SELECT command denied to user 'mysqltest_3'@'localhost' for column 'd' in table 't2'
update mysqltest_1.t1, mysqltest_2.t2 set d=20 where d=1;
ERROR 42000: SELECT command denied to user 'mysqltest_3'@'localhost' for column 'd' in table 't2'
update mysqltest_2.t1, mysqltest_1.t2 set c=20 where b=1;
ERROR 42000: UPDATE command denied to user 'mysqltest_3'@'localhost' for column 'c' in table 't1'
update mysqltest_2.t1, mysqltest_2.t2 set d=10 where s=2;
ERROR 42000: SELECT command denied to user 'mysqltest_3'@'localhost' for column 's' in table 't1'
update mysqltest_1.t1, mysqltest_2.t2 set a=10,d=10;
update mysqltest_1.t1, mysqltest_2.t1 set a=20 where c=20;
select t1.*,t2.* from mysqltest_1.t1,mysqltest_1.t2;
a q b r
10 2 1 2
select t1.*,t2.* from mysqltest_2.t1,mysqltest_2.t2;
c s d t
1 2 10 2
revoke all on mysqltest_1.t1 from mysqltest_3@localhost;
revoke all on mysqltest_1.t2 from mysqltest_3@localhost;
revoke all on mysqltest_2.t1 from mysqltest_3@localhost;
revoke all on mysqltest_2.t2 from mysqltest_3@localhost;
grant all on mysqltest_2.* to mysqltest_3@localhost;
grant select on *.* to mysqltest_3@localhost;
grant select on mysqltest_2.t1 to mysqltest_3@localhost;
flush privileges;
use mysqltest_1;
update mysqltest_2.t1, mysqltest_2.t2 set c=500,d=600;
update mysqltest_1.t1, mysqltest_1.t2 set a=100,b=200;
ERROR 42000: UPDATE command denied to user 'mysqltest_3'@'localhost' for column 'a' in table 't1'
use mysqltest_2;
update mysqltest_1.t1, mysqltest_1.t2 set a=100,b=200;
ERROR 42000: UPDATE command denied to user 'mysqltest_3'@'localhost' for column 'a' in table 't1'
update mysqltest_2.t1, mysqltest_1.t2 set c=100,b=200;
ERROR 42000: UPDATE command denied to user 'mysqltest_3'@'localhost' for column 'b' in table 't2'
update mysqltest_1.t1, mysqltest_2.t2 set a=100,d=200;
ERROR 42000: UPDATE command denied to user 'mysqltest_3'@'localhost' for column 'a' in table 't1'
select t1.*,t2.* from mysqltest_1.t1,mysqltest_1.t2;
a q b r
10 2 1 2
select t1.*,t2.* from mysqltest_2.t1,mysqltest_2.t2;
c s d t
500 2 600 2
delete from mysql.user where user='mysqltest_3';
delete from mysql.db where user="mysqltest_3";
delete from mysql.tables_priv where user="mysqltest_3";
delete from mysql.columns_priv where user="mysqltest_3";
delete from mysql.global_grants where user="mysqltest_3";
flush privileges;
drop database mysqltest_1;
drop database mysqltest_2;
SHOW PRIVILEGES;
Privilege Context Comment
APPLICATION_PASSWORD_ADMIN Server Admin
AUDIT_ADMIN Server Admin
Alter Tables To alter the table
Alter routine Functions,Procedures To alter or drop stored functions/procedures
BACKUP_ADMIN Server Admin
BINLOG_ADMIN Server Admin
BINLOG_ENCRYPTION_ADMIN Server Admin
CLONE_ADMIN Server Admin
CONNECTION_ADMIN Server Admin
Create Databases,Tables,Indexes To create new databases and tables
Create role Server Admin To create new roles
Create routine Databases To use CREATE FUNCTION/PROCEDURE
Create tablespace Server Admin To create/alter/drop tablespaces
Create temporary tables Databases To use CREATE TEMPORARY TABLE
Create user Server Admin To create new users
Create view Tables To create new views
Delete Tables To delete existing rows
Drop Databases,Tables To drop databases, tables, and views
Drop role Server Admin To drop roles
ENCRYPTION_KEY_ADMIN Server Admin
Event Server Admin To create, alter, drop and execute events
Execute Functions,Procedures To execute stored routines
File File access on server To read and write files on the server
GROUP_REPLICATION_ADMIN Server Admin
Grant option Databases,Tables,Functions,Procedures To give to other users those privileges you possess
INNODB_REDO_LOG_ARCHIVE Server Admin
Index Tables To create or drop indexes
Insert Tables To insert data into tables
Lock tables Databases To use LOCK TABLES (together with SELECT privilege)
PERSIST_RO_VARIABLES_ADMIN Server Admin
Process Server Admin To view the plain text of currently executing queries
Proxy Server Admin To make proxy user possible
REPLICATION_APPLIER Server Admin
REPLICATION_SLAVE_ADMIN Server Admin
RESOURCE_GROUP_ADMIN Server Admin
RESOURCE_GROUP_USER Server Admin
ROLE_ADMIN Server Admin
References Databases,Tables To have references on tables
Reload Server Admin To reload or refresh tables, logs and privileges
Replication client Server Admin To ask where the slave or master servers are
Replication slave Server Admin To read binary log events from the master
SERVICE_CONNECTION_ADMIN Server Admin
SESSION_VARIABLES_ADMIN Server Admin
SET_USER_ID Server Admin
SYSTEM_USER Server Admin
SYSTEM_VARIABLES_ADMIN Server Admin
Select Tables To retrieve rows from table
Show databases Server Admin To see all databases with SHOW DATABASES
Show view Tables To see views with SHOW CREATE VIEW
Shutdown Server Admin To shut down the server
Super Server Admin To use KILL thread, SET GLOBAL, CHANGE MASTER, etc.
TABLE_ENCRYPTION_ADMIN Server Admin
Trigger Tables To use triggers
Update Tables To update existing rows
Usage Server Admin No privileges - allow connect only
XA_RECOVER_ADMIN Server Admin
create database mysqltest;
create table mysqltest.t1 (a int,b int,c int);
create user mysqltest_1@localhost;
grant all on mysqltest.t1 to mysqltest_1@localhost;
alter table t1 rename t2;
ERROR 42000: INSERT, CREATE command denied to user 'mysqltest_1'@'localhost' for table 't2'
revoke all privileges on mysqltest.t1 from mysqltest_1@localhost;
delete from mysql.user where user=_binary'mysqltest_1';
drop database mysqltest;
CREATE USER dummy@localhost;
CREATE DATABASE mysqltest;
CREATE TABLE mysqltest.dummytable (dummyfield INT);
CREATE VIEW mysqltest.dummyview AS SELECT dummyfield FROM mysqltest.dummytable;
GRANT ALL PRIVILEGES ON mysqltest.dummytable TO dummy@localhost;
GRANT ALL PRIVILEGES ON mysqltest.dummyview TO dummy@localhost;
SHOW GRANTS FOR dummy@localhost;
Grants for dummy@localhost
GRANT ALL PRIVILEGES ON `mysqltest`.`dummytable` TO `dummy`@`localhost`
GRANT ALL PRIVILEGES ON `mysqltest`.`dummyview` TO `dummy`@`localhost`
GRANT USAGE ON *.* TO `dummy`@`localhost`
use INFORMATION_SCHEMA;
SELECT TABLE_SCHEMA, TABLE_NAME, GROUP_CONCAT(PRIVILEGE_TYPE ORDER BY
PRIVILEGE_TYPE SEPARATOR ', ') AS PRIVILEGES FROM TABLE_PRIVILEGES WHERE GRANTEE
= '\'dummy\'@\'localhost\'' GROUP BY TABLE_SCHEMA, TABLE_NAME;
TABLE_SCHEMA TABLE_NAME PRIVILEGES
mysqltest dummytable ALTER, CREATE, CREATE VIEW, DELETE, DROP, INDEX, INSERT, REFERENCES, SELECT, SHOW VIEW, TRIGGER, UPDATE
mysqltest dummyview ALTER, CREATE, CREATE VIEW, DELETE, DROP, INDEX, INSERT, REFERENCES, SELECT, SHOW VIEW, TRIGGER, UPDATE
FLUSH PRIVILEGES;
SHOW GRANTS FOR dummy@localhost;
Grants for dummy@localhost
GRANT ALL PRIVILEGES ON `mysqltest`.`dummytable` TO `dummy`@`localhost`
GRANT ALL PRIVILEGES ON `mysqltest`.`dummyview` TO `dummy`@`localhost`
GRANT USAGE ON *.* TO `dummy`@`localhost`
SELECT TABLE_SCHEMA, TABLE_NAME, GROUP_CONCAT(PRIVILEGE_TYPE ORDER BY
PRIVILEGE_TYPE SEPARATOR ', ') AS PRIVILEGES FROM TABLE_PRIVILEGES WHERE GRANTEE
= '\'dummy\'@\'localhost\'' GROUP BY TABLE_SCHEMA, TABLE_NAME;
TABLE_SCHEMA TABLE_NAME PRIVILEGES
mysqltest dummytable ALTER, CREATE, CREATE VIEW, DELETE, DROP, INDEX, INSERT, REFERENCES, SELECT, SHOW VIEW, TRIGGER, UPDATE
mysqltest dummyview ALTER, CREATE, CREATE VIEW, DELETE, DROP, INDEX, INSERT, REFERENCES, SELECT, SHOW VIEW, TRIGGER, UPDATE
SHOW FIELDS FROM mysql.tables_priv;
Field Type Null Key Default Extra
Host char(255) NO PRI
Db char(64) NO PRI
User char(32) NO PRI
Table_name char(64) NO PRI
Grantor varchar(288) NO MUL
Timestamp timestamp NO CURRENT_TIMESTAMP DEFAULT_GENERATED on update CURRENT_TIMESTAMP
Table_priv set('Select','Insert','Update','Delete','Create','Drop','Grant','References','Index','Alter','Create View','Show view','Trigger') NO
Column_priv set('Select','Insert','Update','References') NO
use test;
REVOKE ALL PRIVILEGES, GRANT OPTION FROM dummy@localhost;
DROP USER dummy@localhost;
DROP DATABASE mysqltest;
CREATE USER dummy@localhost;
CREATE DATABASE mysqltest;
CREATE TABLE mysqltest.dummytable (dummyfield INT);
CREATE VIEW mysqltest.dummyview AS SELECT dummyfield FROM mysqltest.dummytable;
GRANT CREATE VIEW ON mysqltest.dummytable TO dummy@localhost;
GRANT CREATE VIEW ON mysqltest.dummyview TO dummy@localhost;
SHOW GRANTS FOR dummy@localhost;
Grants for dummy@localhost
GRANT CREATE VIEW ON `mysqltest`.`dummytable` TO `dummy`@`localhost`
GRANT CREATE VIEW ON `mysqltest`.`dummyview` TO `dummy`@`localhost`
GRANT USAGE ON *.* TO `dummy`@`localhost`
use INFORMATION_SCHEMA;
SELECT TABLE_SCHEMA, TABLE_NAME, GROUP_CONCAT(PRIVILEGE_TYPE ORDER BY
PRIVILEGE_TYPE SEPARATOR ', ') AS PRIVILEGES FROM TABLE_PRIVILEGES WHERE GRANTEE
= '\'dummy\'@\'localhost\'' GROUP BY TABLE_SCHEMA, TABLE_NAME;
TABLE_SCHEMA TABLE_NAME PRIVILEGES
mysqltest dummytable CREATE VIEW
mysqltest dummyview CREATE VIEW
FLUSH PRIVILEGES;
SHOW GRANTS FOR dummy@localhost;
Grants for dummy@localhost
GRANT CREATE VIEW ON `mysqltest`.`dummytable` TO `dummy`@`localhost`
GRANT CREATE VIEW ON `mysqltest`.`dummyview` TO `dummy`@`localhost`
GRANT USAGE ON *.* TO `dummy`@`localhost`
SELECT TABLE_SCHEMA, TABLE_NAME, GROUP_CONCAT(PRIVILEGE_TYPE ORDER BY
PRIVILEGE_TYPE SEPARATOR ', ') AS PRIVILEGES FROM TABLE_PRIVILEGES WHERE GRANTEE
= '\'dummy\'@\'localhost\'' GROUP BY TABLE_SCHEMA, TABLE_NAME;
TABLE_SCHEMA TABLE_NAME PRIVILEGES
mysqltest dummytable CREATE VIEW
mysqltest dummyview CREATE VIEW
use test;
REVOKE ALL PRIVILEGES, GRANT OPTION FROM dummy@localhost;
DROP USER dummy@localhost;
DROP DATABASE mysqltest;
CREATE USER dummy@localhost;
CREATE DATABASE mysqltest;
CREATE TABLE mysqltest.dummytable (dummyfield INT);
CREATE VIEW mysqltest.dummyview AS SELECT dummyfield FROM mysqltest.dummytable;
GRANT SHOW VIEW ON mysqltest.dummytable TO dummy@localhost;
GRANT SHOW VIEW ON mysqltest.dummyview TO dummy@localhost;
SHOW GRANTS FOR dummy@localhost;
Grants for dummy@localhost
GRANT SHOW VIEW ON `mysqltest`.`dummytable` TO `dummy`@`localhost`
GRANT SHOW VIEW ON `mysqltest`.`dummyview` TO `dummy`@`localhost`
GRANT USAGE ON *.* TO `dummy`@`localhost`
use INFORMATION_SCHEMA;
SELECT TABLE_SCHEMA, TABLE_NAME, GROUP_CONCAT(PRIVILEGE_TYPE ORDER BY
PRIVILEGE_TYPE SEPARATOR ', ') AS PRIVILEGES FROM TABLE_PRIVILEGES WHERE GRANTEE
= '\'dummy\'@\'localhost\'' GROUP BY TABLE_SCHEMA, TABLE_NAME;
TABLE_SCHEMA TABLE_NAME PRIVILEGES
mysqltest dummytable SHOW VIEW
mysqltest dummyview SHOW VIEW
FLUSH PRIVILEGES;
SHOW GRANTS FOR dummy@localhost;
Grants for dummy@localhost
GRANT SHOW VIEW ON `mysqltest`.`dummytable` TO `dummy`@`localhost`
GRANT SHOW VIEW ON `mysqltest`.`dummyview` TO `dummy`@`localhost`
GRANT USAGE ON *.* TO `dummy`@`localhost`
SELECT TABLE_SCHEMA, TABLE_NAME, GROUP_CONCAT(PRIVILEGE_TYPE ORDER BY
PRIVILEGE_TYPE SEPARATOR ', ') AS PRIVILEGES FROM TABLE_PRIVILEGES WHERE GRANTEE
= '\'dummy\'@\'localhost\'' GROUP BY TABLE_SCHEMA, TABLE_NAME;
TABLE_SCHEMA TABLE_NAME PRIVILEGES
mysqltest dummytable SHOW VIEW
mysqltest dummyview SHOW VIEW
use test;
REVOKE ALL PRIVILEGES, GRANT OPTION FROM dummy@localhost;
DROP USER dummy@localhost;
DROP DATABASE mysqltest;
use mysql;
insert into tables_priv values ('','test_db','mysqltest_1','test_table','test_grantor',CURRENT_TIMESTAMP,'Select','Select');
flush privileges;
delete from tables_priv where host = '' and user = 'mysqltest_1';
flush privileges;
use test;
set @user123="non-existent";
select * from mysql.db where user=@user123;
Host Db User Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Grant_priv References_priv Index_priv Alter_priv Create_tmp_table_priv Lock_tables_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Execute_priv Event_priv Trigger_priv
set names koi8r;
create database <EFBFBD><EFBFBD>;
grant select on <EFBFBD><EFBFBD>.* to root@localhost;
select hex(Db) from mysql.db where Db='<EFBFBD><EFBFBD>';
hex(Db)
D0B1D0B4
show grants for root@localhost;
Grants for root@localhost
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, REPLICATION CLIENT, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, CREATE ROLE, DROP ROLE ON *.* TO `root`@`localhost` WITH GRANT OPTION
GRANT APPLICATION_PASSWORD_ADMIN,AUDIT_ADMIN,BACKUP_ADMIN,BINLOG_ADMIN,BINLOG_ENCRYPTION_ADMIN,CLONE_ADMIN,CONNECTION_ADMIN,ENCRYPTION_KEY_ADMIN,GROUP_REPLICATION_ADMIN,INNODB_REDO_LOG_ARCHIVE,PERSIST_RO_VARIABLES_ADMIN,REPLICATION_APPLIER,REPLICATION_SLAVE_ADMIN,RESOURCE_GROUP_ADMIN,RESOURCE_GROUP_USER,ROLE_ADMIN,SERVICE_CONNECTION_ADMIN,SESSION_VARIABLES_ADMIN,SET_USER_ID,SYSTEM_USER,SYSTEM_VARIABLES_ADMIN,TABLE_ENCRYPTION_ADMIN,XA_RECOVER_ADMIN ON *.* TO `root`@`localhost` WITH GRANT OPTION
GRANT SELECT ON `бд`.* TO `root`@`localhost`
GRANT PROXY ON ''@'' TO 'root'@'localhost' WITH GRANT OPTION
flush privileges;
show grants for root@localhost;
Grants for root@localhost
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, REPLICATION CLIENT, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, CREATE ROLE, DROP ROLE ON *.* TO `root`@`localhost` WITH GRANT OPTION
GRANT APPLICATION_PASSWORD_ADMIN,AUDIT_ADMIN,BACKUP_ADMIN,BINLOG_ADMIN,BINLOG_ENCRYPTION_ADMIN,CLONE_ADMIN,CONNECTION_ADMIN,ENCRYPTION_KEY_ADMIN,GROUP_REPLICATION_ADMIN,INNODB_REDO_LOG_ARCHIVE,PERSIST_RO_VARIABLES_ADMIN,REPLICATION_APPLIER,REPLICATION_SLAVE_ADMIN,RESOURCE_GROUP_ADMIN,RESOURCE_GROUP_USER,ROLE_ADMIN,SERVICE_CONNECTION_ADMIN,SESSION_VARIABLES_ADMIN,SET_USER_ID,SYSTEM_USER,SYSTEM_VARIABLES_ADMIN,TABLE_ENCRYPTION_ADMIN,XA_RECOVER_ADMIN ON *.* TO `root`@`localhost` WITH GRANT OPTION
GRANT SELECT ON `бд`.* TO `root`@`localhost`
GRANT PROXY ON ''@'' TO 'root'@'localhost' WITH GRANT OPTION
drop database <EFBFBD><EFBFBD>;
revoke select on <EFBFBD><EFBFBD>.* from root@localhost;
show grants for root@localhost;
Grants for root@localhost
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, REPLICATION CLIENT, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, CREATE ROLE, DROP ROLE ON *.* TO `root`@`localhost` WITH GRANT OPTION
GRANT APPLICATION_PASSWORD_ADMIN,AUDIT_ADMIN,BACKUP_ADMIN,BINLOG_ADMIN,BINLOG_ENCRYPTION_ADMIN,CLONE_ADMIN,CONNECTION_ADMIN,ENCRYPTION_KEY_ADMIN,GROUP_REPLICATION_ADMIN,INNODB_REDO_LOG_ARCHIVE,PERSIST_RO_VARIABLES_ADMIN,REPLICATION_APPLIER,REPLICATION_SLAVE_ADMIN,RESOURCE_GROUP_ADMIN,RESOURCE_GROUP_USER,ROLE_ADMIN,SERVICE_CONNECTION_ADMIN,SESSION_VARIABLES_ADMIN,SET_USER_ID,SYSTEM_USER,SYSTEM_VARIABLES_ADMIN,TABLE_ENCRYPTION_ADMIN,XA_RECOVER_ADMIN ON *.* TO `root`@`localhost` WITH GRANT OPTION
GRANT PROXY ON ''@'' TO 'root'@'localhost' WITH GRANT OPTION
set names latin1;
create user mysqltest_7@;
alter user mysqltest_7@ identified by 'systpass';
show grants for mysqltest_7@;
Grants for mysqltest_7@
GRANT USAGE ON *.* TO `mysqltest_7`@``
drop user mysqltest_7@;
show grants for mysqltest_7@;
ERROR 42000: There is no such grant defined for user 'mysqltest_7' on host ''
create database mysqltest;
use mysqltest;
create table t1(f1 int);
CREATE USER mysqltest1@'%', mysqltest1@'192.%';
GRANT DELETE ON mysqltest.t1 TO mysqltest1@'%';
GRANT SELECT ON mysqltest.t1 TO mysqltest1@'192.%';
show grants for mysqltest1@'192.%';
Grants for mysqltest1@192.%
GRANT USAGE ON *.* TO `mysqltest1`@`192.%`
GRANT SELECT ON `mysqltest`.`t1` TO `mysqltest1`@`192.%`
show grants for mysqltest1@'%';
Grants for mysqltest1@%
GRANT USAGE ON *.* TO `mysqltest1`@`%`
GRANT DELETE ON `mysqltest`.`t1` TO `mysqltest1`@`%`
delete from mysql.user where user='mysqltest1';
delete from mysql.db where user='mysqltest1';
delete from mysql.tables_priv where user='mysqltest1';
flush privileges;
drop database mysqltest;
create database db27515;
use db27515;
create table t1 (a int);
create user user27515@localhost;
grant alter on db27515.t1 to user27515@localhost;
grant insert, create on db27515.t2 to user27515@localhost;
rename table t1 to t2;
ERROR 42000: DROP command denied to user 'user27515'@'localhost' for table 't1'
revoke all privileges, grant option from user27515@localhost;
drop user user27515@localhost;
drop database db27515;
End of 4.1 tests
use test;
create table t1 (a int);
create table t2 as select * from mysql.user where user='';
delete from mysql.user where user='';
flush privileges;
create user mysqltest_8@'';
create user mysqltest_8;
create user mysqltest_8@host8;
create user mysqltest_8@'';
ERROR HY000: Operation CREATE USER failed for 'mysqltest_8'@''
create user mysqltest_8;
ERROR HY000: Operation CREATE USER failed for 'mysqltest_8'@'%'
create user mysqltest_8@host8;
ERROR HY000: Operation CREATE USER failed for 'mysqltest_8'@'host8'
select user, QUOTE(host) from mysql.user where user="mysqltest_8";
user QUOTE(host)
mysqltest_8 ''
mysqltest_8 '%'
mysqltest_8 'host8'
Schema privileges
grant select on mysqltest.* to mysqltest_8@'';
show grants for mysqltest_8@'';
Grants for mysqltest_8@
GRANT USAGE ON *.* TO `mysqltest_8`@``
GRANT SELECT ON `mysqltest`.* TO `mysqltest_8`@``
grant select on mysqltest.* to mysqltest_8@;
show grants for mysqltest_8@;
Grants for mysqltest_8@
GRANT USAGE ON *.* TO `mysqltest_8`@``
GRANT SELECT ON `mysqltest`.* TO `mysqltest_8`@``
grant select on mysqltest.* to mysqltest_8;
show grants for mysqltest_8;
Grants for mysqltest_8@%
GRANT USAGE ON *.* TO `mysqltest_8`@`%`
GRANT SELECT ON `mysqltest`.* TO `mysqltest_8`@`%`
select * from information_schema.schema_privileges
where grantee like "'mysqltest_8'%";
GRANTEE TABLE_CATALOG TABLE_SCHEMA PRIVILEGE_TYPE IS_GRANTABLE
'mysqltest_8'@'%' def mysqltest SELECT NO
'mysqltest_8'@'' def mysqltest SELECT NO
select * from t1;
a
revoke select on mysqltest.* from mysqltest_8@'';
revoke select on mysqltest.* from mysqltest_8;
show grants for mysqltest_8@'';
Grants for mysqltest_8@
GRANT USAGE ON *.* TO `mysqltest_8`@``
show grants for mysqltest_8;
Grants for mysqltest_8@%
GRANT USAGE ON *.* TO `mysqltest_8`@`%`
select * from information_schema.schema_privileges
where grantee like "'mysqltest_8'%";
GRANTEE TABLE_CATALOG TABLE_SCHEMA PRIVILEGE_TYPE IS_GRANTABLE
flush privileges;
show grants for mysqltest_8@'';
Grants for mysqltest_8@
GRANT USAGE ON *.* TO `mysqltest_8`@``
show grants for mysqltest_8@;
Grants for mysqltest_8@
GRANT USAGE ON *.* TO `mysqltest_8`@``
grant select on mysqltest.* to mysqltest_8@'';
flush privileges;
show grants for mysqltest_8@;
Grants for mysqltest_8@
GRANT USAGE ON *.* TO `mysqltest_8`@``
GRANT SELECT ON `mysqltest`.* TO `mysqltest_8`@``
revoke select on mysqltest.* from mysqltest_8@'';
flush privileges;
Column privileges
grant update (a) on t1 to mysqltest_8@'';
grant update (a) on t1 to mysqltest_8;
show grants for mysqltest_8@'';
Grants for mysqltest_8@
GRANT USAGE ON *.* TO `mysqltest_8`@``
GRANT UPDATE (`a`) ON `test`.`t1` TO `mysqltest_8`@``
show grants for mysqltest_8;
Grants for mysqltest_8@%
GRANT USAGE ON *.* TO `mysqltest_8`@`%`
GRANT UPDATE (`a`) ON `test`.`t1` TO `mysqltest_8`@`%`
flush privileges;
show grants for mysqltest_8@'';
Grants for mysqltest_8@
GRANT USAGE ON *.* TO `mysqltest_8`@``
GRANT UPDATE (`a`) ON `test`.`t1` TO `mysqltest_8`@``
show grants for mysqltest_8;
Grants for mysqltest_8@%
GRANT USAGE ON *.* TO `mysqltest_8`@`%`
GRANT UPDATE (`a`) ON `test`.`t1` TO `mysqltest_8`@`%`
select * from information_schema.column_privileges;
GRANTEE TABLE_CATALOG TABLE_SCHEMA TABLE_NAME COLUMN_NAME PRIVILEGE_TYPE IS_GRANTABLE
'mysqltest_8'@'%' def test t1 a UPDATE NO
'mysqltest_8'@'' def test t1 a UPDATE NO
select * from t1;
a
revoke update (a) on t1 from mysqltest_8@'';
revoke update (a) on t1 from mysqltest_8;
show grants for mysqltest_8@'';
Grants for mysqltest_8@
GRANT USAGE ON *.* TO `mysqltest_8`@``
show grants for mysqltest_8;
Grants for mysqltest_8@%
GRANT USAGE ON *.* TO `mysqltest_8`@`%`
select * from information_schema.column_privileges;
GRANTEE TABLE_CATALOG TABLE_SCHEMA TABLE_NAME COLUMN_NAME PRIVILEGE_TYPE IS_GRANTABLE
flush privileges;
show grants for mysqltest_8@'';
Grants for mysqltest_8@
GRANT USAGE ON *.* TO `mysqltest_8`@``
show grants for mysqltest_8;
Grants for mysqltest_8@%
GRANT USAGE ON *.* TO `mysqltest_8`@`%`
Table privileges
grant update on t1 to mysqltest_8@'';
grant update on t1 to mysqltest_8;
show grants for mysqltest_8@'';
Grants for mysqltest_8@
GRANT USAGE ON *.* TO `mysqltest_8`@``
GRANT UPDATE ON `test`.`t1` TO `mysqltest_8`@``
show grants for mysqltest_8;
Grants for mysqltest_8@%
GRANT USAGE ON *.* TO `mysqltest_8`@`%`
GRANT UPDATE ON `test`.`t1` TO `mysqltest_8`@`%`
flush privileges;
show grants for mysqltest_8@'';
Grants for mysqltest_8@
GRANT USAGE ON *.* TO `mysqltest_8`@``
GRANT UPDATE ON `test`.`t1` TO `mysqltest_8`@``
show grants for mysqltest_8;
Grants for mysqltest_8@%
GRANT USAGE ON *.* TO `mysqltest_8`@`%`
GRANT UPDATE ON `test`.`t1` TO `mysqltest_8`@`%`
select * from information_schema.table_privileges where table_schema NOT IN ('sys','mysql');
GRANTEE TABLE_CATALOG TABLE_SCHEMA TABLE_NAME PRIVILEGE_TYPE IS_GRANTABLE
'mysqltest_8'@'%' def test t1 UPDATE NO
'mysqltest_8'@'' def test t1 UPDATE NO
select * from t1;
a
revoke update on t1 from mysqltest_8@'';
revoke update on t1 from mysqltest_8;
show grants for mysqltest_8@'';
Grants for mysqltest_8@
GRANT USAGE ON *.* TO `mysqltest_8`@``
show grants for mysqltest_8;
Grants for mysqltest_8@%
GRANT USAGE ON *.* TO `mysqltest_8`@`%`
select * from information_schema.table_privileges where table_schema NOT IN ('sys','mysql');
GRANTEE TABLE_CATALOG TABLE_SCHEMA TABLE_NAME PRIVILEGE_TYPE IS_GRANTABLE
flush privileges;
show grants for mysqltest_8@'';
Grants for mysqltest_8@
GRANT USAGE ON *.* TO `mysqltest_8`@``
show grants for mysqltest_8;
Grants for mysqltest_8@%
GRANT USAGE ON *.* TO `mysqltest_8`@`%`
"DROP USER" should clear privileges
grant all privileges on mysqltest.* to mysqltest_8@'';
grant select on mysqltest.* to mysqltest_8@'';
grant update on t1 to mysqltest_8@'';
grant update (a) on t1 to mysqltest_8@'';
grant all privileges on mysqltest.* to mysqltest_8;
show grants for mysqltest_8@'';
Grants for mysqltest_8@
GRANT USAGE ON *.* TO `mysqltest_8`@``
GRANT ALL PRIVILEGES ON `mysqltest`.* TO `mysqltest_8`@``
GRANT UPDATE, UPDATE (`a`) ON `test`.`t1` TO `mysqltest_8`@``
show grants for mysqltest_8;
Grants for mysqltest_8@%
GRANT USAGE ON *.* TO `mysqltest_8`@`%`
GRANT ALL PRIVILEGES ON `mysqltest`.* TO `mysqltest_8`@`%`
select * from information_schema.user_privileges
where grantee like "'mysqltest_8'%";
GRANTEE TABLE_CATALOG PRIVILEGE_TYPE IS_GRANTABLE
'mysqltest_8'@'%' def USAGE NO
'mysqltest_8'@'' def USAGE NO
'mysqltest_8'@'host8' def USAGE NO
select * from t1;
a
flush privileges;
show grants for mysqltest_8@'';
Grants for mysqltest_8@
GRANT USAGE ON *.* TO `mysqltest_8`@``
GRANT ALL PRIVILEGES ON `mysqltest`.* TO `mysqltest_8`@``
GRANT UPDATE, UPDATE (`a`) ON `test`.`t1` TO `mysqltest_8`@``
show grants for mysqltest_8;
Grants for mysqltest_8@%
GRANT USAGE ON *.* TO `mysqltest_8`@`%`
GRANT ALL PRIVILEGES ON `mysqltest`.* TO `mysqltest_8`@`%`
drop user mysqltest_8@'';
show grants for mysqltest_8@'';
ERROR 42000: There is no such grant defined for user 'mysqltest_8' on host ''
show grants for mysqltest_8;
Grants for mysqltest_8@%
GRANT USAGE ON *.* TO `mysqltest_8`@`%`
GRANT ALL PRIVILEGES ON `mysqltest`.* TO `mysqltest_8`@`%`
select * from information_schema.user_privileges
where grantee like "'mysqltest_8'%";
GRANTEE TABLE_CATALOG PRIVILEGE_TYPE IS_GRANTABLE
'mysqltest_8'@'%' def USAGE NO
'mysqltest_8'@'host8' def USAGE NO
drop user mysqltest_8;
connect(localhost,mysqltest_8,,test,MASTER_PORT,MASTER_SOCKET);
ERROR 28000: Access denied for user 'mysqltest_8'@'localhost' (using password: NO)
show grants for mysqltest_8;
ERROR 42000: There is no such grant defined for user 'mysqltest_8' on host '%'
drop user mysqltest_8@host8;
show grants for mysqltest_8@host8;
ERROR 42000: There is no such grant defined for user 'mysqltest_8' on host 'host8'
insert into mysql.user select * from t2;
flush privileges;
drop table t2;
drop table t1;
CREATE DATABASE mysqltest3;
USE mysqltest3;
CREATE TABLE t_nn (c1 INT);
CREATE VIEW v_nn AS SELECT * FROM t_nn;
CREATE DATABASE mysqltest2;
USE mysqltest2;
CREATE TABLE t_nn (c1 INT);
CREATE VIEW v_nn AS SELECT * FROM t_nn;
CREATE VIEW v_yn AS SELECT * FROM t_nn;
CREATE VIEW v_gy AS SELECT * FROM t_nn;
CREATE VIEW v_ny AS SELECT * FROM t_nn;
CREATE VIEW v_yy AS SELECT * FROM t_nn WHERE c1=55;
CREATE USER 'mysqltest_1'@'localhost' IDENTIFIED BY 'mysqltest_1';
GRANT SHOW VIEW ON mysqltest2.v_ny TO 'mysqltest_1'@'localhost';
GRANT SELECT ON mysqltest2.v_yn TO 'mysqltest_1'@'localhost';
GRANT SELECT ON mysqltest2.* TO 'mysqltest_1'@'localhost';
GRANT SHOW VIEW,SELECT ON mysqltest2.v_yy TO 'mysqltest_1'@'localhost';
SHOW CREATE VIEW mysqltest2.v_nn;
ERROR 42000: SHOW VIEW command denied to user 'mysqltest_1'@'localhost' for table 'v_nn'
SHOW CREATE TABLE mysqltest2.v_nn;
ERROR 42000: SHOW VIEW command denied to user 'mysqltest_1'@'localhost' for table 'v_nn'
SHOW CREATE VIEW mysqltest2.v_yn;
ERROR 42000: SHOW VIEW command denied to user 'mysqltest_1'@'localhost' for table 'v_yn'
SHOW CREATE TABLE mysqltest2.v_yn;
ERROR 42000: SHOW VIEW command denied to user 'mysqltest_1'@'localhost' for table 'v_yn'
SHOW CREATE TABLE mysqltest2.v_ny;
View Create View character_set_client collation_connection
v_ny CREATE ALGORITHM=UNDEFINED DEFINER=`root`@`localhost` SQL SECURITY DEFINER VIEW `mysqltest2`.`v_ny` AS select `mysqltest2`.`t_nn`.`c1` AS `c1` from `mysqltest2`.`t_nn` latin1 latin1_swedish_ci
SHOW CREATE VIEW mysqltest2.v_ny;
View Create View character_set_client collation_connection
v_ny CREATE ALGORITHM=UNDEFINED DEFINER=`root`@`localhost` SQL SECURITY DEFINER VIEW `mysqltest2`.`v_ny` AS select `mysqltest2`.`t_nn`.`c1` AS `c1` from `mysqltest2`.`t_nn` latin1 latin1_swedish_ci
SHOW CREATE TABLE mysqltest3.t_nn;
ERROR 42000: SHOW command denied to user 'mysqltest_1'@'localhost' for table 't_nn'
SHOW CREATE VIEW mysqltest3.t_nn;
ERROR 42000: SELECT command denied to user 'mysqltest_1'@'localhost' for table 't_nn'
SHOW CREATE VIEW mysqltest3.v_nn;
ERROR 42000: SELECT command denied to user 'mysqltest_1'@'localhost' for table 'v_nn'
SHOW CREATE TABLE mysqltest3.v_nn;
ERROR 42000: SHOW command denied to user 'mysqltest_1'@'localhost' for table 'v_nn'
SHOW CREATE TABLE mysqltest2.t_nn;
Table Create Table
t_nn CREATE TABLE `t_nn` (
`c1` int(11) DEFAULT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci
SHOW CREATE VIEW mysqltest2.t_nn;
ERROR HY000: 'mysqltest2.t_nn' is not VIEW
SHOW CREATE VIEW mysqltest2.v_yy;
View Create View character_set_client collation_connection
v_yy CREATE ALGORITHM=UNDEFINED DEFINER=`root`@`localhost` SQL SECURITY DEFINER VIEW `mysqltest2`.`v_yy` AS select `mysqltest2`.`t_nn`.`c1` AS `c1` from `mysqltest2`.`t_nn` where (`mysqltest2`.`t_nn`.`c1` = 55) latin1 latin1_swedish_ci
SHOW CREATE TABLE mysqltest2.v_yy;
View Create View character_set_client collation_connection
v_yy CREATE ALGORITHM=UNDEFINED DEFINER=`root`@`localhost` SQL SECURITY DEFINER VIEW `mysqltest2`.`v_yy` AS select `mysqltest2`.`t_nn`.`c1` AS `c1` from `mysqltest2`.`t_nn` where (`mysqltest2`.`t_nn`.`c1` = 55) latin1 latin1_swedish_ci
SHOW CREATE TABLE mysqltest2.v_nn;
View Create View character_set_client collation_connection
v_nn CREATE ALGORITHM=UNDEFINED DEFINER=`root`@`localhost` SQL SECURITY DEFINER VIEW `v_nn` AS select `t_nn`.`c1` AS `c1` from `t_nn` latin1 latin1_swedish_ci
SHOW CREATE VIEW mysqltest2.v_nn;
View Create View character_set_client collation_connection
v_nn CREATE ALGORITHM=UNDEFINED DEFINER=`root`@`localhost` SQL SECURITY DEFINER VIEW `v_nn` AS select `t_nn`.`c1` AS `c1` from `t_nn` latin1 latin1_swedish_ci
SHOW CREATE TABLE mysqltest2.t_nn;
Table Create Table
t_nn CREATE TABLE `t_nn` (
`c1` int(11) DEFAULT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci
SHOW CREATE VIEW mysqltest2.t_nn;
ERROR HY000: 'mysqltest2.t_nn' is not VIEW
DROP VIEW mysqltest2.v_nn;
DROP VIEW mysqltest2.v_yn;
DROP VIEW mysqltest2.v_ny;
DROP VIEW mysqltest2.v_yy;
DROP TABLE mysqltest2.t_nn;
DROP DATABASE mysqltest2;
DROP VIEW mysqltest3.v_nn;
DROP TABLE mysqltest3.t_nn;
DROP DATABASE mysqltest3;
REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'mysqltest_1'@'localhost';
DROP USER 'mysqltest_1'@'localhost';
USE test;
create user mysqltest1_thisisreallyreallyreallyreallyreallyireallyreallytoolong;
ERROR HY000: String 'mysqltest1_thisisreallyreallyreallyreallyreallyireallyreallytoolong' is too long for user name (should be no longer than 32)
CREATE DATABASE mysqltest1;
CREATE TABLE mysqltest1.t1 (
int_field INTEGER UNSIGNED NOT NULL,
char_field CHAR(10),
INDEX(`int_field`)
);
CREATE TABLE mysqltest1.t2 (int_field INT);
"Now check that we require equivalent grants for "
"RENAME TABLE and ALTER TABLE"
CREATE USER mysqltest_1@localhost;
GRANT SELECT ON mysqltest1.t1 TO mysqltest_1@localhost;
SELECT USER();
USER()
mysqltest_1@localhost
SHOW GRANTS;
Grants for mysqltest_1@localhost
GRANT USAGE ON *.* TO `mysqltest_1`@`localhost`
GRANT SELECT ON `mysqltest1`.`t1` TO `mysqltest_1`@`localhost`
RENAME TABLE t1 TO t2;
ERROR 42000: DROP, ALTER command denied to user 'mysqltest_1'@'localhost' for table 't1'
ALTER TABLE t1 RENAME TO t2;
ERROR 42000: DROP, ALTER command denied to user 'mysqltest_1'@'localhost' for table 't1'
GRANT DROP ON mysqltest1.t1 TO mysqltest_1@localhost;
RENAME TABLE t1 TO t2;
ERROR 42000: ALTER command denied to user 'mysqltest_1'@'localhost' for table 't1'
ALTER TABLE t1 RENAME TO t2;
ERROR 42000: ALTER command denied to user 'mysqltest_1'@'localhost' for table 't1'
GRANT ALTER ON mysqltest1.t1 TO mysqltest_1@localhost;
SHOW GRANTS;
Grants for mysqltest_1@localhost
GRANT USAGE ON *.* TO `mysqltest_1`@`localhost`
GRANT SELECT, DROP, ALTER ON `mysqltest1`.`t1` TO `mysqltest_1`@`localhost`
RENAME TABLE t1 TO t2;
ERROR 42000: INSERT, CREATE command denied to user 'mysqltest_1'@'localhost' for table 't2'
ALTER TABLE t1 RENAME TO t2;
ERROR 42000: INSERT, CREATE command denied to user 'mysqltest_1'@'localhost' for table 't2'
GRANT INSERT, CREATE ON mysqltest1.t1 TO mysqltest_1@localhost;
SHOW GRANTS;
Grants for mysqltest_1@localhost
GRANT USAGE ON *.* TO `mysqltest_1`@`localhost`
GRANT SELECT, INSERT, CREATE, DROP, ALTER ON `mysqltest1`.`t1` TO `mysqltest_1`@`localhost`
GRANT INSERT, SELECT, CREATE, ALTER, DROP ON mysqltest1.t2 TO mysqltest_1@localhost;
DROP TABLE mysqltest1.t2;
SHOW GRANTS;
Grants for mysqltest_1@localhost
GRANT USAGE ON *.* TO `mysqltest_1`@`localhost`
GRANT SELECT, INSERT, CREATE, DROP, ALTER ON `mysqltest1`.`t1` TO `mysqltest_1`@`localhost`
GRANT SELECT, INSERT, CREATE, DROP, ALTER ON `mysqltest1`.`t2` TO `mysqltest_1`@`localhost`
RENAME TABLE t1 TO t2;
RENAME TABLE t2 TO t1;
ALTER TABLE t1 RENAME TO t2;
ALTER TABLE t2 RENAME TO t1;
REVOKE DROP, INSERT ON mysqltest1.t1 FROM mysqltest_1@localhost;
REVOKE DROP, INSERT ON mysqltest1.t2 FROM mysqltest_1@localhost;
SHOW GRANTS;
Grants for mysqltest_1@localhost
GRANT USAGE ON *.* TO `mysqltest_1`@`localhost`
GRANT SELECT, CREATE, ALTER ON `mysqltest1`.`t1` TO `mysqltest_1`@`localhost`
GRANT SELECT, CREATE, ALTER ON `mysqltest1`.`t2` TO `mysqltest_1`@`localhost`
RENAME TABLE t1 TO t2;
ERROR 42000: DROP command denied to user 'mysqltest_1'@'localhost' for table 't1'
ALTER TABLE t1 RENAME TO t2;
ERROR 42000: DROP command denied to user 'mysqltest_1'@'localhost' for table 't1'
DROP USER mysqltest_1@localhost;
DROP DATABASE mysqltest1;
USE test;
GRANT CREATE ON mysqltest.* TO 1234567890abcdefGHIKL1234567890abcdefGHIKL@localhost;
ERROR HY000: String '1234567890abcdefGHIKL1234567890abcdefGHIKL' is too long for user name (should be no longer than 32)
GRANT CREATE ON mysqltest.* TO some_user_name@host_1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890X;
ERROR HY000: String 'host_1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij12345' is too long for host name (should be no longer than 255)
REVOKE CREATE ON mysqltest.* FROM 1234567890abcdefGHIKL1234567890abcdefGHIKL@localhost;
ERROR HY000: String '1234567890abcdefGHIKL1234567890abcdefGHIKL' is too long for user name (should be no longer than 32)
REVOKE CREATE ON mysqltest.* FROM some_user_name@host_1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890X;
ERROR HY000: String 'host_1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij12345' is too long for host name (should be no longer than 255)
GRANT CREATE ON t1 TO 1234567890abcdefGHIKL1234567890abcdefGHIKL@localhost;
ERROR HY000: String '1234567890abcdefGHIKL1234567890abcdefGHIKL' is too long for user name (should be no longer than 32)
GRANT CREATE ON t1 TO some_user_name@host_1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890X;
ERROR HY000: String 'host_1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij12345' is too long for host name (should be no longer than 255)
REVOKE CREATE ON t1 FROM 1234567890abcdefGHIKL1234567890abcdefGHIKL@localhost;
ERROR HY000: String '1234567890abcdefGHIKL1234567890abcdefGHIKL' is too long for user name (should be no longer than 32)
REVOKE CREATE ON t1 FROM some_user_name@host_1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890X;
ERROR HY000: String 'host_1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij12345' is too long for host name (should be no longer than 255)
GRANT EXECUTE ON PROCEDURE p1 TO 1234567890abcdefGHIKL1234567890abcdefGHIKL@localhost;
ERROR HY000: String '1234567890abcdefGHIKL1234567890abcdefGHIKL' is too long for user name (should be no longer than 32)
GRANT EXECUTE ON PROCEDURE p1 TO some_user_name@host_1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890X;
ERROR HY000: String 'host_1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij12345' is too long for host name (should be no longer than 255)
REVOKE EXECUTE ON PROCEDURE p1 FROM 1234567890abcdefGHIKL1234567890abcdefGHIKL@localhost;
ERROR HY000: String '1234567890abcdefGHIKL1234567890abcdefGHIKL' is too long for user name (should be no longer than 32)
REVOKE EXECUTE ON PROCEDURE t1 FROM some_user_name@host_1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij1234567890X;
ERROR HY000: String 'host_1234567890abcdefghij1234567890abcdefghij1234567890abcdefghij12345' is too long for host name (should be no longer than 255)
CREATE USER bug23556@localhost;
CREATE DATABASE bug23556;
GRANT SELECT ON bug23556.* TO bug23556@localhost;
USE bug23556;
CREATE TABLE t1 (a INT PRIMARY KEY);
INSERT INTO t1 VALUES (1),(2),(3),(4),(5);
GRANT DELETE ON t1 TO bug23556@localhost;
USE bug23556;
TRUNCATE t1;
ERROR 42000: DROP command denied to user 'bug23556'@'localhost' for table 't1'
USE bug23556;
REVOKE DELETE ON t1 FROM bug23556@localhost;
GRANT DROP ON t1 TO bug23556@localhost;
USE bug23556;
TRUNCATE t1;
USE bug23556;
DROP TABLE t1;
USE test;
DROP DATABASE bug23556;
DROP USER bug23556@localhost;
GRANT PROCESS ON * TO user@localhost;
ERROR 3D000: No database selected
DROP DATABASE IF EXISTS mysqltest1;
DROP DATABASE IF EXISTS mysqltest2;
DROP DATABASE IF EXISTS mysqltest3;
DROP DATABASE IF EXISTS mysqltest4;
CREATE DATABASE mysqltest1;
CREATE DATABASE mysqltest2;
CREATE DATABASE mysqltest3;
CREATE DATABASE mysqltest4;
CREATE PROCEDURE mysqltest1.p_def() SQL SECURITY DEFINER
SELECT 1;
CREATE PROCEDURE mysqltest2.p_inv() SQL SECURITY INVOKER
SELECT 1;
CREATE FUNCTION mysqltest3.f_def() RETURNS INT SQL SECURITY DEFINER
RETURN 1;
CREATE FUNCTION mysqltest4.f_inv() RETURNS INT SQL SECURITY INVOKER
RETURN 1;
CREATE USER mysqltest_1@localhost;
GRANT EXECUTE ON PROCEDURE mysqltest1.p_def TO mysqltest_1@localhost;
GRANT EXECUTE ON PROCEDURE mysqltest2.p_inv TO mysqltest_1@localhost;
GRANT EXECUTE ON FUNCTION mysqltest3.f_def TO mysqltest_1@localhost;
GRANT EXECUTE ON FUNCTION mysqltest4.f_inv TO mysqltest_1@localhost;
GRANT ALL PRIVILEGES ON test.* TO mysqltest_1@localhost;
---> connection: bug9504_con1
use mysqltest1;
use mysqltest2;
use mysqltest3;
use mysqltest4;
use test;
CALL mysqltest1.p_def();
1
1
CALL mysqltest2.p_inv();
1
1
SELECT mysqltest3.f_def();
mysqltest3.f_def()
1
SELECT mysqltest4.f_inv();
mysqltest4.f_inv()
1
---> connection: default
DROP DATABASE mysqltest1;
DROP DATABASE mysqltest2;
DROP DATABASE mysqltest3;
DROP DATABASE mysqltest4;
DROP USER mysqltest_1@localhost;
DROP DATABASE IF EXISTS mysqltest1;
DROP DATABASE IF EXISTS mysqltest2;
CREATE DATABASE mysqltest1;
CREATE DATABASE mysqltest2;
CREATE USER mysqltest_1@localhost;
GRANT ALL PRIVILEGES ON mysqltest1.* TO mysqltest_1@localhost;
GRANT SELECT ON mysqltest2.* TO mysqltest_1@localhost;
CREATE PROCEDURE mysqltest1.p1() SQL SECURITY INVOKER
SELECT 1;
---> connection: bug27337_con1
CREATE TABLE t1(c INT);
ERROR 42000: CREATE command denied to user 'mysqltest_1'@'localhost' for table 't1'
CALL mysqltest1.p1();
1
1
CREATE TABLE t1(c INT);
ERROR 42000: CREATE command denied to user 'mysqltest_1'@'localhost' for table 't1'
---> connection: bug27337_con2
CREATE TABLE t1(c INT);
ERROR 42000: CREATE command denied to user 'mysqltest_1'@'localhost' for table 't1'
SHOW TABLES;
Tables_in_mysqltest2
---> connection: default
DROP DATABASE mysqltest1;
DROP DATABASE mysqltest2;
DROP USER mysqltest_1@localhost;
DROP DATABASE IF EXISTS mysqltest1;
DROP DATABASE IF EXISTS mysqltest2;
CREATE DATABASE mysqltest1;
CREATE DATABASE mysqltest2;
CREATE TABLE mysqltest1.t1(c INT);
CREATE TABLE mysqltest2.t2(c INT);
CREATE USER mysqltest_1@localhost, mysqltest_2@localhost;
GRANT SELECT ON mysqltest1.t1 TO mysqltest_1@localhost;
GRANT SELECT ON mysqltest2.t2 TO mysqltest_2@localhost;
---> connection: bug27337_con1
SHOW TABLES FROM mysqltest1;
Tables_in_mysqltest1
t1
PREPARE stmt1 FROM 'SHOW TABLES FROM mysqltest1';
EXECUTE stmt1;
Tables_in_mysqltest1
t1
---> connection: bug27337_con2
SHOW COLUMNS FROM mysqltest2.t2;
Field Type Null Key Default Extra
c int(11) YES NULL
PREPARE stmt2 FROM 'SHOW COLUMNS FROM mysqltest2.t2';
EXECUTE stmt2;
Field Type Null Key Default Extra
c int(11) YES NULL
---> connection: default
REVOKE SELECT ON mysqltest1.t1 FROM mysqltest_1@localhost;
REVOKE SELECT ON mysqltest2.t2 FROM mysqltest_2@localhost;
---> connection: bug27337_con1
SHOW TABLES FROM mysqltest1;
ERROR 42000: Access denied for user 'mysqltest_1'@'localhost' to database 'mysqltest1'
EXECUTE stmt1;
ERROR 42000: Access denied for user 'mysqltest_1'@'localhost' to database 'mysqltest1'
---> connection: bug27337_con2
SHOW COLUMNS FROM mysqltest2.t2;
ERROR 42000: SELECT command denied to user 'mysqltest_2'@'localhost' for table 't2'
EXECUTE stmt2;
ERROR 42000: SELECT command denied to user 'mysqltest_2'@'localhost' for table 't2'
---> connection: default
DROP DATABASE mysqltest1;
DROP DATABASE mysqltest2;
DROP USER mysqltest_1@localhost;
DROP USER mysqltest_2@localhost;
USE test;
CREATE TABLE t1 (f1 int, f2 int);
INSERT INTO t1 VALUES(1,1), (2,2);
CREATE DATABASE db27878;
CREATE USER 'mysqltest_1'@'localhost';
GRANT UPDATE(f1) ON t1 TO 'mysqltest_1'@'localhost';
GRANT SELECT ON `test`.* TO 'mysqltest_1'@'localhost';
GRANT ALL ON db27878.* TO 'mysqltest_1'@'localhost';
USE db27878;
CREATE SQL SECURITY INVOKER VIEW db27878.v1 AS SELECT * FROM test.t1;
USE db27878;
SET sql_mode = 'NO_ENGINE_SUBSTITUTION';
UPDATE v1 SET f2 = 4;
ERROR HY000: View 'db27878.v1' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them
SET sql_mode = default;
SELECT * FROM test.t1;
f1 f2
1 1
2 2
REVOKE UPDATE (f1) ON `test`.`t1` FROM 'mysqltest_1'@'localhost';
REVOKE SELECT ON `test`.* FROM 'mysqltest_1'@'localhost';
REVOKE ALL ON db27878.* FROM 'mysqltest_1'@'localhost';
DROP USER mysqltest_1@localhost;
DROP DATABASE db27878;
USE test;
DROP TABLE t1;
#
# Bug#33275 Server crash when creating temporary table mysql.user
#
CREATE TEMPORARY TABLE mysql.user (id INT);
FLUSH PRIVILEGES;
DROP TABLE mysql.user;
drop table if exists test;
Warnings:
Note 1051 Unknown table 'test.test'
drop function if exists test_function;
Warnings:
Note 1305 FUNCTION test.test_function does not exist
drop view if exists v1;
Warnings:
Note 1051 Unknown table 'test.v1'
create table test (col1 varchar(30));
create function test_function() returns varchar(30)
begin
declare tmp varchar(30);
select col1 from test limit 1 into tmp;
return '1';
end|
create view v1 as select test.* from test where test.col1=test_function();
create user 'greg'@'localhost';
grant update (col1) on v1 to 'greg'@'localhost';
drop user 'greg'@'localhost';
drop view v1;
drop table test;
drop function test_function;
SELECT CURRENT_USER();
CURRENT_USER()
root@localhost
SET PASSWORD FOR CURRENT_USER() = "admin";
SET PASSWORD FOR CURRENT_USER() = "";
# Bug#57952
DROP DATABASE IF EXISTS mysqltest1;
DROP DATABASE IF EXISTS mysqltest2;
CREATE DATABASE mysqltest1;
CREATE DATABASE mysqltest2;
use mysqltest1;
CREATE TABLE t1(a INT, b INT);
INSERT INTO t1 VALUES (1, 1);
CREATE TABLE t2(a INT);
INSERT INTO t2 VALUES (2);
CREATE TABLE mysqltest2.t3(a INT);
INSERT INTO mysqltest2.t3 VALUES (4);
CREATE USER testuser@localhost;
GRANT CREATE ROUTINE, EXECUTE ON mysqltest1.* TO testuser@localhost;
GRANT SELECT(b) ON t1 TO testuser@localhost;
GRANT SELECT ON t2 TO testuser@localhost;
GRANT SELECT ON mysqltest2.* TO testuser@localhost;
# Connection: bug57952_con1 (testuser@localhost, db: mysqltest1)
PREPARE s1 FROM 'SELECT b FROM t1';
PREPARE s2 FROM 'SELECT a FROM t2';
PREPARE s3 FROM 'SHOW TABLES FROM mysqltest2';
CREATE PROCEDURE p1() SELECT b FROM t1;
CREATE PROCEDURE p2() SELECT a FROM t2;
CREATE PROCEDURE p3() SHOW TABLES FROM mysqltest2;
CALL p1;
b
1
CALL p2;
a
2
CALL p3;
Tables_in_mysqltest2
t3
# Connection: default
REVOKE SELECT ON t1 FROM testuser@localhost;
GRANT SELECT(a) ON t1 TO testuser@localhost;
REVOKE SELECT ON t2 FROM testuser@localhost;
REVOKE SELECT ON mysqltest2.* FROM testuser@localhost;
# Connection: bug57952_con1 (testuser@localhost, db: mysqltest1)
# - Check column-level privileges...
EXECUTE s1;
ERROR 42000: SELECT command denied to user 'testuser'@'localhost' for column 'b' in table 't1'
SELECT b FROM t1;
ERROR 42000: SELECT command denied to user 'testuser'@'localhost' for column 'b' in table 't1'
SELECT SUM(b) OVER () FROM t1;
ERROR 42000: SELECT command denied to user 'testuser'@'localhost' for column 'b' in table 't1'
EXECUTE s1;
ERROR 42000: SELECT command denied to user 'testuser'@'localhost' for column 'b' in table 't1'
CALL p1;
ERROR 42000: SELECT command denied to user 'testuser'@'localhost' for column 'b' in table 't1'
# - Check table-level privileges...
SELECT a FROM t2;
ERROR 42000: SELECT command denied to user 'testuser'@'localhost' for table 't2'
EXECUTE s2;
ERROR 42000: SELECT command denied to user 'testuser'@'localhost' for table 't2'
CALL p2;
ERROR 42000: SELECT command denied to user 'testuser'@'localhost' for table 't2'
# - Check database-level privileges...
SHOW TABLES FROM mysqltest2;
ERROR 42000: Access denied for user 'testuser'@'localhost' to database 'mysqltest2'
EXECUTE s3;
ERROR 42000: Access denied for user 'testuser'@'localhost' to database 'mysqltest2'
CALL p3;
ERROR 42000: Access denied for user 'testuser'@'localhost' to database 'mysqltest2'
# Connection: default
DROP DATABASE mysqltest1;
DROP DATABASE mysqltest2;
DROP USER testuser@localhost;
use test;
#
# Test for bug #36544 "DROP USER does not remove stored function
# privileges".
#
create database mysqltest1;
create function mysqltest1.f1() returns int return 0;
create procedure mysqltest1.p1() begin end;
#
# 1) Check that DROP USER properly removes privileges on both
# stored procedures and functions.
#
create user mysqluser1@localhost;
grant execute on function mysqltest1.f1 to mysqluser1@localhost;
grant execute on procedure mysqltest1.p1 to mysqluser1@localhost;
# Quick test that granted privileges are properly reflected
# in privilege tables and in in-memory structures.
show grants for mysqluser1@localhost;
Grants for mysqluser1@localhost
GRANT USAGE ON *.* TO `mysqluser1`@`localhost`
GRANT EXECUTE ON PROCEDURE `mysqltest1`.`p1` TO `mysqluser1`@`localhost`
GRANT EXECUTE ON FUNCTION `mysqltest1`.`f1` TO `mysqluser1`@`localhost`
select db, routine_name, routine_type, proc_priv from mysql.procs_priv where user='mysqluser1' and host='localhost';
db routine_name routine_type proc_priv
mysqltest1 f1 FUNCTION Execute
mysqltest1 p1 PROCEDURE Execute
#
# Create connection 'bug_36544_con1' as 'mysqluser1@localhost'.
call mysqltest1.p1();
select mysqltest1.f1();
mysqltest1.f1()
0
#
# Switch to connection 'default'.
drop user mysqluser1@localhost;
#
# Test that dropping of user is properly reflected in
# both privilege tables and in in-memory structures.
#
# Switch to connection 'bug36544_con1'.
# The connection cold be alive but should not be able to
# access to any of the stored routines.
call mysqltest1.p1();
ERROR 42000: execute command denied to user 'mysqluser1'@'localhost' for routine 'mysqltest1.p1'
select mysqltest1.f1();
ERROR 42000: execute command denied to user 'mysqluser1'@'localhost' for routine 'mysqltest1.f1'
#
# Switch to connection 'default'.
#
# Now create user with the same name and check that he
# has not inherited privileges.
create user mysqluser1@localhost;
show grants for mysqluser1@localhost;
Grants for mysqluser1@localhost
GRANT USAGE ON *.* TO `mysqluser1`@`localhost`
select db, routine_name, routine_type, proc_priv from mysql.procs_priv where user='mysqluser1' and host='localhost';
db routine_name routine_type proc_priv
#
# Create connection 'bug_36544_con2' as 'mysqluser1@localhost'.
# Newly created user should not be able to access any of the routines.
call mysqltest1.p1();
ERROR 42000: execute command denied to user 'mysqluser1'@'localhost' for routine 'mysqltest1.p1'
select mysqltest1.f1();
ERROR 42000: execute command denied to user 'mysqluser1'@'localhost' for routine 'mysqltest1.f1'
#
# Switch to connection 'default'.
#
# 2) Check that RENAME USER properly updates privileges on both
# stored procedures and functions.
#
grant execute on function mysqltest1.f1 to mysqluser1@localhost;
grant execute on procedure mysqltest1.p1 to mysqluser1@localhost;
#
# Create one more user to make in-memory hashes non-trivial.
# User names 'mysqluser11' and 'mysqluser10' were selected
# to trigger bug discovered during code inspection.
create user mysqluser11@localhost;
grant execute on function mysqltest1.f1 to mysqluser11@localhost;
grant execute on procedure mysqltest1.p1 to mysqluser11@localhost;
# Also create a couple of tables to test for another bug
# discovered during code inspection (again table names were
# chosen especially to trigger the bug).
create table mysqltest1.t11 (i int);
create table mysqltest1.t22 (i int);
grant select on mysqltest1.t22 to mysqluser1@localhost;
grant select on mysqltest1.t11 to mysqluser1@localhost;
# Quick test that granted privileges are properly reflected
# in privilege tables and in in-memory structures.
show grants for mysqluser1@localhost;
Grants for mysqluser1@localhost
GRANT USAGE ON *.* TO `mysqluser1`@`localhost`
GRANT SELECT ON `mysqltest1`.`t11` TO `mysqluser1`@`localhost`
GRANT SELECT ON `mysqltest1`.`t22` TO `mysqluser1`@`localhost`
GRANT EXECUTE ON PROCEDURE `mysqltest1`.`p1` TO `mysqluser1`@`localhost`
GRANT EXECUTE ON FUNCTION `mysqltest1`.`f1` TO `mysqluser1`@`localhost`
select db, routine_name, routine_type, proc_priv from mysql.procs_priv where user='mysqluser1' and host='localhost';
db routine_name routine_type proc_priv
mysqltest1 f1 FUNCTION Execute
mysqltest1 p1 PROCEDURE Execute
select db, table_name, table_priv from mysql.tables_priv where user='mysqluser1' and host='localhost';
db table_name table_priv
mysqltest1 t11 Select
mysqltest1 t22 Select
#
# Switch to connection 'bug36544_con2'.
call mysqltest1.p1();
select mysqltest1.f1();
mysqltest1.f1()
0
select * from mysqltest1.t11;
i
select * from mysqltest1.t22;
i
#
# Switch to connection 'default'.
rename user mysqluser1@localhost to mysqluser10@localhost;
#
# Test that there are no privileges left for mysqluser1.
#
# Switch to connection 'bug36544_con2'.
# The connection cold be alive but should not be able to
# access to any of the stored routines or tables.
call mysqltest1.p1();
ERROR 42000: execute command denied to user 'mysqluser1'@'localhost' for routine 'mysqltest1.p1'
select mysqltest1.f1();
ERROR 42000: execute command denied to user 'mysqluser1'@'localhost' for routine 'mysqltest1.f1'
select * from mysqltest1.t11;
ERROR 42000: SELECT command denied to user 'mysqluser1'@'localhost' for table 't11'
select * from mysqltest1.t22;
ERROR 42000: SELECT command denied to user 'mysqluser1'@'localhost' for table 't22'
#
# Switch to connection 'default'.
#
# Now create user with the old name and check that he
# has not inherited privileges.
create user mysqluser1@localhost;
show grants for mysqluser1@localhost;
Grants for mysqluser1@localhost
GRANT USAGE ON *.* TO `mysqluser1`@`localhost`
select db, routine_name, routine_type, proc_priv from mysql.procs_priv where user='mysqluser1' and host='localhost';
db routine_name routine_type proc_priv
select db, table_name, table_priv from mysql.tables_priv where user='mysqluser1' and host='localhost';
db table_name table_priv
#
# Create connection 'bug_36544_con3' as 'mysqluser1@localhost'.
# Newly created user should not be able to access to any of the
# stored routines or tables.
call mysqltest1.p1();
ERROR 42000: execute command denied to user 'mysqluser1'@'localhost' for routine 'mysqltest1.p1'
select mysqltest1.f1();
ERROR 42000: execute command denied to user 'mysqluser1'@'localhost' for routine 'mysqltest1.f1'
select * from mysqltest1.t11;
ERROR 42000: SELECT command denied to user 'mysqluser1'@'localhost' for table 't11'
select * from mysqltest1.t22;
ERROR 42000: SELECT command denied to user 'mysqluser1'@'localhost' for table 't22'
#
# Switch to connection 'default'.
#
# Now check that privileges became associated with a new user
# name - mysqluser10.
#
show grants for mysqluser10@localhost;
Grants for mysqluser10@localhost
GRANT USAGE ON *.* TO `mysqluser10`@`localhost`
GRANT SELECT ON `mysqltest1`.`t11` TO `mysqluser10`@`localhost`
GRANT SELECT ON `mysqltest1`.`t22` TO `mysqluser10`@`localhost`
GRANT EXECUTE ON PROCEDURE `mysqltest1`.`p1` TO `mysqluser10`@`localhost`
GRANT EXECUTE ON FUNCTION `mysqltest1`.`f1` TO `mysqluser10`@`localhost`
select db, routine_name, routine_type, proc_priv from mysql.procs_priv where user='mysqluser10' and host='localhost';
db routine_name routine_type proc_priv
mysqltest1 f1 FUNCTION Execute
mysqltest1 p1 PROCEDURE Execute
select db, table_name, table_priv from mysql.tables_priv where user='mysqluser10' and host='localhost';
db table_name table_priv
mysqltest1 t11 Select
mysqltest1 t22 Select
#
# Create connection 'bug_36544_con4' as 'mysqluser10@localhost'.
call mysqltest1.p1();
select mysqltest1.f1();
mysqltest1.f1()
0
select * from mysqltest1.t11;
i
select * from mysqltest1.t22;
i
#
# Switch to connection 'default'.
#
# Clean-up.
drop user mysqluser1@localhost;
drop user mysqluser10@localhost;
drop user mysqluser11@localhost;
drop database mysqltest1;
End of 5.0 tests
set names utf8;
Warnings:
Warning 3719 'utf8' is currently an alias for the character set UTF8MB3, but will be an alias for UTF8MB4 in a future release. Please consider using UTF8MB4 in order to be unambiguous.
create user юзер_юзер@localhost;
grant select on test.* to юзер_юзер@localhost;
user()
юзер_юзер@localhost
revoke all on test.* from юзер_юзер@localhost;
drop user юзер_юзер@localhost;
grant select on test.* to очень_длинный_юзер_very_long_user@localhost;
ERROR HY000: String 'очень_длинный_юзер_very_long_user' is too long for user name (should be no longer than 32)
set names default;
create database mysqltest;
use mysqltest;
create user mysqltest@localhost;
grant create on mysqltest.* to mysqltest@localhost;
create table t1 (i INT);
insert into t1 values (1);
ERROR 42000: INSERT command denied to user 'mysqltest'@'localhost' for table 't1'
create table t2 (i INT);
create table t4 (i INT);
grant select, insert on mysqltest.t2 to mysqltest@localhost;
grant insert on mysqltest.t4 to mysqltest@localhost;
grant create, insert on mysqltest.t5 to mysqltest@localhost;
grant create, insert on mysqltest.t6 to mysqltest@localhost;
flush privileges;
insert into t2 values (1);
create table if not exists t1 select * from t2;
ERROR 42000: INSERT command denied to user 'mysqltest'@'localhost' for table 't1'
create table if not exists t3 select * from t2;
ERROR 42000: INSERT command denied to user 'mysqltest'@'localhost' for table 't3'
create table if not exists t4 select * from t2;
Warnings:
Note 1050 Table 't4' already exists
create table if not exists t5 select * from t2;
create table t6 select * from t2;
create table t7 select * from t2;
ERROR 42000: INSERT command denied to user 'mysqltest'@'localhost' for table 't7'
create table t4 select * from t2;
ERROR 42S01: Table 't4' already exists
create table t1 select * from t2;
ERROR 42000: INSERT command denied to user 'mysqltest'@'localhost' for table 't1'
drop table t1,t2,t4,t5,t6;
revoke create on mysqltest.* from mysqltest@localhost;
revoke select, insert on mysqltest.t2 from mysqltest@localhost;
revoke insert on mysqltest.t4 from mysqltest@localhost;
revoke create, insert on mysqltest.t5 from mysqltest@localhost;
revoke create, insert on mysqltest.t6 from mysqltest@localhost;
drop user mysqltest@localhost;
drop database mysqltest;
use test;
call mtr.add_suppression("Can't open and lock privilege tables");
FLUSH PRIVILEGES without procs_priv table.
RENAME TABLE mysql.procs_priv TO mysql.procs_gone;
FLUSH PRIVILEGES;
ERROR 42S02: Table 'mysql.procs_priv' doesn't exist
Assigning privileges without procs_priv table.
CREATE DATABASE mysqltest1;
CREATE PROCEDURE mysqltest1.test() SQL SECURITY DEFINER
SELECT 1;
CREATE FUNCTION mysqltest1.test() RETURNS INT RETURN 1;
GRANT EXECUTE ON FUNCTION mysqltest1.test TO mysqltest_1@localhost;
ERROR 42S02: Table 'mysql.procs_priv' doesn't exist
GRANT ALL PRIVILEGES ON test.* TO mysqltest_1@localhost;
ERROR 42S02: Table 'mysql.procs_priv' doesn't exist
CALL mysqltest1.test();
1
1
DROP DATABASE mysqltest1;
RENAME TABLE mysql.procs_gone TO mysql.procs_priv;
FLUSH PRIVILEGES;
CREATE DATABASE dbbug33464;
CREATE USER 'userbug33464'@'localhost';
GRANT CREATE ROUTINE ON dbbug33464.* TO 'userbug33464'@'localhost';
userbug33464@localhost dbbug33464
CREATE PROCEDURE sp3(v1 char(20))
BEGIN
SELECT * from dbbug33464.t6 where t6.f2= 'xyz';
END//
CREATE FUNCTION fn1() returns char(50) SQL SECURITY INVOKER
BEGIN
return 1;
END//
CREATE FUNCTION fn2() returns char(50) SQL SECURITY DEFINER
BEGIN
return 2;
END//
USE dbbug33464;
root@localhost dbbug33464
SELECT fn1();
fn1()
1
SELECT fn2();
fn2()
2
DROP USER 'userbug33464'@'localhost';
DROP FUNCTION fn1;
DROP FUNCTION fn2;
DROP PROCEDURE sp3;
DROP USER 'userbug33464'@'localhost';
USE test;
DROP DATABASE dbbug33464;
SET @@global.log_bin_trust_function_creators= @old_log_bin_trust_function_creators;
CREATE USER user1@localhost;
CREATE USER user2;
GRANT CREATE ON db1.* TO 'user1'@'localhost';
GRANT CREATE ROUTINE ON db1.* TO 'user1'@'localhost';
GRANT CREATE ON db1.* TO 'user2'@'%';
GRANT CREATE ROUTINE ON db1.* TO 'user2'@'%';
FLUSH PRIVILEGES;
SHOW GRANTS FOR 'user1'@'localhost';
Grants for user1@localhost
GRANT USAGE ON *.* TO `user1`@`localhost`
GRANT CREATE, CREATE ROUTINE ON `db1`.* TO `user1`@`localhost`
** Connect as user1 and create a procedure.
** The creation will imply implicitly assigned
** EXECUTE and ALTER ROUTINE privileges to
** the current user user1@localhost.
SELECT @@GLOBAL.sql_mode;
@@GLOBAL.sql_mode
ONLY_FULL_GROUP_BY,STRICT_TRANS_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_ENGINE_SUBSTITUTION
SELECT @@SESSION.sql_mode;
@@SESSION.sql_mode
ONLY_FULL_GROUP_BY,STRICT_TRANS_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_ENGINE_SUBSTITUTION
CREATE DATABASE db1;
CREATE PROCEDURE db1.proc1(p1 INT)
BEGIN
SET @x = 0;
REPEAT SET @x = @x + 1; UNTIL @x > p1 END REPEAT;
END ;||
** Connect as user2 and create a procedure.
** Implicitly assignment of privileges will
** fail because the user2@localhost is an
** unknown user.
CREATE PROCEDURE db1.proc2(p1 INT)
BEGIN
SET @x = 0;
REPEAT SET @x = @x + 1; UNTIL @x > p1 END REPEAT;
END ;||
SHOW GRANTS FOR 'user1'@'localhost';
Grants for user1@localhost
GRANT USAGE ON *.* TO `user1`@`localhost`
GRANT CREATE, CREATE ROUTINE ON `db1`.* TO `user1`@`localhost`
GRANT EXECUTE, ALTER ROUTINE ON PROCEDURE `db1`.`proc1` TO `user1`@`localhost`
SHOW GRANTS FOR 'user2';
Grants for user2@%
GRANT USAGE ON *.* TO `user2`@`%`
GRANT CREATE, CREATE ROUTINE ON `db1`.* TO `user2`@`%`
GRANT EXECUTE, ALTER ROUTINE ON PROCEDURE `db1`.`proc2` TO `user2`@`%`
DROP PROCEDURE db1.proc1;
DROP PROCEDURE db1.proc2;
REVOKE ALL ON db1.* FROM 'user1'@'localhost';
REVOKE ALL ON db1.* FROM 'user2'@'%';
DROP USER 'user1'@'localhost';
DROP USER 'user2';
DROP DATABASE db1;
#
# Bug #25863 No database selected error, but documentation
# says * for global allowed
#
GRANT ALL ON * TO mysqltest_1;
ERROR 3D000: No database selected
CREATE USER mysqltest_1;
GRANT ALL ON *.* TO mysqltest_1;
SHOW GRANTS FOR mysqltest_1;
Grants for mysqltest_1@%
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, REPLICATION CLIENT, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, CREATE ROLE, DROP ROLE ON *.* TO `mysqltest_1`@`%`
GRANT APPLICATION_PASSWORD_ADMIN,AUDIT_ADMIN,BACKUP_ADMIN,BINLOG_ADMIN,BINLOG_ENCRYPTION_ADMIN,CLONE_ADMIN,CONNECTION_ADMIN,ENCRYPTION_KEY_ADMIN,GROUP_REPLICATION_ADMIN,INNODB_REDO_LOG_ARCHIVE,PERSIST_RO_VARIABLES_ADMIN,REPLICATION_APPLIER,REPLICATION_SLAVE_ADMIN,RESOURCE_GROUP_ADMIN,RESOURCE_GROUP_USER,ROLE_ADMIN,SERVICE_CONNECTION_ADMIN,SESSION_VARIABLES_ADMIN,SET_USER_ID,SYSTEM_USER,SYSTEM_VARIABLES_ADMIN,TABLE_ENCRYPTION_ADMIN,XA_RECOVER_ADMIN ON *.* TO `mysqltest_1`@`%`
DROP USER mysqltest_1;
USE test;
CREATE USER mysqltest_1;
GRANT ALL ON * TO mysqltest_1;
SHOW GRANTS FOR mysqltest_1;
Grants for mysqltest_1@%
GRANT USAGE ON *.* TO `mysqltest_1`@`%`
GRANT ALL PRIVILEGES ON `test`.* TO `mysqltest_1`@`%`
DROP USER mysqltest_1;
CREATE USER mysqltest_1;
GRANT ALL ON *.* TO mysqltest_1;
SHOW GRANTS FOR mysqltest_1;
Grants for mysqltest_1@%
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, REPLICATION CLIENT, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, CREATE ROLE, DROP ROLE ON *.* TO `mysqltest_1`@`%`
GRANT APPLICATION_PASSWORD_ADMIN,AUDIT_ADMIN,BACKUP_ADMIN,BINLOG_ADMIN,BINLOG_ENCRYPTION_ADMIN,CLONE_ADMIN,CONNECTION_ADMIN,ENCRYPTION_KEY_ADMIN,GROUP_REPLICATION_ADMIN,INNODB_REDO_LOG_ARCHIVE,PERSIST_RO_VARIABLES_ADMIN,REPLICATION_APPLIER,REPLICATION_SLAVE_ADMIN,RESOURCE_GROUP_ADMIN,RESOURCE_GROUP_USER,ROLE_ADMIN,SERVICE_CONNECTION_ADMIN,SESSION_VARIABLES_ADMIN,SET_USER_ID,SYSTEM_USER,SYSTEM_VARIABLES_ADMIN,TABLE_ENCRYPTION_ADMIN,XA_RECOVER_ADMIN ON *.* TO `mysqltest_1`@`%`
DROP USER mysqltest_1;
CREATE DATABASE db1;
CREATE DATABASE db2;
CREATE USER 'testbug'@localhost;
GRANT SELECT ON db1.* to 'testbug'@localhost;
USE db2;
CREATE TABLE t1 (a INT);
USE test;
SELECT * FROM `../db2/tb2`;
ERROR 42S02: Table 'db1.../db2/tb2' doesn't exist
SELECT * FROM `../db2`.tb2;
ERROR 42000: SELECT command denied to user 'testbug'@'localhost' for table 'tb2'
SELECT * FROM `#mysql50#/../db2/tb2`;
ERROR 42S02: Table 'db1.#mysql50#/../db2/tb2' doesn't exist
DROP USER 'testbug'@localhost;
DROP TABLE db2.t1;
DROP DATABASE db1;
DROP DATABASE db2;
#
# Bug #36742
#
create user myuser@Localhost identified by 'foo';
grant usage on Foo.* to myuser@Localhost;
grant select on Foo.* to myuser@localhost;
select host,user from mysql.user where User='myuser';
host user
localhost myuser
revoke select on Foo.* from myuser@localhost;
delete from mysql.user where User='myuser';
flush privileges;
#########################################################################
#
# Bug#38347: ALTER ROUTINE privilege allows SHOW CREATE TABLE.
#
#########################################################################
# --
# -- Prepare the environment.
# --
DELETE FROM mysql.user WHERE User LIKE 'mysqltest_%';
DELETE FROM mysql.db WHERE User LIKE 'mysqltest_%';
DELETE FROM mysql.tables_priv WHERE User LIKE 'mysqltest_%';
DELETE FROM mysql.columns_priv WHERE User LIKE 'mysqltest_%';
FLUSH PRIVILEGES;
DROP DATABASE IF EXISTS mysqltest_db1;
CREATE DATABASE mysqltest_db1;
CREATE TABLE mysqltest_db1.t1(a INT);
# --
# -- Check that following privileges don't allow SHOW CREATE TABLE.
# --
CREATE USER mysqltest_u1@localhost;
GRANT EVENT ON mysqltest_db1.* TO mysqltest_u1@localhost;
GRANT CREATE TEMPORARY TABLES ON mysqltest_db1.* TO mysqltest_u1@localhost;
GRANT LOCK TABLES ON mysqltest_db1.* TO mysqltest_u1@localhost;
GRANT ALTER ROUTINE ON mysqltest_db1.* TO mysqltest_u1@localhost;
GRANT CREATE ROUTINE ON mysqltest_db1.* TO mysqltest_u1@localhost;
GRANT EXECUTE ON mysqltest_db1.* TO mysqltest_u1@localhost;
GRANT GRANT OPTION ON mysqltest_db1.* TO mysqltest_u1@localhost;
GRANT GRANT OPTION ON mysqltest_db1.t1 TO mysqltest_u1@localhost;
GRANT FILE ON *.* TO mysqltest_u1@localhost;
GRANT CREATE USER ON *.* TO mysqltest_u1@localhost;
GRANT PROCESS ON *.* TO mysqltest_u1@localhost;
GRANT RELOAD ON *.* TO mysqltest_u1@localhost;
GRANT REPLICATION CLIENT ON *.* TO mysqltest_u1@localhost;
GRANT REPLICATION SLAVE ON *.* TO mysqltest_u1@localhost;
GRANT SHOW DATABASES ON *.* TO mysqltest_u1@localhost;
GRANT SHUTDOWN ON *.* TO mysqltest_u1@localhost;
GRANT USAGE ON *.* TO mysqltest_u1@localhost;
SHOW GRANTS FOR mysqltest_u1@localhost;
Grants for mysqltest_u1@localhost
GRANT RELOAD, SHUTDOWN, PROCESS, FILE, SHOW DATABASES, REPLICATION SLAVE, REPLICATION CLIENT, CREATE USER ON *.* TO `mysqltest_u1`@`localhost`
GRANT CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, CREATE ROUTINE, ALTER ROUTINE, EVENT ON `mysqltest_db1`.* TO `mysqltest_u1`@`localhost` WITH GRANT OPTION
GRANT USAGE ON `mysqltest_db1`.`t1` TO `mysqltest_u1`@`localhost` WITH GRANT OPTION
# connection: con1 (mysqltest_u1@mysqltest_db1)
SHOW CREATE TABLE t1;
ERROR 42000: SHOW command denied to user 'mysqltest_u1'@'localhost' for table 't1'
# connection: default
REVOKE ALL PRIVILEGES, GRANT OPTION FROM mysqltest_u1@localhost;
SHOW GRANTS FOR mysqltest_u1@localhost;
Grants for mysqltest_u1@localhost
GRANT USAGE ON *.* TO `mysqltest_u1`@`localhost`
# --
# -- Check that DB-level SELECT allows SHOW CREATE TABLE.
# --
GRANT SELECT ON mysqltest_db1.* TO mysqltest_u1@localhost;
SHOW GRANTS FOR mysqltest_u1@localhost;
Grants for mysqltest_u1@localhost
GRANT USAGE ON *.* TO `mysqltest_u1`@`localhost`
GRANT SELECT ON `mysqltest_db1`.* TO `mysqltest_u1`@`localhost`
# connection: con1 (mysqltest_u1@mysqltest_db1)
SHOW CREATE TABLE t1;
Table Create Table
t1 CREATE TABLE `t1` (
`a` int(11) DEFAULT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci
# connection: default
REVOKE ALL PRIVILEGES, GRANT OPTION FROM mysqltest_u1@localhost;
SHOW GRANTS FOR mysqltest_u1@localhost;
Grants for mysqltest_u1@localhost
GRANT USAGE ON *.* TO `mysqltest_u1`@`localhost`
# --
# -- Check that DB-level INSERT allows SHOW CREATE TABLE.
# --
GRANT INSERT ON mysqltest_db1.* TO mysqltest_u1@localhost;
SHOW GRANTS FOR mysqltest_u1@localhost;
Grants for mysqltest_u1@localhost
GRANT USAGE ON *.* TO `mysqltest_u1`@`localhost`
GRANT INSERT ON `mysqltest_db1`.* TO `mysqltest_u1`@`localhost`
# connection: con1 (mysqltest_u1@mysqltest_db1)
SHOW CREATE TABLE t1;
Table Create Table
t1 CREATE TABLE `t1` (
`a` int(11) DEFAULT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci
# connection: default
REVOKE ALL PRIVILEGES, GRANT OPTION FROM mysqltest_u1@localhost;
SHOW GRANTS FOR mysqltest_u1@localhost;
Grants for mysqltest_u1@localhost
GRANT USAGE ON *.* TO `mysqltest_u1`@`localhost`
# --
# -- Check that DB-level UPDATE allows SHOW CREATE TABLE.
# --
GRANT UPDATE ON mysqltest_db1.* TO mysqltest_u1@localhost;
SHOW GRANTS FOR mysqltest_u1@localhost;
Grants for mysqltest_u1@localhost
GRANT USAGE ON *.* TO `mysqltest_u1`@`localhost`
GRANT UPDATE ON `mysqltest_db1`.* TO `mysqltest_u1`@`localhost`
# connection: con1 (mysqltest_u1@mysqltest_db1)
SHOW CREATE TABLE t1;
Table Create Table
t1 CREATE TABLE `t1` (
`a` int(11) DEFAULT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci
# connection: default
REVOKE ALL PRIVILEGES, GRANT OPTION FROM mysqltest_u1@localhost;
SHOW GRANTS FOR mysqltest_u1@localhost;
Grants for mysqltest_u1@localhost
GRANT USAGE ON *.* TO `mysqltest_u1`@`localhost`
# --
# -- Check that DB-level DELETE allows SHOW CREATE TABLE.
# --
GRANT DELETE ON mysqltest_db1.* TO mysqltest_u1@localhost;
SHOW GRANTS FOR mysqltest_u1@localhost;
Grants for mysqltest_u1@localhost
GRANT USAGE ON *.* TO `mysqltest_u1`@`localhost`
GRANT DELETE ON `mysqltest_db1`.* TO `mysqltest_u1`@`localhost`
# connection: con1 (mysqltest_u1@mysqltest_db1)
SHOW CREATE TABLE t1;
Table Create Table
t1 CREATE TABLE `t1` (
`a` int(11) DEFAULT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci
# connection: default
REVOKE ALL PRIVILEGES, GRANT OPTION FROM mysqltest_u1@localhost;
SHOW GRANTS FOR mysqltest_u1@localhost;
Grants for mysqltest_u1@localhost
GRANT USAGE ON *.* TO `mysqltest_u1`@`localhost`
# --
# -- Check that DB-level CREATE allows SHOW CREATE TABLE.
# --
GRANT CREATE ON mysqltest_db1.* TO mysqltest_u1@localhost;
SHOW GRANTS FOR mysqltest_u1@localhost;
Grants for mysqltest_u1@localhost
GRANT USAGE ON *.* TO `mysqltest_u1`@`localhost`
GRANT CREATE ON `mysqltest_db1`.* TO `mysqltest_u1`@`localhost`
# connection: con1 (mysqltest_u1@mysqltest_db1)
SHOW CREATE TABLE t1;
Table Create Table
t1 CREATE TABLE `t1` (
`a` int(11) DEFAULT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci
# connection: default
REVOKE ALL PRIVILEGES, GRANT OPTION FROM mysqltest_u1@localhost;
SHOW GRANTS FOR mysqltest_u1@localhost;
Grants for mysqltest_u1@localhost
GRANT USAGE ON *.* TO `mysqltest_u1`@`localhost`
# --
# -- Check that DB-level DROP allows SHOW CREATE TABLE.
# --
GRANT DROP ON mysqltest_db1.* TO mysqltest_u1@localhost;
SHOW GRANTS FOR mysqltest_u1@localhost;
Grants for mysqltest_u1@localhost
GRANT USAGE ON *.* TO `mysqltest_u1`@`localhost`
GRANT DROP ON `mysqltest_db1`.* TO `mysqltest_u1`@`localhost`
# connection: con1 (mysqltest_u1@mysqltest_db1)
SHOW CREATE TABLE t1;
Table Create Table
t1 CREATE TABLE `t1` (
`a` int(11) DEFAULT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci
# connection: default
REVOKE ALL PRIVILEGES, GRANT OPTION FROM mysqltest_u1@localhost;
SHOW GRANTS FOR mysqltest_u1@localhost;
Grants for mysqltest_u1@localhost
GRANT USAGE ON *.* TO `mysqltest_u1`@`localhost`
# --
# -- Check that DB-level ALTER allows SHOW CREATE TABLE.
# --
GRANT ALTER ON mysqltest_db1.* TO mysqltest_u1@localhost;
SHOW GRANTS FOR mysqltest_u1@localhost;
Grants for mysqltest_u1@localhost
GRANT USAGE ON *.* TO `mysqltest_u1`@`localhost`
GRANT ALTER ON `mysqltest_db1`.* TO `mysqltest_u1`@`localhost`
# connection: con1 (mysqltest_u1@mysqltest_db1)
SHOW CREATE TABLE t1;
Table Create Table
t1 CREATE TABLE `t1` (
`a` int(11) DEFAULT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci
# connection: default
REVOKE ALL PRIVILEGES, GRANT OPTION FROM mysqltest_u1@localhost;
SHOW GRANTS FOR mysqltest_u1@localhost;
Grants for mysqltest_u1@localhost
GRANT USAGE ON *.* TO `mysqltest_u1`@`localhost`
# --
# -- Check that DB-level INDEX allows SHOW CREATE TABLE.
# --
GRANT INDEX ON mysqltest_db1.* TO mysqltest_u1@localhost;
SHOW GRANTS FOR mysqltest_u1@localhost;
Grants for mysqltest_u1@localhost
GRANT USAGE ON *.* TO `mysqltest_u1`@`localhost`
GRANT INDEX ON `mysqltest_db1`.* TO `mysqltest_u1`@`localhost`
# connection: con1 (mysqltest_u1@mysqltest_db1)
SHOW CREATE TABLE t1;
Table Create Table
t1 CREATE TABLE `t1` (
`a` int(11) DEFAULT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci
# connection: default
REVOKE ALL PRIVILEGES, GRANT OPTION FROM mysqltest_u1@localhost;
SHOW GRANTS FOR mysqltest_u1@localhost;
Grants for mysqltest_u1@localhost
GRANT USAGE ON *.* TO `mysqltest_u1`@`localhost`
# --
# -- Check that DB-level REFERENCES allows SHOW CREATE TABLE.
# --
GRANT REFERENCES ON mysqltest_db1.* TO mysqltest_u1@localhost;
SHOW GRANTS FOR mysqltest_u1@localhost;
Grants for mysqltest_u1@localhost
GRANT USAGE ON *.* TO `mysqltest_u1`@`localhost`
GRANT REFERENCES ON `mysqltest_db1`.* TO `mysqltest_u1`@`localhost`
# connection: con1 (mysqltest_u1@mysqltest_db1)
SHOW CREATE TABLE t1;
Table Create Table
t1 CREATE TABLE `t1` (
`a` int(11) DEFAULT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci
# connection: default
REVOKE ALL PRIVILEGES, GRANT OPTION FROM mysqltest_u1@localhost;
SHOW GRANTS FOR mysqltest_u1@localhost;
Grants for mysqltest_u1@localhost
GRANT USAGE ON *.* TO `mysqltest_u1`@`localhost`
# --
# -- Check that DB-level CREATE VIEW allows SHOW CREATE TABLE.
# --
GRANT CREATE VIEW ON mysqltest_db1.* TO mysqltest_u1@localhost;
SHOW GRANTS FOR mysqltest_u1@localhost;
Grants for mysqltest_u1@localhost
GRANT USAGE ON *.* TO `mysqltest_u1`@`localhost`
GRANT CREATE VIEW ON `mysqltest_db1`.* TO `mysqltest_u1`@`localhost`
# connection: con1 (mysqltest_u1@mysqltest_db1)
SHOW CREATE TABLE t1;
Table Create Table
t1 CREATE TABLE `t1` (
`a` int(11) DEFAULT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci
# connection: default
REVOKE ALL PRIVILEGES, GRANT OPTION FROM mysqltest_u1@localhost;
SHOW GRANTS FOR mysqltest_u1@localhost;
Grants for mysqltest_u1@localhost
GRANT USAGE ON *.* TO `mysqltest_u1`@`localhost`
# --
# -- Check that DB-level SHOW VIEW allows SHOW CREATE TABLE.
# --
GRANT SHOW VIEW ON mysqltest_db1.* TO mysqltest_u1@localhost;
SHOW GRANTS FOR mysqltest_u1@localhost;
Grants for mysqltest_u1@localhost
GRANT USAGE ON *.* TO `mysqltest_u1`@`localhost`
GRANT SHOW VIEW ON `mysqltest_db1`.* TO `mysqltest_u1`@`localhost`
# connection: con1 (mysqltest_u1@mysqltest_db1)
SHOW CREATE TABLE t1;
Table Create Table
t1 CREATE TABLE `t1` (
`a` int(11) DEFAULT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci
# connection: default
REVOKE ALL PRIVILEGES, GRANT OPTION FROM mysqltest_u1@localhost;
SHOW GRANTS FOR mysqltest_u1@localhost;
Grants for mysqltest_u1@localhost
GRANT USAGE ON *.* TO `mysqltest_u1`@`localhost`
# --
# -- Check that table-level SELECT allows SHOW CREATE TABLE.
# --
GRANT SELECT ON mysqltest_db1.t1 TO mysqltest_u1@localhost;
SHOW GRANTS FOR mysqltest_u1@localhost;
Grants for mysqltest_u1@localhost
GRANT USAGE ON *.* TO `mysqltest_u1`@`localhost`
GRANT SELECT ON `mysqltest_db1`.`t1` TO `mysqltest_u1`@`localhost`
# connection: con1 (mysqltest_u1@mysqltest_db1)
SHOW CREATE TABLE t1;
Table Create Table
t1 CREATE TABLE `t1` (
`a` int(11) DEFAULT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci
# connection: default
REVOKE ALL PRIVILEGES, GRANT OPTION FROM mysqltest_u1@localhost;
SHOW GRANTS FOR mysqltest_u1@localhost;
Grants for mysqltest_u1@localhost
GRANT USAGE ON *.* TO `mysqltest_u1`@`localhost`
# --
# -- Check that table-level INSERT allows SHOW CREATE TABLE.
# --
GRANT INSERT ON mysqltest_db1.t1 TO mysqltest_u1@localhost;
SHOW GRANTS FOR mysqltest_u1@localhost;
Grants for mysqltest_u1@localhost
GRANT USAGE ON *.* TO `mysqltest_u1`@`localhost`
GRANT INSERT ON `mysqltest_db1`.`t1` TO `mysqltest_u1`@`localhost`
# connection: con1 (mysqltest_u1@mysqltest_db1)
SHOW CREATE TABLE t1;
Table Create Table
t1 CREATE TABLE `t1` (
`a` int(11) DEFAULT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci
# connection: default
REVOKE ALL PRIVILEGES, GRANT OPTION FROM mysqltest_u1@localhost;
SHOW GRANTS FOR mysqltest_u1@localhost;
Grants for mysqltest_u1@localhost
GRANT USAGE ON *.* TO `mysqltest_u1`@`localhost`
# --
# -- Check that table-level UPDATE allows SHOW CREATE TABLE.
# --
GRANT UPDATE ON mysqltest_db1.t1 TO mysqltest_u1@localhost;
SHOW GRANTS FOR mysqltest_u1@localhost;
Grants for mysqltest_u1@localhost
GRANT USAGE ON *.* TO `mysqltest_u1`@`localhost`
GRANT UPDATE ON `mysqltest_db1`.`t1` TO `mysqltest_u1`@`localhost`
# connection: con1 (mysqltest_u1@mysqltest_db1)
SHOW CREATE TABLE t1;
Table Create Table
t1 CREATE TABLE `t1` (
`a` int(11) DEFAULT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci
# connection: default
REVOKE ALL PRIVILEGES, GRANT OPTION FROM mysqltest_u1@localhost;
SHOW GRANTS FOR mysqltest_u1@localhost;
Grants for mysqltest_u1@localhost
GRANT USAGE ON *.* TO `mysqltest_u1`@`localhost`
# --
# -- Check that table-level DELETE allows SHOW CREATE TABLE.
# --
GRANT DELETE ON mysqltest_db1.t1 TO mysqltest_u1@localhost;
SHOW GRANTS FOR mysqltest_u1@localhost;
Grants for mysqltest_u1@localhost
GRANT USAGE ON *.* TO `mysqltest_u1`@`localhost`
GRANT DELETE ON `mysqltest_db1`.`t1` TO `mysqltest_u1`@`localhost`
# connection: con1 (mysqltest_u1@mysqltest_db1)
SHOW CREATE TABLE t1;
Table Create Table
t1 CREATE TABLE `t1` (
`a` int(11) DEFAULT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci
# connection: default
REVOKE ALL PRIVILEGES, GRANT OPTION FROM mysqltest_u1@localhost;
SHOW GRANTS FOR mysqltest_u1@localhost;
Grants for mysqltest_u1@localhost
GRANT USAGE ON *.* TO `mysqltest_u1`@`localhost`
# --
# -- Check that table-level CREATE allows SHOW CREATE TABLE.
# --
GRANT CREATE ON mysqltest_db1.t1 TO mysqltest_u1@localhost;
SHOW GRANTS FOR mysqltest_u1@localhost;
Grants for mysqltest_u1@localhost
GRANT USAGE ON *.* TO `mysqltest_u1`@`localhost`
GRANT CREATE ON `mysqltest_db1`.`t1` TO `mysqltest_u1`@`localhost`
# connection: con1 (mysqltest_u1@mysqltest_db1)
SHOW CREATE TABLE t1;
Table Create Table
t1 CREATE TABLE `t1` (
`a` int(11) DEFAULT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci
# connection: default
REVOKE ALL PRIVILEGES, GRANT OPTION FROM mysqltest_u1@localhost;
SHOW GRANTS FOR mysqltest_u1@localhost;
Grants for mysqltest_u1@localhost
GRANT USAGE ON *.* TO `mysqltest_u1`@`localhost`
# --
# -- Check that table-level DROP allows SHOW CREATE TABLE.
# --
GRANT DROP ON mysqltest_db1.t1 TO mysqltest_u1@localhost;
SHOW GRANTS FOR mysqltest_u1@localhost;
Grants for mysqltest_u1@localhost
GRANT USAGE ON *.* TO `mysqltest_u1`@`localhost`
GRANT DROP ON `mysqltest_db1`.`t1` TO `mysqltest_u1`@`localhost`
# connection: con1 (mysqltest_u1@mysqltest_db1)
SHOW CREATE TABLE t1;
Table Create Table
t1 CREATE TABLE `t1` (
`a` int(11) DEFAULT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci
# connection: default
REVOKE ALL PRIVILEGES, GRANT OPTION FROM mysqltest_u1@localhost;
SHOW GRANTS FOR mysqltest_u1@localhost;
Grants for mysqltest_u1@localhost
GRANT USAGE ON *.* TO `mysqltest_u1`@`localhost`
# --
# -- Check that table-level ALTER allows SHOW CREATE TABLE.
# --
GRANT ALTER ON mysqltest_db1.t1 TO mysqltest_u1@localhost;
SHOW GRANTS FOR mysqltest_u1@localhost;
Grants for mysqltest_u1@localhost
GRANT USAGE ON *.* TO `mysqltest_u1`@`localhost`
GRANT ALTER ON `mysqltest_db1`.`t1` TO `mysqltest_u1`@`localhost`
# connection: con1 (mysqltest_u1@mysqltest_db1)
SHOW CREATE TABLE t1;
Table Create Table
t1 CREATE TABLE `t1` (
`a` int(11) DEFAULT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci
# connection: default
REVOKE ALL PRIVILEGES, GRANT OPTION FROM mysqltest_u1@localhost;
SHOW GRANTS FOR mysqltest_u1@localhost;
Grants for mysqltest_u1@localhost
GRANT USAGE ON *.* TO `mysqltest_u1`@`localhost`
# --
# -- Check that table-level INDEX allows SHOW CREATE TABLE.
# --
GRANT INDEX ON mysqltest_db1.t1 TO mysqltest_u1@localhost;
SHOW GRANTS FOR mysqltest_u1@localhost;
Grants for mysqltest_u1@localhost
GRANT USAGE ON *.* TO `mysqltest_u1`@`localhost`
GRANT INDEX ON `mysqltest_db1`.`t1` TO `mysqltest_u1`@`localhost`
# connection: con1 (mysqltest_u1@mysqltest_db1)
SHOW CREATE TABLE t1;
Table Create Table
t1 CREATE TABLE `t1` (
`a` int(11) DEFAULT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci
# connection: default
REVOKE ALL PRIVILEGES, GRANT OPTION FROM mysqltest_u1@localhost;
SHOW GRANTS FOR mysqltest_u1@localhost;
Grants for mysqltest_u1@localhost
GRANT USAGE ON *.* TO `mysqltest_u1`@`localhost`
# --
# -- Check that table-level REFERENCES allows SHOW CREATE TABLE.
# --
GRANT REFERENCES ON mysqltest_db1.t1 TO mysqltest_u1@localhost;
SHOW GRANTS FOR mysqltest_u1@localhost;
Grants for mysqltest_u1@localhost
GRANT USAGE ON *.* TO `mysqltest_u1`@`localhost`
GRANT REFERENCES ON `mysqltest_db1`.`t1` TO `mysqltest_u1`@`localhost`
# connection: con1 (mysqltest_u1@mysqltest_db1)
SHOW CREATE TABLE t1;
Table Create Table
t1 CREATE TABLE `t1` (
`a` int(11) DEFAULT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci
# connection: default
REVOKE ALL PRIVILEGES, GRANT OPTION FROM mysqltest_u1@localhost;
SHOW GRANTS FOR mysqltest_u1@localhost;
Grants for mysqltest_u1@localhost
GRANT USAGE ON *.* TO `mysqltest_u1`@`localhost`
# --
# -- Check that table-level CREATE VIEW allows SHOW CREATE TABLE.
# --
GRANT CREATE VIEW ON mysqltest_db1.t1 TO mysqltest_u1@localhost;
SHOW GRANTS FOR mysqltest_u1@localhost;
Grants for mysqltest_u1@localhost
GRANT USAGE ON *.* TO `mysqltest_u1`@`localhost`
GRANT CREATE VIEW ON `mysqltest_db1`.`t1` TO `mysqltest_u1`@`localhost`
# connection: con1 (mysqltest_u1@mysqltest_db1)
SHOW CREATE TABLE t1;
Table Create Table
t1 CREATE TABLE `t1` (
`a` int(11) DEFAULT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci
# connection: default
REVOKE ALL PRIVILEGES, GRANT OPTION FROM mysqltest_u1@localhost;
SHOW GRANTS FOR mysqltest_u1@localhost;
Grants for mysqltest_u1@localhost
GRANT USAGE ON *.* TO `mysqltest_u1`@`localhost`
# --
# -- Check that table-level SHOW VIEW allows SHOW CREATE TABLE.
# --
GRANT SHOW VIEW ON mysqltest_db1.t1 TO mysqltest_u1@localhost;
SHOW GRANTS FOR mysqltest_u1@localhost;
Grants for mysqltest_u1@localhost
GRANT USAGE ON *.* TO `mysqltest_u1`@`localhost`
GRANT SHOW VIEW ON `mysqltest_db1`.`t1` TO `mysqltest_u1`@`localhost`
# connection: con1 (mysqltest_u1@mysqltest_db1)
SHOW CREATE TABLE t1;
Table Create Table
t1 CREATE TABLE `t1` (
`a` int(11) DEFAULT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci
# connection: default
REVOKE ALL PRIVILEGES, GRANT OPTION FROM mysqltest_u1@localhost;
SHOW GRANTS FOR mysqltest_u1@localhost;
Grants for mysqltest_u1@localhost
GRANT USAGE ON *.* TO `mysqltest_u1`@`localhost`
# --
# -- Cleanup.
# --
DROP DATABASE mysqltest_db1;
DROP USER mysqltest_u1@localhost;
# End of Bug#38347.
#
# BUG#11759114 - '51401: GRANT TREATS NONEXISTENT FUNCTIONS/PRIVILEGES
# DIFFERENTLY'.
#
drop database if exists mysqltest_db1;
create database mysqltest_db1;
create user mysqltest_u1;
# Both GRANT statements below should fail with the same error.
grant execute on function mysqltest_db1.f1 to mysqltest_u1;
ERROR 42000: FUNCTION f1 does not exist
grant execute on procedure mysqltest_db1.p1 to mysqltest_u1;
ERROR 42000: PROCEDURE p1 does not exist
# Let us show that GRANT behaviour for routines is consistent
# with GRANT behaviour for tables. Attempt to grant privilege
# on non-existent table also results in an error.
grant select on mysqltest_db1.t1 to mysqltest_u1;
ERROR 42S02: Table 'mysqltest_db1.t1' doesn't exist
show grants for mysqltest_u1;
Grants for mysqltest_u1@%
GRANT USAGE ON *.* TO `mysqltest_u1`@`%`
drop database mysqltest_db1;
drop user mysqltest_u1;
#
# Bug#11756966 - 48958: STORED PROCEDURES CAN BE LEVERAGED TO BYPASS
# DATABASE SECURITY
#
DROP DATABASE IF EXISTS secret;
DROP DATABASE IF EXISTS no_such_db;
CREATE DATABASE secret;
CREATE USER 'untrusted'@localhost;
GRANT USAGE ON *.* TO 'untrusted'@localhost;
# Connection con1
SHOW GRANTS;
Grants for untrusted@localhost
GRANT USAGE ON *.* TO `untrusted`@`localhost`
SHOW DATABASES;
Database
information_schema
test
# Both statements below should fail with the same error.
# They used to give different errors, thereby
# hinting that the secret database exists.
CREATE PROCEDURE no_such_db.foo() BEGIN END;
ERROR 42000: Access denied for user 'untrusted'@'localhost' to database 'no_such_db'
CREATE PROCEDURE secret.peek_at_secret() BEGIN END;
ERROR 42000: Access denied for user 'untrusted'@'localhost' to database 'secret'
# Connection default
DROP USER 'untrusted'@localhost;
DROP DATABASE secret;
#
# Bug#12766319 - 61865: RENAME USER DOES NOT WORK CORRECTLY -
# REQUIRES FLUSH PRIVILEGES
#
CREATE USER foo@'127.0.0.1';
GRANT ALL ON *.* TO foo@'127.0.0.1';
# First attempt, should connect successfully
SELECT user(), current_user();
user() current_user()
foo@localhost foo@127.0.0.1
# Rename the user
RENAME USER foo@'127.0.0.1' to foo@'127.0.0.0/255.0.0.0';
# Second attempt, should connect successfully as its valid mask
# This was failing without fix
SELECT user(), current_user();
user() current_user()
foo@localhost foo@127.0.0.0/255.0.0.0
# Rename the user back to original
RENAME USER foo@'127.0.0.0/255.0.0.0' to foo@'127.0.0.1';
# Third attempt, should connect successfully
SELECT user(), current_user();
user() current_user()
foo@localhost foo@127.0.0.1
# Clean-up
DROP USER foo@'127.0.0.1';
# End of Bug#12766319
#
# WL#7131: Add timestamp in mysql.user on the last time the
# password was changed and implement password rotation.
#
SET @saved_value = @@global.default_password_lifetime;
SET GLOBAL default_password_lifetime = 2;
SHOW VARIABLES LIKE 'default_password_lifetime';
Variable_name Value
default_password_lifetime 2
CREATE USER 'wl7131' IDENTIFIED BY 'wl7131';
# This should report 1.
SELECT (SELECT now()-(SELECT password_last_changed from mysql.user where user='wl7131')) <= 2;
(SELECT now()-(SELECT password_last_changed from mysql.user where user='wl7131')) <= 2
1
UPDATE mysql.user SET password_last_changed = (now() - INTERVAL 3 DAY) where user='wl7131';
FLUSH PRIVILEGES;
# Attempt to execute query should fail
mysql: [Warning] Using a password on the command line interface can be insecure.
Please use --connect-expired-password option or invoke mysql in interactive mode.
# Doing something should fail
SELECT 1;
ERROR HY000: You must reset your password using ALTER USER statement before executing this statement.
# Setting password should work
ALTER USER wl7131 IDENTIFIED BY 'new_wl7131';
# Doing something should pass
SELECT 1;
1
1
# Reconnecting with same user should pass now
SELECT 1;
1
1
DROP USER 'wl7131';
CREATE USER 'wl7131' IDENTIFIED BY 'wl7131';
# Issue alter user and check the value of
# password_lifetime column
ALTER USER 'wl7131' PASSWORD EXPIRE NEVER;
# This should report 0
SELECT password_lifetime FROM mysql.user where user='wl7131';
password_lifetime
0
UPDATE mysql.user SET password_last_changed = (now() - INTERVAL 5 DAY) where user='wl7131';
FLUSH PRIVILEGES;
# This should pass as password is never expired.
mysql: [Warning] Using a password on the command line interface can be insecure.
ALTER USER 'wl7131' PASSWORD EXPIRE DEFAULT;
# This should report NULL
SELECT password_lifetime FROM mysql.user where user='wl7131';
password_lifetime
NULL
# This should not pass as default_password_lifetime
# (which is 2 now) is being used.
mysql: [Warning] Using a password on the command line interface can be insecure.
Please use --connect-expired-password option or invoke mysql in interactive mode.
SET GLOBAL default_password_lifetime = 0;
ALTER USER 'wl7131' PASSWORD EXPIRE INTERVAL 4 DAY;
# Should report 4
SELECT password_lifetime FROM mysql.user where user='wl7131';
password_lifetime
4
# This should not pass.
mysql: [Warning] Using a password on the command line interface can be insecure.
Please use --connect-expired-password option or invoke mysql in interactive mode.
SET GLOBAL default_password_lifetime = @saved_value;
ALTER USER 'wl7131' PASSWORD EXPIRE INTERVAL 6 DAY;
# Should report 6
select password_lifetime from mysql.user where user='wl7131';
password_lifetime
6
# This should pass.
mysql: [Warning] Using a password on the command line interface can be insecure.
DROP USER 'wl7131';
CREATE USER 'wl7131';
# This should not report NULL
'DTVALUE' IS NOT NULL
1
ALTER USER 'wl7131' REQUIRE SSL;
# This should report 0 as it must have the same value as above
TIMESTAMPDIFF(SECOND,'DTVALUE','DTVALUE') <> 0
0
# Should report errors
ALTER USER 'wl7131' PASSWORD EXPIRE INTERVAL -2 DAY;
ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '-2 DAY' at line 1
ALTER USER 'wl7131' PASSWORD EXPIRE INTERVAL 0 DAY;
ERROR HY000: Incorrect DAY value: '0'
ALTER USER 'wl7131' PASSWORD EXPIRE INTERVAL 65536 DAY;
ERROR HY000: Incorrect DAY value: '65536'
# Setting an empty password. It should update the timestamp column.
ALTER USER 'wl7131' IDENTIFIED BY '';
# This should report 1.
SELECT (SELECT now()-(SELECT password_last_changed from mysql.user where user='wl7131')) <= 2;
(SELECT now()-(SELECT password_last_changed from mysql.user where user='wl7131')) <= 2
1
DROP USER 'wl7131';
CREATE USER 'wl7131'@'localhost' IDENTIFIED BY 'wl7131';
# Must report 1
SELECT (SELECT password_last_changed FROM mysql.user where user='wl7131') IS NOT NULL;
(SELECT password_last_changed FROM mysql.user where user='wl7131') IS NOT NULL
1
DROP USER 'wl7131'@'localhost';
# mysql.user table restored to original values.
set GLOBAL sql_mode= @orig_sql_mode_global;
set SESSION sql_mode= @orig_sql_mode_session;
#
# WL#2284: Increase the length of a user name
#
CREATE TABLE t1 (
int_field INTEGER UNSIGNED NOT NULL,
char_field CHAR(10),
INDEX(`int_field`)
);
CREATE PROCEDURE p1() SELECT b FROM t1;
CREATE USER user_name_len_16@localhost;
CREATE USER user_name_len_22_01234@localhost;
CREATE USER user_name_len_32_012345678901234@localhost;
CREATE USER user_name_len_33_0123456789012345@localhost;
ERROR HY000: String 'user_name_len_33_0123456789012345' is too long for user name (should be no longer than 32)
CREATE USER user_name_len_40_01234567890123456789012@localhost;
ERROR HY000: String 'user_name_len_40_01234567890123456789012' is too long for user name (should be no longer than 32)
GRANT CREATE ON mysqltest.* TO user_name_len_16@localhost;
GRANT CREATE ON mysqltest.* TO user_name_len_22_01234@localhost;
GRANT CREATE ON mysqltest.* TO user_name_len_32_012345678901234@localhost;
GRANT CREATE ON mysqltest.* TO user_name_len_33_0123456789012345@localhost;
ERROR HY000: String 'user_name_len_33_0123456789012345' is too long for user name (should be no longer than 32)
GRANT CREATE ON mysqltest.* TO user_name_len_40_01234567890123456789012@localhost;
ERROR HY000: String 'user_name_len_40_01234567890123456789012' is too long for user name (should be no longer than 32)
REVOKE CREATE ON mysqltest.* FROM user_name_len_16@localhost;
REVOKE CREATE ON mysqltest.* FROM user_name_len_22_01234@localhost;
REVOKE CREATE ON mysqltest.* FROM user_name_len_32_012345678901234@localhost;
REVOKE CREATE ON mysqltest.* FROM user_name_len_33_0123456789012345@localhost;
ERROR HY000: String 'user_name_len_33_0123456789012345' is too long for user name (should be no longer than 32)
REVOKE CREATE ON mysqltest.* FROM user_name_len_40_01234567890123456789012@localhost;
ERROR HY000: String 'user_name_len_40_01234567890123456789012' is too long for user name (should be no longer than 32)
GRANT CREATE ON t1 TO user_name_len_16@localhost;
GRANT CREATE ON t1 TO user_name_len_22_01234@localhost;
GRANT CREATE ON t1 TO user_name_len_32_012345678901234@localhost;
GRANT CREATE ON t1 TO user_name_len_33_0123456789012345@localhost;
ERROR HY000: String 'user_name_len_33_0123456789012345' is too long for user name (should be no longer than 32)
GRANT CREATE ON t1 TO user_name_len_40_01234567890123456789012@localhost;
ERROR HY000: String 'user_name_len_40_01234567890123456789012' is too long for user name (should be no longer than 32)
REVOKE CREATE ON t1 FROM user_name_len_16@localhost;
REVOKE CREATE ON t1 FROM user_name_len_22_01234@localhost;
REVOKE CREATE ON t1 FROM user_name_len_32_012345678901234@localhost;
REVOKE CREATE ON t1 FROM user_name_len_33_0123456789012345@localhost;
ERROR HY000: String 'user_name_len_33_0123456789012345' is too long for user name (should be no longer than 32)
REVOKE CREATE ON t1 FROM user_name_len_40_01234567890123456789012@localhost;
ERROR HY000: String 'user_name_len_40_01234567890123456789012' is too long for user name (should be no longer than 32)
GRANT SELECT ON t1 TO user_name_len_16@localhost;
GRANT SELECT ON t1 TO user_name_len_22_01234@localhost;
GRANT SELECT ON t1 TO user_name_len_32_012345678901234@localhost;
GRANT SELECT ON t1 TO user_name_len_33_0123456789012345@localhost;
ERROR HY000: String 'user_name_len_33_0123456789012345' is too long for user name (should be no longer than 32)
GRANT SELECT ON t1 TO user_name_len_40_01234567890123456789012@localhost;
ERROR HY000: String 'user_name_len_40_01234567890123456789012' is too long for user name (should be no longer than 32)
REVOKE SELECT ON t1 FROM user_name_len_16@localhost;
REVOKE SELECT ON t1 FROM user_name_len_22_01234@localhost;
REVOKE SELECT ON t1 FROM user_name_len_32_012345678901234@localhost;
REVOKE SELECT ON t1 FROM user_name_len_33_0123456789012345@localhost;
ERROR HY000: String 'user_name_len_33_0123456789012345' is too long for user name (should be no longer than 32)
REVOKE SELECT ON t1 FROM user_name_len_40_01234567890123456789012@localhost;
ERROR HY000: String 'user_name_len_40_01234567890123456789012' is too long for user name (should be no longer than 32)
GRANT EXECUTE ON PROCEDURE p1 TO user_name_len_16@localhost;
GRANT EXECUTE ON PROCEDURE p1 TO user_name_len_22_01234@localhost;
GRANT EXECUTE ON PROCEDURE p1 TO user_name_len_32_012345678901234@localhost;
GRANT EXECUTE ON PROCEDURE p1 TO user_name_len_33_0123456789012345@localhost;
ERROR HY000: String 'user_name_len_33_0123456789012345' is too long for user name (should be no longer than 32)
GRANT EXECUTE ON PROCEDURE p1 TO user_name_len_40_01234567890123456789012@localhost;
ERROR HY000: String 'user_name_len_40_01234567890123456789012' is too long for user name (should be no longer than 32)
REVOKE EXECUTE ON PROCEDURE p1 FROM user_name_len_16@localhost;
REVOKE EXECUTE ON PROCEDURE p1 FROM user_name_len_22_01234@localhost;
REVOKE EXECUTE ON PROCEDURE p1 FROM user_name_len_32_012345678901234@localhost;
REVOKE EXECUTE ON PROCEDURE p1 FROM user_name_len_33_0123456789012345@localhost;
ERROR HY000: String 'user_name_len_33_0123456789012345' is too long for user name (should be no longer than 32)
REVOKE EXECUTE ON PROCEDURE p1 FROM user_name_len_40_01234567890123456789012@localhost;
ERROR HY000: String 'user_name_len_40_01234567890123456789012' is too long for user name (should be no longer than 32)
DROP USER user_name_len_40_01234567890123456789012@localhost;
ERROR HY000: String 'user_name_len_40_01234567890123456789012' is too long for user name (should be no longer than 32)
set names utf8;
Warnings:
Warning 3719 'utf8' is currently an alias for the character set UTF8MB3, but will be an alias for UTF8MB4 in a future release. Please consider using UTF8MB4 in order to be unambiguous.
CREATE USER очень_длинный_юз@localhost;
CREATE USER очень_очень_длинный_юзер@localhost;
CREATE USER очень_очень_очень_длинный_юзер__@localhost;
CREATE USER очень_очень_очень_очень_длинный_юзер@localhost;
ERROR HY000: String 'очень_очень_очень_очень_длинный_юзер' is too long for user name (should be no longer than 32)
GRANT CREATE ON mysqltest.* TO очень_длинный_юз@localhost;
GRANT CREATE ON mysqltest.* TO очень_очень_длинный_юзер@localhost;
GRANT CREATE ON mysqltest.* TO очень_очень_очень_длинный_юзер__@localhost;
GRANT CREATE ON mysqltest.* TO очень_очень_очень_очень_длинный_юзер@localhost;
ERROR HY000: String 'очень_очень_очень_очень_длинный_юзер' is too long for user name (should be no longer than 32)
REVOKE CREATE ON mysqltest.* FROM очень_длинный_юз@localhost;
REVOKE CREATE ON mysqltest.* FROM очень_очень_длинный_юзер@localhost;
REVOKE CREATE ON mysqltest.* FROM очень_очень_очень_длинный_юзер__@localhost;
REVOKE CREATE ON mysqltest.* FROM очень_очень_очень_очень_длинный_юзер@localhost;
ERROR HY000: String 'очень_очень_очень_очень_длинный_юзер' is too long for user name (should be no longer than 32)
GRANT CREATE ON t1 TO очень_длинный_юз@localhost;
GRANT CREATE ON t1 TO очень_очень_длинный_юзер@localhost;
GRANT CREATE ON t1 TO очень_очень_очень_длинный_юзер__@localhost;
GRANT CREATE ON t1 TO очень_очень_очень_очень_длинный_юзер@localhost;
ERROR HY000: String 'очень_очень_очень_очень_длинный_юзер' is too long for user name (should be no longer than 32)
REVOKE CREATE ON t1 FROM очень_длинный_юз@localhost;
REVOKE CREATE ON t1 FROM очень_очень_длинный_юзер@localhost;
REVOKE CREATE ON t1 FROM очень_очень_очень_длинный_юзер__@localhost;
REVOKE CREATE ON t1 FROM очень_очень_очень_очень_длинный_юзер@localhost;
ERROR HY000: String 'очень_очень_очень_очень_длинный_юзер' is too long for user name (should be no longer than 32)
GRANT SELECT ON t1 TO очень_длинный_юз@localhost;
GRANT SELECT ON t1 TO очень_очень_длинный_юзер@localhost;
GRANT SELECT ON t1 TO очень_очень_очень_длинный_юзер__@localhost;
GRANT SELECT ON t1 TO очень_очень_очень_очень_длинный_юзер@localhost;
ERROR HY000: String 'очень_очень_очень_очень_длинный_юзер' is too long for user name (should be no longer than 32)
REVOKE SELECT ON t1 FROM очень_длинный_юз@localhost;
REVOKE SELECT ON t1 FROM очень_очень_длинный_юзер@localhost;
REVOKE SELECT ON t1 FROM очень_очень_очень_длинный_юзер__@localhost;
REVOKE SELECT ON t1 FROM очень_очень_очень_очень_длинный_юзер@localhost;
ERROR HY000: String 'очень_очень_очень_очень_длинный_юзер' is too long for user name (should be no longer than 32)
GRANT EXECUTE ON PROCEDURE p1 TO очень_длинный_юз@localhost;
GRANT EXECUTE ON PROCEDURE p1 TO очень_очень_длинный_юзер@localhost;
GRANT EXECUTE ON PROCEDURE p1 TO очень_очень_очень_длинный_юзер__@localhost;
GRANT EXECUTE ON PROCEDURE p1 TO очень_очень_очень_очень_длинный_юзер@localhost;
ERROR HY000: String 'очень_очень_очень_очень_длинный_юзер' is too long for user name (should be no longer than 32)
REVOKE EXECUTE ON PROCEDURE p1 FROM очень_длинный_юз@localhost;
REVOKE EXECUTE ON PROCEDURE p1 FROM очень_очень_длинный_юзер@localhost;
REVOKE EXECUTE ON PROCEDURE p1 FROM очень_очень_очень_длинный_юзер__@localhost;
REVOKE EXECUTE ON PROCEDURE p1 FROM очень_очень_очень_очень_длинный_юзер@localhost;
ERROR HY000: String 'очень_очень_очень_очень_длинный_юзер' is too long for user name (should be no longer than 32)
# Create a user, assign privileges, try to connect and use the granted
# privileges. Trying out different connections (socket/TCP/SSL).
CREATE USER user_name_len_25_01234567@localhost;
GRANT CREATE ON * . * TO user_name_len_25_01234567@localhost;
# Connecting via socket
CREATE DATABASE db_1;
CREATE TABLE db_1.test_table (name varchar(15) not null, surname varchar(20) not null,
email varchar(50) null, street varchar(50) null, city varchar(50) null,
is_active int default 1 );
INSERT INTO db_1.test_table values('rob', 'g', 'robg@oracle.com', 'couldbeworse_street',
'couldbeworse_city', 1);
ERROR 42000: INSERT command denied to user 'user_name_len_25_01234567'@'localhost' for table 'test_table'
GRANT INSERT ON db_1.test_table TO user_name_len_25_01234567@localhost;
# Connecting via TCP/IP
INSERT INTO db_1.test_table values('rob', 'g', 'robg@oracle.com', 'couldbeworse_street',
'couldbeworse_city', 1);
INSERT INTO db_1.test_table values('kam', 'g', 'kamg@oracle.com', 'couldbeworse_street',
'couldbeworse_city', 1);
SELECT * FROM db_1.test_table;
ERROR 42000: SELECT command denied to user 'user_name_len_25_01234567'@'localhost' for table 'test_table'
GRANT SELECT ON db_1.test_table TO user_name_len_25_01234567@localhost;
# Connecting via socket/SSL
SELECT * FROM db_1.test_table;
name surname email street city is_active
rob g robg@oracle.com couldbeworse_street couldbeworse_city 1
kam g kamg@oracle.com couldbeworse_street couldbeworse_city 1
UPDATE db_1.test_table SET street='couldbemuchworse_street' WHERE name='rob';
ERROR 42000: UPDATE command denied to user 'user_name_len_25_01234567'@'localhost' for table 'test_table'
GRANT UPDATE ON db_1.test_table TO user_name_len_25_01234567@localhost;
UPDATE db_1.test_table SET street='couldbemuchworse_street' WHERE name='rob';
DELETE FROM db_1.test_table WHERE name='rob';
ERROR 42000: DELETE command denied to user 'user_name_len_25_01234567'@'localhost' for table 'test_table'
GRANT DELETE ON db_1.test_table TO user_name_len_25_01234567@localhost;
DELETE FROM db_1.test_table WHERE name='rob';
DROP TABLE db_1.test_table;
ERROR 42000: DROP command denied to user 'user_name_len_25_01234567'@'localhost' for table 'test_table'
GRANT DROP ON db_1.* TO user_name_len_25_01234567@localhost;
# Connecting via TCP/IP/SSL
DROP TABLE db_1.test_table;
DROP DATABASE db_1;
DROP USER очень_длинный_юз@localhost;
DROP USER очень_очень_длинный_юзер@localhost;
DROP USER очень_очень_очень_длинный_юзер__@localhost;
DROP USER очень_очень_очень_очень_длинный_юзер@localhost;
ERROR HY000: String 'очень_очень_очень_очень_длинный_юзер' is too long for user name (should be no longer than 32)
set names default;
DROP USER user_name_len_16@localhost;
DROP USER user_name_len_22_01234@localhost;
DROP USER user_name_len_32_012345678901234@localhost;
DROP USER user_name_len_25_01234567@localhost;
DROP TABLE t1;
DROP PROCEDURE p1;
CREATE USER user_name_len_22_01234@localhost;
GRANT ALL PRIVILEGES ON *.* TO user_name_len_22_01234@localhost WITH GRANT OPTION;
GRANT PROXY ON ''@'' TO user_name_len_22_01234@localhost WITH GRANT OPTION;
CREATE USER user_name_len_32_012345678901234@localhost;
GRANT SELECT ON *.* TO user_name_len_32_012345678901234@localhost;
** Creating new proxy user **
CREATE USER proxy_native_0123456789@localhost IDENTIFIED WITH mysql_native_password;
GRANT PROXY ON user_name_len_32_012345678901234@localhost TO proxy_native_0123456789@localhost;
SELECT USER, PROXIED_USER, GRANTOR FROM mysql.proxies_priv WHERE Proxied_host='localhost';
USER PROXIED_USER GRANTOR
proxy_native_0123456789 user_name_len_32_012345678901234 user_name_len_22_01234@localhost
DROP USER user_name_len_22_01234@localhost;
DROP USER user_name_len_32_012345678901234@localhost;
DROP USER proxy_native_0123456789@localhost;
#
# Regression test added in WL#8657
#
CREATE DATABASE db8657;
CREATE TABLE db8657.t1 (i INT);
CREATE USER 'untrusted8657'@'localhost';
# Connection con1
CREATE INDEX idx1 ON db8657.t1 (i);
ERROR 42000: INDEX command denied to user 'untrusted8657'@'localhost' for table 't1'
PREPARE stmt FROM 'CREATE TABLE db8657.t2 (i INT)';
ERROR 42000: CREATE command denied to user 'untrusted8657'@'localhost' for table 't2'
SHOW CREATE TABLE db8657.t1;
Table Create Table
t1 CREATE TABLE `t1` (
`i` int(11) DEFAULT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci
DROP USER 'untrusted8657'@localhost;
DROP DATABASE db8657;
#
# Regression test added in WL#8063
#
CREATE DATABASE db8063;
CREATE TABLE db8063.t1(a VARCHAR(20));
CREATE USER 'untrusted8063'@'localhost';
# Connection con1
LOAD DATA INFILE '../../std_data/loaddata_utf8.dat' INTO TABLE db8063.t1;
ERROR 28000: Access denied for user 'untrusted8063'@'localhost' (using password: NO)
SHOW CREATE TABLE db8063.t1;
Table Create Table
t1 CREATE TABLE `t1` (
`a` varchar(20) DEFAULT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci
DROP USER 'untrusted8063'@localhost;
DROP DATABASE db8063;