connection default; reset master; set @saved_binlog_format = @@global.binlog_format; create user mysqltest_1@localhost; GRANT SELECT on test.* to mysqltest_1@localhost; show grants for mysqltest_1@localhost; Grants for mysqltest_1@localhost GRANT USAGE ON *.* TO `mysqltest_1`@`localhost` GRANT SELECT ON `test`.* TO `mysqltest_1`@`localhost` connect plain,localhost,mysqltest_1,,test; connect root,localhost,root,,test; **** Variable SQL_LOG_BIN **** connection root; [root] set session sql_log_bin = 1; connection plain; [plain] set session sql_log_bin = 1; ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG ADMIN privilege(s) for this operation **** Variable BINLOG_FORMAT **** connection root; [root] set global binlog_format = row; set session binlog_format = row; connection plain; [plain] set global binlog_format = row; ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG ADMIN privilege(s) for this operation set session binlog_format = row; ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG ADMIN privilege(s) for this operation **** Clean up **** disconnect plain; disconnect root; connection default; set global binlog_format = @saved_binlog_format; drop user mysqltest_1@localhost; CREATE USER 'mysqltest_1'@'localhost'; GRANT REPLICATION CLIENT ON *.* TO 'mysqltest_1'@'localhost'; connect rpl,localhost,mysqltest_1,,"*NO-ONE*"; connection rpl; SHOW MASTER LOGS; SHOW BINARY LOGS; SHOW BINLOG STATUS; disconnect rpl; connection default; DROP USER 'mysqltest_1'@'localhost'; # # Start of 10.5 test # # # MDEV-21743 Split up SUPER privilege to smaller privileges # # Test that REPLICATION CLIENT is an alias for BINLOG MONITOR CREATE USER user1@localhost; GRANT REPLICATION CLIENT ON *.* TO user1@localhost; SHOW GRANTS FOR user1@localhost; Grants for user1@localhost GRANT BINLOG MONITOR ON *.* TO `user1`@`localhost` REVOKE REPLICATION CLIENT ON *.* FROM user1@localhost; SHOW GRANTS FOR user1@localhost; Grants for user1@localhost GRANT USAGE ON *.* TO `user1`@`localhost` DROP USER user1@localhost; # Test if SHOW BINARY LOGS and SHOW BINGLOG STATUS are not allowed without REPLICATION CLIENT or SUPER CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; REVOKE REPLICATION CLIENT, SUPER ON *.* FROM user1@localhost; connect user1,localhost,user1,,; connection user1; SHOW MASTER LOGS; ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG MONITOR privilege(s) for this operation SHOW BINARY LOGS; ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG MONITOR privilege(s) for this operation SHOW BINLOG STATUS; ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG MONITOR privilege(s) for this operation disconnect user1; connection default; DROP USER user1@localhost; # Test if PURGE BINARY LOGS is not allowed without BINLOG ADMIN or SUPER CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; REVOKE BINLOG ADMIN, SUPER ON *.* FROM user1@localhost; connect user1,localhost,user1,,; connection user1; PURGE BINARY LOGS BEFORE '2001-01-01 00:00:00'; ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG ADMIN privilege(s) for this operation disconnect user1; connection default; DROP USER user1@localhost; # Test if PURGE BINLOG is allowed with BINLOG ADMIN CREATE USER user1@localhost; GRANT BINLOG ADMIN ON *.* TO user1@localhost; connect user1,localhost,user1,,"*NO-ONE*"; connection user1; PURGE BINARY LOGS BEFORE '2001-01-01 00:00:00'; disconnect user1; connection default; DROP USER user1@localhost; # Test if PURGE BINLOG is allowed with SUPER CREATE USER user1@localhost; GRANT SUPER ON *.* TO user1@localhost; connect user1,localhost,user1,,"*NO-ONE*"; connection user1; PURGE BINARY LOGS BEFORE '2001-01-01 00:00:00'; disconnect user1; connection default; DROP USER user1@localhost; # Test if SHOW BINLOG EVENTS is not allowed without BINLOG MONITOR CREATE USER user1@localhost; GRANT ALL PRIVILEGES ON *.* TO user1@localhost; REVOKE BINLOG MONITOR ON *.* FROM user1@localhost; connect user1,localhost,user1,,; connection user1; SHOW BINLOG EVENTS; ERROR 42000: Access denied; you need (at least one of) the BINLOG MONITOR privilege(s) for this operation disconnect user1; connection default; DROP USER user1@localhost; # Test if SHOW BINLOG EVENTS is allowed with BINLOG MONITOR CREATE USER user1@localhost; GRANT BINLOG MONITOR ON *.* TO user1@localhost; connect user1,localhost,user1,,"*NO-ONE*"; connection user1; SHOW BINLOG EVENTS; disconnect user1; connection default; DROP USER user1@localhost; # # MDEV-21975 Add BINLOG REPLAY privilege and bind new privileges to # gtid_seq_no, preudo_thread_id, server_id, gtid_domain_id # # Test combinations of BINLOG REPLAY guarded features which typically # arise in mysqlbinlog output replay on server. # CREATE USER user1@localhost; GRANT BINLOG REPLAY ON *.* TO user1@localhost; GRANT ALL ON test.* TO user1@localhost; RESET MASTER; CREATE TABLE t1 (a INT); INSERT INTO t1 VALUES (1),(2),(3); connect user1,localhost,user1,,; RENAME TABLE t1 to t2; connection default; REVOKE BINLOG REPLAY ON *.* FROM user1@localhost; call mtr.add_suppression("Access denied; you need (at least one of) the SUPER, BINLOG REPLAY privilege(s) for this operation"); # Privilege errors are expected now: connection user1; connection default; include/diff_tables.inc [t1,t2] # Test cleanup DROP TABLE t2,t1; DROP USER user1@localhost; # # End of 10.5 test #