blob: 10387936c83e5fe38aa2f14103c59e8938b85ae4 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
|
#
# Test user to check if we can grant the created role to it.
#
create user test_user;
#
# First create the role.
#
SET @createRole = 'CREATE ROLE developers';
PREPARE stmtCreateRole FROM @createRole;
EXECUTE stmtCreateRole;
#
# Test to see if the role is created.
#
SELECT user, host,is_role FROM mysql.user
WHERE user = 'developers';
User Host is_role
developers Y
SHOW GRANTS;
Grants for root@localhost
GRANT `developers` TO `root`@`localhost` WITH ADMIN OPTION
GRANT ALL PRIVILEGES ON *.* TO `root`@`localhost` WITH GRANT OPTION
GRANT PROXY ON ''@'%' TO 'root'@'localhost' WITH GRANT OPTION
# Test reexecution.
EXECUTE stmtCreateRole;
ERROR HY000: Operation CREATE ROLE failed for 'developers'
#
# Now grant the role to the test user.
#
SET @grantRole = 'GRANT developers to test_user';
PREPARE stmtGrantRole FROM @grantRole;
EXECUTE stmtGrantRole;
# Test reexecution.
EXECUTE stmtGrantRole;
#
# We should see 2 entries in the roles_mapping table.
#
SELECT * FROM mysql.roles_mapping;
Host User Role Admin_option
% test_user developers N
localhost root developers Y
SHOW GRANTS FOR test_user;
Grants for test_user@%
GRANT `developers` TO `test_user`@`%`
GRANT USAGE ON *.* TO `test_user`@`%`
#
# Test revoking a role.
#
SET @revokeRole = 'REVOKE developers FROM test_user';
PREPARE stmtRevokeRole FROM @revokeRole;
EXECUTE stmtRevokeRole;
EXECUTE stmtRevokeRole;
ERROR HY000: Cannot revoke role 'developers' from: 'test_user'@'%'
SHOW GRANTS FOR test_user;
Grants for test_user@%
GRANT USAGE ON *.* TO `test_user`@`%`
EXECUTE stmtGrantRole;
SHOW GRANTS FOR test_user;
Grants for test_user@%
GRANT `developers` TO `test_user`@`%`
GRANT USAGE ON *.* TO `test_user`@`%`
EXECUTE stmtRevokeRole;
SHOW GRANTS FOR test_user;
Grants for test_user@%
GRANT USAGE ON *.* TO `test_user`@`%`
#
# Now drop the role.
#
SET @dropRole = 'DROP ROLE developers';
PREPARE stmtDropRole FROM @dropRole;
EXECUTE stmtDropRole;
#
# Check both user and roles_mapping table for traces of our role.
#
SELECT user, host,is_role FROM mysql.user
WHERE user = 'developers';
User Host is_role
SELECT * FROM mysql.roles_mapping;
Host User Role Admin_option
SHOW GRANTS;
Grants for root@localhost
GRANT ALL PRIVILEGES ON *.* TO `root`@`localhost` WITH GRANT OPTION
GRANT PROXY ON ''@'%' TO 'root'@'localhost' WITH GRANT OPTION
SHOW GRANTS FOR test_user;
Grants for test_user@%
GRANT USAGE ON *.* TO `test_user`@`%`
#
# Test reexecution.
#
EXECUTE stmtCreateRole;
SELECT user, host,is_role FROM mysql.user
WHERE user = 'developers';
User Host is_role
developers Y
SELECT * FROM mysql.roles_mapping;
Host User Role Admin_option
localhost root developers Y
SHOW GRANTS;
Grants for root@localhost
GRANT `developers` TO `root`@`localhost` WITH ADMIN OPTION
GRANT ALL PRIVILEGES ON *.* TO `root`@`localhost` WITH GRANT OPTION
GRANT PROXY ON ''@'%' TO 'root'@'localhost' WITH GRANT OPTION
SHOW GRANTS FOR test_user;
Grants for test_user@%
GRANT USAGE ON *.* TO `test_user`@`%`
EXECUTE stmtDropRole;
# Cleanup.
DROP USER test_user;
|