mysql-test/suite/roles/set_role-multiple-role.test


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102

source include/not_embedded.inc;

#create a user with no privileges
create user 'test_user'@'localhost';

create role r_sel;
create role r_ins;
create role r_upd;
create role r_del;
create role r_crt;
create role r_drp;
create role r_rld;

grant select on *.* to r_sel;
grant insert on *.* to r_ins;
grant update on *.* to r_upd;
grant delete on *.* to r_del;
grant create on *.* to r_crt;
grant drop   on *.* to r_drp;
grant reload on *.* to r_rld;

#####################################
#set up roles mapping
#####################################
grant r_sel to test_user@localhost;
grant r_ins to test_user@localhost;
grant r_upd to test_user@localhost;
grant r_del to test_user@localhost;
grant r_crt to test_user@localhost;
grant r_drp to test_user@localhost;
grant r_rld to test_user@localhost;
flush privileges;

change_user 'test_user';

--error ER_TABLEACCESS_DENIED_ERROR
select * from mysql.roles_mapping;

--sorted_result
show grants;
select current_user(), current_role();
set role r_sel;
select current_user(), current_role();
--sorted_result
show grants;
--sorted_result
select * from mysql.roles_mapping;

set role r_ins;
select current_user(), current_role();
--sorted_result
show grants;
--error ER_TABLEACCESS_DENIED_ERROR
select * from mysql.roles_mapping;
insert into mysql.roles_mapping values ('', 'r_sel', 'r_rld', 'N');
--error ER_SPECIFIC_ACCESS_DENIED_ERROR
flush privileges;
set role r_rld;
select current_user(), current_role();
flush privileges;
set role r_sel;
select current_user(), current_role();
flush privileges;
set role none;
select current_user(), current_role();
--error ER_SPECIFIC_ACCESS_DENIED_ERROR
flush privileges;

set role r_ins;
select current_user(), current_role();
insert into mysql.roles_mapping values ('', 'r_sel', 'r_upd', 'N');
insert into mysql.roles_mapping values ('', 'r_sel', 'r_del', 'N');
insert into mysql.roles_mapping values ('', 'r_sel', 'r_crt', 'N');
insert into mysql.roles_mapping values ('', 'r_sel', 'r_drp', 'N');
insert into mysql.roles_mapping values ('', 'r_del', 'r_ins', 'N');
set role r_rld;
select current_user(), current_role();
flush privileges;
set role r_sel;
select current_user(), current_role();
update mysql.roles_mapping set Role='r_ins' where Role='r_ins_wrong';
flush privileges;
set role r_sel;
select current_user(), current_role();

create table mysql.random_test_table (id INT);
insert into mysql.random_test_table values (1);
--sorted_result
select * from mysql.random_test_table;
delete from mysql.roles_mapping where Role='r_ins';
flush privileges;
set role r_sel;
select current_user(), current_role();
--error ER_TABLEACCESS_DENIED_ERROR
insert into mysql.random_test_table values (1);
drop table mysql.random_test_table;

change_user 'root';
delete from mysql.user where user like 'r\_%';
delete from mysql.roles_mapping where Role like 'r\_%';
flush privileges;
drop user 'test_user'@'localhost';