216 lines
8.3 KiB
Plaintext
216 lines
8.3 KiB
Plaintext
# This file contains test cases to validate the behavior of system
|
|
# variables 'default_table_encryption' with various permissions a user
|
|
# can have.
|
|
CREATE USER u1@localhost;
|
|
GRANT ALL ON db1.* TO u1@localhost;
|
|
SELECT CURRENT_USER();
|
|
CURRENT_USER()
|
|
u1@localhost
|
|
SHOW GRANTS FOR CURRENT_USER();
|
|
Grants for u1@localhost
|
|
GRANT USAGE ON *.* TO `u1`@`localhost`
|
|
GRANT ALL PRIVILEGES ON `db1`.* TO `u1`@`localhost`
|
|
#
|
|
# VARIABLE USED BY NORMAL USER.
|
|
#
|
|
#
|
|
# SET default_table_encryption
|
|
#
|
|
SET SESSION default_table_encryption=true;
|
|
ERROR 42000: Access denied; you need (at least one of) the SUPER or SYSTEM_VARIABLES_ADMIN and TABLE_ENCRYPTION_ADMIN privilege(s) for this operation
|
|
SET SESSION default_table_encryption=false;
|
|
SET SESSION default_table_encryption=DEFAULT;
|
|
SET GLOBAL default_table_encryption=true;
|
|
ERROR 42000: Access denied; you need (at least one of) the SUPER or SYSTEM_VARIABLES_ADMIN privilege(s) for this operation
|
|
SET PERSIST default_table_encryption=true;
|
|
ERROR 42000: Access denied; you need (at least one of) the SUPER or SYSTEM_VARIABLES_ADMIN privilege(s) for this operation
|
|
SET PERSIST_ONLY default_table_encryption=true;
|
|
ERROR 42000: Access denied; you need SYSTEM_VARIABLES_ADMIN and PERSIST_RO_VARIABLES_ADMIN privileges for this operation
|
|
#
|
|
# VARIABLE USED BY USER WITH TABLE_ENCRYPTION_ADMIN privilege.
|
|
#
|
|
GRANT TABLE_ENCRYPTION_ADMIN ON *.* TO u1@localhost;
|
|
SELECT CURRENT_USER();
|
|
CURRENT_USER()
|
|
u1@localhost
|
|
SHOW GRANTS FOR CURRENT_USER();
|
|
Grants for u1@localhost
|
|
GRANT USAGE ON *.* TO `u1`@`localhost`
|
|
GRANT TABLE_ENCRYPTION_ADMIN ON *.* TO `u1`@`localhost`
|
|
GRANT ALL PRIVILEGES ON `db1`.* TO `u1`@`localhost`
|
|
#
|
|
# SET default_table_encryption
|
|
#
|
|
SET SESSION default_table_encryption=true;
|
|
ERROR 42000: Access denied; you need (at least one of) the SUPER or SYSTEM_VARIABLES_ADMIN and TABLE_ENCRYPTION_ADMIN privilege(s) for this operation
|
|
SET SESSION default_table_encryption=false;
|
|
SET SESSION default_table_encryption=DEFAULT;
|
|
SET GLOBAL default_table_encryption=true;
|
|
ERROR 42000: Access denied; you need (at least one of) the SUPER or SYSTEM_VARIABLES_ADMIN privilege(s) for this operation
|
|
SET PERSIST default_table_encryption=true;
|
|
ERROR 42000: Access denied; you need (at least one of) the SUPER or SYSTEM_VARIABLES_ADMIN privilege(s) for this operation
|
|
SET PERSIST_ONLY default_table_encryption=true;
|
|
ERROR 42000: Access denied; you need SYSTEM_VARIABLES_ADMIN and PERSIST_RO_VARIABLES_ADMIN privileges for this operation
|
|
#
|
|
# VARIABLE USED BY USER WITH SYSTEM_VARIABLES_ADMIN privilege.
|
|
#
|
|
REVOKE TABLE_ENCRYPTION_ADMIN ON *.* FROM u1@localhost;
|
|
GRANT SYSTEM_VARIABLES_ADMIN ON *.* TO u1@localhost;
|
|
SELECT CURRENT_USER();
|
|
CURRENT_USER()
|
|
u1@localhost
|
|
SHOW GRANTS FOR CURRENT_USER();
|
|
Grants for u1@localhost
|
|
GRANT USAGE ON *.* TO `u1`@`localhost`
|
|
GRANT SYSTEM_VARIABLES_ADMIN ON *.* TO `u1`@`localhost`
|
|
GRANT ALL PRIVILEGES ON `db1`.* TO `u1`@`localhost`
|
|
#
|
|
# SET default_table_encryption
|
|
#
|
|
SET SESSION default_table_encryption=true;
|
|
ERROR 42000: Access denied; you need (at least one of) the SUPER or SYSTEM_VARIABLES_ADMIN and TABLE_ENCRYPTION_ADMIN privilege(s) for this operation
|
|
SET SESSION default_table_encryption=false;
|
|
SET SESSION default_table_encryption=DEFAULT;
|
|
SET GLOBAL default_table_encryption=true;
|
|
ERROR 42000: Access denied; you need (at least one of) the SUPER or SYSTEM_VARIABLES_ADMIN and TABLE_ENCRYPTION_ADMIN privilege(s) for this operation
|
|
SET PERSIST default_table_encryption=true;
|
|
ERROR 42000: Access denied; you need (at least one of) the SUPER or SYSTEM_VARIABLES_ADMIN and TABLE_ENCRYPTION_ADMIN privilege(s) for this operation
|
|
SET PERSIST_ONLY default_table_encryption=true;
|
|
ERROR 42000: Access denied; you need SYSTEM_VARIABLES_ADMIN and PERSIST_RO_VARIABLES_ADMIN privileges for this operation
|
|
#
|
|
# VARIABLE USED BY USER WITH BOTH TABLE_ENCRYPTION_ADMIN and
|
|
# SYSTEM_VARIABLES_ADMIN privilege.
|
|
#
|
|
GRANT TABLE_ENCRYPTION_ADMIN ON *.* TO u1@localhost;
|
|
SELECT CURRENT_USER();
|
|
CURRENT_USER()
|
|
u1@localhost
|
|
SHOW GRANTS FOR CURRENT_USER();
|
|
Grants for u1@localhost
|
|
GRANT USAGE ON *.* TO `u1`@`localhost`
|
|
GRANT SYSTEM_VARIABLES_ADMIN,TABLE_ENCRYPTION_ADMIN ON *.* TO `u1`@`localhost`
|
|
GRANT ALL PRIVILEGES ON `db1`.* TO `u1`@`localhost`
|
|
#
|
|
# SET default_table_encryption
|
|
#
|
|
SET SESSION default_table_encryption=true;
|
|
SELECT @@session.default_table_encryption = true;
|
|
@@session.default_table_encryption = true
|
|
1
|
|
SET SESSION default_table_encryption=false;
|
|
SELECT @@session.default_table_encryption = false;
|
|
@@session.default_table_encryption = false
|
|
1
|
|
SET SESSION default_table_encryption=DEFAULT;
|
|
SELECT @@session.default_table_encryption = false;
|
|
@@session.default_table_encryption = false
|
|
1
|
|
SET GLOBAL default_table_encryption=false;
|
|
SELECT @@global.default_table_encryption = false;
|
|
@@global.default_table_encryption = false
|
|
1
|
|
SET PERSIST default_table_encryption=true;
|
|
SELECT @@global.default_table_encryption = true;
|
|
@@global.default_table_encryption = true
|
|
1
|
|
SET PERSIST_ONLY default_table_encryption=true;
|
|
ERROR 42000: Access denied; you need SYSTEM_VARIABLES_ADMIN and PERSIST_RO_VARIABLES_ADMIN privileges for this operation
|
|
#
|
|
# VARIABLE USED BY USER WITH PERSIST_RO_VARIABLES_ADMIN,
|
|
# TABLE_ENCRYPTION_ADMIN && SYSTEM_VARIABLES_ADMIN privilege.
|
|
#
|
|
GRANT PERSIST_RO_VARIABLES_ADMIN ON *.* TO u1@localhost;
|
|
SELECT CURRENT_USER();
|
|
CURRENT_USER()
|
|
u1@localhost
|
|
SHOW GRANTS FOR CURRENT_USER();
|
|
Grants for u1@localhost
|
|
GRANT USAGE ON *.* TO `u1`@`localhost`
|
|
GRANT PERSIST_RO_VARIABLES_ADMIN,SYSTEM_VARIABLES_ADMIN,TABLE_ENCRYPTION_ADMIN ON *.* TO `u1`@`localhost`
|
|
GRANT ALL PRIVILEGES ON `db1`.* TO `u1`@`localhost`
|
|
#
|
|
# SET default_table_encryption
|
|
#
|
|
SET SESSION default_table_encryption=true;
|
|
SELECT @@session.default_table_encryption = true;
|
|
@@session.default_table_encryption = true
|
|
1
|
|
SET GLOBAL default_table_encryption=false;
|
|
SELECT @@global.default_table_encryption = false;
|
|
@@global.default_table_encryption = false
|
|
1
|
|
SET PERSIST default_table_encryption=true;
|
|
SELECT @@global.default_table_encryption = true;
|
|
@@global.default_table_encryption = true
|
|
1
|
|
SET PERSIST_ONLY default_table_encryption=false;
|
|
SELECT @@global.default_table_encryption = true;
|
|
@@global.default_table_encryption = true
|
|
1
|
|
#
|
|
# Test changing the value to invalid value
|
|
#
|
|
SET GLOBAL default_table_encryption = -1;
|
|
ERROR 42000: Variable 'default_table_encryption' can't be set to the value of '-1'
|
|
SELECT @@global.default_table_encryption;
|
|
@@global.default_table_encryption
|
|
1
|
|
SET GLOBAL default_table_encryption = 100000000000;
|
|
ERROR 42000: Variable 'default_table_encryption' can't be set to the value of '100000000000'
|
|
SELECT @@global.default_table_encryption;
|
|
@@global.default_table_encryption
|
|
1
|
|
SET GLOBAL default_table_encryption = 10000.01;
|
|
ERROR 42000: Incorrect argument type to variable 'default_table_encryption'
|
|
SELECT @@global.default_table_encryption;
|
|
@@global.default_table_encryption
|
|
1
|
|
SET @@global.default_table_encryption = 'test';
|
|
ERROR 42000: Variable 'default_table_encryption' can't be set to the value of 'test'
|
|
SELECT @@global.default_table_encryption;
|
|
@@global.default_table_encryption
|
|
1
|
|
SET @@global.default_table_encryption = ' ';
|
|
ERROR 42000: Variable 'default_table_encryption' can't be set to the value of ' '
|
|
SELECT @@global.default_table_encryption;
|
|
@@global.default_table_encryption
|
|
1
|
|
#
|
|
# VARIABLE USED BY USER WITH SUPER privilege.
|
|
#
|
|
REVOKE TABLE_ENCRYPTION_ADMIN, SYSTEM_VARIABLES_ADMIN,
|
|
PERSIST_RO_VARIABLES_ADMIN ON *.* FROM u1@localhost;
|
|
GRANT SUPER ON *.* TO u1@localhost;
|
|
Warnings:
|
|
Warning 1287 The SUPER privilege identifier is deprecated
|
|
SELECT CURRENT_USER();
|
|
CURRENT_USER()
|
|
u1@localhost
|
|
SHOW GRANTS FOR CURRENT_USER();
|
|
Grants for u1@localhost
|
|
GRANT SUPER ON *.* TO `u1`@`localhost`
|
|
GRANT ALL PRIVILEGES ON `db1`.* TO `u1`@`localhost`
|
|
#
|
|
# SET default_table_encryption
|
|
#
|
|
SET SESSION default_table_encryption=true;
|
|
SELECT @@session.default_table_encryption = true;
|
|
@@session.default_table_encryption = true
|
|
1
|
|
SET GLOBAL default_table_encryption=false;
|
|
SELECT @@global.default_table_encryption = false;
|
|
@@global.default_table_encryption = false
|
|
1
|
|
SET PERSIST default_table_encryption=true;
|
|
SELECT @@global.default_table_encryption = true;
|
|
@@global.default_table_encryption = true
|
|
1
|
|
SET PERSIST_ONLY default_table_encryption=true;
|
|
ERROR 42000: Access denied; you need SYSTEM_VARIABLES_ADMIN and PERSIST_RO_VARIABLES_ADMIN privileges for this operation
|
|
REVOKE SUPER ON *.* FROM u1@localhost;
|
|
Warnings:
|
|
Warning 1287 The SUPER privilege identifier is deprecated
|
|
DROP USER u1@localhost;
|
|
RESET PERSIST;
|
|
SET GLOBAL default_table_encryption=default;
|