Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

privilege: add DDL and DML privilege check for system tables (#15095) (#15417) #15445

Merged
merged 2 commits into from
Mar 18, 2020
Merged

privilege: add DDL and DML privilege check for system tables (#15095) (#15417) #15445

merged 2 commits into from
Mar 18, 2020

Conversation

sre-bot
Copy link
Contributor

@sre-bot sre-bot commented Mar 18, 2020

cherry-pick #15417 to release-3.1

cherry-pick #15095 to release-3.0
Conflicting files:
tables.go
privileges.go
privileges_test.go

What problem does this PR solve?

Add DDL and DML privilege check for system tables in performance_schema and metrics_schema.

What is changed and how it works?

Prevent users from executing ALTER, DROP, INDEX, INSERT, UPDATE, DELETE statements on predefined tables.
Privileges of those tables which are defined in these schema by users themselves are kept untouched.

Check List

Tests

  • Unit test
  • Manual test (add detailed scripts or steps below)
mysql> delete from events_statements_summary_by_digest;
ERROR 8121 (HY000): privilege check fail

Code changes

  • Has exported function/method change

Side effects

  • Breaking backward compatibility

Related changes

N/A

Release note

  • Forbid users to execute DDL and update/delete/insert predefined tables in performance_schema and metrics_schema.
  • Compatibility declaration: Executing DDL and update/delete/insert predefined tables in performance_schema and metrics_schema are not allowed any longer.

@sre-bot
Copy link
Contributor Author

sre-bot commented Mar 18, 2020

/run-all-tests

@sre-bot sre-bot mentioned this pull request Mar 18, 2020
Merged
AilinKid
AilinKid reviewed Mar 18, 2020
View reviewed changes
Copy link
Contributor

@AilinKid AilinKid left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Deardrops
Deardrops approved these changes Mar 18, 2020
View reviewed changes
Copy link
Contributor

@Deardrops Deardrops left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@djshow832
Copy link
Contributor

/run-all-tests

@bb7133 bb7133 merged commit 19adfd7 into pingcap:release-3.1 Mar 18, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@AilinKid AilinKid AilinKid left review comments

@Deardrops Deardrops Deardrops approved these changes

@crazycs520 crazycs520 Awaiting requested review from crazycs520

@lonng lonng Awaiting requested review from lonng

@tangenta tangenta Awaiting requested review from tangenta

@zimulala zimulala Awaiting requested review from zimulala

Assignees
No one assigned
Labels
compatibility-breaker Violation of forwards/backwards compatibility in a design-time piece. component/infoschema component/privilege type/3.0-cherry-pick type/3.1-cherry-pick
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@sre-bot @djshow832 @Deardrops @AilinKid @bb7133