-
Harin Vadodaria authored
Description: PFS table designated as readonly_world and truncate_world can be dropped even if user does not have required privilege. Solution: Backported part of the 26136994 to MySQL 5.7. However, we can not unconditionally deny DROP statement because unlike MySQL 8.0, MySQL 5.7 requires mysql_upgrade to be able to drop PFS table and recreate them. This is typically done with user account with DROP privilege. After the fix, - all tables belonging to readonly_world category will only allow SELECT operation. For rest of the privileges that are not denied by readonly base class, depend on regular privilege checking. - all tables belonging to truncate_world category will only allow SELECT and TRUNCATE operations. For reset of the privileges that are not denied by truncate base class, depend on regular privilege checking. RB: 21664Harin Vadodaria authoredDescription: PFS table designated as readonly_world and truncate_world can be dropped even if user does not have required privilege. Solution: Backported part of the 26136994 to MySQL 5.7. However, we can not unconditionally deny DROP statement because unlike MySQL 8.0, MySQL 5.7 requires mysql_upgrade to be able to drop PFS table and recreate them. This is typically done with user account with DROP privilege. After the fix, - all tables belonging to readonly_world category will only allow SELECT operation. For rest of the privileges that are not denied by readonly base class, depend on regular privilege checking. - all tables belonging to truncate_world category will only allow SELECT and TRUNCATE operations. For reset of the privileges that are not denied by truncate base class, depend on regular privilege checking. RB: 21664
Loading