Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

privilege: add a session-level cache for global privileges #40451

Closed
wants to merge 10 commits into from
Closed

privilege: add a session-level cache for global privileges #40451

wants to merge 10 commits into from

Conversation

CbcWestwolf
Copy link
Member

@CbcWestwolf CbcWestwolf commented Jan 10, 2023
edited
Loading

What problem does this PR solve?

Issue Number: close #39356

Problem Summary:

In MySQL, after revoking one global privilege from the current user, the user can grant it back to itself if only in the current session. TiDB is not compatible with this behavior.

What is changed and how it works?

Add a RevokedGlobalPrivileges in SessionVars to cache the revoked global privileges.

Check List

Tests

  • Unit test
  • Integration test
  • Manual test (add detailed scripts or steps below)
  • No code

Documentation

  • Affects user behaviors
  • Contains syntax changes
  • Contains variable changes
  • Contains experimental features
  • Changes MySQL compatibility (Compatible with MySQL)

Release note

Please refer to Release Notes Language Style Guide to write a quality release note.

None

@CbcWestwolf CbcWestwolf requested a review from a team as a code owner January 10, 2023 06:54
@ti-chi-bot
Copy link
Member

[REVIEW NOTIFICATION]

This pull request has not been approved.

To complete the pull request process, please ask the reviewers in the list to review by filling /cc @reviewer in the comment.
After your PR has acquired the required number of LGTMs, you can assign this pull request to the committer in the list by filling /assign @committer in the comment to help you merge this pull request.

The full list of commands accepted by this bot can be found here.

Reviewer can indicate their review by submitting an approval review.
Reviewer can cancel approval by submitting a request changes review.

@ti-chi-bot ti-chi-bot added do-not-merge/needs-triage-completed release-note-none Denotes a PR that doesn't merit a release note. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Jan 10, 2023
@ti-chi-bot ti-chi-bot added needs-cherry-pick-release-5.3 Type: Need cherry pick to release-5.3 needs-cherry-pick-release-5.4 Should cherry pick this PR to release-5.4 branch. needs-cherry-pick-release-6.1 Should cherry pick this PR to release-6.1 branch. needs-cherry-pick-release-6.5 Should cherry pick this PR to release-6.5 branch. and removed do-not-merge/needs-triage-completed labels Jan 10, 2023
@CbcWestwolf
Copy link
Member Author

/retest-required

CbcWestwolf
CbcWestwolf commented Jan 10, 2023
View reviewed changes
executor/grant.go
Comment on lines +158 to +161
if !exists {
if e.ctx.GetSessionVars().SQLMode.HasNoAutoCreateUserMode() {
return ErrCantCreateUserWithGrant
}
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just a refactor of the code snippets. It is not related to this feature.

@CbcWestwolf
Copy link
Member Author

/cc bb7133 xiongjiwei xhebox
PTAL

@ti-chi-bot ti-chi-bot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Jan 14, 2023
@ti-chi-bot ti-chi-bot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Jan 16, 2023
@CbcWestwolf
Copy link
Member Author

/test unit-test

@ti-chi-bot ti-chi-bot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Feb 12, 2023
@ti-chi-bot ti-chi-bot added size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. and removed size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Mar 4, 2023
@ti-chi-bot ti-chi-bot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Mar 4, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bb7133 bb7133 Awaiting requested review from bb7133

@xhebox xhebox Awaiting requested review from xhebox

@xiongjiwei xiongjiwei Awaiting requested review from xiongjiwei

Assignees
No one assigned
Labels
needs-cherry-pick-release-5.3 Type: Need cherry pick to release-5.3 needs-cherry-pick-release-5.4 Should cherry pick this PR to release-5.4 branch. needs-cherry-pick-release-6.1 Should cherry pick this PR to release-6.1 branch. needs-cherry-pick-release-6.5 Should cherry pick this PR to release-6.5 branch. release-note-none Denotes a PR that doesn't merit a release note. size/XL Denotes a PR that changes 500-999 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

can't grant ALTER privilege after revoking it from root
2 participants
@CbcWestwolf @ti-chi-bot