diff --git a/mysql-test/suite/component_masking_functions/r/dictionary_operations.result b/mysql-test/suite/component_masking_functions/r/dictionary_operations.result index c08ff28f9727..57d7812363a8 100644 --- a/mysql-test/suite/component_masking_functions/r/dictionary_operations.result +++ b/mysql-test/suite/component_masking_functions/r/dictionary_operations.result @@ -55,12 +55,14 @@ SELECT gen_blocklist('Berlin', 'de_cities', NULL); ERROR HY000: gen_blocklist UDF failed; argument 3 cannot be null # # checking the case when there is no mysql.masking_dictionaries table -SELECT gen_blocklist('Berlin', 'de_cities', 'us_cities'); -ERROR HY000: Error in command service backend interface, because of : "SELECT command denied to user 'mysql.session'@'localhost' for table 'masking_dictionaries'" +GRANT CREATE, SELECT, INSERT, UPDATE, DELETE ON mysql.masking_dictionaries TO 'mysql.session'@'localhost'; SELECT gen_dictionary('us_cities'); -ERROR HY000: Error in command service backend interface, because of : "SELECT command denied to user 'mysql.session'@'localhost' for table 'masking_dictionaries'" +ERROR HY000: Error in command service backend interface, because of : "Table 'mysql.masking_dictionaries' doesn't exist" SELECT masking_dictionaries_flush(); -ERROR HY000: Error in command service backend interface, because of : "SELECT command denied to user 'mysql.session'@'localhost' for table 'masking_dictionaries'" +ERROR HY000: Error in command service backend interface, because of : "Table 'mysql.masking_dictionaries' doesn't exist" +SELECT masking_dictionary_term_add('single_dict', 'entry'); +ERROR HY000: Error in command service backend interface, because of : "Table 'mysql.masking_dictionaries' doesn't exist" +REVOKE CREATE, SELECT, INSERT, UPDATE, DELETE ON mysql.masking_dictionaries FROM 'mysql.session'@'localhost'; # # NULL for NULL checks include/assert.inc [gen_blocklist() for the NULL primary argument should return NULL] @@ -86,13 +88,22 @@ ERROR HY000: Can't initialize function 'masking_dictionary_term_remove'; Functio SELECT masking_dictionary_remove('single_dict'); ERROR HY000: Can't initialize function 'masking_dictionary_remove'; Function requires MASKING_DICTIONARIES_ADMIN privilege # -# checking the case when mysql.masking_dictionaries is empty +# checking the case when 'mysql.session'@'localhost' has insufficient privileges CREATE TABLE mysql.masking_dictionaries( Dictionary VARCHAR(256) NOT NULL, Term VARCHAR(256) NOT NULL, UNIQUE INDEX dictionary_term_idx (Dictionary, Term) ) ENGINE = InnoDB DEFAULT CHARSET=utf8mb4; -GRANT SELECT, INSERT, UPDATE, DELETE ON mysql.masking_dictionaries TO 'mysql.session'@'localhost'; +SELECT gen_dictionary('us_cities'); +ERROR HY000: Error in command service backend interface, because of : "SELECT command denied to user 'mysql.session'@'localhost' for table 'masking_dictionaries'" +SELECT masking_dictionaries_flush(); +ERROR HY000: Error in command service backend interface, because of : "SELECT command denied to user 'mysql.session'@'localhost' for table 'masking_dictionaries'" +GRANT SELECT ON mysql.masking_dictionaries TO 'mysql.session'@'localhost'; +SELECT masking_dictionary_term_add('single_dict', 'entry'); +ERROR HY000: Error in command service backend interface, because of : "INSERT command denied to user 'mysql.session'@'localhost' for table 'masking_dictionaries'" +# +# checking the case when mysql.masking_dictionaries is empty +GRANT INSERT, UPDATE, DELETE ON mysql.masking_dictionaries TO 'mysql.session'@'localhost'; include/assert.inc [gen_dictionary on an empty table must return NULL] SET @check_expression_result = gen_blocklist('Berlin', 'de_cities', 'us_cities'); include/assert.inc [the result of evaluating 'gen_blocklist('Berlin', 'de_cities', 'us_cities')' must be equal to 'Berlin'] diff --git a/mysql-test/suite/component_masking_functions/t/dictionary_operations.test b/mysql-test/suite/component_masking_functions/t/dictionary_operations.test index d2d190c05fcc..0a31d2c52a1c 100644 --- a/mysql-test/suite/component_masking_functions/t/dictionary_operations.test +++ b/mysql-test/suite/component_masking_functions/t/dictionary_operations.test @@ -77,8 +77,10 @@ SELECT gen_blocklist('Berlin', 'de_cities', NULL); --echo # --echo # checking the case when there is no mysql.masking_dictionaries table ---error ER_COMMAND_SERVICE_BACKEND_FAILED -SELECT gen_blocklist('Berlin', 'de_cities', 'us_cities'); +--connection default +# here CREATE is needed to grant privileges to a not-yet-existing table +GRANT CREATE, SELECT, INSERT, UPDATE, DELETE ON mysql.masking_dictionaries TO 'mysql.session'@'localhost'; +--connection con_unpriv --error ER_COMMAND_SERVICE_BACKEND_FAILED SELECT gen_dictionary('us_cities'); @@ -86,6 +88,12 @@ SELECT gen_dictionary('us_cities'); --connection con_priv --error ER_COMMAND_SERVICE_BACKEND_FAILED SELECT masking_dictionaries_flush(); + +--error ER_COMMAND_SERVICE_BACKEND_FAILED +SELECT masking_dictionary_term_add('single_dict', 'entry'); + +--connection default +REVOKE CREATE, SELECT, INSERT, UPDATE, DELETE ON mysql.masking_dictionaries FROM 'mysql.session'@'localhost'; --connection con_unpriv @@ -131,14 +139,33 @@ SELECT masking_dictionary_term_remove('single_dict', 'entry'); SELECT masking_dictionary_remove('single_dict'); --echo # ---echo # checking the case when mysql.masking_dictionaries is empty +--echo # checking the case when 'mysql.session'@'localhost' has insufficient privileges --connection default CREATE TABLE mysql.masking_dictionaries( Dictionary VARCHAR(256) NOT NULL, Term VARCHAR(256) NOT NULL, UNIQUE INDEX dictionary_term_idx (Dictionary, Term) ) ENGINE = InnoDB DEFAULT CHARSET=utf8mb4; -GRANT SELECT, INSERT, UPDATE, DELETE ON mysql.masking_dictionaries TO 'mysql.session'@'localhost'; + +--error ER_COMMAND_SERVICE_BACKEND_FAILED +SELECT gen_dictionary('us_cities'); + +--connection con_priv +--error ER_COMMAND_SERVICE_BACKEND_FAILED +SELECT masking_dictionaries_flush(); + +--connection default +GRANT SELECT ON mysql.masking_dictionaries TO 'mysql.session'@'localhost'; +--connection con_priv + +--error ER_COMMAND_SERVICE_BACKEND_FAILED +SELECT masking_dictionary_term_add('single_dict', 'entry'); + + +--echo # +--echo # checking the case when mysql.masking_dictionaries is empty +--connection default +GRANT INSERT, UPDATE, DELETE ON mysql.masking_dictionaries TO 'mysql.session'@'localhost'; --connection con_unpriv --let $assert_cond = gen_dictionary("us_cities") IS NULL