-
Notifications
You must be signed in to change notification settings - Fork 5.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
executor: fix user without process privilege can access cluster_statements_summary_evicted table #26208
Conversation
Signed-off-by: ailinkid <314806019@qq.com>
Please follow PR Title Format:
Or if the count of mainly changed packages are more than 3, use
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Only minor comment about PROCESS
vs Process
. I also tried to add a similar test to privilege/privileges/privileges_test.go:TestClusterConfigInfoschema
but then it hangs/succeeds when it is suppose to fail, any idea why?
Maybe also add a test for a user with only Process
privilege.
Otherwise LGTM.
Signed-off-by: ailinkid <314806019@qq.com>
executor/infoschema_reader.go
Outdated
@@ -1919,6 +1919,9 @@ func (e *memtableRetriever) dataForTableTiFlashReplica(ctx sessionctx.Context, s | |||
} | |||
|
|||
func (e *memtableRetriever) setDataForStatementsSummaryEvicted(ctx sessionctx.Context) error { | |||
if e.table.Name.O == infoschema.ClusterTableStatementsSummaryEvicted && !hasPriv(ctx, mysql.ProcessPriv) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The same for statements_summary_evicted
. Please update them together.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Signed-off-by: ailinkid <314806019@qq.com>
Signed-off-by: ailinkid <314806019@qq.com>
[REVIEW NOTIFICATION] This pull request has been approved by:
To complete the pull request process, please ask the reviewers in the list to review by filling The full list of commands accepted by this bot can be found here. Reviewer can indicate their review by submitting an approval review. |
/merge |
This pull request has been accepted and is ready to merge. Commit hash: 9d52bea
|
Signed-off-by: ti-srebot <ti-srebot@pingcap.com>
cherry pick to release-5.1 in PR #26351 |
Signed-off-by: ailinkid 314806019@qq.com
What problem does this PR solve?
Issue Number: close #26125
What is changed and how it works?
*: What's Changed: fix user without process privilege can access cluster_statements_summary_evicted table
Check List
Tests
Documentation
Release note