diff --git a/executor/infoschema_reader.go b/executor/infoschema_reader.go index abbfcd2b17ef1..15a4d66b0cf00 100644 --- a/executor/infoschema_reader.go +++ b/executor/infoschema_reader.go @@ -1919,6 +1919,9 @@ func (e *memtableRetriever) dataForTableTiFlashReplica(ctx sessionctx.Context, s } func (e *memtableRetriever) setDataForStatementsSummaryEvicted(ctx sessionctx.Context) error { + if !hasPriv(ctx, mysql.ProcessPriv) { + return plannercore.ErrSpecificAccessDenied.GenWithStackByArgs("PROCESS") + } e.rows = stmtsummary.StmtSummaryByDigestMap.ToEvictedCountDatum() switch e.table.Name.O { case infoschema.ClusterTableStatementsSummaryEvicted: diff --git a/infoschema/tables_test.go b/infoschema/tables_test.go index 717bbae8fb62c..a60a2677e4ec8 100644 --- a/infoschema/tables_test.go +++ b/infoschema/tables_test.go @@ -1436,6 +1436,29 @@ func (s *testClusterTableSuite) TestStmtSummaryEvictedCountTable(c *C) { Check(testkit.Rows("2")) // TODO: Add more tests. + tk.MustExec("create user 'testuser'@'localhost'") + tk.MustExec("create user 'testuser2'@'localhost'") + tk.MustExec("grant process on *.* to 'testuser2'@'localhost'") + tk1 := s.newTestKitWithRoot(c) + defer tk1.MustExec("drop user 'testuser'@'localhost'") + defer tk1.MustExec("drop user 'testuser2'@'localhost'") + + c.Assert(tk.Se.Auth(&auth.UserIdentity{ + Username: "testuser", + Hostname: "localhost", + }, nil, nil), Equals, true) + + err := tk.QueryToErr("select * from information_schema.CLUSTER_STATEMENTS_SUMMARY_EVICTED") + c.Assert(err, NotNil) + // This error is come from cop(TiDB) fetch from rpc server. + c.Assert(err.Error(), Equals, "other error: [planner:1227]Access denied; you need (at least one of) the PROCESS privilege(s) for this operation") + + c.Assert(tk.Se.Auth(&auth.UserIdentity{ + Username: "testuser2", + Hostname: "localhost", + }, nil, nil), Equals, true) + err = tk.QueryToErr("select * from information_schema.CLUSTER_STATEMENTS_SUMMARY_EVICTED") + c.Assert(err, IsNil) } func (s *testTableSuite) TestStmtSummaryTableOther(c *C) {