Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-21704

Add a new JSON field "version_id" into mysql.global_priv.priv

    XMLWordPrintable

    Details

      Description

      Under terms of MDEV-21743, we'll add new global privilege flags.
      In order to help the server understand which version a privilege record was written by, let's add a new JSON field "version_id" in mysql.global_priv.priv.

      So the following script:

      GRANT FILE ON *.* TO user1@localhost;
      SELECT Host, User, JSON_DETAILED(Priv) FROM mysql.global_priv WHERE user='user1'\G
      

      returns about this output:

      *************************** 1. row ***************************
                     Host: localhost
                     User: user1
      JSON_DETAILED(Priv): {
          "access": 512,
          "plugin": "mysql_native_password",
          "authentication_string": "",
          "password_last_changed": 1581070979,
          "version_id": 100502
      }
      1 row in set (0.001 sec)
      

      Notice, the new "version_id" field in the JSON record.

      The version id is needed to translate a set of bits to a set of privileges.

      If the version_id JSON field is missing in a record, the server will consider that this record was created by MariaDB-10.5.1 or earlier.

      As version_id is determined per record, records of different formats will co-exist in the same table without conflicts, so no mysql_upgrade execution will be needed to make the global_priv table up-to-date after upgrade to a new server version with new privilege bits defined.

      If the version_id JSON field is missing in a record, the server will consider that this record was created by MariaDB-10.5.1 or earlier.

      As version_id is determined per record, records of different formats will co-exist in the same table without conflicts, so no mysql_upgrade execution will be needed to make the global_priv table up-to-date after upgrade to a new server version with new privilege bits defined.

      This change will also include:

      • Validation for the new "version_id" JSON field, to ignore records with obviously wrong version_id records.
      • Validation for the "access" JSON field, to ignore records when "access" has any bits set which are not known as of server version specified in version_od
      • Reporting ignored records to the server error log.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              bar Alexander Barkov
              Reporter:
              bar Alexander Barkov
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: