STATUS
------
Approved.
SUGGESTIONS
-----------
1. In tests use a user who has all rights except possibly BACKUP/RESTORE so that
if BACKUP/RESTORE operation is refused it is because of missing BACKUP/RESTORE
privileges and not for other reasons.
CREATE USER test_user;
GRANT ALL ON *.* TO test_user;
REVOKE BACKUP,RESTORE ON *.* FROM test_user;
Then these scenarios can be tested:
- GRANT BACKUP/RESTORE ON *.* TO test_user;
- GRANT BACKUP/RESTORE ON specific_db.* TO test_user;
2. Test additional scenarios where an explicit list of databases (more than 1)
is given to BACKUP command and where RESTORE restores more than one database.
User has privileges for some of the databases but not for others.
Rafal
Chuck Bell wrote:
> #At file:///D:/source/bzr/mysql-6.0-bug-39580/ based on
> revid:charles.bell@stripped
>
> 2832 Chuck Bell 2009-06-30
> BUG#39580 : BACKUP/RESTORE should not use SUPER
>
> The backup system uses a privilege (SUPER) that is much more powerful
> than what is necessary to allow backup and restore.
>
> This patch changes the requirement of SUPER to two new privileges:
>
> BACKUP - required for backup operations
> RESTORE - required for restore operaions
>
> These new privileges are set at the database-level thereby giving the
> ability to grant BACKUP or RESTORE to one or more users for a given
> database.
>
> This patch does not infer any additional rights to the user during
> the operation. The user must still have sufficient rights to read
> all objects for backup and create all objects for restore.
