~drizzle-trunk/drizzle/development : contents of mysql-test/suite/funcs_1/t/is_user

~drizzle-trunk/drizzle/development : (revision 27)

# suite/funcs_1/t/is_user_privileges.test
#
# Check the layout of information_schema.user_privileges, permissions and
# the impact of CREATE/ALTER/DROP SCHEMA on it.
#
# Note:
#    This test is not intended
#    - to show information about the all time existing tables
#      within the databases information_schema and mysql
#    - for checking storage engine properties
#      Therefore please do not alter $engine_type and $other_engine_type.
#
# Author:
# 2008-01-23 mleich WL#4203 Reorganize and fix the data dictionary tests of
#                           testsuite funcs_1
#                   Create this script based on older scripts and new code.
#

# --source suite/funcs_1/datadict/datadict.pre

let $engine_type       = MEMORY;
let $other_engine_type = MyISAM;

let $is_table = USER_PRIVILEGES;

# The table INFORMATION_SCHEMA.USER_PRIVILEGES must exist
eval SHOW TABLES FROM information_schema LIKE '$is_table';

--echo #######################################################################
--echo # Testcase 3.2.1.1: INFORMATION_SCHEMA tables can be queried via SELECT
--echo #######################################################################
# Ensure that every INFORMATION_SCHEMA table can be queried with a SELECT
# statement, just as if it were an ordinary user-defined table.
#
--source suite/funcs_1/datadict/is_table_query.inc


--echo #########################################################################
--echo # Testcase 3.2.16.1: INFORMATION_SCHEMA.USER_PRIVILEGES layout
--echo #########################################################################
# Ensure that the INFORMATION_SCHEMA.USER_PRIVILEGES table has the following columns,
# in the following order:
#
# GRANTEE (shows a user to whom a user privilege has been granted),
# TABLE_CATALOG (always shows NULL),
# PRIVILEGE_TYPE (shows the granted privilege),
# IS_GRANTABLE (shows whether the privilege was granted WITH GRANT OPTION).
#
--source suite/funcs_1/datadict/datadict_bug_12777.inc
eval DESCRIBE          information_schema.$is_table;
--source suite/funcs_1/datadict/datadict_bug_12777.inc
eval SHOW CREATE TABLE information_schema.$is_table;
--source suite/funcs_1/datadict/datadict_bug_12777.inc
eval SHOW COLUMNS FROM information_schema.$is_table;

# Note: Retrieval of information within information_schema.columns about
#       information_schema.user_privileges is in is_columns_is.test.

# Show that TABLE_CATALOG is always NULL.
SELECT grantee, table_catalog, privilege_type
FROM information_schema.user_privileges
WHERE table_catalog IS NOT NULL;


--echo ##########################################################################
--echo # Testcases 3.2.16.2+3.2.16.3+3.2.16.4: INFORMATION_SCHEMA.USER_PRIVILEGES
--echo #           accessible information
--echo ##########################################################################
# 3.2.16.2: Ensure that the table shows the relevant information on every user
#           privilege which has been granted to the current user or to PUBLIC,
#           or has been granted by the current user.
# 3.2.16.3: Ensure that the table does not show any information on any user
#           privileges which have been granted to users other than the current
#           user or  have been granted by any user other than the current user.
# 3.2.16.4: Ensure that the table does not show any information on any
#           privileges that are not user privileges for the current user.
#
--disable_warnings
DROP DATABASE IF EXISTS db_datadict;
--enable_warnings
CREATE DATABASE db_datadict;

--error 0,ER_CANNOT_USER
DROP   USER 'testuser1'@'localhost';
CREATE USER 'testuser1'@'localhost';
--error 0,ER_CANNOT_USER
DROP   USER 'testuser2'@'localhost';
CREATE USER 'testuser2'@'localhost';
--error 0,ER_CANNOT_USER
DROP   USER 'testuser3'@'localhost';
CREATE USER 'testuser3'@'localhost';

GRANT SELECT ON db_datadict.* TO 'testuser1'@'localhost';
GRANT SELECT ON mysql.user TO 'testuser1'@'localhost';

GRANT INSERT ON *.* TO 'testuser2'@'localhost';
GRANT UPDATE ON *.* TO 'testuser2'@'localhost';

let $my_select1= SELECT * FROM information_schema.user_privileges
WHERE grantee LIKE '''testuser%'''
ORDER BY grantee, table_catalog, privilege_type;
let $my_select2= SELECT * FROM mysql.user
WHERE user LIKE 'testuser%' ORDER BY host, user;
let $my_show= SHOW GRANTS;
eval $my_select1;
eval $my_select2;

--echo #
--echo # Add GRANT OPTION db_datadict.* to testuser1;
GRANT UPDATE ON db_datadict.* TO 'testuser1'@'localhost' WITH GRANT OPTION;
eval $my_select1;
eval $my_select2;

--echo # Establish connection testuser1 (user=testuser1)
--replace_result $MASTER_MYPORT MYSQL_PORT $MASTER_MYSOCK MYSQL_SOCK
connect (testuser1, localhost, testuser1, , db_datadict);
eval $my_select1;
eval $my_select2;
eval $my_show;

--echo
--echo # Now add SELECT on *.* to testuser1;

--echo # Switch to connection default
connection default;
GRANT SELECT ON *.* TO 'testuser1'@'localhost';
--echo #
--echo # Here <SELECT NO> is shown correctly for testuser1;
eval $my_select1;
eval $my_select2;

GRANT SELECT ON *.* TO 'testuser1'@'localhost' WITH GRANT OPTION;
--echo #
--echo # Here <SELECT YES> is shown correctly for testuser1;
eval $my_select1;
eval $my_select2;

--echo # Switch to connection testuser1
# check that this appears
connection testuser1;
eval $my_select1;
eval $my_select2;
eval $my_show;

--echo # Establish connection testuser2 (user=testuser2)
--replace_result $MASTER_MYPORT MYSQL_PORT $MASTER_MYSOCK MYSQL_SOCK
connect (testuser2, localhost, testuser2, , db_datadict);
eval $my_select1;
--error ER_TABLEACCESS_DENIED_ERROR
eval $my_select2;
eval $my_show;

--echo # Establish connection testuser3 (user=testuser3)
--replace_result $MASTER_MYPORT MYSQL_PORT $MASTER_MYSOCK MYSQL_SOCK
connect (testuser3, localhost, testuser3, , test);
eval $my_select1;
--error ER_TABLEACCESS_DENIED_ERROR
eval $my_select2;
eval $my_show;

--echo
--echo # Revoke privileges from testuser1;
--echo # Switch to connection default
connection default;
REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'testuser1'@'localhost';
eval $my_select1;
eval $my_select2;

--echo # Switch to connection testuser1
# check for changes
connection testuser1;
eval $my_select1;
--error ER_TABLEACCESS_DENIED_ERROR
eval $my_select2;
eval $my_show;

# OK, testuser1 has no privs here
--error ER_TABLEACCESS_DENIED_ERROR
CREATE TABLE db_datadict.tb_55 ( c1 TEXT );
eval $my_select1;
--error ER_TABLEACCESS_DENIED_ERROR
eval $my_select2;
eval $my_show;
# OK, testuser1 has no privs here
--error ER_TABLEACCESS_DENIED_ERROR
CREATE TABLE db_datadict.tb_66 ( c1 TEXT );

--echo
--echo # Add ALL on db_datadict.* (and select on mysql.user) to testuser1;
--echo # Switch to connection default
connection default;
GRANT ALL ON db_datadict.* TO 'testuser1'@'localhost' WITH GRANT OPTION;
GRANT SELECT ON mysql.user TO 'testuser1'@'localhost';
eval $my_select1;
eval $my_select2;

--echo # Switch to connection testuser1
connection testuser1;
eval $my_select1;
eval $my_select2;
eval $my_show;

# OK, testuser1 has no privs here
--error ER_TABLEACCESS_DENIED_ERROR
CREATE TABLE db_datadict.tb_56 ( c1 TEXT );

# using 'USE' lets the server read the privileges new, so now the CREATE works
USE db_datadict;
eval $my_select1;
eval $my_select2;
eval $my_show;
--replace_result $other_engine_type <other_engine_type>
eval
CREATE TABLE tb_57 ( c1 TEXT )
ENGINE = $other_engine_type;

--echo
--echo # Revoke privileges from testuser1;
--echo # Switch to connection default
connection default;
REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'testuser1'@'localhost';
eval $my_select1;
eval $my_select2;

--echo # Switch to connection testuser1
# check for changes
connection testuser1;
eval $my_select1;
--error ER_TABLEACCESS_DENIED_ERROR
eval $my_select2;
eval $my_show;
# WORKS, as the existing old privileges are used!
--replace_result $other_engine_type <other_engine_type>
eval
CREATE TABLE db_datadict.tb_58 ( c1 TEXT )
ENGINE = $other_engine_type;
# existing privileges are "read" new when USE is called, user has no privileges
--error ER_DBACCESS_DENIED_ERROR
USE db_datadict;
#FIXME 3.2.16: check that it is correct that this now 'works': --error ER_TABLEACCESS_DENIED_ERROR
--replace_result $other_engine_type <other_engine_type>
eval
CREATE TABLE db_datadict.tb_59 ( c1 TEXT )
ENGINE = $other_engine_type;

# Cleanup
--echo # Switch to connection default and close connections testuser1,testuser2,testuser3
connection default;
disconnect testuser1;
disconnect testuser2;
disconnect testuser3;
DROP USER 'testuser1'@'localhost';
DROP USER 'testuser2'@'localhost';
DROP USER 'testuser3'@'localhost';
DROP DATABASE IF EXISTS db_datadict;


--echo ########################################################################################
--echo # Testcases 3.2.1.13+3.2.1.14+3.2.1.15: INFORMATION_SCHEMA.USER_PRIVILEGES modifications
--echo ########################################################################################
# 3.2.1.13: Ensure that the creation of any new database object (e.g. table or
#           column) automatically inserts all relevant information on that
#           object into every appropriate INFORMATION_SCHEMA table.
# 3.2.1.14: Ensure that the alteration of any existing database object
#           automatically updates all relevant information on that object in
#           every appropriate INFORMATION_SCHEMA table.
# 3.2.1.15: Ensure that the dropping of any existing database object
#           automatically deletes all relevant information on that object from
#           every appropriate INFORMATION_SCHEMA table.
#
let $my_select = SELECT * FROM information_schema.user_privileges
WHERE grantee = '''testuser1''@''localhost''';
let $my_show = SHOW GRANTS FOR 'testuser1'@'localhost';
eval $my_select;
--error ER_NONEXISTING_GRANT
eval $my_show;
--error 0,ER_CANNOT_USER
DROP   USER 'testuser1'@'localhost';
CREATE USER 'testuser1'@'localhost';
eval $my_select;
eval $my_show;
GRANT SELECT, FILE ON *.* TO 'testuser1'@'localhost';
eval $my_select;
eval $my_show;
DROP USER   'testuser1'@'localhost';
eval $my_select;
--error ER_NONEXISTING_GRANT
eval $my_show;


--echo ########################################################################
--echo # Testcases 3.2.1.3-3.2.1.5 + 3.2.1.8-3.2.1.12: INSERT/UPDATE/DELETE and
--echo #           DDL on INFORMATION_SCHEMA tables are not supported
--echo ########################################################################
# 3.2.1.3:  Ensure that no user may execute an INSERT statement on any
#           INFORMATION_SCHEMA table.
# 3.2.1.4:  Ensure that no user may execute an UPDATE statement on any
#           INFORMATION_SCHEMA table.
# 3.2.1.5:  Ensure that no user may execute a DELETE statement on any
#           INFORMATION_SCHEMA table.
# 3.2.1.8:  Ensure that no user may create an index on an
#           INFORMATION_SCHEMA table.
# 3.2.1.9:  Ensure that no user may alter the definition of an
#           INFORMATION_SCHEMA table.
# 3.2.1.10: Ensure that no user may drop an INFORMATION_SCHEMA table.
# 3.2.1.11: Ensure that no user may move an INFORMATION_SCHEMA table to any
#           other database.
# 3.2.1.12: Ensure that no user may directly add to, alter, or delete any data
#           in an INFORMATION_SCHEMA table.
#
--error 0,ER_CANNOT_USER
DROP   USER   'testuser1'@'localhost';
CREATE USER 'testuser1'@'localhost';

--error ER_DBACCESS_DENIED_ERROR
INSERT INTO information_schema.user_privileges
SELECT * FROM information_schema.user_privileges;

--error ER_DBACCESS_DENIED_ERROR
UPDATE information_schema.user_privileges
SET PRIVILEGE_TYPE = 'gaming';

--error ER_DBACCESS_DENIED_ERROR
DELETE FROM information_schema.user_privileges
WHERE grantee = '''testuser1''@''localhost''';
--error ER_DBACCESS_DENIED_ERROR
TRUNCATE information_schema.user_privileges;

--error ER_DBACCESS_DENIED_ERROR
CREATE INDEX i1 ON information_schema.user_privileges(grantee);

--error ER_DBACCESS_DENIED_ERROR
ALTER TABLE information_schema.user_privileges ADD f1 INT;

--error ER_DBACCESS_DENIED_ERROR
DROP TABLE information_schema.user_privileges;

--error ER_DBACCESS_DENIED_ERROR
ALTER TABLE information_schema.user_privileges
RENAME db_datadict.user_privileges;
--error ER_DBACCESS_DENIED_ERROR
ALTER TABLE information_schema.user_privileges
RENAME information_schema.xuser_privileges;

# Cleanup
DROP USER   'testuser1'@'localhost';


1 by brian clean slate	1	# suite/funcs_1/t/is_user_privileges.test
	2	#
	3	# Check the layout of information_schema.user_privileges, permissions and
	4	# the impact of CREATE/ALTER/DROP SCHEMA on it.
	5	#
	6	# Note:
	7	# This test is not intended
	8	# - to show information about the all time existing tables
	9	# within the databases information_schema and mysql
	10	# - for checking storage engine properties
	11	# Therefore please do not alter $engine_type and $other_engine_type.
	12	#
	13	# Author:
	14	# 2008-01-23 mleich WL#4203 Reorganize and fix the data dictionary tests of
	15	# testsuite funcs_1
	16	# Create this script based on older scripts and new code.
	17	#
	18
	19	# --source suite/funcs_1/datadict/datadict.pre
	20
	21	let $engine_type = MEMORY;
	22	let $other_engine_type = MyISAM;
	23
	24	let $is_table = USER_PRIVILEGES;
	25
	26	# The table INFORMATION_SCHEMA.USER_PRIVILEGES must exist
	27	eval SHOW TABLES FROM information_schema LIKE '$is_table';
	28
	29	--echo #######################################################################
	30	--echo # Testcase 3.2.1.1: INFORMATION_SCHEMA tables can be queried via SELECT
	31	--echo #######################################################################
	32	# Ensure that every INFORMATION_SCHEMA table can be queried with a SELECT
	33	# statement, just as if it were an ordinary user-defined table.
	34	#
	35	--source suite/funcs_1/datadict/is_table_query.inc
	36
	37
	38	--echo #########################################################################
	39	--echo # Testcase 3.2.16.1: INFORMATION_SCHEMA.USER_PRIVILEGES layout
	40	--echo #########################################################################
	41	# Ensure that the INFORMATION_SCHEMA.USER_PRIVILEGES table has the following columns,
	42	# in the following order:
	43	#
	44	# GRANTEE (shows a user to whom a user privilege has been granted),
	45	# TABLE_CATALOG (always shows NULL),
	46	# PRIVILEGE_TYPE (shows the granted privilege),
	47	# IS_GRANTABLE (shows whether the privilege was granted WITH GRANT OPTION).
	48	#
	49	--source suite/funcs_1/datadict/datadict_bug_12777.inc
	50	eval DESCRIBE information_schema.$is_table;
	51	--source suite/funcs_1/datadict/datadict_bug_12777.inc
	52	eval SHOW CREATE TABLE information_schema.$is_table;
	53	--source suite/funcs_1/datadict/datadict_bug_12777.inc
	54	eval SHOW COLUMNS FROM information_schema.$is_table;
	55
	56	# Note: Retrieval of information within information_schema.columns about
	57	# information_schema.user_privileges is in is_columns_is.test.
	58
	59	# Show that TABLE_CATALOG is always NULL.
	60	SELECT grantee, table_catalog, privilege_type
	61	FROM information_schema.user_privileges
	62	WHERE table_catalog IS NOT NULL;
	63
	64
65	--echo ##########################################################################
66	--echo # Testcases 3.2.16.2+3.2.16.3+3.2.16.4: INFORMATION_SCHEMA.USER_PRIVILEGES
67	--echo # accessible information
68	--echo ##########################################################################
69	# 3.2.16.2: Ensure that the table shows the relevant information on every user
70	# privilege which has been granted to the current user or to PUBLIC,
71	# or has been granted by the current user.
72	# 3.2.16.3: Ensure that the table does not show any information on any user
73	# privileges which have been granted to users other than the current
74	# user or have been granted by any user other than the current user.
75	# 3.2.16.4: Ensure that the table does not show any information on any
76	# privileges that are not user privileges for the current user.
77	#
78	--disable_warnings
79	DROP DATABASE IF EXISTS db_datadict;
80	--enable_warnings
81	CREATE DATABASE db_datadict;
82
83	--error 0,ER_CANNOT_USER
84	DROP USER 'testuser1'@'localhost';
85	CREATE USER 'testuser1'@'localhost';
86	--error 0,ER_CANNOT_USER
87	DROP USER 'testuser2'@'localhost';
88	CREATE USER 'testuser2'@'localhost';
89	--error 0,ER_CANNOT_USER
90	DROP USER 'testuser3'@'localhost';
91	CREATE USER 'testuser3'@'localhost';
92
93	GRANT SELECT ON db_datadict.* TO 'testuser1'@'localhost';
94	GRANT SELECT ON mysql.user TO 'testuser1'@'localhost';
95
96	GRANT INSERT ON . TO 'testuser2'@'localhost';
97	GRANT UPDATE ON . TO 'testuser2'@'localhost';
98
99	let $my_select1= SELECT * FROM information_schema.user_privileges
100	WHERE grantee LIKE '''testuser%'''
101	ORDER BY grantee, table_catalog, privilege_type;
102	let $my_select2= SELECT * FROM mysql.user
103	WHERE user LIKE 'testuser%' ORDER BY host, user;
104	let $my_show= SHOW GRANTS;
105	eval $my_select1;
106	eval $my_select2;
107
108	--echo #
109	--echo # Add GRANT OPTION db_datadict.* to testuser1;
110	GRANT UPDATE ON db_datadict.* TO 'testuser1'@'localhost' WITH GRANT OPTION;
111	eval $my_select1;
112	eval $my_select2;
113
114	--echo # Establish connection testuser1 (user=testuser1)
115	--replace_result $MASTER_MYPORT MYSQL_PORT $MASTER_MYSOCK MYSQL_SOCK
116	connect (testuser1, localhost, testuser1, , db_datadict);
117	eval $my_select1;
118	eval $my_select2;
119	eval $my_show;
120
121	--echo
122	--echo # Now add SELECT on . to testuser1;
123
124	--echo # Switch to connection default
125	connection default;
126	GRANT SELECT ON . TO 'testuser1'@'localhost';
127	--echo #
128	--echo # Here <SELECT NO> is shown correctly for testuser1;
129	eval $my_select1;
130	eval $my_select2;
131
132	GRANT SELECT ON . TO 'testuser1'@'localhost' WITH GRANT OPTION;
133	--echo #
134	--echo # Here <SELECT YES> is shown correctly for testuser1;
135	eval $my_select1;
136	eval $my_select2;
137
138	--echo # Switch to connection testuser1
139	# check that this appears
140	connection testuser1;
141	eval $my_select1;
142	eval $my_select2;
143	eval $my_show;
144
145	--echo # Establish connection testuser2 (user=testuser2)
146	--replace_result $MASTER_MYPORT MYSQL_PORT $MASTER_MYSOCK MYSQL_SOCK
147	connect (testuser2, localhost, testuser2, , db_datadict);
148	eval $my_select1;
149	--error ER_TABLEACCESS_DENIED_ERROR
150	eval $my_select2;
151	eval $my_show;
152
153	--echo # Establish connection testuser3 (user=testuser3)
154	--replace_result $MASTER_MYPORT MYSQL_PORT $MASTER_MYSOCK MYSQL_SOCK
155	connect (testuser3, localhost, testuser3, , test);
156	eval $my_select1;
157	--error ER_TABLEACCESS_DENIED_ERROR
158	eval $my_select2;
159	eval $my_show;
160
161	--echo
162	--echo # Revoke privileges from testuser1;
163	--echo # Switch to connection default
164	connection default;
165	REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'testuser1'@'localhost';
166	eval $my_select1;
167	eval $my_select2;
168
169	--echo # Switch to connection testuser1
170	# check for changes
171	connection testuser1;
172	eval $my_select1;
173	--error ER_TABLEACCESS_DENIED_ERROR
174	eval $my_select2;
175	eval $my_show;
176
177	# OK, testuser1 has no privs here
178	--error ER_TABLEACCESS_DENIED_ERROR
179	CREATE TABLE db_datadict.tb_55 ( c1 TEXT );
180	eval $my_select1;
181	--error ER_TABLEACCESS_DENIED_ERROR
182	eval $my_select2;
183	eval $my_show;
184	# OK, testuser1 has no privs here
185	--error ER_TABLEACCESS_DENIED_ERROR
186	CREATE TABLE db_datadict.tb_66 ( c1 TEXT );
187
188	--echo
189	--echo # Add ALL on db_datadict.* (and select on mysql.user) to testuser1;
190	--echo # Switch to connection default
191	connection default;
192	GRANT ALL ON db_datadict.* TO 'testuser1'@'localhost' WITH GRANT OPTION;
193	GRANT SELECT ON mysql.user TO 'testuser1'@'localhost';
194	eval $my_select1;
195	eval $my_select2;
196
197	--echo # Switch to connection testuser1
198	connection testuser1;
199	eval $my_select1;
200	eval $my_select2;
201	eval $my_show;
202
203	# OK, testuser1 has no privs here
204	--error ER_TABLEACCESS_DENIED_ERROR
205	CREATE TABLE db_datadict.tb_56 ( c1 TEXT );
206
207	# using 'USE' lets the server read the privileges new, so now the CREATE works
208	USE db_datadict;
209	eval $my_select1;
210	eval $my_select2;
211	eval $my_show;
212	--replace_result $other_engine_type <other_engine_type>
213	eval
214	CREATE TABLE tb_57 ( c1 TEXT )
215	ENGINE = $other_engine_type;
216
217	--echo
218	--echo # Revoke privileges from testuser1;
219	--echo # Switch to connection default
220	connection default;
221	REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'testuser1'@'localhost';
222	eval $my_select1;
223	eval $my_select2;
224
225	--echo # Switch to connection testuser1
226	# check for changes
227	connection testuser1;
228	eval $my_select1;
229	--error ER_TABLEACCESS_DENIED_ERROR
230	eval $my_select2;
231	eval $my_show;
232	# WORKS, as the existing old privileges are used!
233	--replace_result $other_engine_type <other_engine_type>
234	eval
235	CREATE TABLE db_datadict.tb_58 ( c1 TEXT )
236	ENGINE = $other_engine_type;
237	# existing privileges are "read" new when USE is called, user has no privileges
238	--error ER_DBACCESS_DENIED_ERROR
239	USE db_datadict;
240	#FIXME 3.2.16: check that it is correct that this now 'works': --error ER_TABLEACCESS_DENIED_ERROR
241	--replace_result $other_engine_type <other_engine_type>
242	eval
243	CREATE TABLE db_datadict.tb_59 ( c1 TEXT )
244	ENGINE = $other_engine_type;
245
246	# Cleanup
247	--echo # Switch to connection default and close connections testuser1,testuser2,testuser3
248	connection default;
249	disconnect testuser1;
250	disconnect testuser2;
251	disconnect testuser3;
252	DROP USER 'testuser1'@'localhost';
253	DROP USER 'testuser2'@'localhost';
254	DROP USER 'testuser3'@'localhost';
255	DROP DATABASE IF EXISTS db_datadict;
256
257
258	--echo ########################################################################################
259	--echo # Testcases 3.2.1.13+3.2.1.14+3.2.1.15: INFORMATION_SCHEMA.USER_PRIVILEGES modifications
260	--echo ########################################################################################
261	# 3.2.1.13: Ensure that the creation of any new database object (e.g. table or
262	# column) automatically inserts all relevant information on that
263	# object into every appropriate INFORMATION_SCHEMA table.
264	# 3.2.1.14: Ensure that the alteration of any existing database object
265	# automatically updates all relevant information on that object in
266	# every appropriate INFORMATION_SCHEMA table.
267	# 3.2.1.15: Ensure that the dropping of any existing database object
268	# automatically deletes all relevant information on that object from
269	# every appropriate INFORMATION_SCHEMA table.
270	#
271	let $my_select = SELECT * FROM information_schema.user_privileges
272	WHERE grantee = '''testuser1''@''localhost''';
273	let $my_show = SHOW GRANTS FOR 'testuser1'@'localhost';
274	eval $my_select;
275	--error ER_NONEXISTING_GRANT
276	eval $my_show;
277	--error 0,ER_CANNOT_USER
278	DROP USER 'testuser1'@'localhost';
279	CREATE USER 'testuser1'@'localhost';
280	eval $my_select;
281	eval $my_show;
282	GRANT SELECT, FILE ON . TO 'testuser1'@'localhost';
283	eval $my_select;
284	eval $my_show;
285	DROP USER 'testuser1'@'localhost';
286	eval $my_select;
287	--error ER_NONEXISTING_GRANT
288	eval $my_show;
289
290
291	--echo ########################################################################
292	--echo # Testcases 3.2.1.3-3.2.1.5 + 3.2.1.8-3.2.1.12: INSERT/UPDATE/DELETE and
293	--echo # DDL on INFORMATION_SCHEMA tables are not supported
294	--echo ########################################################################
295	# 3.2.1.3: Ensure that no user may execute an INSERT statement on any
296	# INFORMATION_SCHEMA table.
297	# 3.2.1.4: Ensure that no user may execute an UPDATE statement on any
298	# INFORMATION_SCHEMA table.
299	# 3.2.1.5: Ensure that no user may execute a DELETE statement on any
300	# INFORMATION_SCHEMA table.
301	# 3.2.1.8: Ensure that no user may create an index on an
302	# INFORMATION_SCHEMA table.
303	# 3.2.1.9: Ensure that no user may alter the definition of an
304	# INFORMATION_SCHEMA table.
305	# 3.2.1.10: Ensure that no user may drop an INFORMATION_SCHEMA table.
306	# 3.2.1.11: Ensure that no user may move an INFORMATION_SCHEMA table to any
307	# other database.
308	# 3.2.1.12: Ensure that no user may directly add to, alter, or delete any data
309	# in an INFORMATION_SCHEMA table.
310	#
311	--error 0,ER_CANNOT_USER
312	DROP USER 'testuser1'@'localhost';
313	CREATE USER 'testuser1'@'localhost';
314
315	--error ER_DBACCESS_DENIED_ERROR
316	INSERT INTO information_schema.user_privileges
317	SELECT * FROM information_schema.user_privileges;
318
319	--error ER_DBACCESS_DENIED_ERROR
320	UPDATE information_schema.user_privileges
321	SET PRIVILEGE_TYPE = 'gaming';
322
323	--error ER_DBACCESS_DENIED_ERROR
324	DELETE FROM information_schema.user_privileges
325	WHERE grantee = '''testuser1''@''localhost''';
326	--error ER_DBACCESS_DENIED_ERROR
327	TRUNCATE information_schema.user_privileges;
328
329	--error ER_DBACCESS_DENIED_ERROR
330	CREATE INDEX i1 ON information_schema.user_privileges(grantee);
331
332	--error ER_DBACCESS_DENIED_ERROR
333	ALTER TABLE information_schema.user_privileges ADD f1 INT;
334
335	--error ER_DBACCESS_DENIED_ERROR
336	DROP TABLE information_schema.user_privileges;
337
338	--error ER_DBACCESS_DENIED_ERROR
339	ALTER TABLE information_schema.user_privileges
340	RENAME db_datadict.user_privileges;
341	--error ER_DBACCESS_DENIED_ERROR
342	ALTER TABLE information_schema.user_privileges
343	RENAME information_schema.xuser_privileges;
344
345	# Cleanup
346	DROP USER 'testuser1'@'localhost';
347