github.com/pingcap/tidb/parser@v0.0.0-20231013125129-93a834a6bf8d/mysql/privs.go (about) 1 // Copyright 2021 PingCAP, Inc. 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // See the License for the specific language governing permissions and 12 // limitations under the License. 13 14 package mysql 15 16 // AllPrivilegeLiteral is the string literal for All Privilege. 17 const AllPrivilegeLiteral = "ALL PRIVILEGES" 18 19 // Priv2Str is the map for privilege to string. 20 var Priv2Str = map[PrivilegeType]string{ 21 CreatePriv: "Create", 22 SelectPriv: "Select", 23 InsertPriv: "Insert", 24 UpdatePriv: "Update", 25 DeletePriv: "Delete", 26 ShowDBPriv: "Show Databases", 27 SuperPriv: "Super", 28 CreateUserPriv: "Create User", 29 CreateTablespacePriv: "Create Tablespace", 30 TriggerPriv: "Trigger", 31 DropPriv: "Drop", 32 ProcessPriv: "Process", 33 GrantPriv: "Grant Option", 34 ReferencesPriv: "References", 35 AlterPriv: "Alter", 36 ExecutePriv: "Execute", 37 IndexPriv: "Index", 38 CreateViewPriv: "Create View", 39 ShowViewPriv: "Show View", 40 CreateRolePriv: "Create Role", 41 DropRolePriv: "Drop Role", 42 CreateTMPTablePriv: "CREATE TEMPORARY TABLES", 43 LockTablesPriv: "LOCK TABLES", 44 CreateRoutinePriv: "CREATE ROUTINE", 45 AlterRoutinePriv: "ALTER ROUTINE", 46 EventPriv: "EVENT", 47 ShutdownPriv: "SHUTDOWN", 48 ReloadPriv: "RELOAD", 49 FilePriv: "FILE", 50 ConfigPriv: "CONFIG", 51 UsagePriv: "USAGE", 52 ReplicationClientPriv: "REPLICATION CLIENT", 53 ReplicationSlavePriv: "REPLICATION SLAVE", 54 AllPriv: AllPrivilegeLiteral, 55 } 56 57 // Priv2SetStr is the map for privilege to string. 58 var Priv2SetStr = map[PrivilegeType]string{ 59 CreatePriv: "Create", 60 SelectPriv: "Select", 61 InsertPriv: "Insert", 62 UpdatePriv: "Update", 63 DeletePriv: "Delete", 64 DropPriv: "Drop", 65 GrantPriv: "Grant", 66 ReferencesPriv: "References", 67 LockTablesPriv: "Lock Tables", 68 CreateTMPTablePriv: "Create Temporary Tables", 69 EventPriv: "Event", 70 CreateRoutinePriv: "Create Routine", 71 AlterRoutinePriv: "Alter Routine", 72 AlterPriv: "Alter", 73 ExecutePriv: "Execute", 74 IndexPriv: "Index", 75 CreateViewPriv: "Create View", 76 ShowViewPriv: "Show View", 77 CreateRolePriv: "Create Role", 78 DropRolePriv: "Drop Role", 79 ShutdownPriv: "Shutdown Role", 80 TriggerPriv: "Trigger", 81 } 82 83 // SetStr2Priv is the map for privilege set string to privilege type. 84 var SetStr2Priv = map[string]PrivilegeType{ 85 "Create": CreatePriv, 86 "Select": SelectPriv, 87 "Insert": InsertPriv, 88 "Update": UpdatePriv, 89 "Delete": DeletePriv, 90 "Drop": DropPriv, 91 "Grant": GrantPriv, 92 "References": ReferencesPriv, 93 "Lock Tables": LockTablesPriv, 94 "Create Temporary Tables": CreateTMPTablePriv, 95 "Event": EventPriv, 96 "Create Routine": CreateRoutinePriv, 97 "Alter Routine": AlterRoutinePriv, 98 "Alter": AlterPriv, 99 "Execute": ExecutePriv, 100 "Index": IndexPriv, 101 "Create View": CreateViewPriv, 102 "Show View": ShowViewPriv, 103 "Trigger": TriggerPriv, 104 } 105 106 // Priv2UserCol is the privilege to mysql.user table column name. 107 var Priv2UserCol = map[PrivilegeType]string{ 108 CreatePriv: "Create_priv", 109 SelectPriv: "Select_priv", 110 InsertPriv: "Insert_priv", 111 UpdatePriv: "Update_priv", 112 DeletePriv: "Delete_priv", 113 ShowDBPriv: "Show_db_priv", 114 SuperPriv: "Super_priv", 115 CreateUserPriv: "Create_user_priv", 116 CreateTablespacePriv: "Create_tablespace_priv", 117 TriggerPriv: "Trigger_priv", 118 DropPriv: "Drop_priv", 119 ProcessPriv: "Process_priv", 120 GrantPriv: "Grant_priv", 121 ReferencesPriv: "References_priv", 122 AlterPriv: "Alter_priv", 123 ExecutePriv: "Execute_priv", 124 IndexPriv: "Index_priv", 125 CreateViewPriv: "Create_view_priv", 126 ShowViewPriv: "Show_view_priv", 127 CreateRolePriv: "Create_role_priv", 128 DropRolePriv: "Drop_role_priv", 129 CreateTMPTablePriv: "Create_tmp_table_priv", 130 LockTablesPriv: "Lock_tables_priv", 131 CreateRoutinePriv: "Create_routine_priv", 132 AlterRoutinePriv: "Alter_routine_priv", 133 EventPriv: "Event_priv", 134 ShutdownPriv: "Shutdown_priv", 135 ReloadPriv: "Reload_priv", 136 FilePriv: "File_priv", 137 ConfigPriv: "Config_priv", 138 ReplicationClientPriv: "Repl_client_priv", 139 ReplicationSlavePriv: "Repl_slave_priv", 140 } 141 142 // Col2PrivType is the privilege tables column name to privilege type. 143 var Col2PrivType = map[string]PrivilegeType{ 144 "Create_priv": CreatePriv, 145 "Select_priv": SelectPriv, 146 "Insert_priv": InsertPriv, 147 "Update_priv": UpdatePriv, 148 "Delete_priv": DeletePriv, 149 "Show_db_priv": ShowDBPriv, 150 "Super_priv": SuperPriv, 151 "Create_user_priv": CreateUserPriv, 152 "Create_tablespace_priv": CreateTablespacePriv, 153 "Trigger_priv": TriggerPriv, 154 "Drop_priv": DropPriv, 155 "Process_priv": ProcessPriv, 156 "Grant_priv": GrantPriv, 157 "References_priv": ReferencesPriv, 158 "Alter_priv": AlterPriv, 159 "Execute_priv": ExecutePriv, 160 "Index_priv": IndexPriv, 161 "Create_view_priv": CreateViewPriv, 162 "Show_view_priv": ShowViewPriv, 163 "Create_role_priv": CreateRolePriv, 164 "Drop_role_priv": DropRolePriv, 165 "Create_tmp_table_priv": CreateTMPTablePriv, 166 "Lock_tables_priv": LockTablesPriv, 167 "Create_routine_priv": CreateRoutinePriv, 168 "Alter_routine_priv": AlterRoutinePriv, 169 "Event_priv": EventPriv, 170 "Shutdown_priv": ShutdownPriv, 171 "Reload_priv": ReloadPriv, 172 "File_priv": FilePriv, 173 "Config_priv": ConfigPriv, 174 "Repl_client_priv": ReplicationClientPriv, 175 "Repl_slave_priv": ReplicationSlavePriv, 176 } 177 178 // PrivilegeType privilege 179 type PrivilegeType uint64 180 181 // NewPrivFromColumn constructs priv from a column name. False means invalid priv column name. 182 func NewPrivFromColumn(col string) (PrivilegeType, bool) { 183 p, o := Col2PrivType[col] 184 return p, o 185 } 186 187 // NewPrivFromSetEnum constructs priv from a set enum. False means invalid priv enum. 188 func NewPrivFromSetEnum(e string) (PrivilegeType, bool) { 189 p, o := SetStr2Priv[e] 190 return p, o 191 } 192 193 // String returns the corresponding identifier in SQLs. 194 func (p PrivilegeType) String() string { 195 if s, ok := Priv2Str[p]; ok { 196 return s 197 } 198 return "" 199 } 200 201 // ColumnString returns the corresponding name of columns in mysql.user/mysql.db. 202 func (p PrivilegeType) ColumnString() string { 203 if s, ok := Priv2UserCol[p]; ok { 204 return s 205 } 206 return "" 207 } 208 209 // SetString returns the corresponding set enum string in Table_priv/Column_priv of mysql.tables_priv/mysql.columns_priv. 210 func (p PrivilegeType) SetString() string { 211 if s, ok := Priv2SetStr[p]; ok { 212 return s 213 } 214 return "" 215 } 216 217 const ( 218 // UsagePriv is a synonym for “no privileges” 219 UsagePriv PrivilegeType = 1 << iota 220 // CreatePriv is the privilege to create schema/table. 221 CreatePriv 222 // SelectPriv is the privilege to read from table. 223 SelectPriv 224 // InsertPriv is the privilege to insert data into table. 225 InsertPriv 226 // UpdatePriv is the privilege to update data in table. 227 UpdatePriv 228 // DeletePriv is the privilege to delete data from table. 229 DeletePriv 230 // ShowDBPriv is the privilege to run show databases statement. 231 ShowDBPriv 232 // SuperPriv enables many operations and server behaviors. 233 SuperPriv 234 // CreateUserPriv is the privilege to create user. 235 CreateUserPriv 236 // TriggerPriv is not checked yet. 237 TriggerPriv 238 // DropPriv is the privilege to drop schema/table. 239 DropPriv 240 // ProcessPriv pertains to display of information about the threads executing within the server. 241 ProcessPriv 242 // GrantPriv is the privilege to grant privilege to user. 243 GrantPriv 244 // ReferencesPriv is not checked yet. 245 ReferencesPriv 246 // AlterPriv is the privilege to run alter statement. 247 AlterPriv 248 // ExecutePriv is the privilege to run execute statement. 249 ExecutePriv 250 // IndexPriv is the privilege to create/drop index. 251 IndexPriv 252 // CreateViewPriv is the privilege to create view. 253 CreateViewPriv 254 // ShowViewPriv is the privilege to show create view. 255 ShowViewPriv 256 // CreateRolePriv the privilege to create a role. 257 CreateRolePriv 258 // DropRolePriv is the privilege to drop a role. 259 DropRolePriv 260 // CreateTMPTablePriv is the privilege to create a temporary table. 261 CreateTMPTablePriv 262 // LockTablesPriv is the privilege to lock tables. 263 LockTablesPriv 264 // CreateRoutinePriv is the privilege to create a stored routine. 265 CreateRoutinePriv 266 // AlterRoutinePriv is the privilege to alter a stored routine. 267 AlterRoutinePriv 268 // EventPriv is the privilege to event. 269 EventPriv 270 271 // ShutdownPriv the privilege to shutdown a server. 272 ShutdownPriv 273 // ReloadPriv is the privilege to enable the use of the FLUSH statement. 274 ReloadPriv 275 // FilePriv is the privilege to enable the use of LOAD DATA and SELECT ... INTO OUTFILE. 276 FilePriv 277 // ConfigPriv is the privilege to enable the use SET CONFIG statements. 278 ConfigPriv 279 280 // CreateTablespacePriv is the privilege to create tablespace. 281 CreateTablespacePriv 282 283 // ReplicationClientPriv is used in MySQL replication 284 ReplicationClientPriv 285 // ReplicationSlavePriv is used in MySQL replication 286 ReplicationSlavePriv 287 288 // AllPriv is the privilege for all actions. 289 AllPriv 290 /* 291 * Please add the new priv before AllPriv to keep the values consistent across versions. 292 */ 293 294 // ExtendedPriv is used to successful parse privileges not included above. 295 // these are dynamic privileges in MySQL 8.0 and other extended privileges like LOAD FROM S3 in Aurora. 296 ExtendedPriv 297 ) 298 299 // AllPrivMask is the mask for PrivilegeType with all bits set to 1. 300 // If it's passed to RequestVerification, it means any privilege would be OK. 301 const AllPrivMask = AllPriv - 1 302 303 // Privileges is the list of all privileges. 304 type Privileges []PrivilegeType 305 306 // Has checks whether PrivilegeType has the privilege. 307 func (privs Privileges) Has(p PrivilegeType) bool { 308 for _, cp := range privs { 309 if cp == p { 310 return true 311 } 312 } 313 return false 314 } 315 316 // AllGlobalPrivs is all the privileges in global scope. 317 var AllGlobalPrivs = Privileges{SelectPriv, InsertPriv, UpdatePriv, DeletePriv, CreatePriv, DropPriv, ProcessPriv, ReferencesPriv, AlterPriv, ShowDBPriv, SuperPriv, ExecutePriv, IndexPriv, CreateUserPriv, CreateTablespacePriv, TriggerPriv, CreateViewPriv, ShowViewPriv, CreateRolePriv, DropRolePriv, CreateTMPTablePriv, LockTablesPriv, CreateRoutinePriv, AlterRoutinePriv, EventPriv, ShutdownPriv, ReloadPriv, FilePriv, ConfigPriv, ReplicationClientPriv, ReplicationSlavePriv} 318 319 // AllDBPrivs is all the privileges in database scope. 320 var AllDBPrivs = Privileges{SelectPriv, InsertPriv, UpdatePriv, DeletePriv, CreatePriv, DropPriv, ReferencesPriv, LockTablesPriv, CreateTMPTablePriv, EventPriv, CreateRoutinePriv, AlterRoutinePriv, AlterPriv, ExecutePriv, IndexPriv, CreateViewPriv, ShowViewPriv, TriggerPriv} 321 322 // AllTablePrivs is all the privileges in table scope. 323 var AllTablePrivs = Privileges{SelectPriv, InsertPriv, UpdatePriv, DeletePriv, CreatePriv, DropPriv, IndexPriv, ReferencesPriv, AlterPriv, CreateViewPriv, ShowViewPriv, TriggerPriv} 324 325 // AllColumnPrivs is all the privileges in column scope. 326 var AllColumnPrivs = Privileges{SelectPriv, InsertPriv, UpdatePriv, ReferencesPriv} 327 328 // StaticGlobalOnlyPrivs is all the privileges only in global scope and different from dynamic privileges. 329 var StaticGlobalOnlyPrivs = Privileges{ProcessPriv, ShowDBPriv, SuperPriv, CreateUserPriv, CreateTablespacePriv, ShutdownPriv, ReloadPriv, FilePriv, ReplicationClientPriv, ReplicationSlavePriv, ConfigPriv}