MySQL 9.1.0
Source Code Documentation
auth_acls.h File Reference
#include <cstdint>
#include <string>
#include <unordered_map>
#include <vector>

Go to the source code of this file.

Macros

#define NUM_ACLS   31
 
#define SELECT_ACL   ((Access_bitmask)1 << 0)
 
#define INSERT_ACL   ((Access_bitmask)1 << 1)
 
#define UPDATE_ACL   ((Access_bitmask)1 << 2)
 
#define DELETE_ACL   ((Access_bitmask)1 << 3)
 
#define CREATE_ACL   ((Access_bitmask)1 << 4)
 
#define DROP_ACL   ((Access_bitmask)1 << 5)
 
#define RELOAD_ACL   ((Access_bitmask)1 << 6)
 
#define SHUTDOWN_ACL   ((Access_bitmask)1 << 7)
 
#define PROCESS_ACL   ((Access_bitmask)1 << 8)
 
#define FILE_ACL   ((Access_bitmask)1 << 9)
 
#define GRANT_ACL   ((Access_bitmask)1 << 10)
 Set to true by both GRANT GRANT OPTION ... TO ... and GRANT ... TO ... WITH GRANT OPTION. More...
 
#define REFERENCES_ACL   ((Access_bitmask)1 << 11)
 
#define INDEX_ACL   ((Access_bitmask)1 << 12)
 
#define ALTER_ACL   ((Access_bitmask)1 << 13)
 
#define SHOW_DB_ACL   ((Access_bitmask)1 << 14)
 
#define SUPER_ACL   ((Access_bitmask)1 << 15)
 
#define CREATE_TMP_ACL   ((Access_bitmask)1 << 16)
 
#define LOCK_TABLES_ACL   ((Access_bitmask)1 << 17)
 
#define EXECUTE_ACL   ((Access_bitmask)1 << 18)
 
#define REPL_SLAVE_ACL   ((Access_bitmask)1 << 19)
 
#define REPL_CLIENT_ACL   ((Access_bitmask)1 << 20)
 
#define CREATE_VIEW_ACL   ((Access_bitmask)1 << 21)
 
#define SHOW_VIEW_ACL   ((Access_bitmask)1 << 22)
 
#define CREATE_PROC_ACL   ((Access_bitmask)1 << 23)
 
#define ALTER_PROC_ACL   ((Access_bitmask)1 << 24)
 
#define CREATE_USER_ACL   ((Access_bitmask)1 << 25)
 
#define EVENT_ACL   ((Access_bitmask)1 << 26)
 
#define TRIGGER_ACL   ((Access_bitmask)1 << 27)
 
#define CREATE_TABLESPACE_ACL   ((Access_bitmask)1 << 28)
 
#define CREATE_ROLE_ACL   ((Access_bitmask)1 << 29)
 
#define DROP_ROLE_ACL   ((Access_bitmask)1 << 30)
 
#define NO_ACCESS   ((Access_bitmask)1 << NUM_ACLS)
 
#define ALL_ACCESS   (NO_ACCESS - 1)
 
#define DB_OP_ACLS
 Privileges to perform database related operations. More...
 
#define TABLE_OP_ACLS
 Privileges to perform table related operations. More...
 
#define PROC_OP_ACLS   (ALTER_PROC_ACL | EXECUTE_ACL)
 Privileges to modify or execute stored procedures. More...
 
#define DB_ACLS   (DB_OP_ACLS | GRANT_ACL)
 Represents all privileges which could be granted to users at DB-level. More...
 
#define TABLE_ACLS   (TABLE_OP_ACLS | GRANT_ACL)
 Represents all privileges which could be granted to users at table-level. More...
 
#define COL_ACLS   (SELECT_ACL | INSERT_ACL | UPDATE_ACL | REFERENCES_ACL)
 Represents all privileges which could be granted to users at column-level. More...
 
#define PROC_ACLS   (PROC_OP_ACLS | GRANT_ACL)
 Represents all privileges which could be granted to users for stored procedures. More...
 
#define SHOW_PROC_ACLS   (PROC_OP_ACLS | CREATE_PROC_ACL)
 Represents all privileges which are required to show the stored procedure. More...
 
#define GLOBAL_ACLS
 Represents all privileges which could be granted to users globally. More...
 
#define DEFAULT_CREATE_PROC_ACLS   (ALTER_PROC_ACL | EXECUTE_ACL)
 
#define TMP_TABLE_ACLS
 Table-level privileges which are automatically "granted" to everyone on existing temporary tables (CREATE_ACL is necessary for ALTER ... RENAME). More...
 
#define DB_CHUNK0    (SELECT_ACL | INSERT_ACL | UPDATE_ACL | DELETE_ACL | CREATE_ACL | DROP_ACL)
 
#define DB_CHUNK1   (GRANT_ACL | REFERENCES_ACL | INDEX_ACL | ALTER_ACL)
 
#define DB_CHUNK2   (CREATE_TMP_ACL | LOCK_TABLES_ACL)
 
#define DB_CHUNK3    (CREATE_VIEW_ACL | SHOW_VIEW_ACL | CREATE_PROC_ACL | ALTER_PROC_ACL)
 
#define DB_CHUNK4   (EXECUTE_ACL)
 
#define DB_CHUNK5   (EVENT_ACL | TRIGGER_ACL)
 
#define fix_rights_for_db(A)
 
#define get_rights_for_db(A)
 
#define TBL_CHUNK0   DB_CHUNK0
 
#define TBL_CHUNK1   DB_CHUNK1
 
#define TBL_CHUNK2   (CREATE_VIEW_ACL | SHOW_VIEW_ACL)
 
#define TBL_CHUNK3   TRIGGER_ACL
 
#define fix_rights_for_table(A)
 
#define get_rights_for_table(A)
 
#define fix_rights_for_column(A)   (((A)&7) | (((A) & ~7) << 8))
 
#define get_rights_for_column(A)   (((A)&7) | ((A) >> 8))
 
#define fix_rights_for_procedure(A)
 
#define get_rights_for_procedure(A)
 

Typedefs

typedef uint32_t Access_bitmask
 

Variables

const std::vector< std::string > global_acls_vector
 Consts for static privileges. More...
 
const std::unordered_map< std::string, int > global_acls_map
 Bitmap offsets for static privileges. More...
 

Macro Definition Documentation

◆ ALL_ACCESS

#define ALL_ACCESS   (NO_ACCESS - 1)

◆ ALTER_ACL

#define ALTER_ACL   ((Access_bitmask)1 << 13)

◆ ALTER_PROC_ACL

#define ALTER_PROC_ACL   ((Access_bitmask)1 << 24)

◆ COL_ACLS

#define COL_ACLS   (SELECT_ACL | INSERT_ACL | UPDATE_ACL | REFERENCES_ACL)

Represents all privileges which could be granted to users at column-level.

It essentially represents all the privileges present in the columns_priv table.

◆ CREATE_ACL

#define CREATE_ACL   ((Access_bitmask)1 << 4)

◆ CREATE_PROC_ACL

#define CREATE_PROC_ACL   ((Access_bitmask)1 << 23)

◆ CREATE_ROLE_ACL

#define CREATE_ROLE_ACL   ((Access_bitmask)1 << 29)

◆ CREATE_TABLESPACE_ACL

#define CREATE_TABLESPACE_ACL   ((Access_bitmask)1 << 28)

◆ CREATE_TMP_ACL

#define CREATE_TMP_ACL   ((Access_bitmask)1 << 16)

◆ CREATE_USER_ACL

#define CREATE_USER_ACL   ((Access_bitmask)1 << 25)

◆ CREATE_VIEW_ACL

#define CREATE_VIEW_ACL   ((Access_bitmask)1 << 21)

◆ DB_ACLS

#define DB_ACLS   (DB_OP_ACLS | GRANT_ACL)

Represents all privileges which could be granted to users at DB-level.

It essentially represents all the privileges present in the mysql.db table.

◆ DB_CHUNK0

#define DB_CHUNK0    (SELECT_ACL | INSERT_ACL | UPDATE_ACL | DELETE_ACL | CREATE_ACL | DROP_ACL)

◆ DB_CHUNK1

#define DB_CHUNK1   (GRANT_ACL | REFERENCES_ACL | INDEX_ACL | ALTER_ACL)

◆ DB_CHUNK2

#define DB_CHUNK2   (CREATE_TMP_ACL | LOCK_TABLES_ACL)

◆ DB_CHUNK3

◆ DB_CHUNK4

#define DB_CHUNK4   (EXECUTE_ACL)

◆ DB_CHUNK5

#define DB_CHUNK5   (EVENT_ACL | TRIGGER_ACL)

◆ DB_OP_ACLS

#define DB_OP_ACLS
Value:
ALTER_PROC_ACL | EVENT_ACL | TRIGGER_ACL)
#define CREATE_PROC_ACL
Definition: auth_acls.h:77
#define ALTER_ACL
Definition: auth_acls.h:67
#define DELETE_ACL
Definition: auth_acls.h:39
#define LOCK_TABLES_ACL
Definition: auth_acls.h:71
#define EVENT_ACL
Definition: auth_acls.h:80
#define UPDATE_ACL
Definition: auth_acls.h:38
#define CREATE_ACL
Definition: auth_acls.h:40
#define INSERT_ACL
Definition: auth_acls.h:37
#define DROP_ACL
Definition: auth_acls.h:41
#define INDEX_ACL
Definition: auth_acls.h:66
#define SELECT_ACL
Definition: auth_acls.h:36
#define SHOW_VIEW_ACL
Definition: auth_acls.h:76
#define CREATE_VIEW_ACL
Definition: auth_acls.h:75
#define CREATE_TMP_ACL
Definition: auth_acls.h:70
#define TRIGGER_ACL
Definition: auth_acls.h:81

Privileges to perform database related operations.

Use this macro over DB_ACLS unless there is real need to use additional privileges present in the DB_ACLS

◆ DEFAULT_CREATE_PROC_ACLS

#define DEFAULT_CREATE_PROC_ACLS   (ALTER_PROC_ACL | EXECUTE_ACL)

◆ DELETE_ACL

#define DELETE_ACL   ((Access_bitmask)1 << 3)

◆ DROP_ACL

#define DROP_ACL   ((Access_bitmask)1 << 5)

◆ DROP_ROLE_ACL

#define DROP_ROLE_ACL   ((Access_bitmask)1 << 30)

◆ EVENT_ACL

#define EVENT_ACL   ((Access_bitmask)1 << 26)

◆ EXECUTE_ACL

#define EXECUTE_ACL   ((Access_bitmask)1 << 18)

◆ FILE_ACL

#define FILE_ACL   ((Access_bitmask)1 << 9)

◆ fix_rights_for_column

#define fix_rights_for_column (   A)    (((A)&7) | (((A) & ~7) << 8))

◆ fix_rights_for_db

#define fix_rights_for_db (   A)
Value:
(((A)&DB_CHUNK0) | (((A) << 4) & DB_CHUNK1) | (((A) << 6) & DB_CHUNK2) | \
(((A) << 9) & DB_CHUNK3) | (((A) << 2) & DB_CHUNK4)) | \
(((A) << 9) & DB_CHUNK5)
#define DB_CHUNK0
Definition: auth_acls.h:186
#define DB_CHUNK2
Definition: auth_acls.h:189
#define DB_CHUNK5
Definition: auth_acls.h:193
#define DB_CHUNK1
Definition: auth_acls.h:188
#define DB_CHUNK4
Definition: auth_acls.h:192
#define DB_CHUNK3
Definition: auth_acls.h:190

◆ fix_rights_for_procedure

#define fix_rights_for_procedure (   A)
Value:
((((A) << 18) & EXECUTE_ACL) | (((A) << 23) & ALTER_PROC_ACL) | \
(((A) << 8) & GRANT_ACL))
#define GRANT_ACL
Set to true by both GRANT GRANT OPTION ... TO ... and GRANT ... TO ... WITH GRANT OPTION.
Definition: auth_acls.h:64
#define ALTER_PROC_ACL
Definition: auth_acls.h:78
#define EXECUTE_ACL
Definition: auth_acls.h:72

◆ fix_rights_for_table

#define fix_rights_for_table (   A)
Value:
(((A)&TBL_CHUNK0) | (((A) << 4) & TBL_CHUNK1) | (((A) << 11) & TBL_CHUNK2) | \
(((A) << 15) & TBL_CHUNK3))
#define TBL_CHUNK1
Definition: auth_acls.h:204
#define TBL_CHUNK0
Definition: auth_acls.h:203
#define TBL_CHUNK2
Definition: auth_acls.h:205
#define TBL_CHUNK3
Definition: auth_acls.h:206

◆ get_rights_for_column

#define get_rights_for_column (   A)    (((A)&7) | ((A) >> 8))

◆ get_rights_for_db

#define get_rights_for_db (   A)
Value:
(((A)&DB_CHUNK0) | (((A)&DB_CHUNK1) >> 4) | (((A)&DB_CHUNK2) >> 6) | \
(((A)&DB_CHUNK3) >> 9) | (((A)&DB_CHUNK4) >> 2)) | \
(((A)&DB_CHUNK5) >> 9)

◆ get_rights_for_procedure

#define get_rights_for_procedure (   A)
Value:
((((A)&EXECUTE_ACL) >> 18) | (((A)&ALTER_PROC_ACL) >> 23) | \
(((A)&GRANT_ACL) >> 8))

◆ get_rights_for_table

#define get_rights_for_table (   A)
Value:
(((A)&TBL_CHUNK0) | (((A)&TBL_CHUNK1) >> 4) | (((A)&TBL_CHUNK2) >> 11) | \
(((A)&TBL_CHUNK3) >> 15))

◆ GLOBAL_ACLS

#define GLOBAL_ACLS
Value:
RELOAD_ACL | SHUTDOWN_ACL | PROCESS_ACL | FILE_ACL | GRANT_ACL | \
REFERENCES_ACL | INDEX_ACL | ALTER_ACL | SHOW_DB_ACL | SUPER_ACL | \
ALTER_PROC_ACL | CREATE_USER_ACL | EVENT_ACL | TRIGGER_ACL | \
CREATE_TABLESPACE_ACL | CREATE_ROLE_ACL | DROP_ROLE_ACL)
#define FILE_ACL
Definition: auth_acls.h:45
#define REPL_CLIENT_ACL
Definition: auth_acls.h:74
#define SHOW_DB_ACL
Definition: auth_acls.h:68
#define SHUTDOWN_ACL
Definition: auth_acls.h:43
#define DROP_ROLE_ACL
Definition: auth_acls.h:84
#define CREATE_USER_ACL
Definition: auth_acls.h:79
#define SUPER_ACL
Definition: auth_acls.h:69
#define PROCESS_ACL
Definition: auth_acls.h:44
#define CREATE_ROLE_ACL
Definition: auth_acls.h:83
#define REPL_SLAVE_ACL
Definition: auth_acls.h:73

Represents all privileges which could be granted to users globally.

It essentially represents all the privileges present in the mysql.user table

◆ GRANT_ACL

#define GRANT_ACL   ((Access_bitmask)1 << 10)

Set to true by both GRANT GRANT OPTION ... TO ... and GRANT ... TO ... WITH GRANT OPTION.

Stored into the relevant column in the priv tables for static privileges. And into the the GRANT_OPTION column for dynamic privilege grants. Note that, once granted GRANT_OPTION applies to all static privs on the same level, i.e. the following: GRANT SELECT ON *.* TO foo; GRANT INSERT ON *.* TO foo WITH GRANT OPTION; is equivalent to: GRANT SELECT,INSERT ON *.* TO foo WITH GRANT OPTION; And is also equivalent to GRANT SELECT,INSERT, GRANT OPTION ON *.* TO foo;

See also
LEX::grant_privilege

◆ INDEX_ACL

#define INDEX_ACL   ((Access_bitmask)1 << 12)

◆ INSERT_ACL

#define INSERT_ACL   ((Access_bitmask)1 << 1)

◆ LOCK_TABLES_ACL

#define LOCK_TABLES_ACL   ((Access_bitmask)1 << 17)

◆ NO_ACCESS

#define NO_ACCESS   ((Access_bitmask)1 << NUM_ACLS)

◆ NUM_ACLS

#define NUM_ACLS   31

◆ PROC_ACLS

#define PROC_ACLS   (PROC_OP_ACLS | GRANT_ACL)

Represents all privileges which could be granted to users for stored procedures.

It essentially represents all the privileges present in the mysql.procs_priv table.

◆ PROC_OP_ACLS

#define PROC_OP_ACLS   (ALTER_PROC_ACL | EXECUTE_ACL)

Privileges to modify or execute stored procedures.

Use this macro over PROC_ACLS unless there is real need to use additional privileges present in the PROC_ACLS

◆ PROCESS_ACL

#define PROCESS_ACL   ((Access_bitmask)1 << 8)

◆ REFERENCES_ACL

#define REFERENCES_ACL   ((Access_bitmask)1 << 11)

◆ RELOAD_ACL

#define RELOAD_ACL   ((Access_bitmask)1 << 6)

◆ REPL_CLIENT_ACL

#define REPL_CLIENT_ACL   ((Access_bitmask)1 << 20)

◆ REPL_SLAVE_ACL

#define REPL_SLAVE_ACL   ((Access_bitmask)1 << 19)

◆ SELECT_ACL

#define SELECT_ACL   ((Access_bitmask)1 << 0)

◆ SHOW_DB_ACL

#define SHOW_DB_ACL   ((Access_bitmask)1 << 14)

◆ SHOW_PROC_ACLS

#define SHOW_PROC_ACLS   (PROC_OP_ACLS | CREATE_PROC_ACL)

Represents all privileges which are required to show the stored procedure.

◆ SHOW_VIEW_ACL

#define SHOW_VIEW_ACL   ((Access_bitmask)1 << 22)

◆ SHUTDOWN_ACL

#define SHUTDOWN_ACL   ((Access_bitmask)1 << 7)

◆ SUPER_ACL

#define SUPER_ACL   ((Access_bitmask)1 << 15)

◆ TABLE_ACLS

#define TABLE_ACLS   (TABLE_OP_ACLS | GRANT_ACL)

Represents all privileges which could be granted to users at table-level.

It essentially represents all the privileges present in the mysql.tables_priv table.

◆ TABLE_OP_ACLS

#define TABLE_OP_ACLS
Value:

Privileges to perform table related operations.

Use this macro over TABLE_ACLS unless there is real need to use additional privileges present in the DB_ACLS

◆ TBL_CHUNK0

#define TBL_CHUNK0   DB_CHUNK0

◆ TBL_CHUNK1

#define TBL_CHUNK1   DB_CHUNK1

◆ TBL_CHUNK2

#define TBL_CHUNK2   (CREATE_VIEW_ACL | SHOW_VIEW_ACL)

◆ TBL_CHUNK3

#define TBL_CHUNK3   TRIGGER_ACL

◆ TMP_TABLE_ACLS

#define TMP_TABLE_ACLS
Value:

Table-level privileges which are automatically "granted" to everyone on existing temporary tables (CREATE_ACL is necessary for ALTER ... RENAME).

◆ TRIGGER_ACL

#define TRIGGER_ACL   ((Access_bitmask)1 << 27)

◆ UPDATE_ACL

#define UPDATE_ACL   ((Access_bitmask)1 << 2)

Typedef Documentation

◆ Access_bitmask

typedef uint32_t Access_bitmask

Variable Documentation

◆ global_acls_map

const std::unordered_map<std::string, int> global_acls_map
extern

Bitmap offsets for static privileges.

◆ global_acls_vector

const std::vector<std::string> global_acls_vector
extern

Consts for static privileges.