MySQL 8.0.30
Source Code Documentation
partial_revokes.h
Go to the documentation of this file.
1/* Copyright (c) 2018, 2022, Oracle and/or its affiliates.
2
3This program is free software; you can redistribute it and/or modify
4it under the terms of the GNU General Public License, version 2.0,
5as published by the Free Software Foundation.
6
7This program is also distributed with certain software (including
8but not limited to OpenSSL) that is licensed under separate terms,
9as designated in a particular file or component or in included license
10documentation. The authors of MySQL hereby grant you an additional
11permission to link the program and your derivative works with the
12separately licensed software that they have included with MySQL.
13
14This program is distributed in the hope that it will be useful,
15but WITHOUT ANY WARRANTY; without even the implied warranty of
16MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17GNU General Public License, version 2.0, for more details.
18
19You should have received a copy of the GNU General Public License
20along with this program; if not, write to the Free Software
21Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
22
23#ifndef PARTIAL_REVOKES_INCLUDED
24#define PARTIAL_REVOKES_INCLUDED
25
26#include <map>
27#include <memory>
28#include <set>
29#include <unordered_map>
30
31#include "map_helpers.h"
32#include "memory_debugging.h"
33#include "my_inttypes.h"
34#include "my_sqlcommand.h"
37
38// Forward declarations
39class THD;
40class ACL_USER;
41class Json_array;
42class Json_object;
44
45// Alias declarations
46using db_revocations = std::unordered_map<std::string, ulong>;
47using Db_access_map = std::map<std::string, unsigned long>;
48
49/**
50 Abstract class for ACL restrictions.
51*/
53 public:
56 virtual bool is_empty() const = 0;
57 virtual size_t size() const = 0;
58 virtual void clear() = 0;
59};
60
61/**
62 DB Restrictions representation in memory.
63 It uses memroot based, collation aware map to store
64 (<dbname>, <restricted_access>) mapping.
65
66 Each object created in the MEM_ROOT has to be destroyed manually.
67 It will be the client's responsibility that create the objects.
68
69 It also provides functions to:
70 - Manage DB restrictions
71 - Status functions
72 - Transformation of in memory db restrictions
73*/
75 public:
77 ~DB_restrictions() override;
78
80 DB_restrictions(const DB_restrictions &restrictions);
81 DB_restrictions(DB_restrictions &&restrictions) = delete;
82 DB_restrictions &operator=(const DB_restrictions &restrictions);
84 bool operator==(const DB_restrictions &restrictions) const;
85 void add(const std::string &db_name, const ulong revoke_privs);
86 void add(const DB_restrictions &restrictions);
87 bool add(const Json_object &json_object);
88
89 void remove(const std::string &db_name, const ulong revoke_privs);
90 void remove(const ulong revoke_privs);
91
92 bool find(const std::string &db_name, ulong &access) const;
93 bool is_empty() const override;
94 bool is_not_empty() const;
95 size_t size() const override;
96 void clear() override;
97 void get_as_json(Json_array &restrictions_array) const;
98 const db_revocations &get() const { return m_restrictions; }
99 bool has_more_restrictions(const DB_restrictions &, ulong) const;
100
101 private:
103 void remove(const ulong remove_restrictions,
104 ulong &restrictions_mask) const noexcept;
105
106 private:
107 /** Database restrictions */
109};
110
111/**
112 Container of all restrictions for a given user.
113
114 Each object created in the MEM_ROOT has to be destroyed manually.
115 It will be the client's responsibility that create the objects.
116*/
118 public:
119 explicit Restrictions();
120
121 Restrictions(const Restrictions &) = default;
125 bool has_more_db_restrictions(const Restrictions &, ulong);
126
128
129 const DB_restrictions &db() const;
130 void set_db(const DB_restrictions &db_restrictions);
131 void clear_db();
132 bool is_empty() const;
133
134 private:
135 /** Database restrictions */
137};
138
139/**
140 Factory class that solely creates an object of type Restrictions_aggregator.
141
142 - The concrete implementations of Restrictions_aggregator cannot be created
143 directly since their constructors are private. This class is declared as
144 friend in those concrete implementations.
145 - It also records the CURRENT_USER in the binlog so that partial_revokes can
146 be executed on the replica with context of current user
147*/
149 public:
150 static std::unique_ptr<Restrictions_aggregator> create(
151 THD *thd, const ACL_USER *acl_user, const char *db, const ulong rights,
152 bool is_grant_revoke_all_on_db);
153
154 static std::unique_ptr<Restrictions_aggregator> create(
155 const Auth_id &grantor, const Auth_id &grantee,
156 const ulong grantor_access, const ulong grantee_access,
157 const DB_restrictions &grantor_restrictions,
158 const DB_restrictions &grantee_restrictions, const ulong required_access,
159 Db_access_map *db_map);
160
161 private:
162 static Auth_id fetch_grantor(const Security_context *sctx);
163 static Auth_id fetch_grantee(const ACL_USER *acl_user);
164 static ulong fetch_grantor_db_access(THD *thd, const char *db);
165 static ulong fetch_grantee_db_access(THD *thd, const ACL_USER *acl_user,
166 const char *db);
167 static void fetch_grantor_access(const Security_context *sctx, const char *db,
168 ulong &global_access,
169 Restrictions &restrictions);
170 static void fetch_grantee_access(const ACL_USER *grantee, ulong &access,
171 Restrictions &restrictions);
172};
173
174/**
175 Base class to perform aggregation of two restriction lists
176
177 Aggregation is required if all of the following requirements are met:
178 1. Partial revocation feature is enabled
179 2. GRANT/REVOKE operation
180 3. Either grantor or grantee or both have restrictions associated with them
181
182 Task of the aggregator is to evaluate updates required for grantee's
183 restriction. Based on restrictions associated with grantor/grantee:
184 A. Add additional restrictions
185 E.g. - GRANT of a new privileges by a grantor who has restrictions for
186 privileges being granted
187 - Creation of restrictions through REVOKE
188 B. Remove some restrictions
189 E.g. - GRANT of existing privileges by a grantor without restrictions
190 - REVOKE of existing privileges
191
192*/
194 public:
196
197 /* interface methods which derived classes have to implement */
198 virtual bool generate(Abstract_restrictions &restrictions) = 0;
199 virtual bool find_if_require_next_level_operation(ulong &rights) const = 0;
200
201 protected:
202 Restrictions_aggregator(const Auth_id &grantor, const Auth_id grantee,
203 const ulong grantor_global_access,
204 const ulong grantee_global_access,
205 const ulong requested_access);
210
212
213 /** Grantor information */
215
216 /** Grantee information */
218
219 /** Global static privileges of grantor */
221
222 /** Global static privileges of grantee */
224
225 /** Privileges that are being granted or revoked */
227
228 /** Internal status of aggregation process */
230};
231
232/**
233 Restriction aggregator for database restrictions.
234 An umbrella class to cover common methods.
235 This is ultimately used for privilege aggregation
236 in case of GRANT/REVOKE of database level privileges.
237*/
239 public:
240 bool generate(Abstract_restrictions &restrictions) override;
241
242 protected:
244 DB_restrictions_aggregator(const Auth_id &grantor, const Auth_id grantee,
245 const ulong grantor_global_access,
246 const ulong grantee_global_access,
247 const DB_restrictions &grantor_restrictions,
248 const DB_restrictions &grantee_restrictions,
249 const ulong requested_access,
250 const Security_context *sctx);
251 bool find_if_require_next_level_operation(ulong &rights) const override;
252
253 /* Helper methods and members for derived classes */
254
256 const ulong grantee_db_access, const ulong grantee_restrictions,
257 const std::string &db_name) noexcept;
258 void set_if_db_level_operation(const ulong requested_access,
259 const ulong restrictions_mask) noexcept;
260 enum class SQL_OP { SET_ROLE, GLOBAL_GRANT };
261 void aggregate_restrictions(SQL_OP sql_op, const Db_access_map *m_db_map,
262 DB_restrictions &restrictions);
263 ulong get_grantee_db_access(const std::string &db_name) const;
264 void get_grantee_db_access(const std::string &db_name, ulong &access) const;
265
266 /** Privileges that needs to be checked further through DB grants */
268
269 /** Database restrictions for grantor */
271
272 /** Database restrictions for grantee */
274
275 /** Security context of the current user */
277
278 private:
279 virtual Status validate() = 0;
280 virtual void aggregate(DB_restrictions &restrictions) = 0;
281};
282
283/**
284 Database restriction aggregator for SET ROLE statement.
285*/
289 const Auth_id &grantor, const Auth_id grantee,
290 const ulong grantor_global_access, const ulong grantee_global_access,
291 const DB_restrictions &grantor_restrictions,
292 const DB_restrictions &grantee_restrictions, const ulong requested_access,
293 Db_access_map *db_map);
294
295 Status validate() override;
296 void aggregate(DB_restrictions &db_restrictions) override;
298
299 private:
301};
302
303/**
304 Restriction aggregator for GRANT statement for GLOBAL privileges.
305*/
309 const Auth_id &grantor, const Auth_id grantee,
310 const ulong grantor_global_access, const ulong grantee_global_access,
311 const DB_restrictions &grantor_restrictions,
312 const DB_restrictions &grantee_restrictions, const ulong requested_access,
313 const Security_context *sctx);
314
315 Status validate() override;
316 void aggregate(DB_restrictions &restrictions) override;
318};
319
322 protected:
324 const Auth_id &grantor, const Auth_id grantee,
325 const ulong grantor_global_access, const ulong grantee_global_access,
326 const DB_restrictions &grantor_restrictions,
327 const DB_restrictions &grantee_restrictions, const ulong requested_access,
328 const Security_context *sctx);
330
331 private:
332 Status validate() override;
333 void aggregate(DB_restrictions &restrictions) override;
335};
336
337/**
338 Restriction aggregator for REVOKE statement over GLOBAL privileges.
339*/
343 const Auth_id &grantor, const Auth_id grantee,
344 const ulong grantor_global_access, const ulong grantee_global_access,
345 const DB_restrictions &grantor_restrictions,
346 const DB_restrictions &grantee_restrictions, const ulong requested_access,
347 const Security_context *sctx);
348 Status validate() override;
349 void aggregate(DB_restrictions &restrictions) override;
351};
352
353/**
354 Restriction aggregator for GRANT statement over database privileges.
355*/
359 const Auth_id &grantor, const Auth_id grantee,
360 const ulong grantor_global_access, const ulong grantee_global_access,
361 const ulong grantor_db_access, const ulong grantee_db_access,
362 const DB_restrictions &grantor_restrictions,
363 const DB_restrictions &grantee_restrictions, const ulong requested_access,
364 bool is_grant_all, const std::string &db_name,
365 const Security_context *sctx);
366
367 void aggregate(DB_restrictions &restrictions) override;
368 Status validate() override;
369
370 /** Aggregator needs to access class members */
372
373 /** Grantor's database privileges */
375
376 /** Grantee's database privileges */
378
379 /** Flag for GRANT ALL ON <db>.* TO ... */
380 const bool m_is_grant_all;
381
382 /** Target database of GRANT */
383 const std::string m_db_name;
384};
385
386/**
387 Restriction aggregator for REVOKE statement for database privileges.
388*/
392 const Auth_id &grantor, const Auth_id grantee,
393 const ulong grantor_global_access, const ulong grantee_global_access,
394 const ulong grantor_db_access, const ulong grantee_db_access,
395 const DB_restrictions &grantor_restrictions,
396 const DB_restrictions &grantee_restrictions, const ulong requested_access,
397 bool is_revoke_all, const std::string &db_name,
398 const Security_context *sctx);
399
400 void aggregate(DB_restrictions &restrictions) override;
401 Status validate() override;
402
403 /** Aggregator needs to access class members */
405
406 /** Grantor's database privileges */
408
409 /** Grantee's database privileges */
411
412 /** Flag for GRANT ALL ON <db>.* TO ... */
413 const bool m_is_revoke_all;
414
415 /** Target database of REVOKE */
416 const std::string m_db_name;
417};
418
419#endif /* PARTIAL_REVOKES_INCLUDED */
std::map< std::string, unsigned long > Db_access_map
Definition: auth_internal.h:65
Definition: sql_auth_cache.h:245
Abstract class for ACL restrictions.
Definition: partial_revokes.h:52
virtual bool is_empty() const =0
virtual void clear()=0
virtual ~Abstract_restrictions()
Abstract restriction destructor.
virtual size_t size() const =0
Abstract_restrictions()
Abstract restriction constructor.
Storage container for default auth ids.
Definition: auth_common.h:1063
Restriction aggregator for GRANT statement over database privileges.
Definition: partial_revokes.h:357
Status validate() override
Validation function for database level grant statement.
Definition: partial_revokes.cc:1278
const std::string m_db_name
Target database of GRANT.
Definition: partial_revokes.h:383
void aggregate(DB_restrictions &restrictions) override
Aggregate restriction lists.
Definition: partial_revokes.cc:1308
const ulong m_grantor_db_access
Grantor's database privileges.
Definition: partial_revokes.h:374
const ulong m_grantee_db_access
Grantee's database privileges.
Definition: partial_revokes.h:377
DB_restrictions_aggregator_db_grant(const Auth_id &grantor, const Auth_id grantee, const ulong grantor_global_access, const ulong grantee_global_access, const ulong grantor_db_access, const ulong grantee_db_access, const DB_restrictions &grantor_restrictions, const DB_restrictions &grantee_restrictions, const ulong requested_access, bool is_grant_all, const std::string &db_name, const Security_context *sctx)
Constructor.
Definition: partial_revokes.cc:1259
const bool m_is_grant_all
Flag for GRANT ALL ON <db>.
Definition: partial_revokes.h:380
Restriction aggregator for REVOKE statement for database privileges.
Definition: partial_revokes.h:390
const ulong m_grantee_db_access
Grantee's database privileges.
Definition: partial_revokes.h:410
Status validate() override
Validation function for database level revoke statement.
Definition: partial_revokes.cc:1375
const ulong m_grantor_db_access
Grantor's database privileges.
Definition: partial_revokes.h:407
const std::string m_db_name
Target database of REVOKE.
Definition: partial_revokes.h:416
void aggregate(DB_restrictions &restrictions) override
Aggregate restriction lists.
Definition: partial_revokes.cc:1408
DB_restrictions_aggregator_db_revoke(const Auth_id &grantor, const Auth_id grantee, const ulong grantor_global_access, const ulong grantee_global_access, const ulong grantor_db_access, const ulong grantee_db_access, const DB_restrictions &grantor_restrictions, const DB_restrictions &grantee_restrictions, const ulong requested_access, bool is_revoke_all, const std::string &db_name, const Security_context *sctx)
Constructor.
Definition: partial_revokes.cc:1356
const bool m_is_revoke_all
Flag for GRANT ALL ON <db>.
Definition: partial_revokes.h:413
Restriction aggregator for GRANT statement for GLOBAL privileges.
Definition: partial_revokes.h:307
void aggregate(DB_restrictions &restrictions) override
Generates DB_restrictions based on the requested access, grantor and grantee's DB_restrictions in the...
Definition: partial_revokes.cc:1051
DB_restrictions_aggregator_global_grant(const Auth_id &grantor, const Auth_id grantee, const ulong grantor_global_access, const ulong grantee_global_access, const DB_restrictions &grantor_restrictions, const DB_restrictions &grantee_restrictions, const ulong requested_access, const Security_context *sctx)
DB_restrictions_aggregator_global_grant constructor.
Definition: partial_revokes.cc:989
Status validate() override
Evaluates the restrictions list of grantor and grantee, as well as requested privilege.
Definition: partial_revokes.cc:1012
Restriction aggregator for REVOKE statement over GLOBAL privileges.
Definition: partial_revokes.h:341
void aggregate(DB_restrictions &restrictions) override
Clear all the restrictions and changes the status of object to aggregated.
Definition: partial_revokes.cc:1236
Status validate() override
Validate restriction list for REVOKE ALL.
Definition: partial_revokes.cc:1209
DB_restrictions_aggregator_global_revoke_all(const Auth_id &grantor, const Auth_id grantee, const ulong grantor_global_access, const ulong grantee_global_access, const DB_restrictions &grantor_restrictions, const DB_restrictions &grantee_restrictions, const ulong requested_access, const Security_context *sctx)
DB_restrictions_aggregator_global_revoke_all constructor.
Definition: partial_revokes.cc:1196
Definition: partial_revokes.h:321
Status validate_if_grantee_rl_not_empty()
If grantee restrictions_list is not empty then check the following.
Definition: partial_revokes.cc:1152
DB_restrictions_aggregator_global_revoke(const Auth_id &grantor, const Auth_id grantee, const ulong grantor_global_access, const ulong grantee_global_access, const DB_restrictions &grantor_restrictions, const DB_restrictions &grantee_restrictions, const ulong requested_access, const Security_context *sctx)
DB_restrictions_aggregator_global_revoke constructor.
Definition: partial_revokes.cc:1071
Status validate() override
Evaluates the restrictions list of grantor and grantee, as well as requested privilege.
Definition: partial_revokes.cc:1093
void aggregate(DB_restrictions &restrictions) override
Definition: partial_revokes.cc:1128
Database restriction aggregator for SET ROLE statement.
Definition: partial_revokes.h:287
DB_restrictions_aggregator_set_role(const Auth_id &grantor, const Auth_id grantee, const ulong grantor_global_access, const ulong grantee_global_access, const DB_restrictions &grantor_restrictions, const DB_restrictions &grantee_restrictions, const ulong requested_access, Db_access_map *db_map)
DB_restrictions_aggregator_set_role constructor.
Definition: partial_revokes.cc:893
void aggregate(DB_restrictions &db_restrictions) override
Generates DB_restrictions based on the requested access, grantor and grantee's DB_restrictions in the...
Definition: partial_revokes.cc:942
Status validate() override
Evaluates the restrictions list of grantor and grantee, as well as requested privilege.
Definition: partial_revokes.cc:917
Db_access_map * m_db_map
Definition: partial_revokes.h:300
Restriction aggregator for database restrictions.
Definition: partial_revokes.h:238
void aggregate_restrictions(SQL_OP sql_op, const Db_access_map *m_db_map, DB_restrictions &restrictions)
A helper method that aggregates the restrictions for global_grant and set_role operations since both ...
Definition: partial_revokes.cc:732
bool find_if_require_next_level_operation(ulong &rights) const override
Get list of privileges that are not restricted through restriction list.
Definition: partial_revokes.cc:635
virtual Status validate()=0
void set_if_db_level_operation(const ulong requested_access, const ulong restrictions_mask) noexcept
Set privileges that needs to be processed further.
Definition: partial_revokes.cc:694
DB_restrictions m_grantee_rl
Database restrictions for grantee.
Definition: partial_revokes.h:273
DB_restrictions m_grantor_rl
Database restrictions for grantor.
Definition: partial_revokes.h:270
virtual void aggregate(DB_restrictions &restrictions)=0
const Security_context * m_sctx
Security context of the current user.
Definition: partial_revokes.h:276
bool check_db_access_and_restrictions_collision(const ulong grantee_db_access, const ulong grantee_restrictions, const std::string &db_name) noexcept
Check possible descrepancy between DB access being granted and existing restrictions.
Definition: partial_revokes.cc:669
ulong m_privs_not_processed
Privileges that needs to be checked further through DB grants.
Definition: partial_revokes.h:267
SQL_OP
Definition: partial_revokes.h:260
ulong get_grantee_db_access(const std::string &db_name) const
Fetches the grantee's DB access on the specified DB If security context of current user exists and ha...
Definition: partial_revokes.cc:849
bool generate(Abstract_restrictions &restrictions) override
Driver function to aggregate restriction lists.
Definition: partial_revokes.cc:612
DB_restrictions_aggregator(const Auth_id &grantor, const Auth_id grantee, const ulong grantor_global_access, const ulong grantee_global_access, const DB_restrictions &grantor_restrictions, const DB_restrictions &grantee_restrictions, const ulong requested_access, const Security_context *sctx)
Constructor for database level restrictions aggregator.
Definition: partial_revokes.cc:584
DB Restrictions representation in memory.
Definition: partial_revokes.h:74
const db_revocations & get() const
Definition: partial_revokes.h:98
bool has_more_restrictions(const DB_restrictions &, ulong) const
Compare is two restriction list for given privileges.
Definition: partial_revokes.cc:303
void get_as_json(Json_array &restrictions_array) const
Serializer.
Definition: partial_revokes.cc:277
void clear() override
Clear restriction list.
Definition: partial_revokes.cc:264
void remove(const std::string &db_name, const ulong revoke_privs)
Remove given set of privilegs for a database from restriction list.
Definition: partial_revokes.cc:195
size_t size() const override
Status function to get number of entries in restriction list.
Definition: partial_revokes.cc:261
db_revocations m_restrictions
Database restrictions.
Definition: partial_revokes.h:108
void add(const std::string &db_name, const ulong revoke_privs)
Add given privileges as restricted for the database.
Definition: partial_revokes.cc:114
DB_restrictions & operator=(const DB_restrictions &restrictions)
Assignment operator.
Definition: partial_revokes.cc:76
bool find(const std::string &db_name, ulong &access) const
Get restricted access information for given database.
Definition: partial_revokes.cc:245
bool is_empty() const override
Status function to check if restriction list is empty.
Definition: partial_revokes.cc:255
bool is_not_empty() const
Status function to check if restriction list is non-empty.
Definition: partial_revokes.cc:258
DB_restrictions()
DB Restrictions constructor.
Definition: partial_revokes.cc:57
DB_restrictions(DB_restrictions &&restrictions)=delete
db_revocations & db_restrictions()
Definition: partial_revokes.h:102
~DB_restrictions() override
Destructor.
Definition: partial_revokes.cc:69
db_revocations & operator()(void)
Definition: partial_revokes.h:79
bool operator==(const DB_restrictions &restrictions) const
Compare the two restrictions.
Definition: partial_revokes.cc:104
Represents a JSON array container, i.e.
Definition: json_dom.h:519
Represents a JSON container value of type "object" (ECMA), type J_OBJECT here.
Definition: json_dom.h:372
Factory class that solely creates an object of type Restrictions_aggregator.
Definition: partial_revokes.h:148
static void fetch_grantee_access(const ACL_USER *grantee, ulong &access, Restrictions &restrictions)
Definition: partial_revokes.cc:533
static ulong fetch_grantee_db_access(THD *thd, const ACL_USER *acl_user, const char *db)
Returns the privileges granted on the DB to the grantee.
Definition: partial_revokes.cc:510
static std::unique_ptr< Restrictions_aggregator > create(THD *thd, const ACL_USER *acl_user, const char *db, const ulong rights, bool is_grant_revoke_all_on_db)
A factory method that creates objects from Restrictions_aggregator hierarchy.
Definition: partial_revokes.cc:357
static ulong fetch_grantor_db_access(THD *thd, const char *db)
Returns the privileges granted on the DB to the grantor.
Definition: partial_revokes.cc:493
static Auth_id fetch_grantee(const ACL_USER *acl_user)
Returns the grantee's user name and host info.
Definition: partial_revokes.cc:475
static void fetch_grantor_access(const Security_context *sctx, const char *db, ulong &global_access, Restrictions &restrictions)
Returns the privileges and restrictions:
Definition: partial_revokes.cc:524
static Auth_id fetch_grantor(const Security_context *sctx)
Returns the grantor user name and host id.
Definition: partial_revokes.cc:458
Base class to perform aggregation of two restriction lists.
Definition: partial_revokes.h:193
Restrictions_aggregator(const Restrictions_aggregator &&)=delete
Restrictions_aggregator & operator=(const Restrictions_aggregator &)=delete
virtual ~Restrictions_aggregator()
Destructor.
const ulong m_grantor_global_access
Global static privileges of grantor.
Definition: partial_revokes.h:220
virtual bool find_if_require_next_level_operation(ulong &rights) const =0
const ulong m_grantee_global_access
Global static privileges of grantee.
Definition: partial_revokes.h:223
const ulong m_requested_access
Privileges that are being granted or revoked.
Definition: partial_revokes.h:226
Restrictions_aggregator(const Restrictions_aggregator &)=delete
Status m_status
Internal status of aggregation process.
Definition: partial_revokes.h:229
Restrictions_aggregator & operator=(const Restrictions_aggregator &&)=delete
virtual bool generate(Abstract_restrictions &restrictions)=0
Restrictions_aggregator(const Auth_id &grantor, const Auth_id grantee, const ulong grantor_global_access, const ulong grantee_global_access, const ulong requested_access)
Constructor.
Definition: partial_revokes.cc:550
const Auth_id m_grantee
Grantee information.
Definition: partial_revokes.h:217
const Auth_id m_grantor
Grantor information.
Definition: partial_revokes.h:214
Status
Definition: partial_revokes.h:211
Container of all restrictions for a given user.
Definition: partial_revokes.h:117
bool has_more_db_restrictions(const Restrictions &, ulong)
Definition: partial_revokes.cc:1468
Restrictions & operator=(const Restrictions &)
Assignment operator for Restrictions.
Definition: partial_revokes.cc:1452
void set_db(const DB_restrictions &db_restrictions)
Set given database restrictions.
Definition: partial_revokes.cc:1477
~Restrictions()
Destructor.
Definition: partial_revokes.cc:1443
Restrictions()
Constructor for Restrictions.
Definition: partial_revokes.cc:1440
void clear_db()
Clear database restrictions.
Definition: partial_revokes.cc:1482
const DB_restrictions & db() const
Get database restrictions.
Definition: partial_revokes.cc:1474
Restrictions(const Restrictions &)=default
DB_restrictions m_db_restrictions
Database restrictions.
Definition: partial_revokes.h:136
bool is_empty() const
Return if restrictions are empty or not.
Definition: partial_revokes.cc:1485
A set of THD members describing the current authenticated user.
Definition: sql_security_ctx.h:53
For each client connection we create a separate thread with THD serving as a thread/connection descri...
Definition: sql_class.h:922
Various macros useful for communicating with memory debuggers, such as Valgrind.
Some integer typedefs for easier portability.
const char * db_name
Definition: rules_table_service.cc:54
std::unordered_map< std::string, ulong > db_revocations
Definition: partial_revokes.h:46