Skip to content

session: set sql security of tidb_mdl_view to 'invoker' (#53265) #54941

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Aug 5, 2024
Merged

session: set sql security of tidb_mdl_view to 'invoker' (#53265) #54941

merged 1 commit into from
Aug 5, 2024

Conversation

ti-chi-bot
Copy link
Member

This is an automated cherry-pick of #53265

What problem does this PR solve?

Issue Number: close #53292

Problem Summary:

See #53292 (comment)

What changed and how does it work?

  • Change view's sql security from definer to invoker. Make users querying tidb_mdl_view responsible for passing permission checks.

Check List

Tests

  • Unit test
  • Integration test
  • Manual test (add detailed scripts or steps below)
  • No need to test
    • I checked and no code files have been changed.

Side effects

  • Performance regression: Consumes more CPU
  • Performance regression: Consumes more Memory
  • Breaking backward compatibility

Documentation

  • Affects user behaviors
  • Contains syntax changes
  • Contains variable changes
  • Contains experimental features
  • Changes MySQL compatibility

Release note

Please refer to Release Notes Language Style Guide to write a quality release note.

None

@ti-chi-bot ti-chi-bot added release-note-none Denotes a PR that doesn't merit a release note. size/S Denotes a PR that changes 10-29 lines, ignoring generated files. type/cherry-pick-for-release-8.1 This PR is cherry-picked to release-8.1 from a source PR. labels Jul 26, 2024
@ti-chi-bot ti-chi-bot mentioned this pull request Jul 26, 2024
Merged
13 tasks
@ti-chi-bot ti-chi-bot added cherry-pick-approved Cherry pick PR approved by release team. labels Jul 26, 2024
@tangenta
Copy link
Contributor

tangenta commented Aug 5, 2024

/retest

@ti-chi-bot ti-chi-bot bot added the needs-1-more-lgtm Indicates a PR needs 1 more LGTM. label Aug 5, 2024
@codecov Codecov
Copy link

codecov bot commented Aug 5, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Please upload report for BASE (release-8.1@42b624c). Learn more about missing BASE report.

Additional details and impacted files 
@@               Coverage Diff                @@
##             release-8.1     #54941   +/-   ##
================================================
  Coverage               ?   71.2394%           
================================================
  Files                  ?       1465           
  Lines                  ?     422836           
  Branches               ?          0           
================================================
  Hits                   ?     301226           
  Misses                 ?     101140           
  Partials               ?      20470
Flag Coverage Δ
unit 71.2394% <ø> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

Components Coverage Δ
dumpling 57.8032% <0.0000%> (?)
parser ∅ <0.0000%> (?)
br 41.3332% <0.0000%> (?)

@ti-chi-bot ti-chi-bot bot added lgtm and removed needs-1-more-lgtm Indicates a PR needs 1 more LGTM. labels Aug 5, 2024
@ti-chi-bot ti-chi-bot
Copy link

ti-chi-bot bot commented Aug 5, 2024

[LGTM Timeline notifier]

Timeline:

  • 2024-08-05 04:30:52.472780697 +0000 UTC m=+239982.339879782: ☑️ agreed by tangenta.
  • 2024-08-05 05:58:55.310447814 +0000 UTC m=+245265.177546902: ☑️ agreed by lcwangchao.

@easonn7
Copy link

easonn7 commented Aug 5, 2024

/approve

@ti-chi-bot ti-chi-bot bot added the approved label Aug 5, 2024
@ti-chi-bot ti-chi-bot
Copy link

ti-chi-bot bot commented Aug 5, 2024

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: easonn7, lcwangchao, tangenta, wjhuang2016

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@tangenta
Copy link
Contributor

tangenta commented Aug 5, 2024

/retest

@ti-chi-bot ti-chi-bot bot merged commit a50ef21 into pingcap:release-8.1 Aug 5, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lcwangchao lcwangchao lcwangchao approved these changes

@wjhuang2016 wjhuang2016 wjhuang2016 approved these changes

@tangenta tangenta tangenta approved these changes

Assignees

@tangenta tangenta

Labels
approved cherry-pick-approved Cherry pick PR approved by release team. lgtm release-note-none Denotes a PR that doesn't merit a release note. size/S Denotes a PR that changes 10-29 lines, ignoring generated files. type/cherry-pick-for-release-8.1 This PR is cherry-picked to release-8.1 from a source PR.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@ti-chi-bot @tangenta @easonn7 @lcwangchao @wjhuang2016