Bug #31304 Privileges related to TABLESPACE undocumented and inconsitent
Submitted: 30 Sep 2007 15:30 Modified: 19 Nov 2008 17:19
Reporter: Peter Laursen (Basic Quality Contributor) Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: DDL Severity:S2 (Serious)
Version:6.0.2 OS:Windows
Assigned to: Alexander Nozdrin CPU Architecture:Any
Tags: qc

[30 Sep 2007 15:30] Peter Laursen 
Description:
Neither global CREATE, SUPER nor "ALL" privileges allow user to create a tablespace.

This seems very inconsistent with how MySQL privileges normally work.  I find no documetation either!

(I did not test DROP TABLESPACE, but would be surprised if not the situation is the same)

How to repeat:
-- In all the three cases listed here

show grants;
-- GRANT CREATE ON *.* TO 'tblspctest'@'localhost'
-- GRANT INSERT, UPDATE, CREATE, FILE ON *.* TO 'tblspctest'@'localhost'
-- GRANT INSERT, UPDATE, CREATE, FILE, SUPER ON *.* TO 'tblspctest'@'localhost'

create tablespace qazwsx add datafile 'qazwsx' engine falcon; 
-- returns access denied

--even here

show grants;
-- GRANT ALL PRIVILEGES ON *.* TO 'tblspctest'@'localhost'

create tablespace qazwsx add datafile 'qazwsx' engine falcon;

/* still

Error Code : 1045
Access denied for user 'tblspctest'@'localhost' (using password: NO)
(0 ms taken)

*/
[1 Oct 2007 11:27] MySQL Verification Team 
Thank you for the bug report.
[9 Oct 2007 14:42] Peter Laursen 
Actually the required OPERATING SYSTEM privileges are not documented either .. though probably a rather trival thing for most users!
[1 Nov 2007 20:53] Peter Gulutzan 
Re the statement:
"(I did not test DROP TABLESPACE, but would be surprised if not the situation is
the same)"

Reported on August 7:
Bug#30281 Falcon: missing privilege check for dropping tablespace
[26 Oct 2008 12:55] Peter Laursen 
I can see it ready for pushing now.

What what is the conclusion?  
What privilege(s) is/are required for managing TABLESPACE?
[27 Oct 2008 5:10] Alexander Nozdrin 
CREATE TABLESPACE is required for create/alter/drop of tablespaces.
[27 Oct 2008 8:53] Peter Laursen 
ok .. thanks for the reply.  Indeed I see such column in 6.07.  

Can you answer too:

1) Was it was introduced in 6.07?
2) Does it apply to both FALCON and NDB tablespaces?
3) If yes to 2) what about NDB tablespaces in 5.1? (I do not see it in 5.1.29 but I also have no cluster setup!)
[14 Nov 2008 19:35] Omer Barnir 
triage: Updating tag from SR60GA to SR60BETA based on current guidelines as the SR60GA tag was set before there were criteria for the 6.0 release phases and bugs should not be set to SR60GA when we are still in alpha
[19 Nov 2008 17:19] Paul DuBois 
The CREATE TABLESPACE privilege was introduced in 6.0.7:

http://dev.mysql.com/doc/refman/6.0/en/privileges-provided.html

"The CREATE TABLESPACE privilege enables you to create, alter, and drop tablespaces and logfile groups."