Hi, Alexander! Just a couple of issues that were left open after our slack chat. Everything else looks fine, nothing new below. On Mar 01, Alexander Barkov wrote:

revision-id: 9aace068f0c (mariadb-10.5.0-277-g9aace068f0c) parent(s): 607960c7722 author: Alexander Barkov committer: Alexander Barkov timestamp: 2020-03-01 11:49:25 +0400 message:

MDEV-21743 Split up SUPER privilege to smaller privileges

+constexpr uint PRIVILEGE_T_MAX_BIT= 36; + +static_assert((privilege_t)(1ULL << PRIVILEGE_T_MAX_BIT) == LAST_CURRENT_ACL, + "LAST_CURRENT_ACL and PRIVILEGE_T_MAX_BIT do not match");

I'd still prefer to get rid of static_assert here. E.g. with constexpr uint PRIVILEGE_T_MAX_BIT= my_bit_log2(LAST_CURRENT_ACL); (and fixing my_bit_log2 to work with ulonglong).

@@ -7151,6 +7150,18 @@ bool check_global_access(THD *thd, privilege_t want_access, bool no_errors) { #ifndef NO_EMBEDDED_ACCESS_CHECKS char command[128]; + /* + The userstat plugin in + plugin/userstat/client_stats.cc + plugin/userstat/user_stats.cc + calls + check_global_access(SUPER_ACL | PROCESS_ACL) + when populating CLIENT_STATISTICS and USER_STATISTICS + INFORMATION_SCHEMA tables. + We should eventually fix it to use one privilege only and uncomment + the DBUG_ASSERT below: + */ + //DBUG_ASSERT(my_count_bits(want_access) <= 1);

I think you can remove SUPER_ACL from the userstat plugin and uncomment the assert above. Regards, Sergei VP of MariaDB Server Engineering and security@mariadb.org