-
Type:
Bug
-
Status: Closed (View Workflow)
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: 10.1.14, 10.1.17
-
Component/s: Authentication and Privilege System
-
Labels:None
-
Sprint:10.1.18, 10.1.19, 10.1.22
If a role is granted on the whole database (SELECT ON db.* TO role1;), and a user is granted this role (GRANT role1 TO user1;), then that databases is not listed by SHOW DATABASES;, but still can be used (set as default, SHOW TABLES IN ..., DESCRIBE ...)
Test case:
--error 0,ER_CANNOT_USER
|
drop user beep@'%';
|
|
--error 0,ER_CANNOT_USER
|
drop role r1;
|
|
drop database if exists db;
|
|
create role r1;
|
create user beep@'%';
|
|
create database db;
|
create table db.t1 (i int);
|
grant select on db.* to r1;
|
grant r1 to beep@'%';
|
|
--connect (con1,localhost,beep,,)
|
show databases;
|
set role r1;
|
show databases;
|
Expected result (hopefully):
drop user beep@'%';
|
drop role r1;
|
drop database if exists db;
|
Warnings:
|
Note 1008 Can't drop database 'db'; database doesn't exist
|
create role r1;
|
create user beep@'%';
|
create database db;
|
create table db.t1 (i int);
|
grant select on db.* to r1;
|
grant r1 to beep@'%';
|
show databases;
|
Database
|
information_schema
|
test
|
set role r1;
|
show databases;
|
Database
|
db
|
information_schema
|
test
|
Failing:
@@ -16,6 +16,5 @@
|
set role r1;
|
show databases;
|
Database
|
-db
|
information_schema
|
test
|
|
mysqltest: Result length mismatch
|
- is blocked by
-
MDEV-15985 Granting roles to account does not work at all.
-
- Closed
-
- relates to
-
MDEV-13235 CLONE - Granted as a whole to roles, databases are not shown in SHOW DATABASES
-
- Closed
-