[MDEV-13453] Executing a query via CTE requires more permissions than the query itself - Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: 10.2(EOL)
Fix Version/s: 10.2.11
Component/s: Authentication and Privilege System, Optimizer - CTE
Labels:
None

Sprint:
10.2.11

Description

Based on the question posted at stackoverflow by Diogo Melo:
https://stackoverflow.com/questions/45510362/error-1142-42000-select-command-denied-for-with-recursive-statement-on-ma

When a query is executed via CTE, it's not enough to have normal privileges for the query, the user must also have SELECT privileges for the CTE itself, which are impossible to grant.

create database db;

use db;

create table t1 (i int);

create user foo@localhost;

grant SELECT on db.t1 to foo@localhost;

--connect (con1,localhost,foo,,)

use db;

with cte as (select * from t1) select * from cte;

# Cleanup

--disconnect con1

--connection default

drop database db;

drop user foo@localhost;

CURRENT_TEST: bug.t6

mysqltest: At line 10: query 'with cte as (select * from t1) select * from cte' failed: 1142: SELECT command denied to user 'foo'@'localhost' for table 'cte'

Attachments

Issue Links

causes

MXS-2064 Loading of users with MariaDB 10.2.10 fails

Closed

is duplicated by

MDEV-13682 Role permissions don't work with CTEs

Closed

links to

StackOverflow

Activity

People

Assignee:: Igor Babaev

Reporter:: Elena Stepanova

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Dates

Created:: 2017-08-04 15:38

Updated:: 2018-10-30 10:45

Resolved:: 2017-12-20 18:10

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.