Details
-
Bug
-
Status: Closed (View Workflow)
-
Critical
-
Resolution: Fixed
-
10.1.26, 10.2.8
-
tested on official docker container
-
10.2.10
Description
show create procedure gives NULL in the Field "Create Procedure" if the permission is missing.
It works, if the caller is the owner of the proedure or with the SELECT right of mysql.proc
This works not, if the owner is a role.
To reproduce:
create database rtest; |
create role db_owner_rtest; |
grant all privileges on rtest.* to db_owner_rtest; |
|
|
|
|
create user user1; |
grant db_owner_rtest to user1; |
|
|
set default role db_owner_rtest for user1; |
|
Login as user 1:
use rtest; |
|
|
set role db_owner_rtest; |
|
|
DELIMITER //
|
DROP PROCEDURE IF EXISTS user1_proc; |
CREATE DEFINER=current_role() PROCEDURE user1_proc() |
SQL SECURITY INVOKER
|
BEGIN
|
SELECT NOW(), VERSION(); |
END;// |
DELIMITER ;
|
Role db_owner_rtest is the owner and user1 has this role,but
show create procedure db_owner_rtest;
gives this output.
MariaDB [rtest]> show create procedure user1_proc; |
+------------+-------------------------------------------------------------------------------------------+------------------+----------------------+----------------------+--------------------+ |
| Procedure | sql_mode | Create Procedure | character_set_client | collation_connection | Database Collation | |
+------------+-------------------------------------------------------------------------------------------+------------------+----------------------+----------------------+--------------------+ |
| user1_proc | STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION | NULL | latin1 | latin1_swedish_ci | latin1_swedish_ci | |
+------------+-------------------------------------------------------------------------------------------+------------------+----------------------+----------------------+--------------------+ |
1 row in set (0.00 sec) |
|
|
|