Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-13732

User with SELECT privilege can ALTER sequence

    Details

      Description

      A user with only the SELECT privilege cannot use NEXTVAL (understandably, which requires the INSERT privilege), but can ALTER the sequence.

      SHOW GRANTS FOR CURRENT_USER();
      +-----------------------------------------------------------------------------------------------------------+
      | Grants for s@localhost                                                                                    |
      +-----------------------------------------------------------------------------------------------------------+
      | GRANT SELECT ON *.* TO 's'@'localhost' IDENTIFIED BY PASSWORD '*7B9EBEED26AA52ED10C0F549FA863F13C39E0209' |
      +-----------------------------------------------------------------------------------------------------------+
      1 row in set (0.000 sec)
       
      SELECT NEXTVAL(s5);
      ERROR 1142 (42000): INSERT command denied to user 's'@'localhost' for table 's5'
       
      ALTER SEQUENCE s5 RESTART 50;
      Query OK, 0 rows affected (0.000 sec)
      

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                monty Michael Widenius
                Reporter:
                greenman Ian Gilfillan
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated: