Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Fixed
-
5.5, 10.0, 10.1, 10.2, 10.3
-
CentOS 6, CentOS 7, OSX 10.11
Description
As described by customer:
As super user :
drop user twg@'%';
|
create user twg@'%' identified by 'test';
|
|
|
grant create, drop on `wildcard_grants%`.* to twg@'%';
|
grant all privileges on `wildcard_grants`.* to twg@'%';
|
|
|
drop database if exists wildcard_grants;
|
create database wildcard_grants;
|
use wildcard_grants;
|
create table t(id int);
|
mysql -utwg -ptest -hlocalhost wildcard_grants;
|
|
|
MariaDB [wildcard_grants]> insert into t values(1);
|
ERROR 1142 (42000): INSERT command denied to user 'twg'@'localhost' for table 't'
|
Interestingly, that works (order of grants) :
drop user twg@'%';
|
create user twg@'%' identified by 'test';
|
|
|
grant all privileges on `wildcard_grants`.* to twg@'%';
|
grant create, drop on `wildcard_grants%`.* to twg@'%';
|
|
|
drop database if exists wildcard_grants;
|
create database wildcard_grants;
|
use wildcard_grants;
|
create table t(id int);
|
mysql -utwg -ptest -hlocalhost wildcard_grants;
|
|
|
MariaDB [wildcard_grants]> insert into t values(1);
|
Query OK, 1 row affected (0.00 sec)
|
The problem here is that the server is evaluating rows in mysql.db in order of addition rather than in logical order with the more specific database name superseding the more general or vice-versa.
Attachments
Issue Links
- causes
-
-
- Closed
-
- duplicates
-
-
- Closed
-
- relates to
-
-
- Closed
-
-
MDEV-14735 better matching order for grants
-
- Closed
-