Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-14853

Grant does not work correctly when table contains SYSTEM_INVISIBLE or COMPLETELY_INVISIBLE

Details

    • Bug
    • Status: Closed (View Workflow)
    • Major
    • Resolution: Fixed
    • 10.3.3
    • 10.3.7
    • Server
    • None
    • all
    • 10.3.6-1

    Description

      Column level GRANT does not work correctly when table contains and SYSTEM_INVISIBLE or COMPLETELY_INVISIBLE column.
      Suppose a table t1 , which has a SYSTEM_INVISIBLE column and a normal column A. We give a grant to user_1 with this command

      grant insert(a) on t1 to user_1;
      

      when this particular user try insert

      insert into t1(a) values(1);
      

      or

      insert into t1 values(1);
      

      he will get access denied error.

      Attachments

        Issue Links

          Activity

            I've found the opening of this discussion on December 7th, but can't find what was answered:

            elenst [23:04]
            @serg: @sachin: another small thing, now with grants. Say, we have a table `t1` with one normal visible column `a` and invisible column(s) of any type; and a user with `GRANT INSERT (a) ON t1`. Such a user cannot do `INSERT INTO t1 VALUES (...)`

            [23:05]
            it can be rationalized, with a claim a user with column-level grants should specify those columns, but it wasn't necessary before, if the user actually had grants for all columns

            [23:10]
            and for a user-level invisible it's fine, as it should probably be granted as a normal column; with system-level it's... strange, because it turns out it can also be granted – again, not sure if it's by design; with completely invisible it might prove problematic

            elenst Elena Stepanova added a comment - I've found the opening of this discussion on December 7th, but can't find what was answered: elenst [23:04] @serg: @sachin: another small thing, now with grants. Say, we have a table `t1` with one normal visible column `a` and invisible column(s) of any type; and a user with `GRANT INSERT (a) ON t1`. Such a user cannot do `INSERT INTO t1 VALUES (...)` [23:05] it can be rationalized, with a claim a user with column-level grants should specify those columns, but it wasn't necessary before, if the user actually had grants for all columns [23:10] and for a user-level invisible it's fine, as it should probably be granted as a normal column; with system-level it's... strange, because it turns out it can also be granted – again, not sure if it's by design; with completely invisible it might prove problematic

            Hi elenst,
            Actually there was no reply to that , sorry. But I and serg agreed that there is problem.

            sachin.setiya.007 Sachin Setiya (Inactive) added a comment - Hi elenst , Actually there was no reply to that , sorry. But I and serg agreed that there is problem.
            sachin.setiya.007 Sachin Setiya (Inactive) added a comment - http://lists.askmonty.org/pipermail/commits/2018-April/012463.html buildbot bb-10.3-sachin

            People

              sachin.setiya.007 Sachin Setiya (Inactive)
              sachin.setiya.007 Sachin Setiya (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.