[MDEV-17655] Inconsistent grant-name usage between grant-statement and privilege tables - Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Critical
Resolution: Fixed
Affects Version/s: 10.3.9, 10.3(EOL)
Fix Version/s: 10.3.15, 10.4.5
Component/s: Authentication and Privilege System, Versioned Tables
Labels:
None

Description

In MariaDB 10.3.9 the Privilege_Type returned from INFORMATION_SCHEMA.SCHEMA_PRIVILEGES is different for the new privilege type DELETE VERSIONING ROWS from the allowed grants in grant/revoke statements.

Example:

MariaDB [(none)]> GRANT DELETE VERSIONING ROWS ON tests.* TO alice;

ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'VERSIONING ROWS ON tests.* TO alice' at line 1

MariaDB [(none)]> GRANT DELETE HISTORY ON tests.* TO alice;

Query OK, 0 rows affected (0.001 sec)

MariaDB [(none)]> SELECT * FROM information_schema.SCHEMA_PRIVILEGES WHERE GRANTEE LIKE '\'alice%';

+-------------+---------------+--------------+------------------------+--------------+

| GRANTEE     | TABLE_CATALOG | TABLE_SCHEMA | PRIVILEGE_TYPE         | IS_GRANTABLE |

+-------------+---------------+--------------+------------------------+--------------+

| 'alice'@'%' | def           | tests        | DELETE VERSIONING ROWS | NO           |

+-------------+---------------+--------------+------------------------+--------------+

1 row in set (0.010 sec)

MariaDB [(none)]> SHOW GRANTS FOR alice;

+----------------------------------------------------------+

| Grants for alice@%                                       |

+----------------------------------------------------------+

| GRANT USAGE ON *.* TO 'alice'@'%'                        |

| GRANT DELETE VERSIONING ROWS ON `tests`.* TO 'alice'@'%' |

+----------------------------------------------------------+

2 rows in set (0.001 sec)

We have some in-house scripting which compares the granted rights in the database with a config, and produces grant/revoke-statements when things are different. At this moment it cannot use the produced grants to automatically generate revoke-statements for DELETE VERSIONING ROWS. Neither can it confirm that DELETE HISTORY has been granted.

Proposal for fix:

Add DELETE VERSIONING ROWS as valid grant to the grant/revoke statements

Attachments

Issue Links

relates to

MDEV-20382 SHOW PRIVILEGES displays "Delete versioning rows" rather than "Delete History"

Closed

Activity

People

Assignee:: Aleksey Midenkov

Reporter:: Reinder Cuperus

Votes:: 1 Vote for this issue

Watchers:: 7 Start watching this issue

Dates

Created:: 2018-11-09 12:59

Updated:: 2019-08-19 12:30

Resolved:: 2019-05-02 09:51

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.