Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-19610

stored function with "SQL SECURITY DEFINER" DEFINER requires COLUMN PRIVILEGES

    XMLWordPrintable

    Details

      Description

      MariaDB server 10.3.15 requires that the DEFINER, when the stored function has SQL SECURITY DEFINER set, has privileges not just for the whole table, but the specific columns as well.
      WHy is that? I expect that the user is allowed to run the SELECT over the columns because the user has the SELECT privilege for the table.

      Output:
      [...]
      SELECT test_function('a', 'b');
      mysqltest: At line 48: query 'SELECT test_function('a', 'b')' failed: 1143: SELECT command denied to user 'admin_user'@'localh
      ost' for column 'column2' in table 'table2'
      not ok

      A test SQL script is attached.

      Kind regards

      Noel Kuntze

        Attachments

          Activity

            People

            Assignee:
            bar Alexander Barkov
            Reporter:
            thermi Noel Kuntze
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated: