Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-19610

stored function with "SQL SECURITY DEFINER" DEFINER requires COLUMN PRIVILEGES

    XMLWordPrintable

Details

    Description

      MariaDB server 10.3.15 requires that the DEFINER, when the stored function has SQL SECURITY DEFINER set, has privileges not just for the whole table, but the specific columns as well.
      WHy is that? I expect that the user is allowed to run the SELECT over the columns because the user has the SELECT privilege for the table.

      Output:
      [...]
      SELECT test_function('a', 'b');
      mysqltest: At line 48: query 'SELECT test_function('a', 'b')' failed: 1143: SELECT command denied to user 'admin_user'@'localh
      ost' for column 'column2' in table 'table2'
      not ok

      A test SQL script is attached.

      Kind regards

      Noel Kuntze

      Attachments

        Activity

          People

            bar Alexander Barkov
            thermi Noel Kuntze
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.