Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-19899

Multiple matching grants no longer stacked

    XMLWordPrintable

    Details

      Description

      Since upgrading from 10.3.16 to 10.4.6 our grants no longer work the same. I suspect this is caused by the linked MDEV-15649. We have multiple developers with their own prefixed databases. Other developers are allowed to view those, so we have:

      GRANT SELECT ON `%-development`.* TO 'user'@'127.0.0.1';
      GRANT SELECT, INSERT, UPDATE, DELETE ON `user-%`.* TO 'user'@'127.0.0.1';

      this used to work fine. It no longer does (for some users). Reproducible testcase:

      create user 'jtest'@'127.0.0.1' identified by 'jtest';
      GRANT SELECT ON `%test`.* TO 'jtest'@'127.0.0.1';
      GRANT SELECT, INSERT, DELETE ON `j-%`.* TO 'jtest'@'127.0.0.1';

      (as user jtest)
      insert into `j-test` values ('x');

      # ERROR 1142 (42000): INSERT command denied to user 'jtest'@'127.0.0.1' for table 'j-test'

        Attachments

          Issue Links

          is caused by

          Bug - A problem which impairs or prevents the functions of the product. MDEV-14732 mysql.db privileges evaluated on order of grants rather than hierarchically

          • Major - Major loss of function.
          • Closed

          Task - A task that needs to be done. MDEV-14735 better matching order for grants

          • Major - Major loss of function.
          • Closed

            Activity

              People

              Assignee:
              serg Sergei Golubchik
              Reporter:
              sjon sjon
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Git Integration