Details
-
Type:
Bug
-
Status: Closed (View Workflow)
-
Priority:
Major
-
Resolution: Not a Bug
-
Affects Version/s: 10.4
-
Fix Version/s: N/A
-
Component/s: Authentication and Privilege System
-
Labels:
Description
Since upgrading from 10.3.16 to 10.4.6 our grants no longer work the same. I suspect this is caused by the linked MDEV-15649. We have multiple developers with their own prefixed databases. Other developers are allowed to view those, so we have:
GRANT SELECT ON `%-development`.* TO 'user'@'127.0.0.1';
GRANT SELECT, INSERT, UPDATE, DELETE ON `user-%`.* TO 'user'@'127.0.0.1';
this used to work fine. It no longer does (for some users). Reproducible testcase:
create user 'jtest'@'127.0.0.1' identified by 'jtest';
GRANT SELECT ON `%test`.* TO 'jtest'@'127.0.0.1';
GRANT SELECT, INSERT, DELETE ON `j-%`.* TO 'jtest'@'127.0.0.1';
(as user jtest)
insert into `j-test` values ('x');
# ERROR 1142 (42000): INSERT command denied to user 'jtest'@'127.0.0.1' for table 'j-test'
Attachments
Issue Links
- is caused by
-
MDEV-14732 mysql.db privileges evaluated on order of grants rather than hierarchically
-
- Closed
-
-
MDEV-14735 better matching order for grants
-
- Closed
-