Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-22312

Bad error message for SET DEFAULT ROLE when user account is not granted the role

Details

    Description

      Let's say that we create a role and a user account:

      MariaDB [(none)]> CREATE ROLE 'test_role';
      Query OK, 0 rows affected (0.004 sec)
       
      MariaDB [(none)]> CREATE USER 'test_user'@'%';
      Query OK, 0 rows affected (0.004 sec)
      

      If we try to set this role to the user's default role without first granting the role to the user, then we see this error message:

      MariaDB [(none)]> SET DEFAULT ROLE 'test_role' FOR 'test_user'@'%';
      ERROR 1959 (OP000): Invalid role specification `test_role`
      

      This "Invalid role specification" error message is incorrect. It would be more accurate to say something like this:

      User `test_user`@`%` has not been granted role `test_role`

      Obviously, if we grant the role to the user before executing SET DEFAULT ROLE, then everything works fine:

      MariaDB [(none)]> GRANT 'test_role' TO 'test_user'@'%';
      Query OK, 0 rows affected (0.004 sec)
       
      MariaDB [(none)]> SET DEFAULT ROLE 'test_role' FOR 'test_user'@'%';
      Query OK, 0 rows affected (0.004 sec)
      

      Attachments

        Issue Links

          Activity

            Hi serg here is new patch: 9a792dea7b.
            Thanks.

            anel Anel Husakovic added a comment - Hi serg here is new patch: 9a792dea7b . Thanks.

            Hi serg,
            after cvicentiu's review here is a new patch da95ee91486f6fd
            The main difference is that I understood you that if a current user have select_priv and not update_priv than SET DEFAULT ROLE r1 for a should fail with new error, while the latest patch fails with ER_DBACCESS_DENIED_ERROR.

            anel Anel Husakovic added a comment - Hi serg , after cvicentiu 's review here is a new patch da95ee91486f6fd The main difference is that I understood you that if a current user have select_priv and not update_priv than SET DEFAULT ROLE r1 for a should fail with new error, while the latest patch fails with ER_DBACCESS_DENIED_ERROR .

            Looks good to me, ok to push.

            cvicentiu Vicențiu Ciorbaru added a comment - Looks good to me, ok to push.

            Because of some failing tests in buildbot , I've tested again locally all to be sure and to report here:

            The servers were restarted 1826 times
            Spent 14574.749 of 4391 seconds executing testcases
             
            Completed: All 6677 tests were successful.
             
            403 tests were skipped, 299 by the test itself.
            

            Will push, thanks.

            anel Anel Husakovic added a comment - Because of some failing tests in buildbot , I've tested again locally all to be sure and to report here: The servers were restarted 1826 times Spent 14574.749 of 4391 seconds executing testcases   Completed: All 6677 tests were successful.   403 tests were skipped, 299 by the test itself. Will push, thanks.

            Pushed to 10.1 with 957cb7b7ba35518

            anel Anel Husakovic added a comment - Pushed to 10.1 with 957cb7b7ba35518

            People

              anel Anel Husakovic
              GeoffMontee Geoff Montee (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.