Details

    Description

      It should only have SELECT on mysql.global_priv, not UPDATE or DELETE.

      Attachments

        Activity

          I think DELETE is still very important for backward compatibility. There are many cases when removal of user accounts is more convenient through DELETE than it is through DROP USER – for example, when a set of accounts with certain characteristics needs to be removed, or when the server runs with skip-grant-tables, e.g. in "repair" mode; and while the right way nowadays to do it would be removing them from global_priv (and other privilege tables), certainly there are still lots of scripts out there in the world which do it through the old mysql.user.

          UPDATE, on the other hand, has very limited functionality when it's done through the view. So, while some users may use it still, losing it shouldn't be that critical.

          elenst Elena Stepanova added a comment - I think DELETE is still very important for backward compatibility. There are many cases when removal of user accounts is more convenient through DELETE than it is through DROP USER – for example, when a set of accounts with certain characteristics needs to be removed, or when the server runs with skip-grant-tables , e.g. in "repair" mode; and while the right way nowadays to do it would be removing them from global_priv (and other privilege tables), certainly there are still lots of scripts out there in the world which do it through the old mysql.user . UPDATE , on the other hand, has very limited functionality when it's done through the view. So, while some users may use it still, losing it shouldn't be that critical.

          I only removed UPDATE

          serg Sergei Golubchik added a comment - I only removed UPDATE

          Note that commit https://github.com/MariaDB/server/commit/153cd6a27f1b798fea6dee3aecf3a95df561c6fa only applies to new installs. Existing MariaDB installations 10.4.13, 10.5.5 and earlier 10.4.x and 10.5.x still has a `mariadb.sys` user that also has UPDATE permissions. If we want upgrades to remove the UPDATE permission from `mariadb.sys`, an line that fixes the permissions should be added in mysql_system_tables_fix.sql

          otto Otto Kekäläinen added a comment - Note that commit https://github.com/MariaDB/server/commit/153cd6a27f1b798fea6dee3aecf3a95df561c6fa only applies to new installs. Existing MariaDB installations 10.4.13, 10.5.5 and earlier 10.4.x and 10.5.x still has a `mariadb.sys` user that also has UPDATE permissions. If we want upgrades to remove the UPDATE permission from `mariadb.sys`, an line that fixes the permissions should be added in mysql_system_tables_fix.sql

          People

            serg Sergei Golubchik
            serg Sergei Golubchik
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.