Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-24486

Easier way to retrieve all users that have privileges on a specific table

Details

    Description

      The purpose of the TABLE_PRIVILEGES table in INFORMATION_SCHEMA seems to be a bit misleading.

      It only shows those privileges that were specifically granted on the table level, but it may be taken as showing all users with privileges on a table, including those that were actually granted at the database or even the global level.

      Right now results from three different tables have to be combined for this, e.g. using:

      SELECT t.TABLE_SCHEMA
      		 
           , t.TABLE_NAME
      		 
           , privs.GRANTEE
      		 
           , GROUP_CONCAT(privs.PRIVILEGE_TYPE) AS PRIVILEGES
      		 
        FROM INFORMATION_SCHEMA.TABLES AS t
      		 
        JOIN ( SELECT NULL AS TABLE_SCHEMA
      		 
                    , NULL AS TABLE_NAME
      		 
                    , GRANTEE, PRIVILEGE_TYPE
      		 
                 FROM INFORMATION_SCHEMA.USER_PRIVILEGES
      		 
       
      		 
                UNION
      		 
       
      		 
               SELECT TABLE_SCHEMA
      		 
                    , NULL AS TABLE_NAME
      		 
                    , GRANTEE
      		 
                    , PRIVILEGE_TYPE
      		 
                 FROM INFORMATION_SCHEMA.SCHEMA_PRIVILEGES
      		 
       
      		 
                UNION
      		 
       
      		 
               SELECT TABLE_SCHEMA
      		 
                    , TABLE_NAME
      		 
                    , GRANTEE
      		 
                    , PRIVILEGE_TYPE
      		 
                 FROM INFORMATION_SCHEMA.TABLE_PRIVILEGES
      		 
             ) privs
      		 
          ON (t.TABLE_SCHEMA = privs.TABLE_SCHEMA OR privs.TABLE_SCHEMA IS NULL)
      		 
         AND (t.TABLE_NAME = privs.TABLE_NAME OR privs.TABLE_NAME IS NULL)
      		 
         AND (privs.PRIVILEGE_TYPE <> 'USAGE')
      		 
       WHERE t.TABLE_SCHEMA NOT IN ( 'mysql'
      		 
                                   , 'information_schema'
      		 
                                   , 'performance_schema'
      		 
                                   )
      		 
       GROUP BY t.TABLE_SCHEMA
      		 
              , t.TABLE_NAME
      		 
              , privs.GRANTEE
      		 
      ;

      Attachments

        Issue Links

          causes

          Bug - A problem which impairs or prevents the functions of the product. MDEV-36030 sysschema.v_privileges_by_table_by_level test fails in network sandbox with hostname set to localhost

          • Major - Major loss of function.
          • Confirmed
          relates to

          Bug - A problem which impairs or prevents the functions of the product. MDEV-32941 I_S.USER_PRIVILEGES has a wrong name and does not show roles

          • Major - Major loss of function.
          • Open

          Activity

            Ascending order - Click to sort in descending order
            View 19 older comments
            oleg.smirnov Oleg Smirnov added a comment -

            Pushed to 11.4

            oleg.smirnov Oleg Smirnov added a comment - Pushed to 11.4
            oleg.smirnov Oleg Smirnov added a comment -

            It seems that there are no tests in v_table_privileges.test with level=GLOBAL or SCHEMA, it needs to add such ones.

            The name of new view should be changed to

            -- View: privileges_by_table_by_level
            		 
            --
            		 
            -- Shows granted privileges broken down by table on which they allow access and level on which they were granted

            oleg.smirnov Oleg Smirnov added a comment - It seems that there are no tests in v_table_privileges.test with level=GLOBAL or SCHEMA, it needs to add such ones. The name of new view should be changed to -- View: privileges_by_table_by_level -- -- Shows granted privileges broken down by table on which they allow access and level on which they were granted
            oleg.smirnov Oleg Smirnov added a comment -

            serg, can you please review bb-11.4-MDEV-24486-amend?

            oleg.smirnov Oleg Smirnov added a comment - serg , can you please review bb-11.4- MDEV-24486 -amend ?
            serg Sergei Golubchik added a comment -

            d857186193b looks ok to push, thanks!

            serg Sergei Golubchik added a comment - d857186193b looks ok to push, thanks!
            oleg.smirnov Oleg Smirnov added a comment -

            The amendment is pushed to 11.4

            oleg.smirnov Oleg Smirnov added a comment - The amendment is pushed to 11.4

            People

              oleg.smirnov Oleg Smirnov
              hholzgra Hartmut Holzgraefe
              Votes:
              0 Vote for this issue
              Watchers:
              10 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.