[MDEV-25278] galera does not replace grant EXECUTE , ALTER RONTINE from automatic_sp_privileges - Jira

XML

Word

Printable

Details

Type: Bug
Status: Confirmed (View Workflow)
Priority: Major
Resolution: Unresolved
Affects Version/s: 10.5
Fix Version/s: 10.5
Component/s: Galera
Labels:
None
Environment:
Redhat Enterprise Linux 7.9 x86_64 on VMware

Description

Found galera does not replace grant EXECUTE , ALTER RONTINE from automatic_sp_privileges. automatic_sp_privileges is ON by default

step 1: build a galera DB cluster with automatic_sp_privileges default value ON

step 2: create database testdb1

step 3: create user app_owner

step 4: grant schema level privileges

GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER, CREATE TEMPORARY TABLES, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, TRIGGER ON `testdb1`.* TO `app_owner`@`%` WITH GRANT OPTION ;

step 5: create procedure by user app_owner

delimiter //
create or replace procedure testdb1.p_test()
begin
select now() ;
end //
delimiter ;

step 6: show grant in galera node 1 has routine level privileges from automatic_sp_privileges

GRANT EXECUTE, ALTER ROUTINE ON PROCEDURE `testdb1`.`p_test` TO `app_owner`@`%`

step 7: show grant in galera node 2 has no such object privilege

workaround: grant db level EXECUTE privilege but may not apply to all situation

Attachments

Activity

People

Assignee:: Julius Goryavsky

Reporter:: William Wong

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 2021-03-28 07:17

Updated:: 2024-02-12 06:21

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.