[MDEV-28783] Privilege inconsistency between show columns and information_schema.columns - Jira

XML

Word

Printable

Details

Type: Bug
Status: Open (View Workflow)
Priority: Major
Resolution: Unresolved
Affects Version/s: None
Fix Version/s: 10.4, 10.5, 10.6
Component/s: Authentication and Privilege System, Information Schema
Labels:
None

Description

A user with global / database level INSERT privilege can not run show columns, but can select from information_schema.columns to retrieve all columns from a table.

A user with only INSERT privilege on one single table column can run show columns and get the list of columns he has access to.

The intended behaviour should be that global/database level grants also grant access to show columns.

create user foo;

create user bar;

create database some_db;

create table some_db.t1 (a int, b int);

grant insert on *.* to foo;

grant insert on some_db.* to foo;

grant insert(a) on some_db.t1 to bar;

--connect (con1,localhost,foo,,)

# This should not error out.

--error ER_TABLEACCESS_DENIED_ERROR

show columns from some_db.t1;

select table_name, column_name from information_schema.columns where table_name like 't1';

disconnect con1;

--connect (con2,localhost,bar,,)

show columns from some_db.t1;

disconnect con2;

connection default;

drop user foo;

drop user bar;

drop database some_db;

Attachments

Issue Links

relates to

MDEV-28455 CREATE TEMPORARY TABLES privilege is insufficient for SHOW COLUMNS

Closed

Activity

People

Assignee:: Vicențiu Ciorbaru

Reporter:: Vicențiu Ciorbaru

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 2022-06-09 08:44

Updated:: 2023-11-28 10:35

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.