Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-28783

Privilege inconsistency between show columns and information_schema.columns

    XMLWordPrintable

    Details

      Description

      A user with global / database level INSERT privilege can not run show columns, but can select from information_schema.columns to retrieve all columns from a table.

      A user with only INSERT privilege on one single table column can run show columns and get the list of columns he has access to.

      The intended behaviour should be that global/database level grants also grant access to show columns.

      create user foo;
      create user bar;
       
      create database some_db;
       
      create table some_db.t1 (a int, b int);
       
      grant insert on *.* to foo;
      grant insert on some_db.* to foo;
      grant insert(a) on some_db.t1 to bar;
       
      --connect (con1,localhost,foo,,)
      # This should not error out.
      --error ER_TABLEACCESS_DENIED_ERROR
      show columns from some_db.t1;
       
      select table_name, column_name from information_schema.columns where table_name like 't1';
      disconnect con1;
       
      --connect (con2,localhost,bar,,)
      show columns from some_db.t1;
      disconnect con2;
       
      connection default;
      drop user foo;
      drop user bar;
      drop database some_db;
      

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              cvicentiu Vicențiu Ciorbaru
              Reporter:
              cvicentiu Vicențiu Ciorbaru
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:

                  Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.