[MDEV-29465] Inherited columns privs for roles wrongly set mysql.tables_priv column - Jira

The following test case shows that mysql.tables_priv is wrongly populated

create user foo;

create database some_db;

create table some_db.t1 (a int, b int, secret int);

create role r_select_column;

create role r_active_column;

grant r_select_column to r_active_column;

grant r_active_column to foo;

grant select(a) on some_db.t1 to r_select_column;

select * from mysql.tables_priv order by user;

Host	Db	User	Table_name	Grantor	Timestamp	Table_priv	Column_priv

	some_db	r_select_column	t1	root@localhost	0000-00-00 00:00:00		Select

grant insert(a) on some_db.t1 to r_active_column;

select * from mysql.tables_priv order by user;

Host	Db	User	Table_name	Grantor	Timestamp	Table_priv	Column_priv

	some_db	r_active_column	t1	root@localhost	0000-00-00 00:00:00		Select, Insert

	some_db	r_select_column	t1	root@localhost	0000-00-00 00:00:00		Select

-- There shouldn't be `Select` priv stored in Column_priv for r_active_column!

The cause of this bug is the mixing of GRANT_TABLE::cols and GRANT_TABLE::init_cols within the mysql_table_grant function.

There is a similar bug for GRANT_COLUMN::rights and GRANT_COLUMN::init_rights.

blocks

MDEV-14443 DENY clause for access control a.k.a. "negative grants"

causes

MDEV-30023 Revoking Privilege on the Column Yields the Error

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.

MariaDB Server