Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-29465

Inherited columns privs for roles wrongly set mysql.tables_priv column

    XMLWordPrintable

    Details

      Description

      The following test case shows that mysql.tables_priv is wrongly populated

      create user foo;
      create database some_db;
      create table some_db.t1 (a int, b int, secret int);
      create role r_select_column;
      create role r_active_column;
      grant r_select_column to r_active_column;
      grant r_active_column to foo;
      grant select(a) on some_db.t1 to r_select_column;
      select * from mysql.tables_priv order by user;
      Host	Db	User	Table_name	Grantor	Timestamp	Table_priv	Column_priv
      	some_db	r_select_column	t1	root@localhost	0000-00-00 00:00:00		Select
      grant insert(a) on some_db.t1 to r_active_column;
      select * from mysql.tables_priv order by user;
      Host	Db	User	Table_name	Grantor	Timestamp	Table_priv	Column_priv
      	some_db	r_active_column	t1	root@localhost	0000-00-00 00:00:00		Select, Insert
      	some_db	r_select_column	t1	root@localhost	0000-00-00 00:00:00		Select
      -- There shouldn't be `Select` priv stored in Column_priv for r_active_column!
      

      The cause of this bug is the mixing of GRANT_TABLE::cols and GRANT_TABLE::init_cols within the mysql_table_grant function.

      There is a similar bug for GRANT_COLUMN::rights and GRANT_COLUMN::init_rights.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              cvicentiu Vicențiu Ciorbaru
              Reporter:
              cvicentiu Vicențiu Ciorbaru
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.