The following test case shows that mysql.tables_priv is wrongly populated
create user foo;
|
create database some_db;
|
create table some_db.t1 (a int, b int, secret int);
|
create role r_select_column;
|
create role r_active_column;
|
grant r_select_column to r_active_column;
|
grant r_active_column to foo;
|
grant select(a) on some_db.t1 to r_select_column;
|
select * from mysql.tables_priv order by user;
|
Host Db User Table_name Grantor Timestamp Table_priv Column_priv
|
some_db r_select_column t1 root@localhost 0000-00-00 00:00:00 Select
|
grant insert(a) on some_db.t1 to r_active_column;
|
select * from mysql.tables_priv order by user;
|
Host Db User Table_name Grantor Timestamp Table_priv Column_priv
|
some_db r_active_column t1 root@localhost 0000-00-00 00:00:00 Select, Insert
|
some_db r_select_column t1 root@localhost 0000-00-00 00:00:00 Select
|
-- There shouldn't be `Select` priv stored in Column_priv for r_active_column!
|
The cause of this bug is the mixing of GRANT_TABLE::cols and GRANT_TABLE::init_cols within the mysql_table_grant function.
There is a similar bug for GRANT_COLUMN::rights and GRANT_COLUMN::init_rights.
Bug
Critical
MDEV-14443 DENY clause for access control a.k.a. "negative grants"
