Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-29509

execute granted indirectly (via roles) doesn't always work

    XMLWordPrintable

Details

    Description

      create procedure p1 () select 1;
      		 
      create role r1, r2;
      		 
      grant r1 to r2;
      		 
      create user foo@localhost;
      		 
      grant r2 to foo@localhost;
      		 
      grant execute on procedure test.p1 to r1;
      		 
      #grant alter routine on procedure test.p1 to r2;
      		 
      connect foo,localhost,foo;
      		 
      set role r2;
      		 
      show grants;
      		 
      call p1();

      this test succeeds, call p1() is allowed. but if grant alter routine is uncommented, the test fails.

      Attachments

        Issue Links

          blocks

          New Feature - A new feature of the product, which has yet to be developed. MDEV-14443 DENY clause for access control a.k.a. "negative grants"

          • Critical - Crashes, loss of data, severe memory leak.
          • Stalled
          relates to

          Bug - A problem which impairs or prevents the functions of the product. MDEV-29458 Role grant commands do not propagate all grants

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          Activity

            People

              cvicentiu Vicențiu Ciorbaru
              serg Sergei Golubchik
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.