[MDEV-29509] execute granted indirectly (via roles) doesn't always work - Jira

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Critical
Resolution: Fixed
Affects Version/s: 10.3(EOL), 10.4(EOL), 10.5, 10.6, 10.7(EOL), 10.8(EOL), 10.9(EOL)
Fix Version/s: 10.3.37, 10.4.27, 10.5.18, 10.6.11, 10.7.7, 10.8.6, 10.9.4, 10.10.2
Component/s: Authentication and Privilege System
Labels:
None

Description

create procedure p1 () select 1;

create role r1, r2;

grant r1 to r2;

create user foo@localhost;

grant r2 to foo@localhost;

grant execute on procedure test.p1 to r1;

#grant alter routine on procedure test.p1 to r2;

connect foo,localhost,foo;

set role r2;

show grants;

call p1();

this test succeeds, call p1() is allowed. but if grant alter routine is uncommented, the test fails.

Attachments

Issue Links

blocks

MDEV-14443 DENY clause for access control a.k.a. "negative grants"

Stalled

relates to

MDEV-29458 Role grant commands do not propagate all grants

Closed

Activity

Transition	Time In Source Status	Execution Times

Sergei Golubchik made transition - 2022-09-11 12:55

Open

Confirmed

28s

Vicențiu Ciorbaru made transition - 2022-09-12 08:04

Confirmed

In Progress

19h 8m

Vicențiu Ciorbaru made transition - 2022-09-12 08:05

In Progress

In Review

1m 36s

Sergei Golubchik made transition - 2022-09-12 17:57

In Review

Stalled

9h 51m

Vicențiu Ciorbaru made transition - 2022-09-14 11:50

Stalled

Closed

1d 17h 52m

People

Assignee:: Vicențiu Ciorbaru

Reporter:: Sergei Golubchik

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 2022-09-11 12:55

Updated:: 2022-09-20 13:14

Resolved:: 2022-09-14 11:50

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.

MariaDB Server