Oleksandr Byelkin added a comment - 2022-10-10 13:34 I tried to repeat and here it is: create database dbtest; create user `testuser`@`%`; GRANT USAGE ON *.* TO `testuser`@`%`; GRANT ALL PRIVILEGES ON `dbtest`.* TO `PUBLIC`; connect testuser,localhost,testuser,,; show grants for public; Grants for PUBLIC GRANT ALL PRIVILEGES ON `dbtest`.* TO PUBLIC show grants for testuser; Grants for testuser@% GRANT USAGE ON *.* TO `testuser`@`%` connection default; disconnect testuser; REVOKE ALL PRIVILEGES ON `dbtest`.* FROM `PUBLIC`; REVOKE USAGE ON *.* FROM `testuser`@`%`; drop user `testuser`@`%`; drop database dbtest; test suite is here: create database dbtest; create user `testuser`@`%`;   GRANT USAGE ON *.* TO `testuser`@`%`; GRANT ALL PRIVILEGES ON `dbtest`.* TO `PUBLIC`;   connect (testuser,localhost,testuser,,);   show grants for public; show grants for testuser;   connection default; disconnect testuser;   REVOKE ALL PRIVILEGES ON `dbtest`.* FROM `PUBLIC`; REVOKE USAGE ON *.* FROM `testuser`@`%`; drop user `testuser`@`%`; drop database dbtest;

Vicențiu Ciorbaru added a comment - 2022-10-10 15:44 - edited The bug is present in 85b939ae35c74d458916ff5b3f0da8045fc16522, which is the commit used for preview-10.11-preview release. It was later fixed in a follow-up commit in bb-10.11- MDEV-5215 tree. The relevant change lies in sql_acl.cc get_show_user() function - do_check_access= strcmp(*rolename, sctx->priv_role); + do_check_access= !is_public(lex_user) && strcmp(*rolename, sctx->priv_role); The test case was not present however, so it was added in bb-10.11- MDEV-5215 tree to prevent further regressions.