[MDEV-29845] ALTER USER <role> pretends to succeed but has no effect - Jira

XML

Word

Printable

Details

Type: Bug
Status: Open (View Workflow)
Priority: Major
Resolution: Unresolved
Affects Version/s: 10.4, 10.5, 10.6, 10.7, 10.8, 10.9, 10.10
Fix Version/s: 10.4, 10.5, 10.6
Component/s: Authentication and Privilege System
Labels:
None

Description

Set affected versions to 10.4 because I haven't found a variant of ALTER applicable to 10.3 which would reveal the same; but I didn't try all of them.

create user `user_acc`;

create role `role_rec`;

select user, priv from mysql.global_priv where user in ('user_acc','role_rec');

alter user `user_acc` account lock;

alter user `role_rec` account lock;

select user, priv from mysql.global_priv where user in ('user_acc','role_rec');

alter user `user_acc` with max_user_connections 10;

alter user `role_rec` with max_user_connections 10;

# Cleanup

drop user `user_acc`;

drop role `role_rec`;

In the above, alter ... account lock succeeds both for the user account and for the role; but for the user account it actually adds the lock to the JSON, while for the role nothing happens:

10.4 291872ec
select user, priv from mysql.global_priv where user in ('user_acc','role_rec');
user priv
user_acc {"access":0,"plugin":"mysql_native_password","authentication_string":"","password_last_changed":1666352599}
role_rec {"access":0,"is_role":true}
alter user `user_acc` account lock;
alter user `role_rec` account lock;
select user, priv from mysql.global_priv where user in ('user_acc','role_rec');
user priv
user_acc {"access":0,"plugin":"mysql_native_password","authentication_string":"","password_last_changed":1666352599,"account_locked":true}
role_rec {"access":0,"is_role":true}

However, it is not so for every ALTER USER operation. The next one, setting the limit, succeeds for the user but fails for the role:

alter user `user_acc` with max_user_connections 10;

alter user `role_rec` with max_user_connections 10;

bug.t2                                   [ fail ]

        Test ended at 2022-10-21 14:43:19

CURRENT_TEST: bug.t2

mysqltest: At line 10: query 'alter user `role_rec` with max_user_connections 10' failed: 1396: Operation ALTER USER failed for 'role_rec'

I suppose the same should happen for any operation which is not really applicable to roles.

PUBLIC introduced in ~~MDEV-5215~~ is also affected.

Attachments

Activity

People

Assignee:: Rucha Deodhar

Reporter:: Elena Stepanova

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 2022-10-21 11:51

Updated:: 2023-11-28 10:35

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.