Details
-
Bug
-
Status: Open (View Workflow)
-
Major
-
Resolution: Unresolved
-
10.4, 10.5, 10.6, 10.7, 10.8, 10.9, 10.10
-
None
Description
Set affected versions to 10.4 because I haven't found a variant of ALTER applicable to 10.3 which would reveal the same; but I didn't try all of them.
create user `user_acc`; |
create role `role_rec`; |
|
select user, priv from mysql.global_priv where user in ('user_acc','role_rec'); |
alter user `user_acc` account lock; |
alter user `role_rec` account lock; |
select user, priv from mysql.global_priv where user in ('user_acc','role_rec'); |
|
alter user `user_acc` with max_user_connections 10; |
alter user `role_rec` with max_user_connections 10; |
|
# Cleanup
|
drop user `user_acc`; |
drop role `role_rec`; |
In the above, alter ... account lock succeeds both for the user account and for the role; but for the user account it actually adds the lock to the JSON, while for the role nothing happens:
10.4 291872ec |
select user, priv from mysql.global_priv where user in ('user_acc','role_rec'); |
user priv |
user_acc {"access":0,"plugin":"mysql_native_password","authentication_string":"","password_last_changed":1666352599} |
role_rec {"access":0,"is_role":true} |
alter user `user_acc` account lock; |
alter user `role_rec` account lock; |
select user, priv from mysql.global_priv where user in ('user_acc','role_rec'); |
user priv |
user_acc {"access":0,"plugin":"mysql_native_password","authentication_string":"","password_last_changed":1666352599,"account_locked":true} |
role_rec {"access":0,"is_role":true} |
However, it is not so for every ALTER USER operation. The next one, setting the limit, succeeds for the user but fails for the role:
alter user `user_acc` with max_user_connections 10; |
alter user `role_rec` with max_user_connections 10; |
bug.t2 [ fail ]
|
Test ended at 2022-10-21 14:43:19 |
|
CURRENT_TEST: bug.t2
|
mysqltest: At line 10: query 'alter user `role_rec` with max_user_connections 10' failed: 1396: Operation ALTER USER failed for 'role_rec' |
I suppose the same should happen for any operation which is not really applicable to roles.
PUBLIC introduced in MDEV-5215 is also affected.