Details
-
New Feature
-
Status: Closed (View Workflow)
-
Critical
-
Resolution: Fixed
Description
Currently there are two different functions which can be used to get the information of the user executing a procedure:
- CURRENT_USER(): Returns the user name and host name combination for the MariaDB account that the server used to authenticate the current client (i.e user and host columns from mysql.user table).
- USER(): Returns the current MariaDB user name and host name, given when authenticating to MariaDB, as a string in the utf8 character set.
If you call these functions within a procedure with SQL SECURITY DEFINER, CURRENT_USER() will return the information of the procedure definer instead of the information of the user authenticated with the current client. The current alternative is to use the USER() but it might not return the same information. For example:
-- as root user
|
MariaDB [(none)]> delimiter /
|
MariaDB [(none)]> CREATE PROCEDURE mysql.user_function_demo() SQL SECURITY DEFINER BEGIN SELECT USER(), CURRENT_USER(); SELECT user,host FROM mysql.user; END/ |
MariaDB [(none)]> delimiter ;
|
-- as test_user user
|
MariaDB [(none)]> call mysql.user_function_demo();
|
+------------------------------------------------------+----------------+ |
| USER() | CURRENT_USER() | |
+------------------------------------------------------+----------------+ |
| test_user@ip-172-31-42-70.us-west-2.compute.internal | root@localhost |
|
+------------------------------------------------------+----------------+ |
1 row in set (0.000 sec) |
|
+---------------+-----------+ |
| User | Host | |
+---------------+-----------+ |
| test_user | % |
|
| mariadb.sys | localhost |
|
| mysql.session | localhost |
|
| mysql.sys | localhost |
|
| root | localhost |
|
+---------------+-----------+ |
5 rows in set (0.001 sec) |
|
Query OK, 0 rows affected (0.001 sec) |
It would be useful to have a INVOKING_USER() function, which will return the same information than CURRENT_USER() but for the user invoking the procedure. Like:
MariaDB [(none)]> SELECT INVOKING_USER() |
-> ;
|
+-----------------+ |
| INVOKING_USER() |
|
+-----------------+ |
| test_user@% |
|
+-----------------+ |
1 row in set (0.000 sec) |
Attachments
Issue Links
- relates to
-
MDEV-8017 current_user() in definer event/trigger/stored procedure/function/view to return real current user
- Closed