Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-34838

SELECT Grant restricts visibility to referential_constraints table

Details

    Description

      After upgrading from 10.3.34 to 10.11.8, a SELECT Granted user is no more able to read rows from the referential_constraints table.

      I needed to change the GRANT from :

      CREATE USER 'readonly'@'%' IDENTIFIED BY 'readonly';
      GRANT SELECT ON *.* TO 'readonly'@'%';
      FLUSH PRIVILEGES;

      To :

      CREATE USER 'readonly'@'%' IDENTIFIED BY 'readonly';
      GRANT USAGE ON *.* TO `readonly`@`%`;
      GRANT SELECT, REFERENCES, CREATE TEMPORARY TABLES, LOCK TABLES, SHOW VIEW ON `some_db`.* TO `readonly`@`%`;
      FLUSH PRIVILEGES;

      With SELECT GRANT, this query returns empty set :

      SELECT * FROM `REFERENTIAL_CONSTRAINTS

      With the new GRANT, the same query returns the expected results.

      Maybe this is a new feature, but I could not find any reference of this change in the changelogs.

      Attachments

        Issue Links

          Activity

            This is likely a result of the bug fix in MDEV-32500, which was done in 10.4 and up (so, not in 10.3).

            According to the SQL Standard (2016, part 11) to see a row in the INFORMATION_SCHEMA.REFERENTIAL_CONSTRAINTS one needs any non-SELECT privilege on the table or on any of the columns.

            serg Sergei Golubchik added a comment - This is likely a result of the bug fix in MDEV-32500 , which was done in 10.4 and up (so, not in 10.3). According to the SQL Standard (2016, part 11) to see a row in the INFORMATION_SCHEMA.REFERENTIAL_CONSTRAINTS one needs any non-SELECT privilege on the table or on any of the columns.

            People

              serg Sergei Golubchik
              nguyenk Kevin NGUYEN
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.