Details
-
Bug
-
Status: Open (View Workflow)
-
Major
-
Resolution: Unresolved
-
N/A
-
None
Description
Probably it's intended and is just a note for documentation and/or an addition to the MTR test case.
create user u@'%'; |
--connect (con1,127.0.0.1,u,,)
|
select user(), current_user(); |
--error ER_ACCESS_DENIED_CHANGE_USER_ERROR
|
set session authorization u@'%'; |
set session authorization u@'localhost'; |
--disconnect con1
|
--connection default
|
drop user u@'%'; |
|
283183cf22d4a74d7b0dd959be9898b7cfa7d930 |
connect con1,127.0.0.1,u,,; |
select user(), current_user(); |
user() current_user() |
u@localhost u@%
|
set session authorization u@'%'; |
ERROR 28000: Access denied trying to change to user 'u'@'%' |
set session authorization u@'localhost'; |
So, even though the user account is u@'%' and there is no account u@<hostname>, for SET SESSION AUTHORIZATION into itself the user needs to use the latter.
A user with SET USER privilege in this situation can authorize into any u@<whatever>, including but not limited to u@'%'. But once it's authorized into any u@<whatever> and it became the value which the USER() function returns, it had to be used for further authorization.
create user u@'%'; |
connect con1,127.0.0.1,root,,; |
set session authorization u@'%'; |
select user(), current_user(); |
user() current_user() |
u@% u@%
|
set session authorization u@'xxx'; |
ERROR 28000: Access denied trying to change to user 'u'@'xxx' |
set session authorization u@'%'; |
disconnect con1;
|
connect con1,127.0.0.1,root,,; |
set session authorization u@'xxx'; |
select user(), current_user(); |
user() current_user() |
u@xxx u@%
|
set session authorization u@'%'; |
ERROR 28000: Access denied trying to change to user 'u'@'%' |
set session authorization u@'xxx'; |
disconnect con1;
|
Attachments
Issue Links
- is caused by
-
MDEV-20299 SET SESSION AUTHORIZATION
-
- Closed
-