Details
-
Bug
-
Status: Open (View Workflow)
-
Minor
-
Resolution: Unresolved
-
None
-
None
-
None
Description
mariadb-dump --system=users > /tmp/privs.sql
File contains one create role line with
/*!80001... create role
for each role, and for each row in `mysql.roles_mapping` that has admin_option='Y', one of these:
/*M!100005.... create role
So for a role that has 2 admins, the dump contains 3 create role lines, 2 of which will fail.
Example - this is running all the relevant lines for a single role extracted from a dump taken from 11.4.10:
MariaDB [(none)]> CREATE ROLE IF NOT EXISTS mariadb_dump_import_role;
|
|
|
MariaDB [(none)]> GRANT mariadb_dump_import_role TO CURRENT_USER();
|
Query OK, 0 rows affected (0.031 sec)
|
|
|
MariaDB [(none)]> SET ROLE mariadb_dump_import_role;
|
Query OK, 0 rows affected (0.030 sec)
|
|
|
MariaDB [(none)]> /*!80001 CREATE ROLE 'support_team' */;
|
Query OK, 0 rows affected (0.027 sec)
|
|
|
MariaDB [(none)]> /*M!100005 CREATE ROLE 'support_team' WITH ADMIN mariadb_dump_import_role */;
|
ERROR 1396 (HY000): Operation CREATE ROLE failed for 'support_team'
|
|
|
MariaDB [(none)]> /*M!100005 GRANT 'support_team' TO 'user1'@'%' WITH ADMIN OPTION */;
|
Query OK, 0 rows affected (0.044 sec)
|
|
|
MariaDB [(none)]> /*!80001 CREATE ROLE 'support_team' */;
|
Query OK, 0 rows affected (0.026 sec)
|
|
|
MariaDB [(none)]> /*M!100005 CREATE ROLE 'support_team' WITH ADMIN mariadb_dump_import_role */;
|
ERROR 1396 (HY000): Operation CREATE ROLE failed for 'support_team'
|
|
|
MariaDB [(none)]> /*M!100005 GRANT 'support_team' TO 'user2'@'%' WITH ADMIN OPTION */;
|
Query OK, 0 rows affected (0.030 sec)
|
|
|
MariaDB [(none)]> SET ROLE NONE;
|
Query OK, 0 rows affected (0.026 sec)
|
|
|
MariaDB [(none)]> DROP ROLE mariadb_dump_import_role;
|
Query OK, 0 rows affected (0.032 sec)
|
Ultimately it achieves the goal of giving the users who need it admin_priv (the "grant ... to ... with admin" does succeed), but it does fill the logs with errors on a large import.