[MDEV-7027] ANALYZE SELECT/INSERT/UPDATE/DELETE from a view does not check SHOW permission on the view - Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Duplicate
Affects Version/s: 10.1.1
Fix Version/s: 10.1.4
Component/s: OTHER, Views
Labels:
- analyze-stmt

Description

Unlike ~~MDEV-7025~~, here we have all access to the underlying table, but only SELECT grant on the view. EXPLAIN fails because SHOW VIEW permission is missing, but ANALYZE succeeds.

All the same with INSERT, UPDATE, DELETE.

Test case
--enable_connect_log

create database db;
use db;
create table t1 (i int, c varchar(8));
insert into t1 values (1,'foo'),(2,'bar'),(3,'baz'),(4,'qux');
create view v1 as select * from t1 where i > 1;

grant SELECT on db.v1 to u1@localhost;
grant ALL on db.t1 to u1@localhost;

--connect (con1,localhost,u1,,)

select * from db.t1;
explain select * from db.t1;
analyze select * from db.t1;

select * from db.v1;
--error ER_VIEW_NO_EXPLAIN
explain select * from db.v1;
--error ER_VIEW_NO_EXPLAIN
analyze select * from db.v1;

--disconnect con1
--connection default

drop user u1@localhost;
drop database db;

Attachments

Issue Links

relates to

MDEV-406 ANALYZE $stmt

Closed

MDEV-6382 ANALYZE $stmt and security

Closed

MDEV-6422 More testing for ANALYZE stmt and JSON

Closed

Activity

People

Assignee:: Vicențiu Ciorbaru

Reporter:: Elena Stepanova

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 2014-11-05 17:37

Updated:: 2015-03-10 21:55

Resolved:: 2015-03-10 21:55

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.