Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-7027

ANALYZE SELECT/INSERT/UPDATE/DELETE from a view does not check SHOW permission on the view

    XMLWordPrintable

    Details

      Description

      Unlike MDEV-7025, here we have all access to the underlying table, but only SELECT grant on the view. EXPLAIN fails because SHOW VIEW permission is missing, but ANALYZE succeeds.

      All the same with INSERT, UPDATE, DELETE.

      Test case

      --enable_connect_log
       
      create database db;
      use db;
      create table t1 (i int, c varchar(8));
      insert into t1 values (1,'foo'),(2,'bar'),(3,'baz'),(4,'qux');
      create view v1 as select * from t1 where i > 1;
       
      grant SELECT on db.v1 to u1@localhost;
      grant ALL on db.t1 to u1@localhost;
       
      --connect (con1,localhost,u1,,)
       
      select * from db.t1;
      explain select * from db.t1;
      analyze select * from db.t1;
       
      select * from db.v1;
      --error ER_VIEW_NO_EXPLAIN
      explain select * from db.v1;
      --error ER_VIEW_NO_EXPLAIN
      analyze select * from db.v1;
       
      --disconnect con1
      --connection default
       
      drop user u1@localhost;
      drop database db;

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              cvicentiu Vicențiu Ciorbaru
              Reporter:
              elenst Elena Stepanova
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: