Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-8616

Inconsistent behavior of GRANT/REVOKE PROXY with roles

    XMLWordPrintable

    Details

      Description

      prepare entries

      create user u1;
      create user u2;
      create role r1;
      create role r2;

      User logic: all of these work

      grant proxy on u1 to u2;
      grant proxy on u1 to CURRENT_USER;
      grant proxy on CURRENT_USER to u2;

      Roles logic

      set role r1;

      Granting PROXY to a role

      # This does not work: a role cannot be granted proxy on a user
      # (returns ERROR 1133 Can't find any matching row in the user table)
      grant proxy on u1 to r1;
       
      # This also does not work, same error, so it's consistent with the previous one
      # (also returns ERROR 1133 Can't find any matching row in the user table)
      grant proxy on u1 to CURRENT_ROLE;

      Granting PROXY on a role

      # This works (I'm not sure it should, but it does): a user can be granted proxy on a role
      grant proxy on r1 to u2;
       
      # But this returns a syntax error
      grant proxy on CURRENT_ROLE to u1;

      Last two results are inconsistent. If a user can be granted proxy on a role, it should work for CURRENT_ROLE as well.
      If a user cannot be granted proxy on a role, the first statement should return a proper error (and preferably the second one too, but it would be less important then, it can stay a syntax error).

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              cvicentiu Vicențiu Ciorbaru
              Reporter:
              elenst Elena Stepanova
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:

                  Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.