Details
-
Bug
-
Status: Closed (View Workflow)
-
Minor
-
Resolution: Not a Bug
-
10.0.19
Description
I created a procedure with a DEFINER. The definer has a role. I tried to enable the role with SET ROLE within the procedure, but it doesn't work.
USE test; |
|
CREATE ROLE r; |
GRANT ALL PRIVILEGES ON *.* TO r; |
|
CREATE USER u@'%'; |
GRANT r TO u@'%'; |
GRANT SELECT ON *.* TO u@'%'; |
|
|
DELIMITER ||
|
|
DROP PROCEDURE IF EXISTS test_role_in_procedure || |
CREATE DEFINER = u@'%' PROCEDURE test_role_in_procedure() |
SQL SECURITY DEFINER
|
BEGIN
|
SET ROLE r; |
END || |
|
DELIMITER ;
|
|
MariaDB [test]> CALL test_role_in_procedure();
|
ERROR 1370 (42000): execute command denied to user 'u'@'%' for routine 'test.test_role_in_procedure' |
f_razzoli,
I don't see a bug here. it's not SET ROLE that does not work; it's the procedure call that fails, because the procedure is supposed to be executed under 'u'@'%' privileges, and it does not have the EXECUTE grant. It does not even reach SET ROLE.
Could you please elaborate on your expectations here?