[MDEV-23871] show grants for {role} includes grants for roles it is a member of Created: 2020-10-02  Updated: 2020-10-02  Resolved: 2020-10-02

Status: Closed
Project: MariaDB Server
Component/s: Authentication and Privilege System
Affects Version/s: 10.1.46
Fix Version/s: N/A

Type: Bug Priority: Minor
Reporter: Daniel Black Assignee: Unassigned
Resolution: Not a Bug Votes: 0
Labels: Roles, show


 Description   

show grants

 
 
 
MariaDB [(none)]> CREATE ROLE role_1;
 
Query OK, 0 rows affected (0.01 sec)
 
 
 
MariaDB [(none)]> CREATE ROLE role_2 WITH ADMIN role_1;
 
Query OK, 0 rows affected (0.00 sec)
 
 
 
MariaDB [(none)]> show grants for role_1;
 
+--------------------------------------------+
 
| Grants for role_1                          |
 
+--------------------------------------------+
 
| GRANT role_2 TO 'role_1' WITH ADMIN OPTION |
 
| GRANT USAGE ON *.* TO 'role_1'             |
 
| GRANT USAGE ON *.* TO 'role_2'             |
 
+--------------------------------------------+
 
 
 
MariaDB [(none)]> show grants for role_2;
 
+--------------------------------+
 
| Grants for role_2              |
 
+--------------------------------+
 
| GRANT USAGE ON *.* TO 'role_2' |
 
+--------------------------------+

show grants for role_1 shouldn't include role_2 grants.

 Comments   
Comment by Daniel Black [ 2020-10-02 ]

From cvicentiu

"Yes they are needed
because when you activate role_1, you also get the grants of role_2"

Which makes sense to me.

Generated at Thu Feb 08 09:25:41 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.