[MDEV-25278] galera does not replace grant EXECUTE , ALTER RONTINE from automatic_sp_privileges Created: 2021-03-28 Updated: 2021-12-23 |
|
| Status: | Open |
| Project: | MariaDB Server |
| Component/s: | Galera |
| Affects Version/s: | 10.5 |
| Fix Version/s: | 10.5 |
| Type: | Bug | Priority: | Major |
| Reporter: | William Wong | Assignee: | Ramesh Sivaraman |
| Resolution: | Unresolved | Votes: | 0 |
| Labels: | None | ||
| Environment: |
Redhat Enterprise Linux 7.9 x86_64 on VMware |
||
| Description |
|
Found galera does not replace grant EXECUTE , ALTER RONTINE from automatic_sp_privileges. automatic_sp_privileges is ON by default step 1: build a galera DB cluster with automatic_sp_privileges default value ON step 2: create database testdb1 step 3: create user app_owner step 4: grant schema level privileges GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER, CREATE TEMPORARY TABLES, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, TRIGGER ON `testdb1`.* TO `app_owner`@`%` WITH GRANT OPTION ; step 5: create procedure by user app_owner delimiter // step 6: show grant in galera node 1 has routine level privileges from automatic_sp_privileges GRANT EXECUTE, ALTER ROUTINE ON PROCEDURE `testdb1`.`p_test` TO `app_owner`@`%` step 7: show grant in galera node 2 has no such object privilege workaround: grant db level EXECUTE privilege but may not apply to all situation |