|
A user with global / database level INSERT privilege can not run show columns, but can select from information_schema.columns to retrieve all columns from a table.
A user with only INSERT privilege on one single table column can run show columns and get the list of columns he has access to.
The intended behaviour should be that global/database level grants also grant access to show columns.
create user foo;
|
create user bar;
|
|
create database some_db;
|
|
create table some_db.t1 (a int, b int);
|
|
grant insert on *.* to foo;
|
grant insert on some_db.* to foo;
|
grant insert(a) on some_db.t1 to bar;
|
|
--connect (con1,localhost,foo,,)
|
# This should not error out.
|
--error ER_TABLEACCESS_DENIED_ERROR
|
show columns from some_db.t1;
|
|
select table_name, column_name from information_schema.columns where table_name like 't1';
|
disconnect con1;
|
|
--connect (con2,localhost,bar,,)
|
show columns from some_db.t1;
|
disconnect con2;
|
|
connection default;
|
drop user foo;
|
drop user bar;
|
drop database some_db;
|
|