[#MDEV-29509] execute granted indirectly (via roles) doesn't always work

[MDEV-29509] execute granted indirectly (via roles) doesn't always work Created: 2022-09-11 Updated: 2022-09-20 Resolved: 2022-09-14
Status:	Closed
Project:	MariaDB Server
Component/s:	Authentication and Privilege System
Affects Version/s:	10.3, 10.4, 10.5, 10.6, 10.7, 10.8, 10.9
Fix Version/s:	10.3.37, 10.4.27, 10.5.18, 10.6.11, 10.7.7, 10.8.6, 10.9.4, 10.10.2

Type:

Bug

Priority:

Critical

Reporter:

Sergei Golubchik

Assignee:

Vicențiu Ciorbaru

Resolution:

Fixed

Votes:

Labels:

None

Issue Links:

Blocks
blocks	MDEV-14443	DENY clause for access control a.k.a....	Stalled
Relates
relates to	~~MDEV-29458~~	Role grant commands do not propagate ...	Closed

Description

create procedure p1 () select 1;

create role r1, r2;

grant r1 to r2;

create user foo@localhost;

grant r2 to foo@localhost;

grant execute on procedure test.p1 to r1;

#grant alter routine on procedure test.p1 to r2;

connect foo,localhost,foo;

set role r2;

show grants;

call p1();

this test succeeds, call p1() is allowed. but if grant alter routine is uncommented, the test fails.

Comments

Comment by Vicențiu Ciorbaru [ 2022-09-12 ]

Hi Sergei!

A follow-up commit was pushed to PR

Good catch!

Comment by Sergei Golubchik [ 2022-09-12 ]

47ccbeabb26 is ok to push

Generated at Thu Feb 08 10:09:09 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.