[#MDEV-5227] Resolve the ambiguity between user and role names as mentioned in MDEV-4397

[MDEV-5227] Resolve the ambiguity between user and role names as mentioned in MDEV-4397 Created: 2013-11-02 Updated: 2015-10-29
Status:	Open
Project:	MariaDB Server
Component/s:	None
Fix Version/s:	None

Type:

Task

Priority:

Minor

Reporter:

Elena Stepanova

Assignee:

Unassigned

Resolution:

Unresolved

Votes:

Labels:

None

Issue Links:

Relates
relates to	~~MDEV-4397~~	Roles	Closed
relates to	~~MDEV-5164~~	Testing Roles	Closed

Description

~~MDEV-4397~~ (Roles) says that there is expected ambiguity between role names and user names, and also mentions a possible solution for that ("we can specify that a role name cannot match the first part of any user name."). It hasn't been done, please consider implementing it or something similar; the way it works now is indeed a bit confusing and somewhat disturbing, e.g.

create user manager;

grant all on db1.* to manager; # grant goes to the user manager@'%'

create role manager;

grant all on db2.* to manager; # grant goes to the role manager

etc.

Comments

Comment by Elena Stepanova [ 2014-01-13 ]

Here is Peter's opinion on the subject, mentioned in his blog (http://ocelot.ca/blog/blog/2014/01/12/roles-review/):

Here's the third bug: if a user and a role have the same name, GRANT only works on the role. If I say

CREATE USER u_1;
CREATE ROLE u_1;
GRANT INSERT ON . TO u_1;
SELECT host,user,insert_priv,is_role FROM mysql.user WHERE mysql.user.user='u_1';

I'd expect that INSERT would be granted to both the user and the role. It's not, it's granted only to the role. Moral: users and roles should not have the same names!

Generated at Thu Feb 08 07:02:39 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.

[MDEV-5227] Resolve the ambiguity between user and role names as mentioned in MDEV-4397 Created: 2013-11-02 Updated: 2015-10-29