[#MDEV-8545] Security definer views don't work with engine's privilege checks

[MDEV-8545] Security definer views don't work with engine's privilege checks Created: 2015-07-27 Updated: 2019-09-10 Resolved: 2019-09-10
Status:	Closed
Project:	MariaDB Server
Component/s:	Authentication and Privilege System, Plugins
Affects Version/s:	5.5, 10.0, 10.1, 10.2
Fix Version/s:	N/A

Type:

Bug

Priority:

Major

Reporter:

Sergei Golubchik

Assignee:

Sergei Golubchik

Resolution:

Fixed

Votes:

Labels:

None

Issue Links:

PartOf
is part of	~~MDEV-20549~~	SQL SECURITY DEFINER does not work fo...	Closed
Relates
relates to	~~MDEV-7574~~	Security definer views don't work wit...	Closed

Description

This is a follow-up for ~~MDEV-7574~~.

Different engines check user privileges for some reasons. For example, InnoDB and XtraDB often check PROCESS privilege in the I_S code.

All these checks always use invoker's privileges, and don't respect SQL SECURITY DEFINER of views.

We should extract the fix for ~~MDEV-7574~~ from the CONNECT code and make it into an easy to use function that all plugins can use. And change plugins to use it.

Generated at Thu Feb 08 07:27:57 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.

[MDEV-8545] Security definer views don't work with engine's privilege checks Created: 2015-07-27 Updated: 2019-09-10 Resolved: 2019-09-10