[MDEV-9320] SET ROLE doesn't work in stored procedures Created: 2015-12-24  Updated: 2016-02-10  Resolved: 2016-02-10

Status: Closed
Project: MariaDB Server
Component/s: Admin statements
Affects Version/s: 10.0.19
Fix Version/s: N/A

Type: Bug Priority: Minor
Reporter: Federico Razzoli Assignee: Unassigned
Resolution: Not a Bug Votes: 0
Labels: need_feedback, roles, stored_procedures


 Description   

I created a procedure with a DEFINER. The definer has a role. I tried to enable the role with SET ROLE within the procedure, but it doesn't work.

USE test;
 
 
 
CREATE ROLE r;
 
GRANT ALL PRIVILEGES ON *.* TO r;
 
 
 
CREATE USER u@'%';
 
GRANT r TO u@'%';
 
GRANT SELECT ON *.* TO u@'%';
 
 
 
 
 
DELIMITER ||
 
 
 
DROP PROCEDURE IF EXISTS test_role_in_procedure ||
 
CREATE DEFINER = u@'%' PROCEDURE test_role_in_procedure()
 
        SQL SECURITY DEFINER
 
BEGIN
 
        SET ROLE r;
 
END ||
 
 
 
DELIMITER ;
 
 
 
MariaDB [test]> CALL test_role_in_procedure();
 
ERROR 1370 (42000): execute command denied to user 'u'@'%' for routine 'test.test_role_in_procedure'



 Comments   
Comment by Elena Stepanova [ 2016-01-12 ]

f_razzoli,

I don't see a bug here. it's not SET ROLE that does not work; it's the procedure call that fails, because the procedure is supposed to be executed under 'u'@'%' privileges, and it does not have the EXECUTE grant. It does not even reach SET ROLE.

Could you please elaborate on your expectations here?

Comment by Elena Stepanova [ 2016-02-10 ]

Please comment to re-open if you have more information which confirms there is a bug in here.

Generated at Thu Feb 08 07:33:47 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.