[MDEV-9610] Trigger on normal table can't insert into CONNECT engine table - Access Denied Created: 2016-02-23 Updated: 2016-04-26 Resolved: 2016-04-26 |
|
| Status: | Closed |
| Project: | MariaDB Server |
| Component/s: | Authentication and Privilege System, Storage Engine - Connect |
| Affects Version/s: | 10.0, 10.1 |
| Fix Version/s: | 10.0.25, 10.1.14 |
| Type: | Bug | Priority: | Major |
| Reporter: | Robert Dyas | Assignee: | Sergei Golubchik |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | connect-engine | ||
| Environment: |
CentOS7 on Google Cloud, unixODBC 2.3.1 all tested drivers |
||
| Sprint: | 10.0.25 |
| Description |
|
If you add an AFTER INSERT trigger on an Innodb table that simply tries to insert a record into a CONNECT table, adding a record to the Innodb table fails with:
|
| Comments |
| Comment by Elena Stepanova [ 2016-02-23 ] | |||||||||||||||
|
Thanks for the report.
| |||||||||||||||
| Comment by Olivier Bertrand [ 2016-02-24 ] | |||||||||||||||
|
The error occurs in the Connect function check_privileges in which a test is done to check whether the user has the FILE privilege. This test is made against the value of table->grant.privilege that is supposed to contain a bitmap of all the user privileges. What happens is in the case of the table written from a trigger, this variable is apparently not set. This is why the writing fails and Connect issues a message saying "This operation requires the FILE privilege" that can be seen on the log file or on the console. This reaction is normal and this does not seem to be a Connect bug but a MariaDB bug. | |||||||||||||||
| Comment by Robert Dyas [ 2016-04-15 ] | |||||||||||||||
|
Any idea when this might be resolved? Important to some of our use cases. | |||||||||||||||
| Comment by Sergei Golubchik [ 2016-04-15 ] | |||||||||||||||
|
Hopefully, in the next 10.1 release |