Description:
The command that grants permissions to a user contains wildcard characters.
Matching result with wildcards "%_" and "_%" are inconsistent.
The wildcard "%" indicates that 0 or more characters are matched and "_" indicates that any single character is matched. So I think that "%_" and "_%" both mean that at least one character is matched.
I created user_1 and user_5 and gave them the appropriate permissions. I expected that neither user_1 nor user_5 can view the "zzx" database.
mysql> CREATE USER 'user_1'@'%' IDENTIFIED BY '123456';
Query OK, 0 rows affected (0.02 sec)
mysql> GRANT ALL PRIVILEGES ON `zz%_x`.* TO 'user_1'@'%';
Query OK, 0 rows affected (0.00 sec)
mysql> CREATE USER 'user_5'@'%' IDENTIFIED BY '123456';
Query OK, 0 rows affected (0.01 sec)
mysql> GRANT ALL PRIVILEGES ON `zz_%x`.* TO 'user_5'@'%';
Query OK, 0 rows affected (0.01 sec)
mysql> create database zzx;
Query OK, 1 row affected (0.01 sec)
# Connect to the database as user_1
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| performance_schema |
| zzx |
+--------------------+
3 rows in set (0.00 sec)
# Connect to the database as user_5
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| performance_schema |
+--------------------+
2 rows in set (0.00 sec)
How to repeat:
mysql> create user 'user_1'@'%' identified by '123456';
mysql> create user 'user_5'@'%' identified by '123456';
mysql> GRANT ALL PRIVILEGES ON `zz%_x`.* TO 'user_1'@'%';
mysql> GRANT ALL PRIVILEGES ON `zz_%x`.* TO 'user_5'@'%';
--------------------------------------------
#connect to the database -- user_1
./mysql/bin/mysql -hlocalhost -uuser_1 -P13337 -p123456 -S /xxx/mysql-8.0.37/mysql/mysql.sock
mysql> show databases;
------------------------------------------
#connect to the database -- user_5
./mysql/bin/mysql -hlocalhost -uuser_5 -P13337 -p123456 -S /xxx/mysql-8.0.37/mysql/mysql.sock
mysql> show databases;