Bug #26185 Access denied to database where only procedure privileges are granted
Submitted: 8 Feb 2007 15:33 Modified: 28 Mar 2007 18:43
Reporter: Mark Leith
Status: Duplicate
Category:Server: Privileges Severity:S2 (Serious)
Version:5.0, 5.1 OS:Any (All)
Assigned to: Alexander Nozdrin Target Version:
Tags: bfsm_2007_02_15, access denied, privileges, procedures

[8 Feb 2007 15:33] Mark Leith 
Description:
If a user is granted on privileges on a specific procedure (or procedures) within a
database, if they try to "USE" that database, they are given an Access Denied error. 

This is wrong - as they do have privileges on objects within that database. We should
allow them access to the database, and only list objects that they have rights to - such
as we do with tables etc. 

How to repeat:
CREATE DATABASE foobar;
USE foobar

DELIMITER // 
CREATE PROCEDURE p1() BEGIN SELECT 'p1'; END//
CREATE PROCEDURE p2() BEGIN SELECT 'p2'; END//
DELIMITER ;

CREATE USER 'foo'@'%' IDENTIFIED BY 'bar';
GRANT EXECUTE ON PROCEDURE `foobar`.`p1` TO 'foo'@'%';
GRANT EXECUTE ON PROCEDURE `foobar`.`p2` TO 'foo'@'%';
exit

mysql -u foo -pbar

USE foobar

Suggested fix:
Allow access to the database whilst only showing objects with privileges assigned (in
this instance, just the listed procedures).
[28 Mar 2007 18:43] Kristofer Pettersson 
This is a duplicate of Bug#9504.