Bug #14261 procedures don't show current user
Submitted: 24 Oct 2005 15:07 Modified: 24 Oct 2005 15:49
Reporter: hala t Email Updates:
Status: Not a Bug Impact on me:
Category:MySQL Server Severity:S2 (Serious)
Version: OS:Windows (winxp)
Assigned to: CPU Architecture:Any

[24 Oct 2005 15:07] hala t
I've create simple prcedure :

delimiter //
CREATE PROCEDURE  uzytkownik()
select current_user;
delimiter ;

And I gave a right to execute it to a sipple user : klient@%

mysql> CREATE PROCEDURE  uzytkownik()
    -> begin
    -> select current_user;
    -> end
    -> //
Query OK, 0 rows affected (0.05 sec)

mysql> grant execute on procedure uzytkownik to klient;
Query OK, 0 rows affected (0.02 sec)

Then I login as a klient 

C:\Program Files\MySQL\MySQL Server 5.0\bin>mysql -uklient
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 136 to server version: 5.0.13-rc-nt
Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> use bank
Database changed
mysql> call uzytkownik();
| current_user   |
| root@localhost |
1 row in set (0.03 sec)

Query OK, 0 rows affected (0.03 sec)

mysql> select current_user();
| current_user() |
| klient@%       |
1 row in set (0.00 sec)

What's wrong??? Why procedures lays in this sytuaction???

How to repeat:
as u want

Suggested fix:
no idea!!
[24 Oct 2005 15:49] Valeriy Kravchuk
Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.mysql.com/documentation/ and the instructions on
how to report a bug at http://bugs.mysql.com/how-to-report.php

Additional info:

Please, read the manual (http://dev.mysql.com/doc/refman/5.0/en/create-procedure.html):

"The SQL SECURITY characteristic can be used to specify whether the routine should be executed using the permissions of the user who creates the routine or the user who invokes it. The default value is DEFINER. This feature is new in SQL:2003. The creator or invoker must have permission to access the database with which the routine is associated."

So, by default the procedure is axecuted as user who defined it, and shows his name as a current user. It is a correct and documented behaviour, not a bug.