Bug #20763 | dropping a DB doesn't remove grants relating to routines in that DB | ||
---|---|---|---|
Submitted: | 28 Jun 2006 21:03 | Modified: | 4 Jul 2006 9:26 |
Reporter: | Erica Moss | Email Updates: | |
Status: | Not a Bug | Impact on me: | |
Category: | MySQL Server | Severity: | S2 (Serious) |
Version: | 5.1.12-beta-log | OS: | Linux (Fedora core 5) |
Assigned to: | CPU Architecture: | Any |
[28 Jun 2006 21:03]
Erica Moss
[28 Jun 2006 22:17]
Harrison Fisk
No other object in MySQL has associated grants removed when it is dropped. Why do SP do this but not others? I don't care what the answer is, but it should be consistent either way it is decided to go.
[3 Jul 2006 18:10]
Erica Moss
I just noticed that I inadvertently pasted in the working example twice. This is what I intended to paste as the second example: connect (root, localhost, root,,); CREATE DATABASE procDB; GRANT CREATE ROUTINE ON procDB.* TO 'create'@'localhost' IDENTIFIED BY 'create'; GRANT EXECUTE ON PROCEDURE procDB.p1 TO 'execute'@'localhost' IDENTIFIED BY 'execute'; GRANT ALTER ROUTINE ON PROCEDURE procDB.p1 TO 'alter'@'localhost' IDENTIFIED BY 'alter'; connect (create, localhost, create, create, procDB); CREATE PROCEDURE procDB.p1() SELECT VERSION(); connection root; DROP DATABASE procDB; SHOW GRANTS FOR 'create'@'localhost'; SHOW GRANTS FOR 'execute'@'localhost'; SHOW GRANTS FOR 'alter'@'localhost'; REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'create'@'localhost'; REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'execute'@'localhost'; REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'alter'@'localhost'; DROP USER 'create'@'localhost', 'execute'@'localhost', 'alter'@'localhost';
[4 Jul 2006 9:26]
Valeriy Kravchuk
Sorry, but this is not a bug. This behaviour is intended and documented. Please, read the manual (http://dev.mysql.com/doc/refman/5.1/en/grant.html: "Important: MySQL does not automatically revoke any privileges when you drop a table or database. However, if you drop a routine, any routine-level privileges granted for that routine are revoked."