Bug #26185 Access denied to database where only procedure privileges are granted
Submitted: 8 Feb 2007 14:33 Modified: 28 Mar 2007 16:43
Reporter: Mark Leith Email Updates:
Status: Duplicate Impact on me:
None 
Category:MySQL Server: Security: Privileges Severity:S2 (Serious)
Version:5.0, 5.1 OS:Any (All)
Assigned to: Assigned Account CPU Architecture:Any
Tags: access denied, bfsm_2007_02_15, privileges, procedures

[8 Feb 2007 14:33] Mark Leith 
Description:
If a user is granted on privileges on a specific procedure (or procedures) within a database, if they try to "USE" that database, they are given an Access Denied error. 

This is wrong - as they do have privileges on objects within that database. We should allow them access to the database, and only list objects that they have rights to - such as we do with tables etc. 

How to repeat:
CREATE DATABASE foobar;
USE foobar

DELIMITER // 
CREATE PROCEDURE p1() BEGIN SELECT 'p1'; END//
CREATE PROCEDURE p2() BEGIN SELECT 'p2'; END//
DELIMITER ;

CREATE USER 'foo'@'%' IDENTIFIED BY 'bar';
GRANT EXECUTE ON PROCEDURE `foobar`.`p1` TO 'foo'@'%';
GRANT EXECUTE ON PROCEDURE `foobar`.`p2` TO 'foo'@'%';
exit

mysql -u foo -pbar

USE foobar

Suggested fix:
Allow access to the database whilst only showing objects with privileges assigned (in this instance, just the listed procedures).
[28 Mar 2007 16:43] Kristofer Pettersson 
This is a duplicate of Bug#9504.