MySQL Bugs: #35391: Wrong documentation for GRANT ALL

Bug #35391	Wrong documentation for GRANT ALL
Submitted:	18 Mar 2008 11:37	Modified:	4 Aug 2010 14:26
Reporter:	Susanne Ebrecht	Email Updates:
Status:	Closed	Impact on me:	None
Category:	MySQL Server: Documentation	Severity:	S3 (Non-critical)
Version:	5.1-bk	OS:	Linux
Assigned to:	Paul DuBois	CPU Architecture:	Any

Description:
Documentation:
http://dev.mysql.com/doc/refman/5.1/en/grant.html

"ALL [PRIVILEGES] 	Sets all simple privileges except GRANT OPTION"

mysql> \u testdb
mysql> create table t(i integer, n integer);
mysql> insert into t values (1,1),(2,2),(3,3);
mysql> select * from t into outfile 'x';
mysql> grant all on testdb.* to testuser@'localhost';
mysql> grant all on testdb.* to testuser@'%';
mysql> \q

$ PATH/bin/mysql -u testuser testdb
mysql> load data infile 'x' into table t;
ERROR 1045 (28000): Access denied for user 'testuser'@'localhost' (using password: NO)

looking via ls -l to the file x. It has chmod 666.

That's weird and this works:
as user with grant option:
mysql> grant file on *.* to testuser@'%';
mysql> grant file on *.* to testuser@'localhost';
mysql> \q
$ mysql -u testuser testdb

mysql> show grants\G
*************************** 1. row ***************************
Grants for tuxine@localhost: GRANT FILE ON *.* TO 'tuxine'@'localhost'
*************************** 2. row ***************************
Grants for tuxine@localhost: GRANT ALL PRIVILEGES ON `miracee`.* TO 'tuxine'@'localhost'

mysql> load data infile 'x' into table test;
Query OK, 3 rows affected (0.00 sec)

The documentation is confusing here. I couldn't find somewhere that ALL not includes FILE.

How to repeat:
See above

Suggested fix:
Add note to documentation what exactly is included in ALL and what is not.

I'm trying to understand the nature of this bug report. The referenced page says (after the summary table):

"For the global, database, table, and routine levels, GRANT ALL assigns only the privileges that exist at the level you are granting. For example, GRANT ALL ON db_name.* is a database-level statement, so it does not grant any global-only privileges such as FILE."

Before the summary table, it points out that that for granting privileges at each access level, ALL applies to privileges for that access level. For example:

"Global level
Global privileges apply to all databases on a given server. ... GRANT ALL ON *.* and REVOKE ALL ON *.* grant and revoke only global privileges.

Database level

Database privileges apply to all objects in a given database.... GRANT ALL ON db_name.* and REVOKE ALL ON db_name.* grant and revoke only database privileges."

etc.

The page also says this:

"The FILE, PROCESS, RELOAD, REPLICATION CLIENT, REPLICATION SLAVE, SHOW DATABASES, SHUTDOWN, SUPER, and CREATE USER privileges are administrative privileges that can only be granted globally (using ON *.* syntax)."

What is unclear? Do you think the line in the summary table should be unchanged?

Sorry, I was confused.
A second test showed me that all works as expected and as documented.

Pushed into mysql-trunk 5.5.6-m3 (revid:alik@sun.com-20100731131027-1n61gseejyxsqk5d) (version source revid:marko.makela@oracle.com-20100629125518-m3am4ia1ffjr0d0j) (merge vers: 5.1.49) (pib:18)

Pushed into mysql-trunk 5.6.1-m4 (revid:alik@ibmvm-20100804080001-bny5271e65xo34ig) (version source revid:marko.makela@oracle.com-20100629125518-m3am4ia1ffjr0d0j) (merge vers: 5.1.49) (pib:18)

Pushed into mysql-trunk 5.6.1-m4 (revid:alik@ibmvm-20100804081533-c1d3rbipo9e8rt1s) (version source revid:marko.makela@oracle.com-20100629125518-m3am4ia1ffjr0d0j) (merge vers: 5.1.49) (pib:18)

Pushed into mysql-next-mr (revid:alik@ibmvm-20100804081630-ntapn8bf9pko9vj3) (version source revid:marko.makela@oracle.com-20100629125518-m3am4ia1ffjr0d0j) (pib:20)

Those push messages are spurious. They resulted from an incorrect bug number in the changeset comment for a different bug.