Bug #45681 column privileges set aside when using select * on a view
Submitted: 23 Jun 2009 14:29 Modified: 23 Jun 2009 19:31
Reporter: Erik Svanberg Email Updates:
Status: Can't repeat Impact on me:
None 
Category:MySQL Server: Views Severity:S3 (Non-critical)
Version:5.1.14 OS:Linux
Assigned to: CPU Architecture:Any
Tags: grant column access, privileges, VIEW

[23 Jun 2009 14:29] Erik Svanberg
Description:
I tested to grant privelegs on a view

How to repeat:
CREATE TABLE `db1`.`a` (
  `id` INTEGER UNSIGNED NOT NULL AUTO_INCREMENT,
  `text` VARCHAR(45) NOT NULL,
  `text2` VARCHAR(45) NOT NULL,
  PRIMARY KEY (`id`)
)
ENGINE = MyISAM;

CREATE VIEW `db1`.`b` as select id, text from `db1`.`a`;

grant select (text) on `db1`.`b` to user1;

(logging in as user1)

>select id from b;
>SELECT command denied to user 'user1'@'123.456.789' for column 'id' in table 'b'

>select * from b;

Both id and text are displayed even though I should only have access to the column 'text'
[23 Jun 2009 14:32] Erik Svanberg
Hmm, I guess I made it a bit short in the beginning. In short the grant privileges to a column in a view does not work properly since you can set this aside by using a select * from the view. 

/Erik
[23 Jun 2009 19:31] Sveta Smirnova
Thank you for the report.

I can not repeat described behavior with current version 5.1.35. Please upgrade.