Bug #67967 small clarification to CURRENT_USER behaviour in TRIGGERS and EVENTS
Submitted: 23 Dec 2012 12:37 Modified: 30 Jan 2013 2:37
Reporter: Peter Laursen (Basic Quality Contributor) Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Documentation Severity:S3 (Non-critical)
Version:5.0.97, 5.1.68, 5.5.30, 5.7.1 OS:Any
Assigned to: Paul DuBois CPU Architecture:Any

[23 Dec 2012 12:37] Peter Laursen 
Description:
http://dev.mysql.com/doc/refman/5.5/en/information-functions.html#function_current-user

I find this paragraph a little unclear and incomplete: "Within a stored program or view, CURRENT_USER() returns the account for the user who defined the object (as given by its DEFINER value). For stored procedures and functions and views defined with the SQL SECURITY INVOKER characteristic, CURRENT_USER() returns the object's invoker." 

A little better maybe:
"Within a stored program or view, CURRENT_USER() returns the account for the user who defined the object (as given by its DEFINER value) unless defined with the SQL SECURITY INVOKER characteristic. In this case CURRENT_USER() returns the object's invoker. 

As TRIGGERS and EVENTS have no option the define the SQL SECURITY property, CURRENT_USER() will here always return the account for the user who defined the object. To return the invoker, use USER() or SESSION_USER()."

How to repeat:
-- as 'root'@'localhost'
CREATE DATABASE trigtest;
USE trigtest;
CREATE TABLE trig (id INT);

DELIMITER &&
CREATE TRIGGER `trig` 
AFTER INSERT ON `trigtest`.`trig` FOR EACH ROW 
BEGIN                                           
SET @cuser = current_user();                                                         SET @user = user();                                                                  END &&
DELIMITER; 

CREATE USER 'testtrig'@'localhost';
GRANT INSERT ON `trigtest`.`trig` TO 'testtrig'@'localhost';

-- as 'testtrig'@'localhost'
INSERT INTO `trigtest`.`trig` VALUES (1);
SELECT @cuser; -- returns "root@localhost"
SELECT @user; -- returns "testtrig@localhost" 

Suggested fix:
see above.

It originated from discussion here:
http://blog.webyog.com/2012/12/20/bypass-triggers/
[23 Dec 2012 12:51] Peter Laursen 
Sorry for formatting issues (missing linebreaks). Copied/pasted from an editor ..
[23 Dec 2012 13:20] Valeriy Kravchuk 
I wonder why category is "MySQL Workbench: Docs"...
[23 Dec 2012 13:22] Peter Laursen 
So do I! fixed!
[24 Dec 2012 16:31] Sveta Smirnova 
Thank you for the report.

Verified as described.
[30 Jan 2013 2:37] Paul DuBois 
Thank you for your bug report. This issue has been addressed in the documentation. The updated documentation will appear on our website shortly, and will be included in the next release of the relevant products.