Bug #70384 SHOW GRANTS may not return privileges of a user in current session
Submitted: 20 Sep 2013 10:53 Modified: 3 Oct 2013 11:22
Reporter: Peter Laursen (Basic Quality Contributor) Email Updates:
Status: Verified Impact on me:
None 
Category:MySQL Server: Security: Privileges Severity:S2 (Serious)
Version:5.6.12, 5.6.14 OS:Any
Assigned to: CPU Architecture:Any

[20 Sep 2013 10:53] Peter Laursen
Description:
After reporting http://bugs.mysql.com/bug.php?id=70258 I now got the PROCESS privilege to this server.  

But I still cannot "SHOW ENGINE performance_schema STATUS". The error message tells that I will need PROCESS privilege, but I already have!

The explanation:

The PROCESS privilege was granted while session was open. 

SHOW GRANTS returns what a new connection by same user would achieve - not what user has in current session.

How to repeat:
SELECT VERSION(); -- 5.6.12-log 

SHOW ENGINE `performance_schema` STATUS;
/*
Error Code: 1227
Access denied; you need (at least one of) the PROCESS privilege(s) for this operation
*/

SHOW GRANTS; 
/*
Grants for portal_readonly
GRANT PROCESS ON *.* TO '<user>'@'%' IDENTIFIED BY PASSWORD '*AA5400343D40516EAD68D274309C712E7B05BC02' 
<cut>
*/

Suggested fix:
SHOW GRANTS (with no user@host specification) should display what privileges user has in current session.
[3 Oct 2013 11:22] MySQL Verification Team
Hello Peter,

Thank you for the bug report.
Verified as described.

Thanks,
Umesh