Bug #77702 SESSION_ACCOUNT_CONNECT_ATTR not visible to everybody
Submitted: 13 Jul 2015 15:06 Modified: 10 Aug 2015 13:20
Reporter: Georgi Kodinov Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Performance Schema Severity:S3 (Non-critical)
Version:5.7 OS:Any
Assigned to: Georgi Kodinov CPU Architecture:Any

[13 Jul 2015 15:06] Georgi Kodinov 
Description:
The fix for bug #14569746 (reported internally) removes one of the requirements that the implementation of WL#5924 implements, namely public visibility of SESSION_ACCOUNT_CONNECT_ATTR.

How to repeat:
1. Create a database instance (using e.g. --initialize etc)
2. CREATE USER gizmo@localhost;
3. mysql ... -u gizmo
4. SELECT * FROM PERFORMANCE_SCHEMA.session_account_connect_attr;
Get access denied error.

Suggested fix:
Re-enable this table as world readable.
Note that the current MYSQL grant system does not support granting stuff to public. Granting is limited to existing user accounts only. Newly created ones don't inherit grants. 
So public tables (like e.g. INFORMATION_SCHEMA tables) don't rely on the mysql grant tables to ensure public visibility. They instead implement an internal object instance that overrides it. 
The SESSION_ACCOUNT_CONNECT_ATTR table was specifically designed with that in mind and to be safe to grant to everybody.
[10 Aug 2015 13:20] Paul DuBois 
Noted in 5.7.9, 5.8.0 changelogs.

The Performance Schema session_account_connect_attr had mistakenly
been changed to require the SELECT privilege. It requires no special
privileges again.