Bug #87112 | SET ROLE disappears when activate_all_roles_on_login is set | ||
---|---|---|---|
Submitted: | 19 Jul 2017 12:05 | Modified: | 19 Jul 2017 12:36 |
Reporter: | Giuseppe Maxia (OCA) | Email Updates: | |
Status: | Closed | Impact on me: | |
Category: | MySQL Server: Security: Roles | Severity: | S1 (Critical) |
Version: | 8.0.2 | OS: | Any |
Assigned to: | CPU Architecture: | Any |
[19 Jul 2017 12:05]
Giuseppe Maxia
[19 Jul 2017 12:21]
MySQL Verification Team
Hello Giuseppe, Thank you for the report and feedback. Looking at the syntax there is no "=" while setting option - https://dev.mysql.com/doc/refman/8.0/en/set-role.html. Please could you try SET ROLE NONE; instead? root@localhost [(none)]> select @@activate_all_roles_on_login; +-------------------------------+ | @@activate_all_roles_on_login | +-------------------------------+ | 1 | +-------------------------------+ 1 row in set (0.00 sec) root@localhost [(none)]> show variables like "%mandatory%"; +-----------------+----------------+ | Variable_name | Value | +-----------------+----------------+ | mandatory_roles | test@localhost | +-----------------+----------------+ 1 row in set (0.00 sec) root@localhost [(none)]> set role=none; ERROR 1193 (HY000): Unknown system variable 'role' root@localhost [(none)]> root@localhost [(none)]> set role none; Query OK, 0 rows affected (0.00 sec) Thanks, Umesh
[19 Jul 2017 12:27]
Giuseppe Maxia
Hi Umesh, Thanks for the quick response. Indeed, using SET ROLE without '=' works. You can close the issue. I have to say that the syntax for role activation is most confusing.
[19 Jul 2017 12:36]
MySQL Verification Team
Thank you Giuseppe, for confirming. Closing the issue for now. regards, Umesh