Bug #91869 Documentation issue for SET DEFAULT ROLE
Submitted: 2 Aug 2018 10:09 Modified: 8 Aug 2018 2:13
Reporter: Paul Campbell Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Documentation Severity:S3 (Non-critical)
Version:8.0.11 OS:Any
Assigned to: CPU Architecture:Any

[2 Aug 2018 10:09] Paul Campbell
Description:
In documentation for SET DEFAULT ROLE

https://dev.mysql.com/doc/refman/8.0/en/set-default-role.html

<snip>
role [, role ] ...: Set the default to the named roles, which need not exist or be granted to the account at the time SET DEFAULT ROLE is executed.
</snip>

Suggests that a default role can be specified for an account before that role has been created or assigned to the user. Attempts to do so result in an error where either condition applies.

How to repeat:
-- create user

mysql> create user 'aaa'@'%';
Query OK, 0 rows affected (0.29 sec)

-- create role

mysql> create role 'bbb';
Query OK, 0 rows affected (0.29 sec)

-- attempt to set default to a role that hasn't been granted to the user

mysql> set default role bbb to 'aaa'@'%';
ERROR 3530 (HY000): `bbb`@`%` is not granted to `aaa`@`%`

-- attempt to set default for user to non-existing role

mysql> set default role ccc to 'aaa'@'%';
ERROR 3530 (HY000): `ccc`@`%` is not granted to `aaa`@`%`

-- grant role to user

mysql> grant 'bbb' to 'aaa'@'%';
Query OK, 0 rows affected (0.14 sec)

-- works when role both exists and has been granted

mysql> set default role bbb to 'aaa'@'%';
Query OK, 0 rows affected (0.18 sec)

Suggested fix:
Update documentation to

role [, role ] ...: Set the default to the named roles, which must exist and be granted to the account at the time SET DEFAULT ROLE is executed.
[2 Aug 2018 13:15] MySQL Verification Team
Hi,

Thank you for your bug report.

I find that your report truly points to a deficiency in our documentation for the ROLEs.

Verified as reported.
[8 Aug 2018 2:13] Paul DuBois
Posted by developer:
 
Looks like this changed in 8.0.11 (Bug#85561).
Revising description to:

role [, role ] ...: Set the default to the named roles, which must
exist and be granted to the account at the time SET DEFAULT ROLE is
executed.