Bug #9582 incorrect ACL system refresh after its update by GRANT command
Submitted: 2 Apr 2005 14:24 Modified: 8 Oct 12:02
Reporter: Oleksandr Byelkin Email Updates:
Status: Not a Bug Impact on me:
None 
Category:MySQL Server: Security: Privileges Severity:S2 (Serious)
Version:5.0 OS:Any
Assigned to: Assigned Account CPU Architecture:Any

[2 Apr 2005 14:24] Oleksandr Byelkin 
Description:
following mysql-test script return error despite operation allowance.
But repeat of 'use <database>'  command refresh ACL and command becomes allowed (see commented line in the script)

How to repeat:
connect (root,localhost,root,,test);
connection root;
--disable_warnings
create database mysqltest;
--enable_warnings

grant create,select on test.* to mysqltest_1@localhost;

connect (user1,localhost,mysqltest_1,,test);
connection user1;

create table t1 (a int);

connection root;
grant create,drop,select on test.* to mysqltest_1@localhost;

connection user1;
# if uncomment following command bug will gone
#use test;
drop table t1;

connection root;
revoke all privileges on test.* from mysqltest_1@localhost;

drop database mysqltest;
[8 Oct 12:02] Georgi Kodinov 
Posted by developer:
 
https://dev.mysql.com/doc/refman/9.3/en/privilege-changes.html:

 A grant table reload affects privileges for each existing client session as follows:

    Table and column privilege changes take effect with the client's next request.

    Database privilege changes take effect the next time the client executes a USE db_name statement.
    Note

    Client applications may cache the database name; thus, this effect may not be visible to them without actually changing to a different database.

    Static global privileges and passwords are unaffected for a connected client. These changes take effect only in sessions for subsequent connections. Changes to dynamic global privileges apply immediately. For information about the differences between static and dynamic privileges, see Static Versus Dynamic Privileges.)