Description:
Hi,
Grants are not provided for user with wildcard permissions for multiple databases if partial revokes are enabled.
How to repeat:
docker run --name m8019 -d -e MYSQL_ROOT_PASSWORD=secret mysql/mysql-server:8.0.19 --partial_revokes=1
docker exec -it m8019 mysql -uroot -psecret -e "create database test1;create database test2;create user 'test'@'localhost' identified by 'secret';GRANT SELECT ON \`test%\`.* TO test@localhost;"
$ docker exec -it m8019 mysql -utest -psecret -e "SHOW DATABASES;SHOW GRANTS;"
mysql: [Warning] Using a password on the command line interface can be insecure.
+--------------------+
| Database |
+--------------------+
| information_schema |
+--------------------+
+-------------------------------------------------+
| Grants for test@localhost |
+-------------------------------------------------+
| GRANT USAGE ON *.* TO `test`@`localhost` |
| GRANT SELECT ON `test%`.* TO `test`@`localhost` |
+-------------------------------------------------+
docker rm -f m8019
docker run --name m8019 -d -e MYSQL_ROOT_PASSWORD=secret mysql/mysql-server:8.0 --partial_revokes=0
$ docker exec -it m8019 mysql -uroot -psecret
create database test1;
create database test2;
create user 'test'@'localhost' identified by 'secret';
GRANT SELECT ON `test%`.* TO test@localhost;
$ docker exec -it m8019 mysql -utest -psecret
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 141
Server version: 8.0.19 MySQL Community Server - GPL
Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
+--------------------+
1 row in set (0.01 sec)
mysql> show grants;
+-------------------------------------------------+
| Grants for test@localhost |
+-------------------------------------------------+
| GRANT USAGE ON *.* TO `test`@`localhost` |
| GRANT SELECT ON `test%`.* TO `test`@`localhost` |
+-------------------------------------------------+
$ docker run --name m8019 -d -e MYSQL_ROOT_PASSWORD=secret mysql/mysql-server:8.0.19 --partial_revokes=0
$ docker exec -it m8019 mysql -uroot -psecret -e "create database test1;create database test2;create user 'test'@'localhost' identified by 'secret';GRANT SELECT ON \`test%\`.* TO test@localhost;"
$ docker exec -it m8019 mysql -utest -psecret -e "SHOW DATABASES;SHOW GRANTS;"
mysql: [Warning] Using a password on the command line interface can be insecure.
+--------------------+
| Database |
+--------------------+
| information_schema |
| test1 |
| test2 |
+--------------------+
+-------------------------------------------------+
| Grants for test@localhost |
+-------------------------------------------------+
| GRANT USAGE ON *.* TO `test`@`localhost` |
| GRANT SELECT ON `test%`.* TO `test`@`localhost` |
+-------------------------------------------------+