Bug #98767 | user roles | ||
---|---|---|---|
Submitted: | 27 Feb 2020 19:20 | Modified: | 28 Feb 2020 5:32 |
Reporter: | Chris Gillepie | Email Updates: | |
Status: | Duplicate | Impact on me: | |
Category: | MySQL Server: Security: Privileges | Severity: | S3 (Non-critical) |
Version: | 8.0.19 | OS: | Any |
Assigned to: | CPU Architecture: | Any | |
Tags: | role function store procedure |
[27 Feb 2020 19:20]
Chris Gillepie
[27 Feb 2020 20:48]
Chris Gillepie
Found if i grant execute to both the user and role with definer = to the role, it seems to work. But i feel that takes away the use of creating a role. GRANT EXECUTE ON FUNCTION vagt_db.system_message TO 'Test';
[27 Feb 2020 22:13]
Chris Gillepie
Noticed when I run SHOW GRANTS FOR 'Test' USING 'r_test'@'localhost' ; It shows the function as a procedure from the role not as a function, possible bug? # Grants for Test@% 'GRANT USAGE ON *.* TO `Test`@`%`' 'GRANT SELECT ON `vagt_db`.`system_message` TO `Test`@`%`' 'GRANT EXECUTE ON PROCEDURE `vagt_db`.`system_message` TO `Test`@`%`' 'GRANT `r_admin`@`%`,`r_test`@`localhost` TO `Test`@`%`' When I also GRANT the function to the user it shows as a function. # Grants for Test@% 'GRANT USAGE ON *.* TO `Test`@`%`' 'GRANT SELECT ON `vagt_db`.`system_message` TO `Test`@`%`' 'GRANT EXECUTE ON PROCEDURE `vagt_db`.`system_message` TO `Test`@`%`' 'GRANT EXECUTE ON FUNCTION `vagt_db`.`system_message` TO `Test`@`%`' 'GRANT `r_admin`@`%`,`r_test`@`localhost` TO `Test`@`%`'
[28 Feb 2020 5:32]
MySQL Verification Team
Hell Chris Gillepie, Thank you for the report and feedback. Imho this is duplicate of Bug #98570, please see Bug #98570 regards, Umesh