connect(con_root,localhost, root,,,);

connection con_root;


# u1 is regular user
#

create user 'u1'@'%';
GRANT SELECT, INSERT, UPDATE, DELETE ON mysql.* TO `u1`@`%` WITH GRANT OPTION;
GRANT CREATE USER, ROLE_ADMIN ON *.* to  'u1'@'%' with grant option;
show grants for 'u1'@'%';

# u2 is system user
#

create user 'u2'@'%';
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, PROCESS,
      REFERENCES, INDEX, ALTER, SHOW DATABASES, CREATE TEMPORARY TABLES,
      LOCK TABLES, EXECUTE, REPLICATION SLAVE, REPLICATION CLIENT, CREATE VIEW,
      SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER,
      CREATE ROLE, DROP ROLE ON *.* TO `u2`@`%` WITH GRANT
      OPTION;
grant SYSTEM_USER on *.* to 'u2'@'%' WITH GRANT OPTION;
show grants for 'u2'@'%';


#
# u1 is regular user, u2 is system user, but u1 has the mysql.global_grants
# DML privs, so u1 can be system user through INSERT on MYSQL.GLOBAL_GRANTS
# table
#

connect(con_u1, localhost, u1,,,);
connection con_u1;
insert into mysql.global_grants(user, host, priv, WITH_GRANT_OPTION) values('u1',
                                                                       '%',
                                                                       'SYSTEM_USER',
                                                                       'Y');
commit;

connection con_root;
flush privileges;

connection con_u1;
show grants;
grant 'u2'@'%' to 'u1'@'%';
show grants;

connection con_root;
drop user 'u1'@'%';
drop user 'u2'@'%';