maria-developers team mailing list archive

Thread
Date

Re: 2e0bac4688a: MDEV-22313: Neither SHOW CREATE USER nor SHOW GRANTS prints a user's default role

To: Anel Husakovic <anel@xxxxxxxxxxx>
From: Sergei Golubchik <serg@xxxxxxxxxxx>
Date: Fri, 23 Oct 2020 13:31:34 +0200
Cc: maria-developers@xxxxxxxxxxxxxxxxxxx
In-reply-to: <XTQSweDTExP.A.nbD.MxrkfB@pweza>

Hi, Anel!

On Oct 23, Anel Husakovic wrote:
> revision-id: 2e0bac4688a (mariadb-10.2.31-517-g2e0bac4688a)
> parent(s): 985ede92034
> author: Anel Husakovic <anel@xxxxxxxxxxx>
> committer: Anel Husakovic <anel@xxxxxxxxxxx>
> timestamp: 2020-10-23 12:38:11 +0200
> message:
> 
> MDEV-22313: Neither SHOW CREATE USER nor SHOW GRANTS prints a user's default role
> 
> diff --git a/mysql-test/r/grant5.result b/mysql-test/r/grant5.result
> index 338bbd36e14..a69070e8399 100644
> --- a/mysql-test/r/grant5.result
> +++ b/mysql-test/r/grant5.result
...
> +SHOW GRANTS;
> +Grants for root@localhost
> +GRANT test_role TO 'root'@'localhost' WITH ADMIN OPTION
> +GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION
> +GRANT PROXY ON ''@'%' TO 'root'@'localhost' WITH GRANT OPTION
> +GRANT USAGE ON *.* TO 'test_role'
> +SET DEFAULT ROLE test_role FOR 'root'@'localhost'
...

Yes, that's what I mean.

I don't have a strong opinion on that, it seems that I very slightly
prefer to have SET DEFAULT ROLE after GRANT PROXY, that is to have all
statements for root, and then statements for roles.

But having SET DEFAULT ROLE at the end makes sense too - all GRANTs
first, then SET DEFAULT ROLE.

Just make it the way you want.

But either way it's good to have a test for it, a test that shows
we've considered this issue and intentionally implemented that
particular order.

Regards,
Sergei
VP of MariaDB Server Engineering
and security@xxxxxxxxxxx