maria-discuss team mailing list archive
-
maria-discuss team
-
Mailing list archive
-
Message #03931
R: handling of mixed case roles
Users are case-sensitive, so I expect the same from roles.
If something doesn't work with mixed-case roles, it is probably a bug.
Federico
--------------------------------------------
Lun 5/9/16, Robin Peiremans <robin.peiremans@xxxxxx> ha scritto:
Oggetto: [Maria-discuss] handling of mixed case roles
A: "maria-discuss@xxxxxxxxxxxxxxxxxxx" <maria-discuss@xxxxxxxxxxxxxxxxxxx>
Data: Lunedì 5 settembre 2016, 10:27
Hi
I've created a role
with both upper and lowercase name, resulting in some weird
behavior (output and test case below).
The first thing I noticed
is that you can create roles with the same name but
different case (test_role and test_ROLE in below example),
but you can't grant both to the same user as that
results in an error 1961 when granting the second
role. Imo this indicates that not all the roles code is
case-sensitive.
The second weird thing is
that when you get the error 1961 in above scenario, the
first role (that was granted successfully) is gone from the
show grants output. It is not revoked (the user can still
use it), it just isn't shown anymore
until I flush privileges.
Can this be considered a
bug, or am I missing something here?
MariaDB version:
10.1.13-MariaDB
OS: Red Hat 7.2
Kind regards
Robin
Output and test case:
MariaDB [mysql]> create
role test_ROLE;
Query OK, 0 rows affected
(0.00 sec)
MariaDB [mysql]> create
role test_role;
Query OK, 0 rows affected
(0.00 sec)
MariaDB [mysql]> grant
select on mysql.* to test_role;
Query OK, 0 rows affected
(0.00 sec)
MariaDB [mysql]> select
user, host from user where is_role='y' and user like
'test%';
+-----------+------+
|
user | host |
+-----------+------+
| test_ROLE
| |
| test_role
| |
+-----------+------+
2 rows in set (0.00
sec)
MariaDB [mysql]> grant
test_role to testuser;
Query OK, 0 rows affected
(0.00 sec)
MariaDB [mysql]> show
grants for testuser;
+------------------------------------------------------------------------+
| Grants for
testuser@%
|
+------------------------------------------------------------------------+
| GRANT test_role TO
'testuser'@'%'
|
| GRANT USAGE ON *.* TO
'testuser'@'%' IDENTIFIED VIA pam USING
'mariadb' |
+------------------------------------------------------------------------+
2 rows in set (0.00
sec)
MariaDB [mysql]> grant
test_ROLE to testuser;
ERROR 1961 (HY000): Cannot
grant role 'test_ROLE' to: 'testuser'.
MariaDB [mysql]> show
grants for testuser;
+------------------------------------------------------------------------+
| Grants for
testuser@%
|
+------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO
'testuser'@'%' IDENTIFIED VIA pam USING
'mariadb' |
+------------------------------------------------------------------------+
1 row in set (0.00
sec)
MariaDB [mysql]> select
* from roles_mapping where user='testuser';
+-----------+---------+-----------+--------------+
|
Host | User
| Role | Admin_option |
+-----------+---------+-----------+--------------+
|
% | testuser
| test_role |
N
|
+-----------+---------+-----------+--------------+
3 rows in set (0.00
sec)
MariaDB [mysql]> flush
privileges;
Query OK, 0 rows affected
(0.00 sec)
MariaDB [mysql]> show
grants for testuser;
+------------------------------------------------------------------------+
| Grants for
testuser@%
|
+------------------------------------------------------------------------+
| GRANT test_role TO
'testuser'@'%'
|
| GRANT USAGE ON *.* TO
'testuser'@'%' IDENTIFIED VIA pam USING
'mariadb' |
+------------------------------------------------------------------------+
2 rows in set (0.00
sec)
Disclaimer
-----Segue allegato-----
_______________________________________________
Mailing list: https://launchpad.net/~maria-discuss
Post to : maria-discuss@xxxxxxxxxxxxxxxxxxx
Unsubscribe : https://launchpad.net/~maria-discuss
More help : https://help.launchpad.net/ListHelp
