SHOW GRANTS not displaying all the applicable grants
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
MySQL Server |
Unknown
|
Unknown
|
|||
Percona Server moved to https://jira.percona.com/projects/PS |
Fix Released
|
Medium
|
Vlad Lesin | ||
5.5 |
Fix Released
|
Medium
|
Vlad Lesin | ||
5.6 |
Fix Released
|
Medium
|
Vlad Lesin |
Bug Description
Tested on PXC 5.6.19
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 3
Server version: 5.6.19-67.0-56 Percona XtraDB Cluster (GPL), Release rel67.0, Revision 824, WSREP version 25.6, wsrep_25.6.r4111
Copyright (c) 2009-2014 Percona LLC and/or its affiliates
Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> create user grantee@localhost identified by 'grantee1';
Query OK, 0 rows affected (0.50 sec)
mysql> create user grantee identified by 'grantee2';
Query OK, 0 rows affected (0.09 sec)
mysql> create database db2;
Query OK, 1 row affected (0.20 sec)
mysql> grant all privileges on db2.* to grantee with grant option;
Query OK, 0 rows affected (0.12 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.07 sec)
mysql> quit
Bye
[root@localhost log]# mysql -ugrantee -pgrantee1 -h localhost
Warning: Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 9
Server version: 5.6.19-67.0-56 Percona XtraDB Cluster (GPL), Release rel67.0, Revision 824, WSREP version 25.6, wsrep_25.6.r4111
Copyright (c) 2009-2014 Percona LLC and/or its affiliates
Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> show grants;
+------
| Grants for grantee@localhost |
+------
| GRANT USAGE ON *.* TO 'grantee'
+------
1 row in set (0.04 sec)
mysql> create table db2.t1(a int);
Query OK, 0 rows affected (1.21 sec)
Related branches
- Laurynas Biveinis (community): Approve
-
Diff: 255 lines (+125/-3)5 files modifiedmysql-test/r/grant.result (+13/-0)
mysql-test/r/grant_cache_no_prot.result (+2/-0)
mysql-test/r/percona_bug1354988.result (+50/-0)
mysql-test/t/percona_bug1354988.test (+53/-0)
sql/sql_acl.cc (+7/-3)
- Laurynas Biveinis (community): Approve
-
Diff: 275 lines (+127/-3)6 files modifiedmysql-test/r/grant.result (+13/-0)
mysql-test/r/grant_cache.result (+2/-0)
mysql-test/r/percona_bug1354988.result (+50/-0)
mysql-test/suite/funcs_1/r/processlist_priv_no_prot.result (+4/-0)
mysql-test/t/percona_bug1354988.test (+53/-0)
sql/sql_acl.cc (+5/-3)
Changed in percona-server: | |
status: | New → Confirmed |
tags: | added: upstream |
The bugfix was contributed to upstream (http:// bugs.mysql. com/bug. php?id= 53645&contribs= 1) and the bug report was reclassified as feature request:
Thank you for the contribution. But as our documentation (http:// dev.mysql. com/doc/ refman/ 5.7/en/ show-grants. html) clearly states:
"SHOW GRANTS displays only the privileges granted explicitly to the named account. Other privileges might be available to the account, but they are not displayed. For example, if an anonymous account exists, the named account might be able to use its privileges, but SHOW GRANTS will not display them. "
However I do agree that the effective privileges is a really nice information to have. Thus I believe this is a very relevant feature request. Reclassifying it as such.