Details
-
Type:
Bug
-
Status: Closed
-
Priority:
Minor
-
Resolution: Not a Bug
-
Affects Version/s: 10.0.11-galera
-
Fix Version/s: None
-
Component/s: None
-
Labels:None
Description
When granting privileges on a set of databases using wildcards including '\_' with 'grant option' to a user this user may create new databases according to the pattern but cannot grant privileges to other users.
Excerpt from http://dev.mysql.com/doc/refman/5.5/en/grant.html:
The “” and “%” wildcards are permitted when specifying database names in GRANT statements that grant privileges at the global or database levels. This means, for example, that if you want to use a “” character as part of a database name, you should specify it as “_” in the GRANT statement, to prevent the user from being able to access additional databases matching the wildcard pattern; for example, GRANT ... ON `foo_bar`.* TO
So when executing as root/admin user
grant all on `%\_bar` to user with grant option
I would expect the user to be able to create a database foo_bar (which works just fine) and then be able to grant privileges to other users. Instead an access denied error is reported ERROR 1044 (42000): Access denied for user 'user'@'%' to database 'foo_bar'
When I change the db pattern to '%_bar', granting privileges works as expected.
Logged in as admin user:
grant all on `%_bar` to user with grant option
Logged in as 'user'
MariaDB [none]> create database foo_bar; Query OK, 1 row affected (0.00 sec) MariaDB [none]> grant all on foo_bar.* to otheruser; Query OK, 0 rows affected (0.00 sec)
After this 'otheruser' can work with database foo_bar. However, this workaround will allow 'user' to create databases such as 'abar' which is not intended.
Gliffy Diagrams
Attachments
Activity
- All
- Comments
- Work Log
- History
- Activity
- Transitions
Hi,
This is an ancient not-a-bug http://bugs.mysql.com/bug.php?id=12008.
The last comment in that bug report contains an explanation.
What you need to run as a `user` is