[MDEV-7043] Multi-table DELETE rejected due to lack of SELECT privilege for no good reason - JIRA

Details

Type: Bug
Status: Open
Priority: Minor
Resolution: Unresolved
Affects Version/s: 5.5.40, 10.0.14
Fix Version/s: 10.1, 10.0
Component/s: OTHER
Labels:
- upstream

Description

Test case


--disable_abort_on_error
--enable_connect_log

CREATE DATABASE privtest_db;
USE privtest_db;

CREATE TABLE privtest_db.t1 (a INT, b INT);
CREATE TABLE privtest_db.t2 (a INT);
INSERT INTO privtest_db.t1 VALUES (1,1), (2,2), (3,3);

GRANT ALL ON privtest_db.t2 TO 'privtest'@'localhost';
GRANT DELETE ON privtest_db.t1 TO 'privtest'@'localhost';

connect(con1,localhost,privtest,,);
USE privtest_db;

DELETE t1 FROM t1, t2;

--connection default
GRANT SELECT(b) ON privtest_db.t1 TO 'privtest'@'localhost';
--connection con1

DELETE t1 FROM t1, t2;

We have full access to the table we join with (to make things more obvious), and DELETE privilege on the table we delete from. The tables are joined unconditionally.

The DELETE fails due to the lack of SELECT privilege on t1:

SELECT command denied to user 'privtest'@'localhost' for table 't1'

The theory that SELECT is needed for the join does not survive the next test: we add a SELECT privilege on one of two columns in t1 and run the same DELETE again. Now it succeeds.

Since the JOIN is unconditional, it should either require no SELECT privilege on the table we delete from, or full SELECT on all columns. One column-SELECT should not make any difference.

Gliffy Diagrams

Attachments

Issue Links

links to

Bug #74738 - Multi-table DELETE rejected due to lack of SELECT privilege for no good reason

Activity

There are no comments yet on this issue.

People

Assignee:

Unassigned

Reporter:

Elena Stepanova

Votes:

0 Vote for this issue

Watchers:

2 Start watching this issue

Dates

Created:

2014-11-07 17:14

Updated:

2014-11-08 12:01

Agile

View on Board