Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-7887

A role stays default even if it's revoked from the user or even dropped

    Details

    • Type: Bug
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: 10.1
    • Fix Version/s: 10.1
    • Component/s: Admin statements
    • Labels:
      None

      Description

      Currently if a role is set as default for a user, and then revoked or dropped, the default setting is preserved; and if the role is later re-created and/or re-granted, it immediately becomes default again. I assume it's because the value is kept in mysql.user.

      It's a bit counter-intuitive, not how things are usually done in MySQL when stuff gets dropped. However, it's nor really critical, so if it works so "by design", I don't insist on changing it, please just document it explicitly in the KB.

        Gliffy Diagrams

          Attachments

            Activity

            Hide
            serg Sergei Golubchik added a comment -

            Yes, it was intentional, with the reasoning that only an explicit user action should change his own default role. So, when somebody else revokes something from someone it doesn't change user's personal account preferences. Of course, the role won't longer be automatically enabled, but it will be still remembered as a default.

            But this behavior can be changed, so if you want to argue that a role revocation should automatically unset user's default role — please do.

            Show
            serg Sergei Golubchik added a comment - Yes, it was intentional, with the reasoning that only an explicit user action should change his own default role. So, when somebody else revokes something from someone it doesn't change user's personal account preferences. Of course, the role won't longer be automatically enabled, but it will be still remembered as a default. But this behavior can be changed, so if you want to argue that a role revocation should automatically unset user's default role — please do.
            Hide
            elenst Elena Stepanova added a comment -

            Well, my argument is just that it was counter-intuitive for me; however, my expectations are not always the same as common users', there can be reasonable explanation for either way, and I don't see any particular danger in the current behavior (apart from maybe a mild surprise for a user, when they used to have a role long time ago, then it was dropped and well-forgotten, then an admin re-created and re-granted it, and suddenly additional permissions appear by default. But it doesn't sound scary.) So I don't insist on changing it, only on updating documentation.

            Show
            elenst Elena Stepanova added a comment - Well, my argument is just that it was counter-intuitive for me; however, my expectations are not always the same as common users', there can be reasonable explanation for either way, and I don't see any particular danger in the current behavior (apart from maybe a mild surprise for a user, when they used to have a role long time ago, then it was dropped and well-forgotten, then an admin re-created and re-granted it, and suddenly additional permissions appear by default. But it doesn't sound scary.) So I don't insist on changing it, only on updating documentation.

              People

              • Assignee:
                cvicentiu Vicentiu Ciorbaru
                Reporter:
                elenst Elena Stepanova
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated: