Merge remote-tracking branch 'origin/10.1' into 10.2

4 files changed, 1023 insertions, 0 deletions

diff --git a/mysql-test/suite/roles/flush_roles-12366.result b/mysql-test/suite/roles/flush_roles-12366.result
new file mode 100644
index 00000000000..f65c97e0ee3
--- /dev/null
+++ b/mysql-test/suite/roles/flush_roles-12366.result
@@ -0,0 +1,543 @@
+#
+# MDEV-12366: FLUSH PRIVILEGES can break hierarchy of roles
+#
+# This testcase contains a user, who is granted a master role
+# operations_cluster. operations_cluster is granted 8 different roles
+# who in turn each have 4 different roles granted to them.
+#
+# Only the leaf roles contain privileges to access databases.
+# Make sure the user has access to all databases if the master role
+# is granted to him.
+#
+CREATE USER u;
+CREATE ROLE operations_cluster;
+GRANT operations_cluster TO u;
+CREATE DATABASE bob_live_sg;
+CREATE TABLE bob_live_sg.a (i INT(10));
+CREATE TABLE bob_live_sg.b (i INT(10));
+CREATE TABLE bob_live_sg.c (i INT(10));
+CREATE TABLE bob_live_sg.d (i INT(10));
+CREATE DATABASE oms_live_sg;
+CREATE TABLE oms_live_sg.a (i INT(10));
+CREATE TABLE oms_live_sg.b (i INT(10));
+CREATE TABLE oms_live_sg.c (i INT(10));
+CREATE TABLE oms_live_sg.d (i INT(10));
+CREATE DATABASE bob_live_ph;
+CREATE TABLE bob_live_ph.a (i INT(10));
+CREATE TABLE bob_live_ph.b (i INT(10));
+CREATE TABLE bob_live_ph.c (i INT(10));
+CREATE TABLE bob_live_ph.d (i INT(10));
+CREATE DATABASE oms_live_ph;
+CREATE TABLE oms_live_ph.a (i INT(10));
+CREATE TABLE oms_live_ph.b (i INT(10));
+CREATE TABLE oms_live_ph.c (i INT(10));
+CREATE TABLE oms_live_ph.d (i INT(10));
+CREATE DATABASE bob_live_id;
+CREATE TABLE bob_live_id.a (i INT(10));
+CREATE TABLE bob_live_id.b (i INT(10));
+CREATE TABLE bob_live_id.c (i INT(10));
+CREATE TABLE bob_live_id.d (i INT(10));
+CREATE DATABASE oms_live_id;
+CREATE TABLE oms_live_id.a (i INT(10));
+CREATE TABLE oms_live_id.b (i INT(10));
+CREATE TABLE oms_live_id.c (i INT(10));
+CREATE TABLE oms_live_id.d (i INT(10));
+CREATE DATABASE bob_live_hk;
+CREATE TABLE bob_live_hk.a (i INT(10));
+CREATE TABLE bob_live_hk.b (i INT(10));
+CREATE TABLE bob_live_hk.c (i INT(10));
+CREATE TABLE bob_live_hk.d (i INT(10));
+CREATE DATABASE oms_live_hk;
+CREATE TABLE oms_live_hk.a (i INT(10));
+CREATE TABLE oms_live_hk.b (i INT(10));
+CREATE TABLE oms_live_hk.c (i INT(10));
+CREATE TABLE oms_live_hk.d (i INT(10));
+CREATE DATABASE bob_live_vn;
+CREATE TABLE bob_live_vn.a (i INT(10));
+CREATE TABLE bob_live_vn.b (i INT(10));
+CREATE TABLE bob_live_vn.c (i INT(10));
+CREATE TABLE bob_live_vn.d (i INT(10));
+CREATE DATABASE oms_live_vn;
+CREATE TABLE oms_live_vn.a (i INT(10));
+CREATE TABLE oms_live_vn.b (i INT(10));
+CREATE TABLE oms_live_vn.c (i INT(10));
+CREATE TABLE oms_live_vn.d (i INT(10));
+CREATE DATABASE bob_live_tw;
+CREATE TABLE bob_live_tw.a (i INT(10));
+CREATE TABLE bob_live_tw.b (i INT(10));
+CREATE TABLE bob_live_tw.c (i INT(10));
+CREATE TABLE bob_live_tw.d (i INT(10));
+CREATE DATABASE oms_live_tw;
+CREATE TABLE oms_live_tw.a (i INT(10));
+CREATE TABLE oms_live_tw.b (i INT(10));
+CREATE TABLE oms_live_tw.c (i INT(10));
+CREATE TABLE oms_live_tw.d (i INT(10));
+CREATE DATABASE bob_live_my;
+CREATE TABLE bob_live_my.a (i INT(10));
+CREATE TABLE bob_live_my.b (i INT(10));
+CREATE TABLE bob_live_my.c (i INT(10));
+CREATE TABLE bob_live_my.d (i INT(10));
+CREATE DATABASE oms_live_my;
+CREATE TABLE oms_live_my.a (i INT(10));
+CREATE TABLE oms_live_my.b (i INT(10));
+CREATE TABLE oms_live_my.c (i INT(10));
+CREATE TABLE oms_live_my.d (i INT(10));
+CREATE DATABASE bob_live_th;
+CREATE TABLE bob_live_th.a (i INT(10));
+CREATE TABLE bob_live_th.b (i INT(10));
+CREATE TABLE bob_live_th.c (i INT(10));
+CREATE TABLE bob_live_th.d (i INT(10));
+CREATE DATABASE oms_live_th;
+CREATE TABLE oms_live_th.a (i INT(10));
+CREATE TABLE oms_live_th.b (i INT(10));
+CREATE TABLE oms_live_th.c (i INT(10));
+CREATE TABLE oms_live_th.d (i INT(10));
+CREATE ROLE a_sg;
+CREATE ROLE b_sg;
+CREATE ROLE c_sg;
+CREATE ROLE d_sg;
+CREATE ROLE operations_sg;
+GRANT a_sg TO operations_sg;
+GRANT b_sg TO operations_sg;
+GRANT c_sg TO operations_sg;
+GRANT d_sg TO operations_sg;
+GRANT SELECT ON bob_live_sg.a TO a_sg;
+GRANT SELECT ON bob_live_sg.b TO b_sg;
+GRANT SELECT ON bob_live_sg.c TO c_sg;
+GRANT SELECT ON bob_live_sg.d TO d_sg;
+GRANT SELECT ON oms_live_sg.a TO a_sg;
+GRANT SELECT ON oms_live_sg.b TO b_sg;
+GRANT SELECT ON oms_live_sg.c TO c_sg;
+GRANT SELECT ON oms_live_sg.d TO d_sg;
+CREATE ROLE a_ph;
+CREATE ROLE b_ph;
+CREATE ROLE c_ph;
+CREATE ROLE d_ph;
+CREATE ROLE operations_ph;
+GRANT a_ph TO operations_ph;
+GRANT b_ph TO operations_ph;
+GRANT c_ph TO operations_ph;
+GRANT d_ph TO operations_ph;
+GRANT SELECT ON bob_live_ph.a TO a_ph;
+GRANT SELECT ON bob_live_ph.b TO b_ph;
+GRANT SELECT ON bob_live_ph.c TO c_ph;
+GRANT SELECT ON bob_live_ph.d TO d_ph;
+GRANT SELECT ON oms_live_ph.a TO a_ph;
+GRANT SELECT ON oms_live_ph.b TO b_ph;
+GRANT SELECT ON oms_live_ph.c TO c_ph;
+GRANT SELECT ON oms_live_ph.d TO d_ph;
+CREATE ROLE a_id;
+CREATE ROLE b_id;
+CREATE ROLE c_id;
+CREATE ROLE d_id;
+CREATE ROLE operations_id;
+GRANT a_id TO operations_id;
+GRANT b_id TO operations_id;
+GRANT c_id TO operations_id;
+GRANT d_id TO operations_id;
+GRANT SELECT ON bob_live_id.a TO a_id;
+GRANT SELECT ON bob_live_id.b TO b_id;
+GRANT SELECT ON bob_live_id.c TO c_id;
+GRANT SELECT ON bob_live_id.d TO d_id;
+GRANT SELECT ON oms_live_id.a TO a_id;
+GRANT SELECT ON oms_live_id.b TO b_id;
+GRANT SELECT ON oms_live_id.c TO c_id;
+GRANT SELECT ON oms_live_id.d TO d_id;
+CREATE ROLE a_hk;
+CREATE ROLE b_hk;
+CREATE ROLE c_hk;
+CREATE ROLE d_hk;
+CREATE ROLE operations_hk;
+GRANT a_hk TO operations_hk;
+GRANT b_hk TO operations_hk;
+GRANT c_hk TO operations_hk;
+GRANT d_hk TO operations_hk;
+GRANT SELECT ON bob_live_hk.a TO a_hk;
+GRANT SELECT ON bob_live_hk.b TO b_hk;
+GRANT SELECT ON bob_live_hk.c TO c_hk;
+GRANT SELECT ON bob_live_hk.d TO d_hk;
+GRANT SELECT ON oms_live_hk.a TO a_hk;
+GRANT SELECT ON oms_live_hk.b TO b_hk;
+GRANT SELECT ON oms_live_hk.c TO c_hk;
+GRANT SELECT ON oms_live_hk.d TO d_hk;
+CREATE ROLE a_vn;
+CREATE ROLE b_vn;
+CREATE ROLE c_vn;
+CREATE ROLE d_vn;
+CREATE ROLE operations_vn;
+GRANT a_vn TO operations_vn;
+GRANT b_vn TO operations_vn;
+GRANT c_vn TO operations_vn;
+GRANT d_vn TO operations_vn;
+GRANT SELECT ON bob_live_vn.a TO a_vn;
+GRANT SELECT ON bob_live_vn.b TO b_vn;
+GRANT SELECT ON bob_live_vn.c TO c_vn;
+GRANT SELECT ON bob_live_vn.d TO d_vn;
+GRANT SELECT ON oms_live_vn.a TO a_vn;
+GRANT SELECT ON oms_live_vn.b TO b_vn;
+GRANT SELECT ON oms_live_vn.c TO c_vn;
+GRANT SELECT ON oms_live_vn.d TO d_vn;
+CREATE ROLE a_tw;
+CREATE ROLE b_tw;
+CREATE ROLE c_tw;
+CREATE ROLE d_tw;
+CREATE ROLE operations_tw;
+GRANT a_tw TO operations_tw;
+GRANT b_tw TO operations_tw;
+GRANT c_tw TO operations_tw;
+GRANT d_tw TO operations_tw;
+GRANT SELECT ON bob_live_tw.a TO a_tw;
+GRANT SELECT ON bob_live_tw.b TO b_tw;
+GRANT SELECT ON bob_live_tw.c TO c_tw;
+GRANT SELECT ON bob_live_tw.d TO d_tw;
+GRANT SELECT ON oms_live_tw.a TO a_tw;
+GRANT SELECT ON oms_live_tw.b TO b_tw;
+GRANT SELECT ON oms_live_tw.c TO c_tw;
+GRANT SELECT ON oms_live_tw.d TO d_tw;
+CREATE ROLE a_my;
+CREATE ROLE b_my;
+CREATE ROLE c_my;
+CREATE ROLE d_my;
+CREATE ROLE operations_my;
+GRANT a_my TO operations_my;
+GRANT b_my TO operations_my;
+GRANT c_my TO operations_my;
+GRANT d_my TO operations_my;
+GRANT SELECT ON bob_live_my.a TO a_my;
+GRANT SELECT ON bob_live_my.b TO b_my;
+GRANT SELECT ON bob_live_my.c TO c_my;
+GRANT SELECT ON bob_live_my.d TO d_my;
+GRANT SELECT ON oms_live_my.a TO a_my;
+GRANT SELECT ON oms_live_my.b TO b_my;
+GRANT SELECT ON oms_live_my.c TO c_my;
+GRANT SELECT ON oms_live_my.d TO d_my;
+CREATE ROLE a_th;
+CREATE ROLE b_th;
+CREATE ROLE c_th;
+CREATE ROLE d_th;
+CREATE ROLE operations_th;
+GRANT a_th TO operations_th;
+GRANT b_th TO operations_th;
+GRANT c_th TO operations_th;
+GRANT d_th TO operations_th;
+GRANT SELECT ON bob_live_th.a TO a_th;
+GRANT SELECT ON bob_live_th.b TO b_th;
+GRANT SELECT ON bob_live_th.c TO c_th;
+GRANT SELECT ON bob_live_th.d TO d_th;
+GRANT SELECT ON oms_live_th.a TO a_th;
+GRANT SELECT ON oms_live_th.b TO b_th;
+GRANT SELECT ON oms_live_th.c TO c_th;
+GRANT SELECT ON oms_live_th.d TO d_th;
+GRANT operations_sg TO operations_cluster;
+GRANT operations_ph TO operations_cluster;
+GRANT operations_id TO operations_cluster;
+GRANT operations_hk TO operations_cluster;
+GRANT operations_vn TO operations_cluster;
+GRANT operations_tw TO operations_cluster;
+GRANT operations_my TO operations_cluster;
+GRANT operations_th TO operations_cluster;
+connect con1,localhost,u,,;
+SHOW DATABASES;
+Database
+information_schema
+test
+SET ROLE operations_cluster;
+SHOW DATABASES;
+Database
+bob_live_hk
+bob_live_id
+bob_live_my
+bob_live_ph
+bob_live_sg
+bob_live_th
+bob_live_tw
+bob_live_vn
+information_schema
+oms_live_hk
+oms_live_id
+oms_live_my
+oms_live_ph
+oms_live_sg
+oms_live_th
+oms_live_tw
+oms_live_vn
+test
+SELECT COUNT(1) FROM oms_live_sg.a;
+COUNT(1)
+0
+SELECT COUNT(1) FROM oms_live_sg.b;
+COUNT(1)
+0
+SELECT COUNT(1) FROM oms_live_sg.c;
+COUNT(1)
+0
+SELECT COUNT(1) FROM oms_live_sg.d;
+COUNT(1)
+0
+SELECT COUNT(1) FROM oms_live_ph.a;
+COUNT(1)
+0
+SELECT COUNT(1) FROM oms_live_ph.b;
+COUNT(1)
+0
+SELECT COUNT(1) FROM oms_live_ph.c;
+COUNT(1)
+0
+SELECT COUNT(1) FROM oms_live_ph.d;
+COUNT(1)
+0
+SELECT COUNT(1) FROM oms_live_id.a;
+COUNT(1)
+0
+SELECT COUNT(1) FROM oms_live_id.b;
+COUNT(1)
+0
+SELECT COUNT(1) FROM oms_live_id.c;
+COUNT(1)
+0
+SELECT COUNT(1) FROM oms_live_id.d;
+COUNT(1)
+0
+SELECT COUNT(1) FROM oms_live_hk.a;
+COUNT(1)
+0
+SELECT COUNT(1) FROM oms_live_hk.b;
+COUNT(1)
+0
+SELECT COUNT(1) FROM oms_live_hk.c;
+COUNT(1)
+0
+SELECT COUNT(1) FROM oms_live_hk.d;
+COUNT(1)
+0
+SELECT COUNT(1) FROM oms_live_vn.a;
+COUNT(1)
+0
+SELECT COUNT(1) FROM oms_live_vn.b;
+COUNT(1)
+0
+SELECT COUNT(1) FROM oms_live_vn.c;
+COUNT(1)
+0
+SELECT COUNT(1) FROM oms_live_vn.d;
+COUNT(1)
+0
+SELECT COUNT(1) FROM oms_live_tw.a;
+COUNT(1)
+0
+SELECT COUNT(1) FROM oms_live_tw.b;
+COUNT(1)
+0
+SELECT COUNT(1) FROM oms_live_tw.c;
+COUNT(1)
+0
+SELECT COUNT(1) FROM oms_live_tw.d;
+COUNT(1)
+0
+SELECT COUNT(1) FROM oms_live_my.a;
+COUNT(1)
+0
+SELECT COUNT(1) FROM oms_live_my.b;
+COUNT(1)
+0
+SELECT COUNT(1) FROM oms_live_my.c;
+COUNT(1)
+0
+SELECT COUNT(1) FROM oms_live_my.d;
+COUNT(1)
+0
+SELECT COUNT(1) FROM oms_live_th.a;
+COUNT(1)
+0
+SELECT COUNT(1) FROM oms_live_th.b;
+COUNT(1)
+0
+SELECT COUNT(1) FROM oms_live_th.c;
+COUNT(1)
+0
+SELECT COUNT(1) FROM oms_live_th.d;
+COUNT(1)
+0
+connect con2,localhost,root,,;
+FLUSH PRIVILEGES;
+connect con3,localhost,u,,;
+SHOW DATABASES;
+Database
+information_schema
+test
+SET ROLE operations_cluster;
+SHOW DATABASES;
+Database
+bob_live_hk
+bob_live_id
+bob_live_my
+bob_live_ph
+bob_live_sg
+bob_live_th
+bob_live_tw
+bob_live_vn
+information_schema
+oms_live_hk
+oms_live_id
+oms_live_my
+oms_live_ph
+oms_live_sg
+oms_live_th
+oms_live_tw
+oms_live_vn
+test
+SELECT COUNT(1) FROM oms_live_sg.a;
+COUNT(1)
+0
+SELECT COUNT(1) FROM oms_live_sg.b;
+COUNT(1)
+0
+SELECT COUNT(1) FROM oms_live_sg.c;
+COUNT(1)
+0
+SELECT COUNT(1) FROM oms_live_sg.d;
+COUNT(1)
+0
+SELECT COUNT(1) FROM oms_live_ph.a;
+COUNT(1)
+0
+SELECT COUNT(1) FROM oms_live_ph.b;
+COUNT(1)
+0
+SELECT COUNT(1) FROM oms_live_ph.c;
+COUNT(1)
+0
+SELECT COUNT(1) FROM oms_live_ph.d;
+COUNT(1)
+0
+SELECT COUNT(1) FROM oms_live_id.a;
+COUNT(1)
+0
+SELECT COUNT(1) FROM oms_live_id.b;
+COUNT(1)
+0
+SELECT COUNT(1) FROM oms_live_id.c;
+COUNT(1)
+0
+SELECT COUNT(1) FROM oms_live_id.d;
+COUNT(1)
+0
+SELECT COUNT(1) FROM oms_live_hk.a;
+COUNT(1)
+0
+SELECT COUNT(1) FROM oms_live_hk.b;
+COUNT(1)
+0
+SELECT COUNT(1) FROM oms_live_hk.c;
+COUNT(1)
+0
+SELECT COUNT(1) FROM oms_live_hk.d;
+COUNT(1)
+0
+SELECT COUNT(1) FROM oms_live_vn.a;
+COUNT(1)
+0
+SELECT COUNT(1) FROM oms_live_vn.b;
+COUNT(1)
+0
+SELECT COUNT(1) FROM oms_live_vn.c;
+COUNT(1)
+0
+SELECT COUNT(1) FROM oms_live_vn.d;
+COUNT(1)
+0
+SELECT COUNT(1) FROM oms_live_tw.a;
+COUNT(1)
+0
+SELECT COUNT(1) FROM oms_live_tw.b;
+COUNT(1)
+0
+SELECT COUNT(1) FROM oms_live_tw.c;
+COUNT(1)
+0
+SELECT COUNT(1) FROM oms_live_tw.d;
+COUNT(1)
+0
+SELECT COUNT(1) FROM oms_live_my.a;
+COUNT(1)
+0
+SELECT COUNT(1) FROM oms_live_my.b;
+COUNT(1)
+0
+SELECT COUNT(1) FROM oms_live_my.c;
+COUNT(1)
+0
+SELECT COUNT(1) FROM oms_live_my.d;
+COUNT(1)
+0
+SELECT COUNT(1) FROM oms_live_th.a;
+COUNT(1)
+0
+SELECT COUNT(1) FROM oms_live_th.b;
+COUNT(1)
+0
+SELECT COUNT(1) FROM oms_live_th.c;
+COUNT(1)
+0
+SELECT COUNT(1) FROM oms_live_th.d;
+COUNT(1)
+0
+connect con4,localhost,root,,;
+DROP DATABASE bob_live_sg;
+DROP DATABASE oms_live_sg;
+DROP DATABASE bob_live_ph;
+DROP DATABASE oms_live_ph;
+DROP DATABASE bob_live_id;
+DROP DATABASE oms_live_id;
+DROP DATABASE bob_live_hk;
+DROP DATABASE oms_live_hk;
+DROP DATABASE bob_live_vn;
+DROP DATABASE oms_live_vn;
+DROP DATABASE bob_live_tw;
+DROP DATABASE oms_live_tw;
+DROP DATABASE bob_live_my;
+DROP DATABASE oms_live_my;
+DROP DATABASE bob_live_th;
+DROP DATABASE oms_live_th;
+DROP ROLE operations_sg;
+DROP ROLE a_sg;
+DROP ROLE b_sg;
+DROP ROLE c_sg;
+DROP ROLE d_sg;
+DROP ROLE operations_ph;
+DROP ROLE a_ph;
+DROP ROLE b_ph;
+DROP ROLE c_ph;
+DROP ROLE d_ph;
+DROP ROLE operations_id;
+DROP ROLE a_id;
+DROP ROLE b_id;
+DROP ROLE c_id;
+DROP ROLE d_id;
+DROP ROLE operations_hk;
+DROP ROLE a_hk;
+DROP ROLE b_hk;
+DROP ROLE c_hk;
+DROP ROLE d_hk;
+DROP ROLE operations_vn;
+DROP ROLE a_vn;
+DROP ROLE b_vn;
+DROP ROLE c_vn;
+DROP ROLE d_vn;
+DROP ROLE operations_tw;
+DROP ROLE a_tw;
+DROP ROLE b_tw;
+DROP ROLE c_tw;
+DROP ROLE d_tw;
+DROP ROLE operations_my;
+DROP ROLE a_my;
+DROP ROLE b_my;
+DROP ROLE c_my;
+DROP ROLE d_my;
+DROP ROLE operations_th;
+DROP ROLE a_th;
+DROP ROLE b_th;
+DROP ROLE c_th;
+DROP ROLE d_th;
+DROP USER u;
+DROP ROLE operations_cluster;
diff --git a/mysql-test/suite/roles/flush_roles-12366.test b/mysql-test/suite/roles/flush_roles-12366.test
new file mode 100644
index 00000000000..343ac4abf72
--- /dev/null
+++ b/mysql-test/suite/roles/flush_roles-12366.test
@@ -0,0 +1,379 @@
+--source include/not_embedded.inc
+--echo #
+--echo # MDEV-12366: FLUSH PRIVILEGES can break hierarchy of roles
+--echo #
+--echo # This testcase contains a user, who is granted a master role
+--echo # operations_cluster. operations_cluster is granted 8 different roles
+--echo # who in turn each have 4 different roles granted to them.
+--echo #
+--echo # Only the leaf roles contain privileges to access databases.
+--echo # Make sure the user has access to all databases if the master role
+--echo # is granted to him.
+--echo #
+CREATE USER u;
+CREATE ROLE operations_cluster;
+GRANT operations_cluster TO u;
+CREATE DATABASE bob_live_sg;
+CREATE TABLE bob_live_sg.a (i INT(10));
+CREATE TABLE bob_live_sg.b (i INT(10));
+CREATE TABLE bob_live_sg.c (i INT(10));
+CREATE TABLE bob_live_sg.d (i INT(10));
+CREATE DATABASE oms_live_sg;
+CREATE TABLE oms_live_sg.a (i INT(10));
+CREATE TABLE oms_live_sg.b (i INT(10));
+CREATE TABLE oms_live_sg.c (i INT(10));
+CREATE TABLE oms_live_sg.d (i INT(10));
+CREATE DATABASE bob_live_ph;
+CREATE TABLE bob_live_ph.a (i INT(10));
+CREATE TABLE bob_live_ph.b (i INT(10));
+CREATE TABLE bob_live_ph.c (i INT(10));
+CREATE TABLE bob_live_ph.d (i INT(10));
+CREATE DATABASE oms_live_ph;
+CREATE TABLE oms_live_ph.a (i INT(10));
+CREATE TABLE oms_live_ph.b (i INT(10));
+CREATE TABLE oms_live_ph.c (i INT(10));
+CREATE TABLE oms_live_ph.d (i INT(10));
+CREATE DATABASE bob_live_id;
+CREATE TABLE bob_live_id.a (i INT(10));
+CREATE TABLE bob_live_id.b (i INT(10));
+CREATE TABLE bob_live_id.c (i INT(10));
+CREATE TABLE bob_live_id.d (i INT(10));
+CREATE DATABASE oms_live_id;
+CREATE TABLE oms_live_id.a (i INT(10));
+CREATE TABLE oms_live_id.b (i INT(10));
+CREATE TABLE oms_live_id.c (i INT(10));
+CREATE TABLE oms_live_id.d (i INT(10));
+CREATE DATABASE bob_live_hk;
+CREATE TABLE bob_live_hk.a (i INT(10));
+CREATE TABLE bob_live_hk.b (i INT(10));
+CREATE TABLE bob_live_hk.c (i INT(10));
+CREATE TABLE bob_live_hk.d (i INT(10));
+CREATE DATABASE oms_live_hk;
+CREATE TABLE oms_live_hk.a (i INT(10));
+CREATE TABLE oms_live_hk.b (i INT(10));
+CREATE TABLE oms_live_hk.c (i INT(10));
+CREATE TABLE oms_live_hk.d (i INT(10));
+CREATE DATABASE bob_live_vn;
+CREATE TABLE bob_live_vn.a (i INT(10));
+CREATE TABLE bob_live_vn.b (i INT(10));
+CREATE TABLE bob_live_vn.c (i INT(10));
+CREATE TABLE bob_live_vn.d (i INT(10));
+CREATE DATABASE oms_live_vn;
+CREATE TABLE oms_live_vn.a (i INT(10));
+CREATE TABLE oms_live_vn.b (i INT(10));
+CREATE TABLE oms_live_vn.c (i INT(10));
+CREATE TABLE oms_live_vn.d (i INT(10));
+CREATE DATABASE bob_live_tw;
+CREATE TABLE bob_live_tw.a (i INT(10));
+CREATE TABLE bob_live_tw.b (i INT(10));
+CREATE TABLE bob_live_tw.c (i INT(10));
+CREATE TABLE bob_live_tw.d (i INT(10));
+CREATE DATABASE oms_live_tw;
+CREATE TABLE oms_live_tw.a (i INT(10));
+CREATE TABLE oms_live_tw.b (i INT(10));
+CREATE TABLE oms_live_tw.c (i INT(10));
+CREATE TABLE oms_live_tw.d (i INT(10));
+CREATE DATABASE bob_live_my;
+CREATE TABLE bob_live_my.a (i INT(10));
+CREATE TABLE bob_live_my.b (i INT(10));
+CREATE TABLE bob_live_my.c (i INT(10));
+CREATE TABLE bob_live_my.d (i INT(10));
+CREATE DATABASE oms_live_my;
+CREATE TABLE oms_live_my.a (i INT(10));
+CREATE TABLE oms_live_my.b (i INT(10));
+CREATE TABLE oms_live_my.c (i INT(10));
+CREATE TABLE oms_live_my.d (i INT(10));
+CREATE DATABASE bob_live_th;
+CREATE TABLE bob_live_th.a (i INT(10));
+CREATE TABLE bob_live_th.b (i INT(10));
+CREATE TABLE bob_live_th.c (i INT(10));
+CREATE TABLE bob_live_th.d (i INT(10));
+CREATE DATABASE oms_live_th;
+CREATE TABLE oms_live_th.a (i INT(10));
+CREATE TABLE oms_live_th.b (i INT(10));
+CREATE TABLE oms_live_th.c (i INT(10));
+CREATE TABLE oms_live_th.d (i INT(10));
+CREATE ROLE a_sg;
+CREATE ROLE b_sg;
+CREATE ROLE c_sg;
+CREATE ROLE d_sg;
+CREATE ROLE operations_sg;
+GRANT a_sg TO operations_sg;
+GRANT b_sg TO operations_sg;
+GRANT c_sg TO operations_sg;
+GRANT d_sg TO operations_sg;
+GRANT SELECT ON bob_live_sg.a TO a_sg;
+GRANT SELECT ON bob_live_sg.b TO b_sg;
+GRANT SELECT ON bob_live_sg.c TO c_sg;
+GRANT SELECT ON bob_live_sg.d TO d_sg;
+GRANT SELECT ON oms_live_sg.a TO a_sg;
+GRANT SELECT ON oms_live_sg.b TO b_sg;
+GRANT SELECT ON oms_live_sg.c TO c_sg;
+GRANT SELECT ON oms_live_sg.d TO d_sg;
+CREATE ROLE a_ph;
+CREATE ROLE b_ph;
+CREATE ROLE c_ph;
+CREATE ROLE d_ph;
+CREATE ROLE operations_ph;
+GRANT a_ph TO operations_ph;
+GRANT b_ph TO operations_ph;
+GRANT c_ph TO operations_ph;
+GRANT d_ph TO operations_ph;
+GRANT SELECT ON bob_live_ph.a TO a_ph;
+GRANT SELECT ON bob_live_ph.b TO b_ph;
+GRANT SELECT ON bob_live_ph.c TO c_ph;
+GRANT SELECT ON bob_live_ph.d TO d_ph;
+GRANT SELECT ON oms_live_ph.a TO a_ph;
+GRANT SELECT ON oms_live_ph.b TO b_ph;
+GRANT SELECT ON oms_live_ph.c TO c_ph;
+GRANT SELECT ON oms_live_ph.d TO d_ph;
+CREATE ROLE a_id;
+CREATE ROLE b_id;
+CREATE ROLE c_id;
+CREATE ROLE d_id;
+CREATE ROLE operations_id;
+GRANT a_id TO operations_id;
+GRANT b_id TO operations_id;
+GRANT c_id TO operations_id;
+GRANT d_id TO operations_id;
+GRANT SELECT ON bob_live_id.a TO a_id;
+GRANT SELECT ON bob_live_id.b TO b_id;
+GRANT SELECT ON bob_live_id.c TO c_id;
+GRANT SELECT ON bob_live_id.d TO d_id;
+GRANT SELECT ON oms_live_id.a TO a_id;
+GRANT SELECT ON oms_live_id.b TO b_id;
+GRANT SELECT ON oms_live_id.c TO c_id;
+GRANT SELECT ON oms_live_id.d TO d_id;
+CREATE ROLE a_hk;
+CREATE ROLE b_hk;
+CREATE ROLE c_hk;
+CREATE ROLE d_hk;
+CREATE ROLE operations_hk;
+GRANT a_hk TO operations_hk;
+GRANT b_hk TO operations_hk;
+GRANT c_hk TO operations_hk;
+GRANT d_hk TO operations_hk;
+GRANT SELECT ON bob_live_hk.a TO a_hk;
+GRANT SELECT ON bob_live_hk.b TO b_hk;
+GRANT SELECT ON bob_live_hk.c TO c_hk;
+GRANT SELECT ON bob_live_hk.d TO d_hk;
+GRANT SELECT ON oms_live_hk.a TO a_hk;
+GRANT SELECT ON oms_live_hk.b TO b_hk;
+GRANT SELECT ON oms_live_hk.c TO c_hk;
+GRANT SELECT ON oms_live_hk.d TO d_hk;
+CREATE ROLE a_vn;
+CREATE ROLE b_vn;
+CREATE ROLE c_vn;
+CREATE ROLE d_vn;
+CREATE ROLE operations_vn;
+GRANT a_vn TO operations_vn;
+GRANT b_vn TO operations_vn;
+GRANT c_vn TO operations_vn;
+GRANT d_vn TO operations_vn;
+GRANT SELECT ON bob_live_vn.a TO a_vn;
+GRANT SELECT ON bob_live_vn.b TO b_vn;
+GRANT SELECT ON bob_live_vn.c TO c_vn;
+GRANT SELECT ON bob_live_vn.d TO d_vn;
+GRANT SELECT ON oms_live_vn.a TO a_vn;
+GRANT SELECT ON oms_live_vn.b TO b_vn;
+GRANT SELECT ON oms_live_vn.c TO c_vn;
+GRANT SELECT ON oms_live_vn.d TO d_vn;
+CREATE ROLE a_tw;
+CREATE ROLE b_tw;
+CREATE ROLE c_tw;
+CREATE ROLE d_tw;
+CREATE ROLE operations_tw;
+GRANT a_tw TO operations_tw;
+GRANT b_tw TO operations_tw;
+GRANT c_tw TO operations_tw;
+GRANT d_tw TO operations_tw;
+GRANT SELECT ON bob_live_tw.a TO a_tw;
+GRANT SELECT ON bob_live_tw.b TO b_tw;
+GRANT SELECT ON bob_live_tw.c TO c_tw;
+GRANT SELECT ON bob_live_tw.d TO d_tw;
+GRANT SELECT ON oms_live_tw.a TO a_tw;
+GRANT SELECT ON oms_live_tw.b TO b_tw;
+GRANT SELECT ON oms_live_tw.c TO c_tw;
+GRANT SELECT ON oms_live_tw.d TO d_tw;
+CREATE ROLE a_my;
+CREATE ROLE b_my;
+CREATE ROLE c_my;
+CREATE ROLE d_my;
+CREATE ROLE operations_my;
+GRANT a_my TO operations_my;
+GRANT b_my TO operations_my;
+GRANT c_my TO operations_my;
+GRANT d_my TO operations_my;
+GRANT SELECT ON bob_live_my.a TO a_my;
+GRANT SELECT ON bob_live_my.b TO b_my;
+GRANT SELECT ON bob_live_my.c TO c_my;
+GRANT SELECT ON bob_live_my.d TO d_my;
+GRANT SELECT ON oms_live_my.a TO a_my;
+GRANT SELECT ON oms_live_my.b TO b_my;
+GRANT SELECT ON oms_live_my.c TO c_my;
+GRANT SELECT ON oms_live_my.d TO d_my;
+CREATE ROLE a_th;
+CREATE ROLE b_th;
+CREATE ROLE c_th;
+CREATE ROLE d_th;
+CREATE ROLE operations_th;
+GRANT a_th TO operations_th;
+GRANT b_th TO operations_th;
+GRANT c_th TO operations_th;
+GRANT d_th TO operations_th;
+GRANT SELECT ON bob_live_th.a TO a_th;
+GRANT SELECT ON bob_live_th.b TO b_th;
+GRANT SELECT ON bob_live_th.c TO c_th;
+GRANT SELECT ON bob_live_th.d TO d_th;
+GRANT SELECT ON oms_live_th.a TO a_th;
+GRANT SELECT ON oms_live_th.b TO b_th;
+GRANT SELECT ON oms_live_th.c TO c_th;
+GRANT SELECT ON oms_live_th.d TO d_th;
+GRANT operations_sg TO operations_cluster;
+GRANT operations_ph TO operations_cluster;
+GRANT operations_id TO operations_cluster;
+GRANT operations_hk TO operations_cluster;
+GRANT operations_vn TO operations_cluster;
+GRANT operations_tw TO operations_cluster;
+GRANT operations_my TO operations_cluster;
+GRANT operations_th TO operations_cluster;
+
+connect(con1,localhost,u,,);
+SHOW DATABASES;
+SET ROLE operations_cluster;
+SHOW DATABASES;
+SELECT COUNT(1) FROM oms_live_sg.a;
+SELECT COUNT(1) FROM oms_live_sg.b;
+SELECT COUNT(1) FROM oms_live_sg.c;
+SELECT COUNT(1) FROM oms_live_sg.d;
+SELECT COUNT(1) FROM oms_live_ph.a;
+SELECT COUNT(1) FROM oms_live_ph.b;
+SELECT COUNT(1) FROM oms_live_ph.c;
+SELECT COUNT(1) FROM oms_live_ph.d;
+SELECT COUNT(1) FROM oms_live_id.a;
+SELECT COUNT(1) FROM oms_live_id.b;
+SELECT COUNT(1) FROM oms_live_id.c;
+SELECT COUNT(1) FROM oms_live_id.d;
+SELECT COUNT(1) FROM oms_live_hk.a;
+SELECT COUNT(1) FROM oms_live_hk.b;
+SELECT COUNT(1) FROM oms_live_hk.c;
+SELECT COUNT(1) FROM oms_live_hk.d;
+SELECT COUNT(1) FROM oms_live_vn.a;
+SELECT COUNT(1) FROM oms_live_vn.b;
+SELECT COUNT(1) FROM oms_live_vn.c;
+SELECT COUNT(1) FROM oms_live_vn.d;
+SELECT COUNT(1) FROM oms_live_tw.a;
+SELECT COUNT(1) FROM oms_live_tw.b;
+SELECT COUNT(1) FROM oms_live_tw.c;
+SELECT COUNT(1) FROM oms_live_tw.d;
+SELECT COUNT(1) FROM oms_live_my.a;
+SELECT COUNT(1) FROM oms_live_my.b;
+SELECT COUNT(1) FROM oms_live_my.c;
+SELECT COUNT(1) FROM oms_live_my.d;
+SELECT COUNT(1) FROM oms_live_th.a;
+SELECT COUNT(1) FROM oms_live_th.b;
+SELECT COUNT(1) FROM oms_live_th.c;
+SELECT COUNT(1) FROM oms_live_th.d;
+
+
+connect(con2,localhost,root,,);
+FLUSH PRIVILEGES;
+
+connect(con3,localhost,u,,);
+SHOW DATABASES;
+SET ROLE operations_cluster;
+SHOW DATABASES;
+SELECT COUNT(1) FROM oms_live_sg.a;
+SELECT COUNT(1) FROM oms_live_sg.b;
+SELECT COUNT(1) FROM oms_live_sg.c;
+SELECT COUNT(1) FROM oms_live_sg.d;
+SELECT COUNT(1) FROM oms_live_ph.a;
+SELECT COUNT(1) FROM oms_live_ph.b;
+SELECT COUNT(1) FROM oms_live_ph.c;
+SELECT COUNT(1) FROM oms_live_ph.d;
+SELECT COUNT(1) FROM oms_live_id.a;
+SELECT COUNT(1) FROM oms_live_id.b;
+SELECT COUNT(1) FROM oms_live_id.c;
+SELECT COUNT(1) FROM oms_live_id.d;
+SELECT COUNT(1) FROM oms_live_hk.a;
+SELECT COUNT(1) FROM oms_live_hk.b;
+SELECT COUNT(1) FROM oms_live_hk.c;
+SELECT COUNT(1) FROM oms_live_hk.d;
+SELECT COUNT(1) FROM oms_live_vn.a;
+SELECT COUNT(1) FROM oms_live_vn.b;
+SELECT COUNT(1) FROM oms_live_vn.c;
+SELECT COUNT(1) FROM oms_live_vn.d;
+SELECT COUNT(1) FROM oms_live_tw.a;
+SELECT COUNT(1) FROM oms_live_tw.b;
+SELECT COUNT(1) FROM oms_live_tw.c;
+SELECT COUNT(1) FROM oms_live_tw.d;
+SELECT COUNT(1) FROM oms_live_my.a;
+SELECT COUNT(1) FROM oms_live_my.b;
+SELECT COUNT(1) FROM oms_live_my.c;
+SELECT COUNT(1) FROM oms_live_my.d;
+SELECT COUNT(1) FROM oms_live_th.a;
+SELECT COUNT(1) FROM oms_live_th.b;
+SELECT COUNT(1) FROM oms_live_th.c;
+SELECT COUNT(1) FROM oms_live_th.d;
+
+
+connect(con4,localhost,root,,);
+
+DROP DATABASE bob_live_sg;
+DROP DATABASE oms_live_sg;
+DROP DATABASE bob_live_ph;
+DROP DATABASE oms_live_ph;
+DROP DATABASE bob_live_id;
+DROP DATABASE oms_live_id;
+DROP DATABASE bob_live_hk;
+DROP DATABASE oms_live_hk;
+DROP DATABASE bob_live_vn;
+DROP DATABASE oms_live_vn;
+DROP DATABASE bob_live_tw;
+DROP DATABASE oms_live_tw;
+DROP DATABASE bob_live_my;
+DROP DATABASE oms_live_my;
+DROP DATABASE bob_live_th;
+DROP DATABASE oms_live_th;
+DROP ROLE operations_sg;
+DROP ROLE a_sg;
+DROP ROLE b_sg;
+DROP ROLE c_sg;
+DROP ROLE d_sg;
+DROP ROLE operations_ph;
+DROP ROLE a_ph;
+DROP ROLE b_ph;
+DROP ROLE c_ph;
+DROP ROLE d_ph;
+DROP ROLE operations_id;
+DROP ROLE a_id;
+DROP ROLE b_id;
+DROP ROLE c_id;
+DROP ROLE d_id;
+DROP ROLE operations_hk;
+DROP ROLE a_hk;
+DROP ROLE b_hk;
+DROP ROLE c_hk;
+DROP ROLE d_hk;
+DROP ROLE operations_vn;
+DROP ROLE a_vn;
+DROP ROLE b_vn;
+DROP ROLE c_vn;
+DROP ROLE d_vn;
+DROP ROLE operations_tw;
+DROP ROLE a_tw;
+DROP ROLE b_tw;
+DROP ROLE c_tw;
+DROP ROLE d_tw;
+DROP ROLE operations_my;
+DROP ROLE a_my;
+DROP ROLE b_my;
+DROP ROLE c_my;
+DROP ROLE d_my;
+DROP ROLE operations_th;
+DROP ROLE a_th;
+DROP ROLE b_th;
+DROP ROLE c_th;
+DROP ROLE d_th;
+DROP USER u;
+DROP ROLE operations_cluster;
diff --git a/mysql-test/suite/roles/set_role-13655.result b/mysql-test/suite/roles/set_role-13655.result
new file mode 100644
index 00000000000..c30e4115953
--- /dev/null
+++ b/mysql-test/suite/roles/set_role-13655.result
@@ -0,0 +1,52 @@
+#
+# MDEV-13655: SET ROLE does not properly grant privileges.
+#
+# We must test that if aditional db privileges get granted to a role
+# which previously inherited privileges from another granted role
+# keep the internal memory structures intact.
+#
+create role simple;
+#
+# First we create an entry with privileges for databases for the simple role.
+#
+grant select, insert, update, delete, lock tables, execute on t.* to simple;
+create role admin;
+#
+# Now we grant the simple role to admin. This means that db privileges
+# should propagate to admin.
+#
+grant simple to admin;
+show grants for admin;
+Grants for admin
+GRANT simple TO 'admin'
+GRANT USAGE ON *.* TO 'admin'
+GRANT USAGE ON *.* TO 'simple'
+GRANT SELECT, INSERT, UPDATE, DELETE, LOCK TABLES, EXECUTE ON `t`.* TO 'simple'
+#
+# Finally, we give the admin all the available privileges for the db.
+#
+grant all on t.* to admin;
+#
+# Create a user to test out the new roles;
+#
+create user foo;
+grant admin to foo;
+connect  foo,localhost,foo,,,,,;
+create database t;
+ERROR 42000: Access denied for user 'foo'@'%' to database 't'
+set role admin;
+show grants;
+Grants for foo@%
+GRANT admin TO 'foo'@'%'
+GRANT USAGE ON *.* TO 'foo'@'%'
+GRANT simple TO 'admin'
+GRANT USAGE ON *.* TO 'admin'
+GRANT ALL PRIVILEGES ON `t`.* TO 'admin'
+GRANT USAGE ON *.* TO 'simple'
+GRANT SELECT, INSERT, UPDATE, DELETE, LOCK TABLES, EXECUTE ON `t`.* TO 'simple'
+create database t;
+drop database t;
+connection default;
+drop role simple;
+drop role admin;
+drop user foo;
diff --git a/mysql-test/suite/roles/set_role-13655.test b/mysql-test/suite/roles/set_role-13655.test
new file mode 100644
index 00000000000..97a82109276
--- /dev/null
+++ b/mysql-test/suite/roles/set_role-13655.test
@@ -0,0 +1,49 @@
+source include/not_embedded.inc;
+
+--echo #
+--echo # MDEV-13655: SET ROLE does not properly grant privileges.
+--echo #
+--echo # We must test that if aditional db privileges get granted to a role
+--echo # which previously inherited privileges from another granted role
+--echo # keep the internal memory structures intact.
+--echo #
+
+create role simple;
+
+--echo #
+--echo # First we create an entry with privileges for databases for the simple role.
+--echo #
+grant select, insert, update, delete, lock tables, execute on t.* to simple;
+create role admin;
+
+--echo #
+--echo # Now we grant the simple role to admin. This means that db privileges
+--echo # should propagate to admin.
+--echo #
+grant simple to admin;
+show grants for admin;
+
+--echo #
+--echo # Finally, we give the admin all the available privileges for the db.
+--echo #
+grant all on t.* to admin;
+
+--echo #
+--echo # Create a user to test out the new roles;
+--echo #
+create user foo;
+grant admin to foo;
+
+connect (foo,localhost,foo,,,,,);
+--error ER_DBACCESS_DENIED_ERROR
+create database t;
+set role admin;
+show grants;
+create database t;
+drop database t;
+
+connection default;
+
+drop role simple;
+drop role admin;
+drop user foo;