diff options
| author | Anel Husakovic <anel@mariadb.org> | 2020-05-12 16:16:05 +0200 |
|---|---|---|
| committer | Anel Husakovic <anel@mariadb.org> | 2020-05-28 17:08:40 +0200 |
| commit | 957cb7b7ba355184aebf0f5dc91b7f2aa620c0e0 (patch) | |
| tree | 365a8d1e21f7d3b6ab4ce142b1119d25d17a756e /sql/sql_acl.h | |
| parent | dbe447a78908214614db53061dccbc6bde52764e (diff) | |
| download | mariadb-git-957cb7b7ba355184aebf0f5dc91b7f2aa620c0e0.tar.gz | |
MDEV-22312: Bad error message for SET DEFAULT ROLE when user account is not granted the role
- `SET DEFAULT ROLE xxx [FOR yyy]` should say:
"User yyy has not been granted a role xxx" if:
- The current user (not the user `yyy` in the FOR clause) can see the
role xxx. It can see the role if:
* role exists in `mysql.roles_mappings` (traverse the graph),
* If the current user has read access on `mysql.user` table - in
that case, it can see all roles, granted or not.
- Otherwise it should be "Invalid role specification".
In other words, it should not be possible to use `SET DEFAULT ROLE` to discover whether a specific role exist or not.
Diffstat (limited to 'sql/sql_acl.h')
| -rw-r--r-- | sql/sql_acl.h | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/sql/sql_acl.h b/sql/sql_acl.h index c191cb83de5..3bd896cab79 100644 --- a/sql/sql_acl.h +++ b/sql/sql_acl.h @@ -402,7 +402,7 @@ bool acl_check_proxy_grant_access (THD *thd, const char *host, const char *user, bool with_grant); int acl_setrole(THD *thd, char *rolename, ulonglong access); int acl_check_setrole(THD *thd, char *rolename, ulonglong *access); -int acl_check_set_default_role(THD *thd, const char *host, const char *user); +int acl_check_set_default_role(THD *thd, const char *host, const char *user, const char *role); int acl_set_default_role(THD *thd, const char *host, const char *user, const char *rolename); |