From 64b27c734eed91e2b79701c9c53283d9411f702f Mon Sep 17 00:00:00 2001
From: Vicentiu Ciorbaru <cvicentiu@gmail.com>
Date: Sun, 13 Jul 2014 23:57:10 +0000
Subject: Added default role implementation

---
 mysql-test/r/ps.result                             |  6 +-
 .../create_and_drop_role_invalid_user_table.result |  4 ++
 .../create_and_drop_role_invalid_user_table.test   |  7 +-
 .../suite/roles/set_default_role_clear.result      | 35 +++++++++
 mysql-test/suite/roles/set_default_role_clear.test | 52 ++++++++++++++
 mysql-test/suite/roles/set_default_role_for.result | 65 +++++++++++++++++
 mysql-test/suite/roles/set_default_role_for.test   | 84 ++++++++++++++++++++++
 .../suite/roles/set_default_role_invalid.result    | 40 +++++++++++
 .../suite/roles/set_default_role_invalid.test      | 62 ++++++++++++++++
 .../roles/set_default_role_new_connection.result   | 48 +++++++++++++
 .../roles/set_default_role_new_connection.test     | 47 ++++++++++++
 mysql-test/suite/roles/set_role-recursive.result   |  8 +--
 mysql-test/suite/roles/set_role-simple.result      |  4 +-
 13 files changed, 450 insertions(+), 12 deletions(-)
 create mode 100644 mysql-test/suite/roles/set_default_role_clear.result
 create mode 100644 mysql-test/suite/roles/set_default_role_clear.test
 create mode 100644 mysql-test/suite/roles/set_default_role_for.result
 create mode 100644 mysql-test/suite/roles/set_default_role_for.test
 create mode 100644 mysql-test/suite/roles/set_default_role_invalid.result
 create mode 100644 mysql-test/suite/roles/set_default_role_invalid.test
 create mode 100644 mysql-test/suite/roles/set_default_role_new_connection.result
 create mode 100644 mysql-test/suite/roles/set_default_role_new_connection.test

(limited to 'mysql-test')

diff --git a/mysql-test/r/ps.result b/mysql-test/r/ps.result
index 3217a10ed6d..7db51eadbe6 100644
--- a/mysql-test/r/ps.result
+++ b/mysql-test/r/ps.result
@@ -1202,13 +1202,13 @@ SET @aux= "SELECT COUNT(*)
 prepare my_stmt from @aux;
 execute my_stmt;
 COUNT(*)
-44
+45
 execute my_stmt;
 COUNT(*)
-44
+45
 execute my_stmt;
 COUNT(*)
-44
+45
 deallocate prepare my_stmt;
 drop procedure if exists p1|
 drop table if exists t1|
diff --git a/mysql-test/suite/roles/create_and_drop_role_invalid_user_table.result b/mysql-test/suite/roles/create_and_drop_role_invalid_user_table.result
index 2d5891f996e..e7765c37667 100644
--- a/mysql-test/suite/roles/create_and_drop_role_invalid_user_table.result
+++ b/mysql-test/suite/roles/create_and_drop_role_invalid_user_table.result
@@ -1,5 +1,6 @@
 use mysql;
 alter table user drop column is_role;
+alter table user drop column default_role;
 flush privileges;
 create role test_role;
 ERROR HY000: Column count of mysql.user is wrong. Expected 44, found 43. Created with MariaDB MYSQL_VERSION_ID, now running MYSQL_VERSION_ID. Please use mysql_upgrade to fix this error.
@@ -8,6 +9,9 @@ ERROR HY000: Operation DROP ROLE failed for 'test_role'
 alter table user add column is_role enum('N', 'Y') default 'N' not null
 COLLATE utf8_general_ci
 after password_expired;
+alter table user add column default_role char(80) binary default '' not null
+COLLATE utf8_general_ci
+after is_role;
 update user set is_role='N';
 flush privileges;
 create role test_role;
diff --git a/mysql-test/suite/roles/create_and_drop_role_invalid_user_table.test b/mysql-test/suite/roles/create_and_drop_role_invalid_user_table.test
index fddab717245..9ffac07d241 100644
--- a/mysql-test/suite/roles/create_and_drop_role_invalid_user_table.test
+++ b/mysql-test/suite/roles/create_and_drop_role_invalid_user_table.test
@@ -4,6 +4,7 @@ connect (mysql, localhost, root,,);
 use mysql;
 
 alter table user drop column is_role;
+alter table user drop column default_role;
 
 flush privileges;
 
@@ -15,12 +16,12 @@ drop role test_role;
 alter table user add column is_role enum('N', 'Y') default 'N' not null
                                                    COLLATE utf8_general_ci
 after password_expired;
+alter table user add column default_role char(80) binary default '' not null
+                                                   COLLATE utf8_general_ci
+after is_role;
 
 update user set is_role='N';
 
 flush privileges;
 create role test_role;
 drop role test_role;
-
-
-
diff --git a/mysql-test/suite/roles/set_default_role_clear.result b/mysql-test/suite/roles/set_default_role_clear.result
new file mode 100644
index 00000000000..382d3d27c70
--- /dev/null
+++ b/mysql-test/suite/roles/set_default_role_clear.result
@@ -0,0 +1,35 @@
+create user test_user@localhost;
+create role test_role;
+grant select on *.* to test_role;
+grant test_role to test_user@localhost;
+show grants;
+Grants for test_user@localhost
+GRANT test_role TO 'test_user'@'localhost'
+GRANT USAGE ON *.* TO 'test_user'@'localhost'
+set default role test_role;
+select user, host, default_role from mysql.user;
+ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table 'user'
+select user, host, default_role from mysql.user where user='test_user';
+user	host	default_role
+test_user	localhost	test_role
+show grants;
+Grants for test_user@localhost
+GRANT test_role TO 'test_user'@'localhost'
+GRANT USAGE ON *.* TO 'test_user'@'localhost'
+GRANT SELECT ON *.* TO 'test_role'
+select user, host, default_role from mysql.user where user='test_user';
+user	host	default_role
+test_user	localhost	test_role
+set default role NONE;
+select user, host, default_role from mysql.user where user='test_user';
+user	host	default_role
+test_user	localhost	
+set default role invalid_role;
+ERROR OP000: Invalid role specification `invalid_role`.
+select user, host, default_role from mysql.user where user='test_user';
+user	host	default_role
+test_user	localhost	
+select user, host, default_role from mysql.user;
+ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table 'user'
+drop role test_role;
+drop user test_user@localhost;
diff --git a/mysql-test/suite/roles/set_default_role_clear.test b/mysql-test/suite/roles/set_default_role_clear.test
new file mode 100644
index 00000000000..32c9661c573
--- /dev/null
+++ b/mysql-test/suite/roles/set_default_role_clear.test
@@ -0,0 +1,52 @@
+source include/not_embedded.inc;
+
+# This test checks clearing a default role from a user.
+
+# Create a user with no privileges
+create user test_user@localhost;
+
+create role test_role;
+
+grant select on *.* to test_role;
+grant test_role to test_user@localhost;
+
+change_user 'test_user';
+show grants;
+set default role test_role;
+
+# Even though a user has the default role set, without reconnecting, we should
+# not already have the roles privileges.
+--error ER_TABLEACCESS_DENIED_ERROR
+select user, host, default_role from mysql.user;
+
+change_user 'root';
+select user, host, default_role from mysql.user where user='test_user';
+
+change_user 'test_user';
+# This should show that the new test_user has the role's grants enabled.
+show grants;
+select user, host, default_role from mysql.user where user='test_user';
+
+set default role NONE;
+
+# We should still have the role set right now.
+select user, host, default_role from mysql.user where user='test_user';
+
+# Make sure we do not somehow get privileges to set an invalid role
+--error ER_INVALID_ROLE
+set default role invalid_role;
+
+change_user 'root';
+select user, host, default_role from mysql.user where user='test_user';
+
+change_user 'test_user';
+# The user does not have a default role set anymore. Make sure we don't still
+# get the privileges.
+--error ER_TABLEACCESS_DENIED_ERROR
+select user, host, default_role from mysql.user;
+
+change_user 'root';
+
+# Cleanup
+drop role test_role;
+drop user test_user@localhost;
diff --git a/mysql-test/suite/roles/set_default_role_for.result b/mysql-test/suite/roles/set_default_role_for.result
new file mode 100644
index 00000000000..2949584f049
--- /dev/null
+++ b/mysql-test/suite/roles/set_default_role_for.result
@@ -0,0 +1,65 @@
+create user user_a@localhost;
+create user user_b@localhost;
+create role role_a;
+create role role_b;
+grant role_a to user_a@localhost;
+grant role_b to user_b@localhost;
+grant role_a to user_a@localhost;
+grant select on *.* to role_a;
+grant role_b to user_b@localhost;
+grant insert, update on *.* to role_b;
+set default role role_a for user_b@localhost;
+ERROR 42000: Access denied for user 'user_a'@'localhost' to database 'mysql'
+set default role role_a for user_a@localhost;
+set default role invalid_role for user_a@localhost;
+ERROR OP000: Invalid role specification `invalid_role`.
+set default role role_b for user_a@localhost;
+ERROR OP000: Invalid role specification `role_b`.
+set default role role_b for user_b@localhost;
+show grants;
+Grants for user_a@localhost
+GRANT role_a TO 'user_a'@'localhost'
+GRANT USAGE ON *.* TO 'user_a'@'localhost'
+GRANT SELECT ON *.* TO 'role_a'
+select user, host, default_role from mysql.user where user like 'user_%';
+user	host	default_role
+user_a	localhost	role_a
+user_b	localhost	role_b
+set default role NONE for current_user;
+select user, host, default_role from mysql.user where user like 'user_%';
+user	host	default_role
+user_a	localhost	
+user_b	localhost	role_b
+set default role current_role for current_user;
+select user, host, default_role from mysql.user where user like 'user_%';
+user	host	default_role
+user_a	localhost	role_a
+user_b	localhost	role_b
+set default role role_b for current_user;
+ERROR OP000: Invalid role specification `role_b`.
+show grants;
+Grants for user_b@localhost
+GRANT role_b TO 'user_b'@'localhost'
+GRANT USAGE ON *.* TO 'user_b'@'localhost'
+GRANT INSERT, UPDATE ON *.* TO 'role_b'
+select user, host, default_role from mysql.user where user like 'user_%';
+ERROR 42000: SELECT command denied to user 'user_b'@'localhost' for table 'user'
+insert into mysql.user (user, host) values ('someuser', 'somehost');
+Warnings:
+Warning	1364	Field 'ssl_cipher' doesn't have a default value
+Warning	1364	Field 'x509_issuer' doesn't have a default value
+Warning	1364	Field 'x509_subject' doesn't have a default value
+Warning	1364	Field 'authentication_string' doesn't have a default value
+set default role NONE for user_a@localhost;
+show grants;
+Grants for user_a@localhost
+GRANT role_a TO 'user_a'@'localhost'
+GRANT USAGE ON *.* TO 'user_a'@'localhost'
+GRANT INSERT, UPDATE ON *.* TO 'role_b'
+select user, host, default_role from mysql.user where user like 'user_%';
+ERROR 42000: SELECT command denied to user 'user_a'@'localhost' for table 'user'
+drop role role_a;
+drop role role_b;
+drop user someuser@somehost;
+drop user user_a@localhost;
+drop user user_b@localhost;
diff --git a/mysql-test/suite/roles/set_default_role_for.test b/mysql-test/suite/roles/set_default_role_for.test
new file mode 100644
index 00000000000..d51c13bcec9
--- /dev/null
+++ b/mysql-test/suite/roles/set_default_role_for.test
@@ -0,0 +1,84 @@
+source include/not_embedded.inc;
+
+# This test checks setting a default role to a different user;
+
+
+create user user_a@localhost;
+create user user_b@localhost;
+
+create role role_a;
+create role role_b;
+
+grant role_a to user_a@localhost;
+grant role_b to user_b@localhost;
+
+grant role_a to user_a@localhost;
+grant select on *.* to role_a;
+
+grant role_b to user_b@localhost;
+grant insert, update on *.* to role_b;
+
+change_user 'user_a';
+
+# A user should not be a able to set a default role for someone else,
+# if he hasn't got write access to the database.
+--error ER_DBACCESS_DENIED_ERROR
+set default role role_a for user_b@localhost;
+
+# Should have the same effect as set default role role_a.
+set default role role_a for user_a@localhost;
+
+change_user 'root';
+
+# Not even a 'root' user should be able to set an invalid role for a user.
+--error ER_INVALID_ROLE
+set default role invalid_role for user_a@localhost;
+
+--error ER_INVALID_ROLE
+set default role role_b for user_a@localhost;
+
+# Make sure we can set a default role for a different user than the one that
+# is actually running the command.
+set default role role_b for user_b@localhost;
+
+change_user 'user_a';
+
+show grants;
+select user, host, default_role from mysql.user where user like 'user_%';
+
+set default role NONE for current_user;
+select user, host, default_role from mysql.user where user like 'user_%';
+
+set default role current_role for current_user;
+select user, host, default_role from mysql.user where user like 'user_%';
+
+# Make sure we can't set a default role not granted to us, using current_user
+--error ER_INVALID_ROLE
+set default role role_b for current_user;
+
+change_user 'user_b';
+
+show grants;
+--error ER_TABLEACCESS_DENIED_ERROR
+select user, host, default_role from mysql.user where user like 'user_%';
+
+# Make sure the default role setting worked from root.
+insert into mysql.user (user, host) values ('someuser', 'somehost');
+# Since we have update privileges on the mysql.user table, we should
+# be able to set a default role for a different user.
+set default role NONE for user_a@localhost;
+
+change_user 'user_a';
+
+# There is no default role set any more.
+show grants;
+--error ER_TABLEACCESS_DENIED_ERROR
+select user, host, default_role from mysql.user where user like 'user_%';
+
+change_user 'root';
+
+drop role role_a;
+drop role role_b;
+drop user someuser@somehost;
+drop user user_a@localhost;
+drop user user_b@localhost;
diff --git a/mysql-test/suite/roles/set_default_role_invalid.result b/mysql-test/suite/roles/set_default_role_invalid.result
new file mode 100644
index 00000000000..3916bacfd4c
--- /dev/null
+++ b/mysql-test/suite/roles/set_default_role_invalid.result
@@ -0,0 +1,40 @@
+create user test_user@localhost;
+create role test_role;
+create role not_granted_role;
+grant select on *.* to test_role;
+grant test_role to test_user@localhost;
+show grants;
+Grants for test_user@localhost
+GRANT test_role TO 'test_user'@'localhost'
+GRANT USAGE ON *.* TO 'test_user'@'localhost'
+select user, host, default_role from mysql.user;
+ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table 'user'
+set default role invalid_role;
+ERROR OP000: Invalid role specification `invalid_role`.
+set default role not_granted_role;
+ERROR OP000: Invalid role specification `not_granted_role`.
+set default role test_role;
+select user, host, default_role from mysql.user;
+ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table 'user'
+select user, host, default_role from mysql.user where user='test_user';
+user	host	default_role
+test_user	localhost	test_role
+show grants;
+Grants for test_user@localhost
+GRANT test_role TO 'test_user'@'localhost'
+GRANT USAGE ON *.* TO 'test_user'@'localhost'
+GRANT SELECT ON *.* TO 'test_role'
+select user, host, default_role from mysql.user where user='test_user';
+user	host	default_role
+test_user	localhost	test_role
+set default role invalid_role;
+ERROR OP000: Invalid role specification `invalid_role`.
+select user, host, default_role from mysql.user where user='test_user';
+user	host	default_role
+test_user	localhost	test_role
+revoke test_role from test_user@localhost;
+select user, host, default_role from mysql.user where user='test_user';
+ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table 'user'
+drop role test_role;
+drop role not_granted_role;
+drop user test_user@localhost;
diff --git a/mysql-test/suite/roles/set_default_role_invalid.test b/mysql-test/suite/roles/set_default_role_invalid.test
new file mode 100644
index 00000000000..8e72e316d4b
--- /dev/null
+++ b/mysql-test/suite/roles/set_default_role_invalid.test
@@ -0,0 +1,62 @@
+source include/not_embedded.inc;
+
+# This test checks the error paths possible during set default role.
+
+# Create a user with no privileges
+create user test_user@localhost;
+
+create role test_role;
+create role not_granted_role;
+
+grant select on *.* to test_role;
+grant test_role to test_user@localhost;
+
+change_user 'test_user';
+show grants;
+--error ER_TABLEACCESS_DENIED_ERROR
+select user, host, default_role from mysql.user;
+
+# A user can not set a default role that does not exist in the database.
+--error ER_INVALID_ROLE
+set default role invalid_role;
+
+# A user can not set a default role if he can not call set role <role>.
+--error ER_INVALID_ROLE
+set default role not_granted_role;
+
+set default role test_role;
+
+# Even though a user has the default role set, without reconnecting, we should
+# not already have the roles privileges.
+--error ER_TABLEACCESS_DENIED_ERROR
+select user, host, default_role from mysql.user;
+
+change_user 'root';
+select user, host, default_role from mysql.user where user='test_user';
+
+change_user 'test_user';
+# This should show that the new test_user has the role's grants enabled.
+show grants;
+select user, host, default_role from mysql.user where user='test_user';
+
+# If we have a failed set default role attempt, don't change the already set
+# default role.
+--error ER_INVALID_ROLE
+set default role invalid_role;
+select user, host, default_role from mysql.user where user='test_user';
+
+change_user 'root';
+# Now, even though a default role is still set for test_user, make sure the
+# user does not get the rights, if he can not set the role.
+revoke test_role from test_user@localhost;
+
+change_user 'test_user';
+--error ER_TABLEACCESS_DENIED_ERROR
+select user, host, default_role from mysql.user where user='test_user';
+
+change_user 'root';
+
+# Cleanup
+drop role test_role;
+drop role not_granted_role;
+drop user test_user@localhost;
diff --git a/mysql-test/suite/roles/set_default_role_new_connection.result b/mysql-test/suite/roles/set_default_role_new_connection.result
new file mode 100644
index 00000000000..d88ead70038
--- /dev/null
+++ b/mysql-test/suite/roles/set_default_role_new_connection.result
@@ -0,0 +1,48 @@
+create user test_user@localhost;
+create role test_role;
+grant select on *.* to test_role;
+grant test_role to test_user@localhost;
+show grants;
+Grants for test_user@localhost
+GRANT test_role TO 'test_user'@'localhost'
+GRANT USAGE ON *.* TO 'test_user'@'localhost'
+select user, host, default_role from mysql.user where user = 'test_user';
+ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table 'user'
+set default role test_role;
+select user, host, default_role from mysql.user where user = 'test_user';
+ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table 'user'
+select user, host, default_role from mysql.user where user = 'test_user';
+user	host	default_role
+test_user	localhost	test_role
+show grants;
+Grants for test_user@localhost
+GRANT test_role TO 'test_user'@'localhost'
+GRANT USAGE ON *.* TO 'test_user'@'localhost'
+GRANT SELECT ON *.* TO 'test_role'
+select user, host, default_role from mysql.user where user = 'test_user';
+user	host	default_role
+test_user	localhost	test_role
+set default role NONE;
+select user, host, default_role from mysql.user where user = 'test_user';
+user	host	default_role
+test_user	localhost	
+show grants;
+Grants for test_user@localhost
+GRANT test_role TO 'test_user'@'localhost'
+GRANT USAGE ON *.* TO 'test_user'@'localhost'
+select user, host, default_role from mysql.user where user = 'test_user';
+ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table 'user'
+select user, host, default_role from mysql.user where user = 'test_user';
+user	host	default_role
+test_user	localhost	
+set default role test_role for test_user@localhost;
+show grants;
+Grants for test_user@localhost
+GRANT test_role TO 'test_user'@'localhost'
+GRANT USAGE ON *.* TO 'test_user'@'localhost'
+GRANT SELECT ON *.* TO 'test_role'
+select user, host, default_role from mysql.user where user = 'test_user';
+user	host	default_role
+test_user	localhost	test_role
+drop role test_role;
+drop user test_user@localhost;
diff --git a/mysql-test/suite/roles/set_default_role_new_connection.test b/mysql-test/suite/roles/set_default_role_new_connection.test
new file mode 100644
index 00000000000..81f7f2ffb58
--- /dev/null
+++ b/mysql-test/suite/roles/set_default_role_new_connection.test
@@ -0,0 +1,47 @@
+source include/not_embedded.inc;
+
+create user test_user@localhost;
+create role test_role;
+grant select on *.* to test_role;
+grant test_role to test_user@localhost;
+
+--connect (c1, localhost, test_user,,)
+show grants;
+--error ER_TABLEACCESS_DENIED_ERROR
+select user, host, default_role from mysql.user where user = 'test_user';
+set default role test_role;
+--error ER_TABLEACCESS_DENIED_ERROR
+select user, host, default_role from mysql.user where user = 'test_user';
+disconnect c1;
+
+connection default;
+select user, host, default_role from mysql.user where user = 'test_user';
+
+
+--connect (c1, localhost, test_user,,)
+show grants;
+select user, host, default_role from mysql.user where user = 'test_user';
+set default role NONE;
+disconnect c1;
+
+connection default;
+select user, host, default_role from mysql.user where user = 'test_user';
+
+--connect (c1, localhost, test_user,,)
+show grants;
+--error ER_TABLEACCESS_DENIED_ERROR
+select user, host, default_role from mysql.user where user = 'test_user';
+disconnect c1;
+
+connection default;
+select user, host, default_role from mysql.user where user = 'test_user';
+set default role test_role for test_user@localhost;
+
+--connect (c1, localhost, test_user,,)
+show grants;
+select user, host, default_role from mysql.user where user = 'test_user';
+disconnect c1;
+
+connection default;
+drop role test_role;
+drop user test_user@localhost;
diff --git a/mysql-test/suite/roles/set_role-recursive.result b/mysql-test/suite/roles/set_role-recursive.result
index 0bec8026ab5..008de2c3265 100644
--- a/mysql-test/suite/roles/set_role-recursive.result
+++ b/mysql-test/suite/roles/set_role-recursive.result
@@ -16,11 +16,11 @@ Host	User	Role	Admin_option
 	test_role1	test_role2	N
 grant select on *.* to test_role2;
 select * from mysql.user where user like 'test_role1';
-Host	User	Password	Select_priv	Insert_priv	Update_priv	Delete_priv	Create_priv	Drop_priv	Reload_priv	Shutdown_priv	Process_priv	File_priv	Grant_priv	References_priv	Index_priv	Alter_priv	Show_db_priv	Super_priv	Create_tmp_table_priv	Lock_tables_priv	Execute_priv	Repl_slave_priv	Repl_client_priv	Create_view_priv	Show_view_priv	Create_routine_priv	Alter_routine_priv	Create_user_priv	Event_priv	Trigger_priv	Create_tablespace_priv	ssl_type	ssl_cipher	x509_issuer	x509_subject	max_questions	max_updates	max_connections	max_user_connections	plugin	authentication_string	password_expired	is_role
-	test_role1		N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N					0	0	0	0			N	Y
+Host	User	Password	Select_priv	Insert_priv	Update_priv	Delete_priv	Create_priv	Drop_priv	Reload_priv	Shutdown_priv	Process_priv	File_priv	Grant_priv	References_priv	Index_priv	Alter_priv	Show_db_priv	Super_priv	Create_tmp_table_priv	Lock_tables_priv	Execute_priv	Repl_slave_priv	Repl_client_priv	Create_view_priv	Show_view_priv	Create_routine_priv	Alter_routine_priv	Create_user_priv	Event_priv	Trigger_priv	Create_tablespace_priv	ssl_type	ssl_cipher	x509_issuer	x509_subject	max_questions	max_updates	max_connections	max_user_connections	plugin	authentication_string	password_expired	is_role	default_role
+	test_role1		N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N					0	0	0	0			N	Y	
 select * from mysql.user where user like 'test_role2';
-Host	User	Password	Select_priv	Insert_priv	Update_priv	Delete_priv	Create_priv	Drop_priv	Reload_priv	Shutdown_priv	Process_priv	File_priv	Grant_priv	References_priv	Index_priv	Alter_priv	Show_db_priv	Super_priv	Create_tmp_table_priv	Lock_tables_priv	Execute_priv	Repl_slave_priv	Repl_client_priv	Create_view_priv	Show_view_priv	Create_routine_priv	Alter_routine_priv	Create_user_priv	Event_priv	Trigger_priv	Create_tablespace_priv	ssl_type	ssl_cipher	x509_issuer	x509_subject	max_questions	max_updates	max_connections	max_user_connections	plugin	authentication_string	password_expired	is_role
-	test_role2		Y	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N					0	0	0	0			N	Y
+Host	User	Password	Select_priv	Insert_priv	Update_priv	Delete_priv	Create_priv	Drop_priv	Reload_priv	Shutdown_priv	Process_priv	File_priv	Grant_priv	References_priv	Index_priv	Alter_priv	Show_db_priv	Super_priv	Create_tmp_table_priv	Lock_tables_priv	Execute_priv	Repl_slave_priv	Repl_client_priv	Create_view_priv	Show_view_priv	Create_routine_priv	Alter_routine_priv	Create_user_priv	Event_priv	Trigger_priv	Create_tablespace_priv	ssl_type	ssl_cipher	x509_issuer	x509_subject	max_questions	max_updates	max_connections	max_user_connections	plugin	authentication_string	password_expired	is_role	default_role
+	test_role2		Y	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N					0	0	0	0			N	Y	
 select * from mysql.roles_mapping;
 ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table 'roles_mapping'
 show grants;
diff --git a/mysql-test/suite/roles/set_role-simple.result b/mysql-test/suite/roles/set_role-simple.result
index ea416835017..f870bf8eb30 100644
--- a/mysql-test/suite/roles/set_role-simple.result
+++ b/mysql-test/suite/roles/set_role-simple.result
@@ -11,8 +11,8 @@ localhost	root	test_role1	Y
 localhost	test_user	test_role1	N
 grant select on *.* to test_role1;
 select * from mysql.user where user='test_role1';
-Host	User	Password	Select_priv	Insert_priv	Update_priv	Delete_priv	Create_priv	Drop_priv	Reload_priv	Shutdown_priv	Process_priv	File_priv	Grant_priv	References_priv	Index_priv	Alter_priv	Show_db_priv	Super_priv	Create_tmp_table_priv	Lock_tables_priv	Execute_priv	Repl_slave_priv	Repl_client_priv	Create_view_priv	Show_view_priv	Create_routine_priv	Alter_routine_priv	Create_user_priv	Event_priv	Trigger_priv	Create_tablespace_priv	ssl_type	ssl_cipher	x509_issuer	x509_subject	max_questions	max_updates	max_connections	max_user_connections	plugin	authentication_string	password_expired	is_role
-	test_role1		Y	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N					0	0	0	0			N	Y
+Host	User	Password	Select_priv	Insert_priv	Update_priv	Delete_priv	Create_priv	Drop_priv	Reload_priv	Shutdown_priv	Process_priv	File_priv	Grant_priv	References_priv	Index_priv	Alter_priv	Show_db_priv	Super_priv	Create_tmp_table_priv	Lock_tables_priv	Execute_priv	Repl_slave_priv	Repl_client_priv	Create_view_priv	Show_view_priv	Create_routine_priv	Alter_routine_priv	Create_user_priv	Event_priv	Trigger_priv	Create_tablespace_priv	ssl_type	ssl_cipher	x509_issuer	x509_subject	max_questions	max_updates	max_connections	max_user_connections	plugin	authentication_string	password_expired	is_role	default_role
+	test_role1		Y	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N	N					0	0	0	0			N	Y	
 select * from mysql.roles_mapping;
 ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table 'roles_mapping'
 show grants;
-- 
cgit v1.2.1