use test; grant usage on *.* to user1@localhost; flush privileges; drop table if exists t1; drop database if exists db1_secret; create database db1_secret; create procedure db1_secret.dummy() begin end; drop procedure db1_secret.dummy; use db1_secret; create table t1 ( u varchar(64), i int ); create procedure stamp(i int) insert into db1_secret.t1 values (user(), i); show procedure status like 'stamp'; Db Name Type Definer Modified Created Security_type Comment db1_secret stamp PROCEDURE root@localhost 0000-00-00 00:00:00 0000-00-00 00:00:00 DEFINER create function db() returns varchar(64) return database(); show function status like 'db'; Db Name Type Definer Modified Created Security_type Comment db1_secret db FUNCTION root@localhost 0000-00-00 00:00:00 0000-00-00 00:00:00 DEFINER call stamp(1); select * from t1; u i root@localhost 1 select db(); db() db1_secret grant execute on procedure db1_secret.stamp to user1@'%'; grant execute on function db1_secret.db to user1@'%'; grant execute on procedure db1_secret.stamp to ''@'%'; grant execute on function db1_secret.db to ''@'%'; call db1_secret.stamp(2); select db1_secret.db(); db1_secret.db() db1_secret select * from db1_secret.t1; ERROR 42000: SELECT command denied to user 'user1'@'localhost' for table 't1' create procedure db1_secret.dummy() begin end; ERROR 42000: Access denied for user 'user1'@'localhost' to database 'db1_secret' drop procedure db1_secret.dummy; ERROR 42000: PROCEDURE db1_secret.dummy does not exist call db1_secret.stamp(3); select db1_secret.db(); db1_secret.db() db1_secret select * from db1_secret.t1; ERROR 42000: SELECT command denied to user ''@'localhost' for table 't1' create procedure db1_secret.dummy() begin end; ERROR 42000: Access denied for user ''@'localhost' to database 'db1_secret' drop procedure db1_secret.dummy; ERROR 42000: PROCEDURE db1_secret.dummy does not exist select * from t1; u i root@localhost 1 user1@localhost 2 anon@localhost 3 alter procedure stamp sql security invoker; show procedure status like 'stamp'; Db Name Type Definer Modified Created Security_type Comment db1_secret stamp PROCEDURE root@localhost 0000-00-00 00:00:00 0000-00-00 00:00:00 INVOKER alter function db sql security invoker; show function status like 'db'; Db Name Type Definer Modified Created Security_type Comment db1_secret db FUNCTION root@localhost 0000-00-00 00:00:00 0000-00-00 00:00:00 INVOKER call stamp(4); select * from t1; u i root@localhost 1 user1@localhost 2 anon@localhost 3 root@localhost 4 select db(); db() db1_secret call db1_secret.stamp(5); ERROR 42000: Access denied for user 'user1'@'localhost' to database 'db1_secret' select db1_secret.db(); ERROR 42000: Access denied for user 'user1'@'localhost' to database 'db1_secret' call db1_secret.stamp(6); ERROR 42000: Access denied for user ''@'localhost' to database 'db1_secret' select db1_secret.db(); ERROR 42000: Access denied for user ''@'localhost' to database 'db1_secret' drop database if exists db2; create database db2; use db2; create table t2 (s1 int); insert into t2 values (0); grant usage on db2.* to user1@localhost; grant select on db2.* to user1@localhost; grant usage on db2.* to user2@localhost; grant select,insert,update,delete,create routine on db2.* to user2@localhost; grant create routine on db2.* to user1@localhost; flush privileges; use db2; create procedure p () insert into t2 values (1); call p(); ERROR 42000: INSERT command denied to user 'user1'@'localhost' for table 't2' use db2; call p(); ERROR 42000: execute command denied to user 'user2'@'localhost' for routine 'db2.p' select * from t2; s1 0 create procedure q () insert into t2 values (2); call q(); select * from t2; s1 0 2 grant usage on procedure db2.q to user2@localhost with grant option; grant execute on procedure db2.q to user1@localhost; use db2; call q(); select * from t2; s1 0 2 2 alter procedure p modifies sql data; drop procedure p; alter procedure q modifies sql data; ERROR 42000: alter routine command denied to user 'user1'@'localhost' for routine 'db2.q' drop procedure q; ERROR 42000: alter routine command denied to user 'user1'@'localhost' for routine 'db2.q' use db2; alter procedure q modifies sql data; drop procedure q; use test; select type,db,name from mysql.proc; type db name FUNCTION db1_secret db PROCEDURE db1_secret stamp drop database db1_secret; drop database db2; select type,db,name from mysql.proc; type db name delete from mysql.user where user='user1' or user='user2'; delete from mysql.procs_priv where user='user1' or user='user2'; grant usage on *.* to usera@localhost; grant usage on *.* to userb@localhost; grant usage on *.* to userc@localhost; create database sptest; create table t1 ( u varchar(64), i int ); create procedure sptest.p1(i int) insert into test.t1 values (user(), i); grant insert on t1 to usera@localhost; grant execute on procedure sptest.p1 to usera@localhost; show grants for usera@localhost; Grants for usera@localhost GRANT USAGE ON *.* TO 'usera'@'localhost' GRANT INSERT ON `test`.`t1` TO 'usera'@'localhost' GRANT EXECUTE ON PROCEDURE `sptest`.`p1` TO 'usera'@'localhost' grant execute on procedure sptest.p1 to userc@localhost with grant option; show grants for userc@localhost; Grants for userc@localhost GRANT USAGE ON *.* TO 'userc'@'localhost' GRANT EXECUTE ON PROCEDURE `sptest`.`p1` TO 'userc'@'localhost' WITH GRANT OPTION call sptest.p1(1); grant execute on procedure sptest.p1 to userb@localhost; ERROR 42000: grant command denied to user 'usera'@'localhost' for routine 'sptest.p1' drop procedure sptest.p1; ERROR 42000: alter routine command denied to user 'usera'@'localhost' for routine 'sptest.p1' call sptest.p1(2); ERROR 42000: execute command denied to user 'userb'@'localhost' for routine 'sptest.p1' grant execute on procedure sptest.p1 to userb@localhost; ERROR 42000: execute command denied to user 'userb'@'localhost' for routine 'sptest.p1' drop procedure sptest.p1; ERROR 42000: alter routine command denied to user 'userb'@'localhost' for routine 'sptest.p1' call sptest.p1(3); grant execute on procedure sptest.p1 to userb@localhost; drop procedure sptest.p1; ERROR 42000: alter routine command denied to user 'userc'@'localhost' for routine 'sptest.p1' call sptest.p1(4); grant execute on procedure sptest.p1 to userb@localhost; ERROR 42000: grant command denied to user 'userb'@'localhost' for routine 'sptest.p1' drop procedure sptest.p1; ERROR 42000: alter routine command denied to user 'userb'@'localhost' for routine 'sptest.p1' select * from t1; u i usera@localhost 1 userc@localhost 3 userb@localhost 4 grant all privileges on procedure sptest.p1 to userc@localhost; show grants for userc@localhost; Grants for userc@localhost GRANT USAGE ON *.* TO 'userc'@'localhost' GRANT EXECUTE, ALTER ROUTINE ON PROCEDURE `sptest`.`p1` TO 'userc'@'localhost' WITH GRANT OPTION show grants for userb@localhost; Grants for userb@localhost GRANT USAGE ON *.* TO 'userb'@'localhost' GRANT EXECUTE ON PROCEDURE `sptest`.`p1` TO 'userb'@'localhost' revoke all privileges on procedure sptest.p1 from userb@localhost; show grants for userb@localhost; Grants for userb@localhost GRANT USAGE ON *.* TO 'userb'@'localhost' use test; drop database sptest; delete from mysql.user where user='usera' or user='userb' or user='userc'; delete from mysql.procs_priv where user='usera' or user='userb' or user='userc'; drop function if exists bug_9503; create database mysqltest// use mysqltest// create table t1 (s1 int)// grant select on t1 to user1@localhost// create function bug_9503 () returns int sql security invoker begin declare v int; select min(s1) into v from t1; return v; end// use mysqltest; select bug_9503(); ERROR 42000: execute command denied to user 'user1'@'localhost' for routine 'mysqltest.bug_9503' grant execute on function bug_9503 to user1@localhost; do 1; use test; REVOKE ALL PRIVILEGES, GRANT OPTION FROM user1@localhost; drop function bug_9503; use test; drop database mysqltest; use test; select current_user(); current_user() root@localhost select user(); user() root@localhost create procedure bug7291_0 () sql security invoker select current_user(), user(); create procedure bug7291_1 () sql security definer call bug7291_0(); create procedure bug7291_2 () sql security invoker call bug7291_0(); grant execute on procedure bug7291_0 to user1@localhost; grant execute on procedure bug7291_1 to user1@localhost; grant execute on procedure bug7291_2 to user1@localhost; call bug7291_2(); current_user() user() user1@localhost user1@localhost call bug7291_1(); current_user() user() root@localhost user1@localhost drop procedure bug7291_1; drop procedure bug7291_2; drop procedure bug7291_0; REVOKE ALL PRIVILEGES, GRANT OPTION FROM user1@localhost; drop user user1@localhost;