source include/not_embedded.inc; #create a user with no privileges create user test_user@localhost; create role test_role1; grant test_role1 to test_user@localhost; create role test_role2; grant test_role2 to test_role1; --sorted_result select user, host from mysql.user where user not like 'root'; --sorted_result select * from mysql.roles_mapping where User like 'test_user'; --sorted_result select * from mysql.roles_mapping where User like 'test_role1'; grant select on *.* to test_role2; --sorted_result select * from mysql.user where user like 'test_role1'; --sorted_result select * from mysql.user where user like 'test_role2'; change_user 'test_user'; --error ER_TABLEACCESS_DENIED_ERROR select * from mysql.roles_mapping; --sorted_result show grants; select current_user(), current_role(); set role test_role1; select current_user(), current_role(); --sorted_result show grants; select * from mysql.roles_mapping where Host=''; --sorted_result show grants; set role none; select current_user(), current_role(); --sorted_result show grants; --error ER_TABLEACCESS_DENIED_ERROR select * from mysql.roles_mapping; --sorted_result show grants; --error ER_INVALID_ROLE set role test_role2; select current_user(), current_role(); --sorted_result show grants; --error ER_TABLEACCESS_DENIED_ERROR select * from mysql.roles_mapping; #Make sure that this still works after an ER_INVALID_ROLE error --sorted_result show grants; set role test_role1; select current_user(), current_role(); --sorted_result show grants; --sorted_result select * from mysql.roles_mapping where Host=''; --sorted_result show grants; set role none; select current_user(), current_role(); --sorted_result show grants; --error ER_TABLEACCESS_DENIED_ERROR select * from mysql.roles_mapping; change_user 'root'; delete from mysql.user where user='test_role1'; delete from mysql.user where user='test_role2'; delete from mysql.roles_mapping; flush privileges; drop user 'test_user'@'localhost';