path: root/mysql-test/r/sp-security.result

use test;
grant usage on *.* to user1@localhost;
flush privileges;
drop database if exists db1_secret;
create database db1_secret;
create procedure db1_secret.dummy() begin end;
drop procedure db1_secret.dummy;
use db1_secret;
create table t1 ( u varchar(64), i int );
create procedure stamp(i int)
insert into db1_secret.t1 values (user(), i);
show procedure status like 'stamp';
Db	Name	Type	Definer	Modified	Created	Security_type	Comment
db1_secret	stamp	PROCEDURE	root@localhost	0000-00-00 00:00:00	0000-00-00 00:00:00	DEFINER	
create function db() returns varchar(64) return database();
show function status like 'db';
Db	Name	Type	Definer	Modified	Created	Security_type	Comment
db1_secret	db	FUNCTION	root@localhost	0000-00-00 00:00:00	0000-00-00 00:00:00	DEFINER	
call stamp(1);
select * from t1;
u	i
root@localhost	1
select db();
db()
db1_secret
grant execute on procedure db1_secret.stamp to user1@'%';
grant execute on function db1_secret.db to user1@'%';
grant execute on procedure db1_secret.stamp to ''@'%';
grant execute on function db1_secret.db to ''@'%';
call db1_secret.stamp(2);
select db1_secret.db();
db1_secret.db()
db1_secret
select * from db1_secret.t1;
ERROR 42000: SELECT command denied to user 'user1'@'localhost' for table 't1'
create procedure db1_secret.dummy() begin end;
ERROR 42000: Access denied for user 'user1'@'localhost' to database 'db1_secret'
drop procedure db1_secret.dummy;
ERROR 42000: PROCEDURE db1_secret.dummy does not exist
call db1_secret.stamp(3);
select db1_secret.db();
db1_secret.db()
db1_secret
select * from db1_secret.t1;
ERROR 42000: SELECT command denied to user ''@'localhost' for table 't1'
create procedure db1_secret.dummy() begin end;
ERROR 42000: Access denied for user ''@'localhost' to database 'db1_secret'
drop procedure db1_secret.dummy;
ERROR 42000: PROCEDURE db1_secret.dummy does not exist
select * from t1;
u	i
root@localhost	1
user1@localhost	2
anon@localhost	3
alter procedure stamp sql security invoker;
show procedure status like 'stamp';
Db	Name	Type	Definer	Modified	Created	Security_type	Comment
db1_secret	stamp	PROCEDURE	root@localhost	0000-00-00 00:00:00	0000-00-00 00:00:00	INVOKER	
alter function db sql security invoker;
show function status like 'db';
Db	Name	Type	Definer	Modified	Created	Security_type	Comment
db1_secret	db	FUNCTION	root@localhost	0000-00-00 00:00:00	0000-00-00 00:00:00	INVOKER	
call stamp(4);
select * from t1;
u	i
root@localhost	1
user1@localhost	2
anon@localhost	3
root@localhost	4
select db();
db()
db1_secret
call db1_secret.stamp(5);
ERROR 42000: Access denied for user 'user1'@'localhost' to database 'db1_secret'
select db1_secret.db();
ERROR 42000: Access denied for user 'user1'@'localhost' to database 'db1_secret'
call db1_secret.stamp(6);
ERROR 42000: Access denied for user ''@'localhost' to database 'db1_secret'
select db1_secret.db();
ERROR 42000: Access denied for user ''@'localhost' to database 'db1_secret'
drop database if exists db2;
create database db2;
use db2;
create table t2 (s1 int);
insert into t2 values (0);
grant usage on db2.* to user1@localhost;
grant select on db2.* to user1@localhost;
grant usage on db2.* to user2@localhost;
grant select,insert,update,delete,create routine on db2.* to user2@localhost;
grant create routine on db2.* to user1@localhost;
flush privileges;
use db2;
create procedure p () insert into t2 values (1);
call p();
ERROR 42000: INSERT command denied to user 'user1'@'localhost' for table 't2'
use db2;
call p();
ERROR 42000: execute command denied to user 'user2'@'localhost' for routine 'db2.p'
select * from t2;
s1
0
create procedure q () insert into t2 values (2);
call q();
select * from t2;
s1
0
2
grant usage on procedure db2.q to user2@localhost with grant option;
grant execute on procedure db2.q to user1@localhost;
use db2;
call q();
select * from t2;
s1
0
2
2
alter procedure p modifies sql data;
drop procedure p;
alter procedure q modifies sql data;
ERROR 42000: alter routine command denied to user 'user1'@'localhost' for routine 'db2.q'
drop procedure q;
ERROR 42000: alter routine command denied to user 'user1'@'localhost' for routine 'db2.q'
use db2;
alter procedure q modifies sql data;
drop procedure q;
use test;
select type,db,name from mysql.proc;
type	db	name
FUNCTION	db1_secret	db
PROCEDURE	db1_secret	stamp
drop database db1_secret;
drop database db2;
select type,db,name from mysql.proc;
type	db	name
delete from mysql.user where user='user1' or user='user2';
delete from mysql.procs_priv where user='user1' or user='user2';
grant usage on *.* to usera@localhost;
grant usage on *.* to userb@localhost;
grant usage on *.* to userc@localhost;
create database sptest;
create table t1 ( u varchar(64), i int );
create procedure sptest.p1(i int) insert into test.t1 values (user(), i);
grant insert on t1 to usera@localhost;
grant execute on procedure sptest.p1 to usera@localhost;
show grants for usera@localhost;
Grants for usera@localhost
GRANT USAGE ON *.* TO 'usera'@'localhost'
GRANT INSERT ON `test`.`t1` TO 'usera'@'localhost'
GRANT EXECUTE ON PROCEDURE `sptest`.`p1` TO 'usera'@'localhost'
grant execute on procedure sptest.p1 to userc@localhost with grant option;
show grants for userc@localhost;
Grants for userc@localhost
GRANT USAGE ON *.* TO 'userc'@'localhost'
GRANT EXECUTE ON PROCEDURE `sptest`.`p1` TO 'userc'@'localhost' WITH GRANT OPTION
call sptest.p1(1);
grant execute on procedure sptest.p1 to userb@localhost;
ERROR 42000: grant command denied to user 'usera'@'localhost' for routine 'sptest.p1'
drop procedure sptest.p1;
ERROR 42000: alter routine command denied to user 'usera'@'localhost' for routine 'sptest.p1'
call sptest.p1(2);
ERROR 42000: execute command denied to user 'userb'@'localhost' for routine 'sptest.p1'
grant execute on procedure sptest.p1 to userb@localhost;
ERROR 42000: execute command denied to user 'userb'@'localhost' for routine 'sptest.p1'
drop procedure sptest.p1;
ERROR 42000: alter routine command denied to user 'userb'@'localhost' for routine 'sptest.p1'
call sptest.p1(3);
grant execute on procedure sptest.p1 to userb@localhost;
drop procedure sptest.p1;
ERROR 42000: alter routine command denied to user 'userc'@'localhost' for routine 'sptest.p1'
call sptest.p1(4);
grant execute on procedure sptest.p1 to userb@localhost;
ERROR 42000: grant command denied to user 'userb'@'localhost' for routine 'sptest.p1'
drop procedure sptest.p1;
ERROR 42000: alter routine command denied to user 'userb'@'localhost' for routine 'sptest.p1'
select * from t1;
u	i
usera@localhost	1
userc@localhost	3
userb@localhost	4
grant all privileges on procedure sptest.p1 to userc@localhost;
show grants for userc@localhost;
Grants for userc@localhost
GRANT USAGE ON *.* TO 'userc'@'localhost'
GRANT EXECUTE, ALTER ROUTINE ON PROCEDURE `sptest`.`p1` TO 'userc'@'localhost' WITH GRANT OPTION
show grants for userb@localhost;
Grants for userb@localhost
GRANT USAGE ON *.* TO 'userb'@'localhost'
GRANT EXECUTE ON PROCEDURE `sptest`.`p1` TO 'userb'@'localhost'
revoke all privileges on procedure sptest.p1 from userb@localhost;
show grants for userb@localhost;
Grants for userb@localhost
GRANT USAGE ON *.* TO 'userb'@'localhost'
use test;
drop database sptest;
delete from mysql.user where user='usera' or user='userb' or user='userc';
delete from mysql.procs_priv where user='usera' or user='userb' or user='userc';
drop function if exists bug_9503;
create database mysqltest//
use mysqltest//
create table t1 (s1 int)//
grant select on t1 to user1@localhost//
create function bug_9503 () returns int sql security invoker begin declare v int;
select min(s1) into v from t1; return v; end//
use mysqltest;
select bug_9503();
ERROR 42000: execute command denied to user 'user1'@'localhost' for routine 'mysqltest.bug_9503'
grant execute on function bug_9503 to user1@localhost;
do 1;
use test;
REVOKE ALL PRIVILEGES, GRANT OPTION FROM user1@localhost;
drop function bug_9503;
use test;
drop database mysqltest;