Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

revoking a role for user still leave the privilege of the role intact for that user #29823

Closed
unconsolable opened this issue Nov 16, 2021 · 2 comments · Fixed by #30028
Closed

revoking a role for user still leave the privilege of the role intact for that user #29823

unconsolable opened this issue Nov 16, 2021 · 2 comments · Fixed by #30028
Assignees
@lcwangchao
Labels
severity/major sig/sql-infra SIG: SQL Infra type/bug The issue is confirmed as a bug.

Comments

@unconsolable
Copy link
Contributor

Bug Report

Please answer these questions before submitting your issue. Thanks!

1. Minimal reproduce step (Required)

# root
mysql> create user u1;
Query OK, 0 rows affected (0.03 sec)

mysql> create role r1;
Query OK, 0 rows affected (0.03 sec)

mysql> create table t1 (c1 int);
Query OK, 0 rows affected (0.09 sec)

mysql> grant select on t1 to r1;
Query OK, 0 rows affected (0.03 sec)

mysql> grant r1 to u1;
Query OK, 0 rows affected (0.02 sec)

# u1
mysql> set role all;
Query OK, 0 rows affected (0.01 sec)

mysql> select * from test.t1;
Empty set (0.00 sec)

# root
mysql> revoke r1 from u1;
Query OK, 0 rows affected (0.03 sec)

2. What did you expect to see? (Required)

# u1
mysql> select * from test.t1;
ERROR 1142 (42000): SELECT command denied to user 'u1'@'172.17.0.1' for table 't1'

3. What did you see instead (Required)

mysql> select * from test.t1;
Empty set (0.00 sec)

4. What is your TiDB version? (Required)

master fb01f00
@unconsolable unconsolable added the type/bug The issue is confirmed as a bug. label Nov 16, 2021
@unconsolable unconsolable mentioned this issue Nov 16, 2021
Merged
12 tasks
@unconsolable unconsolable changed the title revoking a role for user does still leave the privilege of the role intact for that user revoking a role for user still leave the privilege of the role intact for that user Nov 16, 2021
@lcwangchao
Copy link
Collaborator

/assign

@lcwangchao lcwangchao mentioned this issue Nov 23, 2021
Merged
12 tasks
@github-actions
Copy link

Please check whether the issue should be labeled with 'affects-x.y' or 'fixes-x.y.z', and then remove 'needs-more-info' label.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@lcwangchao lcwangchao

Labels
severity/major sig/sql-infra SIG: SQL Infra type/bug The issue is confirmed as a bug.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

privilege: disable role privilege when it is revoked from an user lcwangchao/tidb
3 participants
@lcwangchao @aytrack @unconsolable