Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

grant references on test.* to ${role_name} ERROR #26703

Closed
jingshanglu opened this issue Jul 28, 2021 · 4 comments · Fixed by #27121
Closed

grant references on test.* to ${role_name} ERROR #26703

jingshanglu opened this issue Jul 28, 2021 · 4 comments · Fixed by #27121
Assignees
@mjonss
Labels
affects-5.2 This bug affects 5.2.x versions. help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. severity/minor sig/sql-infra SIG: SQL Infra type/bug The issue is confirmed as a bug.

Comments

@jingshanglu
Copy link
Contributor

Bug Report

Please answer these questions before submitting your issue. Thanks!

1. Minimal reproduce step (Required)

create database t;
drop role if exists r1;
create role r1;
grant references on t.* TO 'r1'@'%';

2. What did you expect to see? (Required)

grant successful

3. What did you see instead (Required)

ERROR 1221 (HY000): Incorrect usage of DB GRANT and NON-DB PRIVILEGES

4. What is your TiDB version? (Required)

+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| tidb_version()                                                                                                                                                                                                                                                                                                            |
+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Release Version: v5.2.0-alpha-316-g014005ab6
Edition: Community
Git Commit Hash: 014005ab68b5c9a28795d13c1ca685cf46a3be7e
Git Branch: master
UTC Build Time: 2021-07-17 09:44:18
GoVersion: go1.16.4
Race Enabled: false
TiKV Min Version: v3.0.0-60965b006877ca7234adaced7890d7b029ed1306
Check Table Before Drop: false |
+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+

reason

may be relate to

executor/grant.go lines:572
// composeDBPrivUpdate composes update stmt assignment list for db scope privilege update.
func composeDBPrivUpdate(sql *strings.Builder, priv mysql.PrivilegeType, value string) error {
	if priv != mysql.AllPriv {
		if priv != mysql.GrantPriv && !mysql.AllDBPrivs.Has(priv) {
			return ErrWrongUsage.GenWithStackByArgs("DB GRANT", "NON-DB PRIVILEGES")
		}
		sqlexec.MustFormatSQL(sql, "%n=%?", priv.ColumnString(), value)
		return nil
	}

	for i, p := range mysql.AllDBPrivs {
		if i > 0 {
			sqlexec.MustFormatSQL(sql, ",")
		}
		sqlexec.MustFormatSQL(sql, "%n=%?", p.ColumnString(), value)
	}
	return nil
}

// mysql.AllDBPrivs has no `referrences` privilege.
@jingshanglu jingshanglu added the type/bug The issue is confirmed as a bug. label Jul 28, 2021
@jingshanglu jingshanglu changed the title grant references on test.* to ${role_name} grant references on test.* to ${role_name} ERROR Jul 28, 2021
@ichn-hu ichn-hu mentioned this issue Jul 28, 2021
Closed
@guo-shaoge
Copy link
Collaborator

@morgo Do you have any idea? I am not faimilar with the related code.

@morgo
Copy link
Contributor

morgo commented Jul 29, 2021

The test can be simplified to:

drop user if exists u1;
create user u1;
grant references on t.* to u1;

Certain privileges can only be specified on a global level, and not on a per-DB level (such as REPLICATION CLIENT, CONFIG, etc). It looks like references should be in this list of DB-privileges, but it's not.

References is used for foreign key checks (which TiDB does not support), so I think this is more of a minor issue than a major one.

@morgo morgo added difficulty/easy help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. labels Jul 29, 2021
@XuHuaiyu XuHuaiyu added sig/sql-infra SIG: SQL Infra and removed sig/execution SIG execution labels Aug 9, 2021
@mjonss mjonss mentioned this issue Aug 10, 2021
Merged
@mjonss
Copy link
Contributor

mjonss commented Aug 11, 2021

/assign @mjonss

@mjonss mjonss mentioned this issue Aug 11, 2021
Merged
12 tasks
@ti-srebot
Copy link
Contributor

Please edit this comment or add a new comment to complete the following information

Not a bug

  1. Remove the 'type/bug' label
  2. Add notes to indicate why it is not a bug

Duplicate bug

  1. Add the 'type/duplicate' label
  2. Add the link to the original bug

Bug

Note: Make Sure that 'component', and 'severity' labels are added
Example for how to fill out the template: #20100

1. Root Cause Analysis (RCA) (optional)

2. Symptom (optional)

3. All Trigger Conditions (optional)

4. Workaround (optional)

5. Affected versions

6. Fixed versions

@mjonss mjonss mentioned this issue Aug 18, 2021
Closed
This was referenced Oct 1, 2021
Closed
Closed
@ti-chi-bot ti-chi-bot mentioned this issue Oct 25, 2021
Merged
@xhebox xhebox mentioned this issue Aug 12, 2022
Merged
12 tasks
@VelocityLight VelocityLight added the affects-5.2 This bug affects 5.2.x versions. label Aug 12, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mjonss mjonss

Labels
affects-5.2 This bug affects 5.2.x versions. help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. severity/minor sig/sql-infra SIG: SQL Infra type/bug The issue is confirmed as a bug.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

privilege: Add REFERENCES privilege on db/schema and table level. mjonss/tidb
8 participants
@morgo @mjonss @guo-shaoge @VelocityLight @XuHuaiyu @jingshanglu @xiongjiwei @ti-srebot