MDEV-22313: Neither SHOW CREATE USER nor SHOW GRANTS prints a user's default role

Reviewed-by: serg@mariadb.com
2026-05-15 19:37:16 +02:00 · 2020-04-22 20:13:21 +02:00 · 2020-04-22 20:13:21 +02:00 · 4e987b1c6b
commit 4e987b1c6b
parent 64fe9d6d9a
7 changed files with 104 additions and 8 deletions
--- a/mysql-test/r/grant5.result
+++ b/mysql-test/r/grant5.result
@ -39,3 +39,35 @@ connection default;
 disconnect u1;
 drop user u1@localhost;
 drop database mysqltest1;
+CREATE ROLE test_role;
+CREATE USER test_user;
+GRANT test_role TO test_user;
+SET DEFAULT ROLE test_role FOR test_user;
+SHOW GRANTS FOR test_user;
+Grants for test_user@%
+GRANT test_role TO 'test_user'@'%'
+GRANT USAGE ON *.* TO 'test_user'@'%'
+SET DEFAULT ROLE test_role FOR 'test_user'@'%'
+SET DEFAULT ROLE NONE for test_user;
+SHOW GRANTS FOR test_user;
+Grants for test_user@%
+GRANT test_role TO 'test_user'@'%'
+GRANT USAGE ON *.* TO 'test_user'@'%'
+SET ROLE test_role;
+SET DEFAULT ROLE test_role;
+SHOW GRANTS;
+Grants for root@localhost
+GRANT test_role TO 'root'@'localhost' WITH ADMIN OPTION
+GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION
+GRANT PROXY ON ''@'%' TO 'root'@'localhost' WITH GRANT OPTION
+GRANT USAGE ON *.* TO 'test_role'
+SET DEFAULT ROLE test_role FOR 'root'@'localhost'
+SET DEFAULT ROLE NONE;
+SHOW GRANTS;
+Grants for root@localhost
+GRANT test_role TO 'root'@'localhost' WITH ADMIN OPTION
+GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION
+GRANT PROXY ON ''@'%' TO 'root'@'localhost' WITH GRANT OPTION
+GRANT USAGE ON *.* TO 'test_role'
+DROP USER test_user;
+DROP ROLE test_role;
--- a/mysql-test/suite/roles/set_default_role_clear.result
+++ b/mysql-test/suite/roles/set_default_role_clear.result
@ -17,6 +17,7 @@ Grants for test_user@localhost
 GRANT test_role TO 'test_user'@'localhost'
 GRANT USAGE ON *.* TO 'test_user'@'localhost'
 GRANT SELECT ON *.* TO 'test_role'
+SET DEFAULT ROLE test_role FOR 'test_user'@'localhost'
 select user, host, default_role from mysql.user where user='test_user';
 user	host	default_role
 test_user	localhost	test_role
--- a/mysql-test/suite/roles/set_default_role_for.result
+++ b/mysql-test/suite/roles/set_default_role_for.result
@ -21,6 +21,7 @@ Grants for user_a@localhost
 GRANT role_a TO 'user_a'@'localhost'
 GRANT USAGE ON *.* TO 'user_a'@'localhost'
 GRANT SELECT ON *.* TO 'role_a'
+SET DEFAULT ROLE role_a FOR 'user_a'@'localhost'
 select user, host, default_role from mysql.user where user like 'user_%';
 user	host	default_role
 user_a	localhost	role_a
@ -42,6 +43,7 @@ Grants for user_b@localhost
 GRANT role_b TO 'user_b'@'localhost'
 GRANT USAGE ON *.* TO 'user_b'@'localhost'
 GRANT INSERT, UPDATE ON *.* TO 'role_b'
+SET DEFAULT ROLE role_b FOR 'user_b'@'localhost'
 select user, host, default_role from mysql.user where user like 'user_%';
 ERROR 42000: SELECT command denied to user 'user_b'@'localhost' for table 'user'
 insert ignore into mysql.user (user, host) values ('someuser', 'somehost');
--- a/mysql-test/suite/roles/set_default_role_invalid.result
+++ b/mysql-test/suite/roles/set_default_role_invalid.result
@ -24,6 +24,7 @@ Grants for test_user@localhost
 GRANT test_role TO 'test_user'@'localhost'
 GRANT USAGE ON *.* TO 'test_user'@'localhost'
 GRANT SELECT ON *.* TO 'test_role'
+SET DEFAULT ROLE test_role FOR 'test_user'@'localhost'
 select user, host, default_role from mysql.user where user='test_user';
 user	host	default_role
 test_user	localhost	test_role
@ -71,6 +72,7 @@ GRANT r1 TO 'b'@'%'
 GRANT r2 TO 'b'@'%'
 GRANT USAGE ON *.* TO 'b'@'%'
 GRANT SELECT ON `mysql`.* TO 'b'@'%'
+SET DEFAULT ROLE r2 FOR 'b'@'%'
 SET DEFAULT ROLE r1 FOR a;
 ERROR 42000: Access denied for user 'b'@'%' to database 'mysql'
 SELECT CURRENT_ROLE;
@ -96,6 +98,7 @@ GRANT r1 TO 'b'@'%'
 GRANT r2 TO 'b'@'%'
 GRANT USAGE ON *.* TO 'b'@'%'
 GRANT SELECT, UPDATE ON `mysql`.* TO 'b'@'%'
+SET DEFAULT ROLE r2 FOR 'b'@'%'
 SET DEFAULT ROLE r1 FOR a;
 ERROR OP000: User `a@%` has not been granted role `r1`
 SET DEFAULT ROLE invalid_role;
--- a/mysql-test/suite/roles/set_default_role_new_connection.result
+++ b/mysql-test/suite/roles/set_default_role_new_connection.result
@ -23,6 +23,7 @@ Grants for test_user@localhost
 GRANT test_role TO 'test_user'@'localhost'
 GRANT USAGE ON *.* TO 'test_user'@'localhost'
 GRANT SELECT ON *.* TO 'test_role'
+SET DEFAULT ROLE test_role FOR 'test_user'@'localhost'
 select user, host, default_role from mysql.user where user = 'test_user';
 user	host	default_role
 test_user	localhost	test_role
@ -51,6 +52,7 @@ Grants for test_user@localhost
 GRANT test_role TO 'test_user'@'localhost'
 GRANT USAGE ON *.* TO 'test_user'@'localhost'
 GRANT SELECT ON *.* TO 'test_role'
+SET DEFAULT ROLE test_role FOR 'test_user'@'localhost'
 select user, host, default_role from mysql.user where user = 'test_user';
 user	host	default_role
 test_user	localhost	test_role
--- a/mysql-test/t/grant5.test
+++ b/mysql-test/t/grant5.test
@ -52,6 +52,24 @@ disconnect u1;
 drop user u1@localhost;
 drop database mysqltest1;

+#
+# MDEV-22313: Neither SHOW CREATE USER nor SHOW GRANTS prints a user's default role
+#
+CREATE ROLE test_role;
+CREATE USER test_user;
+GRANT test_role TO test_user;
+SET DEFAULT ROLE test_role FOR test_user;
+SHOW GRANTS FOR test_user;
+SET DEFAULT ROLE NONE for test_user;
+SHOW GRANTS FOR test_user;
+SET ROLE test_role;
+SET DEFAULT ROLE test_role;
+SHOW GRANTS;
+SET DEFAULT ROLE NONE;
+SHOW GRANTS;
+DROP USER test_user;
+DROP ROLE test_role;
+
 #
 # End of 10.1 tests
 #