create user 'test_user'@'localhost'; create role test_role1; create role test_role2; create role test_role3; insert into mysql.roles_mapping (HostFk, UserFk, RoleFk) values ('localhost', 'test_user', 'test_role1'); insert into mysql.roles_mapping (HostFk, UserFk, RoleFk) values ('localhost', 'test_user', 'test_role3'); insert into mysql.roles_mapping (HostFk, UserFk, RoleFk) values ('', 'test_role1', 'test_role2'); --sorted_result select user, host from mysql.user where user not like 'root'; --sorted_result select * from mysql.roles_mapping; create function mysql.test_func (s CHAR(20)) returns CHAR(50) DETERMINISTIC return concat('Test string: ',s); delimiter |; create procedure mysql.test_proc (OUT param1 INT) begin select COUNT(*) into param1 from mysql.roles_mapping; end| delimiter ;| grant execute on function mysql.test_func to test_role2; grant execute on procedure mysql.test_proc to test_role2; grant execute on mysql.* to test_role3; flush privileges; change_user 'test_user'; --sorted_result show grants; --error ER_DBACCESS_DENIED_ERROR use mysql; select current_user(), current_role(); set role test_role1; select current_user(), current_role(); use mysql; call test_proc(@a); SELECT @a; SELECT test_func('AABBCCDD'); --sorted_result show grants; set role none; select current_user(), current_role(); --sorted_result show grants; --error ER_PROCACCESS_DENIED_ERROR call test_proc(@a); --error ER_PROCACCESS_DENIED_ERROR SELECT test_func('AABBCCDD'); set role test_role3; select current_user(), current_role(); --sorted_result show grants; call test_proc(@a); SELECT @a; SELECT test_func('AABBCCDD'); change_user 'root'; drop user 'test_user'@'localhost'; revoke execute on function mysql.test_func from test_role2; revoke execute on procedure mysql.test_proc from test_role2; revoke execute on mysql.* from test_role3; delete from mysql.user where user like'test_%'; delete from mysql.roles_mapping where RoleFk like 'test%'; drop function mysql.test_func; drop procedure mysql.test_proc; flush privileges;