create user 'test_user'@'localhost'; create role test_role1; create role test_role2; create role test_role3; grant test_role1 to test_user@localhost; grant test_role3 to test_user@localhost; grant test_role2 to test_role1; --sorted_result select user, host from mysql.user where user not like 'root'; --sorted_result select * from mysql.roles_mapping; create function mysql.test_func (s CHAR(20)) returns CHAR(50) DETERMINISTIC return concat('Test string: ',s); delimiter |; create procedure mysql.test_proc (OUT param1 INT) begin select COUNT(*) into param1 from mysql.roles_mapping; end| delimiter ;| grant execute on function mysql.test_func to test_role2; grant execute on procedure mysql.test_proc to test_role2; grant execute on mysql.* to test_role3; change_user 'test_user'; --sorted_result show grants; --error ER_DBACCESS_DENIED_ERROR use mysql; select current_user(), current_role(); set role test_role1; select current_user(), current_role(); use mysql; call test_proc(@a); SELECT @a; SELECT test_func('AABBCCDD'); --sorted_result show grants; set role none; select current_user(), current_role(); --sorted_result show grants; --error ER_PROCACCESS_DENIED_ERROR call test_proc(@a); --error ER_PROCACCESS_DENIED_ERROR SELECT test_func('AABBCCDD'); set role test_role3; select current_user(), current_role(); --sorted_result show grants; call test_proc(@a); SELECT @a; SELECT test_func('AABBCCDD'); change_user 'root'; drop user 'test_user'@'localhost'; revoke execute on function mysql.test_func from test_role2; revoke execute on procedure mysql.test_proc from test_role2; revoke execute on mysql.* from test_role3; delete from mysql.user where user like'test_%'; delete from mysql.roles_mapping where Role like 'test%'; drop function mysql.test_func; drop procedure mysql.test_proc; flush privileges;