create user test_user@localhost;
create role test_role1;
create role test_role2;
grant test_role1 to test_user@localhost;
grant test_role2 to test_user@localhost;
grant test_role2 to test_role1;
select user, host from mysql.user where user not like 'root';
user	host
test_role1	
test_role2	
test_user	localhost
select * from mysql.roles_mapping;
Host	User	Role	Admin_option
	test_role1	test_role2	N
localhost	root	test_role1	Y
localhost	root	test_role2	Y
localhost	test_user	test_role1	N
localhost	test_user	test_role2	N
select user, host from mysql.db;
user	host
	%
	%
grant select on mysql.* to test_role2;
flush privileges;
select * from mysql.roles_mapping;
ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table 'roles_mapping'
select current_user(), current_role();
current_user()	current_role()
test_user@localhost	NULL
set role test_role1;
select current_user(), current_role();
current_user()	current_role()
test_user@localhost	test_role1
select * from mysql.roles_mapping;
Host	User	Role	Admin_option
	test_role1	test_role2	N
localhost	root	test_role1	Y
localhost	root	test_role2	Y
localhost	test_user	test_role1	N
localhost	test_user	test_role2	N
set role none;
select current_user(), current_role();
current_user()	current_role()
test_user@localhost	NULL
select * from mysql.roles_mapping;
ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table 'roles_mapping'
set role test_role2;
select current_user(), current_role();
current_user()	current_role()
test_user@localhost	test_role2
select * from mysql.roles_mapping;
Host	User	Role	Admin_option
	test_role1	test_role2	N
localhost	root	test_role1	Y
localhost	root	test_role2	Y
localhost	test_user	test_role1	N
localhost	test_user	test_role2	N
create role test_role3;
grant test_role3 to test_role2;
create role test_role4;
grant test_role4 to test_role3;
set role test_role1;
delete from mysql.user where user='no such user';
ERROR 42000: DELETE command denied to user 'test_user'@'localhost' for table 'user'
grant delete on mysql.* to test_role4;
set role test_role1;
delete from mysql.user where user='no such user';
show grants;
Grants for test_user@localhost
GRANT DELETE ON `mysql`.* TO 'test_role4'
GRANT SELECT ON `mysql`.* TO 'test_role2'
GRANT USAGE ON *.* TO 'test_role1'
GRANT USAGE ON *.* TO 'test_role2'
GRANT USAGE ON *.* TO 'test_role3'
GRANT USAGE ON *.* TO 'test_role4'
GRANT USAGE ON *.* TO 'test_user'@'localhost'
GRANT test_role1 TO 'test_user'@'localhost'
GRANT test_role2 TO 'test_role1'
GRANT test_role2 TO 'test_user'@'localhost'
GRANT test_role3 TO 'test_role2'
GRANT test_role4 TO 'test_role3'
drop user test_user@localhost;
drop role test_role1, test_role2, test_role3, test_role4;