Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

infoschema.user_privileges privilege requirements is not dependent on user's privileges #26069

Closed
Tracked by #26120
morgo opened this issue Jul 8, 2021 · 3 comments
Closed
Tracked by #26120

infoschema.user_privileges privilege requirements is not dependent on user's privileges #26069

morgo opened this issue Jul 8, 2021 · 3 comments
Labels
security Everything related with security severity/major sig/sql-infra SIG: SQL Infra type/bug The issue is confirmed as a bug.

Comments

@morgo
Copy link
Contributor

morgo commented Jul 8, 2021

Bug Report

Please answer these questions before submitting your issue. Thanks!

1. Minimal reproduce step (Required)

mysql> select current_user();
+----------------+
| current_user() |
+----------------+
| USAGE_USER@%   |
+----------------+
1 row in set (0.01 sec)

mysql> show grants for USAGE_USER;
+----------------------------------------+
| Grants for USAGE_USER@%                |
+----------------------------------------+
| GRANT USAGE ON *.* TO 'USAGE_USER'@'%' |
+----------------------------------------+
1 row in set (0.00 sec)

mysql> select * from information_schema.USER_PRIVILEGES limit 5;
+------------------+---------------+----------------+--------------+
| GRANTEE          | TABLE_CATALOG | PRIVILEGE_TYPE | IS_GRANTABLE |
+------------------+---------------+----------------+--------------+
| 'USAGE_USER'@'%' | def           | USAGE          | NO           |
| 'cloudAdmin'@'%' | def           | Process        | NO           |
| 'cloudAdmin'@'%' | def           | SHUTDOWN       | NO           |
| 'cloudAdmin'@'%' | def           | RELOAD         | NO           |
| 'root'@'%'       | def           | Select         | YES          |
+------------------+---------------+----------------+--------------+
5 rows in set (0.00 sec)

2. What did you expect to see? (Required)

The usage user should only see their own access.

3. What did you see instead (Required)

Can see all users.

4. What is your TiDB version? (Required)

mysql> select tidb_version()\G
*************************** 1. row ***************************
tidb_version(): Release Version: v5.2.0-alpha-237-g560a3f7b2-dirty
Edition: Community
Git Commit Hash: 560a3f7b242df467b18cb9cd81b898a8be262744
Git Branch: master
UTC Build Time: 2021-07-08 16:42:26
GoVersion: go1.16.4
Race Enabled: false
TiKV Min Version: v3.0.0-60965b006877ca7234adaced7890d7b029ed1306
Check Table Before Drop: false
1 row in set (0.00 sec)
@morgo morgo added type/bug The issue is confirmed as a bug. security Everything related with security labels Jul 8, 2021
@morgo
Copy link
Contributor Author

morgo commented Jul 8, 2021

This is forked from #26062

@morgo morgo mentioned this issue Jul 8, 2021
Merged
@djshow832 djshow832 mentioned this issue Jul 12, 2021
Closed
10 tasks
This was referenced Jul 16, 2021
Closed
Closed
Merged
@djshow832
Copy link
Contributor

Fixed by #26070

@ti-srebot
Copy link
Contributor

Please edit this comment or add a new comment to complete the following information

Not a bug

  1. Remove the 'type/bug' label
  2. Add notes to indicate why it is not a bug

Duplicate bug

  1. Add the 'type/duplicate' label
  2. Add the link to the original bug

Bug

Note: Make Sure that 'component', and 'severity' labels are added
Example for how to fill out the template: #20100

1. Root Cause Analysis (RCA) (optional)

2. Symptom (optional)

3. All Trigger Conditions (optional)

4. Workaround (optional)

5. Affected versions

6. Fixed versions

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
security Everything related with security severity/major sig/sql-infra SIG: SQL Infra type/bug The issue is confirmed as a bug.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@morgo @aytrack @djshow832 @ti-srebot