source include/not_embedded.inc;

create role r1;
create role r2;
create role r3;
create user u1;

#CREATE A CHAIN OF ROLES
grant r2 to r1;
grant r3 to r2;
grant r1 to u1;

--sorted_result
show grants for u1;
--sorted_result
show grants for r1;

grant SELECT on *.* to u1;
grant INSERT on mysql.* to r1;
grant DELETE on mysql.roles_mapping to r2;
grant UPDATE on mysql.user to r3;

create function mysql.test_func (s CHAR(20))
returns CHAR(50) DETERMINISTIC
return concat('Test string: ',s);

delimiter |;
create procedure mysql.test_proc (OUT param1 INT)
begin
  select COUNT(*) into param1 from mysql.roles_mapping;
end|
delimiter ;|

grant execute on function mysql.test_func to r2;
grant execute on procedure mysql.test_proc to r3;

--error ER_NONEXISTING_PROC_GRANT
revoke execute on procedure mysql.test_proc from r2;

--sorted_result
show grants for r1;
--sorted_result
show grants for r2;
--sorted_result
show grants for r3;

drop function mysql.test_func;
drop procedure mysql.test_proc;

create function mysql.test_func (s CHAR(20))
returns CHAR(50) DETERMINISTIC
return concat('Test string: ',s);

--sorted_result
show grants for r2;

--connect (u1,localhost,u1,,)

--error ER_PROCACCESS_DENIED_ERROR
select mysql.test_func("none");
set role r1;
--error ER_PROCACCESS_DENIED_ERROR
select mysql.test_func("r1");

connection default;

drop function mysql.test_func;
drop role r1, r2, r3;
drop user u1;