--source include/not_embedded.inc

create user foo;
create database some_db;
create table some_db.t1 (a int, b int, secret int);

create role r_select_column;
create role r_active_column;
grant r_select_column to r_active_column;
grant r_active_column to foo;

grant select(a) on some_db.t1 to r_select_column;
select * from mysql.tables_priv order by user;
grant insert(a) on some_db.t1 to r_active_column;
select * from mysql.tables_priv order by user;

--connect (con1, localhost, foo,,)
--error ER_TABLEACCESS_DENIED_ERROR
insert into some_db.t1(a) values (1);
set role r_active_column;
insert into some_db.t1(a) values (1);
disconnect con1;

connection default;
revoke insert(a) on some_db.t1 from r_active_column;

--connect (con1, localhost, foo,,)
--error ER_TABLEACCESS_DENIED_ERROR
insert into some_db.t1(a) values (1);
set role r_active_column;
--error ER_TABLEACCESS_DENIED_ERROR
insert into some_db.t1(a) values (1);
disconnect con1;

connection default;

drop role r_select_column;
drop role r_active_column;
drop user foo;
drop database some_db;