create user test_user@localhost; create role test_role1; create role test_role2; grant test_role1 to test_user@localhost; grant test_role2 to test_user@localhost; grant test_role2 to test_role1; select user, host from mysql.user where user not like 'root'; User Host mariadb.sys localhost test_role1 test_role2 test_user localhost select * from mysql.roles_mapping; Host User Role Admin_option test_role1 test_role2 N localhost root test_role1 Y localhost root test_role2 Y localhost test_user test_role1 N localhost test_user test_role2 N select user, host from mysql.db; user host grant select on mysql.* to test_role2; flush privileges; select * from mysql.roles_mapping; ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table `mysql`.`roles_mapping` select current_user(), current_role(); current_user() current_role() test_user@localhost NULL set role test_role1; select current_user(), current_role(); current_user() current_role() test_user@localhost test_role1 select * from mysql.roles_mapping; Host User Role Admin_option test_role1 test_role2 N localhost root test_role1 Y localhost root test_role2 Y localhost test_user test_role1 N localhost test_user test_role2 N set role none; select current_user(), current_role(); current_user() current_role() test_user@localhost NULL select * from mysql.roles_mapping; ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table `mysql`.`roles_mapping` set role test_role2; select current_user(), current_role(); current_user() current_role() test_user@localhost test_role2 select * from mysql.roles_mapping; Host User Role Admin_option test_role1 test_role2 N localhost root test_role1 Y localhost root test_role2 Y localhost test_user test_role1 N localhost test_user test_role2 N create role test_role3; grant test_role3 to test_role2; create role test_role4; grant test_role4 to test_role3; set role test_role1; delete from mysql.user where user='no such user'; ERROR 42000: DELETE command denied to user 'test_user'@'localhost' for table `mysql`.`user` grant delete on mysql.* to test_role4; set role test_role1; delete from mysql.user where user='no such user'; show grants; Grants for test_user@localhost GRANT DELETE ON `mysql`.* TO `test_role4` GRANT SELECT ON `mysql`.* TO `test_role2` GRANT USAGE ON *.* TO `test_role1` GRANT USAGE ON *.* TO `test_role2` GRANT USAGE ON *.* TO `test_role3` GRANT USAGE ON *.* TO `test_role4` GRANT USAGE ON *.* TO `test_user`@`localhost` GRANT `test_role1` TO `test_user`@`localhost` GRANT `test_role2` TO `test_role1` GRANT `test_role2` TO `test_user`@`localhost` GRANT `test_role3` TO `test_role2` GRANT `test_role4` TO `test_role3` drop user test_user@localhost; drop role test_role1, test_role2, test_role3, test_role4;