create user test_user@localhost; create role test_role1; create role test_role2; grant test_role1 to test_user@localhost; grant test_role2 to test_role1; select user, host from mysql.user where user not like 'root'; User Host mariadb.sys localhost test_role1 test_role2 test_user localhost select * from mysql.roles_mapping; Host User Role Admin_option test_role1 test_role2 N localhost root test_role1 Y localhost root test_role2 Y localhost test_user test_role1 N grant select (Role) on mysql.roles_mapping to test_role2; select * from mysql.roles_mapping; ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table `mysql`.`roles_mapping` show grants; Grants for test_user@localhost GRANT USAGE ON *.* TO `test_user`@`localhost` GRANT `test_role1` TO `test_user`@`localhost` select current_user(), current_role(); current_user() current_role() test_user@localhost NULL set role test_role1; select current_user(), current_role(); current_user() current_role() test_user@localhost test_role1 show grants; Grants for test_user@localhost GRANT SELECT (`Role`) ON `mysql`.`roles_mapping` TO `test_role2` GRANT USAGE ON *.* TO `test_role1` GRANT USAGE ON *.* TO `test_role2` GRANT USAGE ON *.* TO `test_user`@`localhost` GRANT `test_role1` TO `test_user`@`localhost` GRANT `test_role2` TO `test_role1` select * from mysql.roles_mapping; ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for column 'Host' in table 'roles_mapping' select Role from mysql.roles_mapping; Role test_role1 test_role1 test_role2 test_role2 show grants; Grants for test_user@localhost GRANT SELECT (`Role`) ON `mysql`.`roles_mapping` TO `test_role2` GRANT USAGE ON *.* TO `test_role1` GRANT USAGE ON *.* TO `test_role2` GRANT USAGE ON *.* TO `test_user`@`localhost` GRANT `test_role1` TO `test_user`@`localhost` GRANT `test_role2` TO `test_role1` use mysql; set role none; select current_user(), current_role(); current_user() current_role() test_user@localhost NULL select Role from mysql.roles_mapping; ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table `mysql`.`roles_mapping` drop user 'test_user'@'localhost'; select * from mysql.tables_priv; Host Db User Table_name Grantor Timestamp Table_priv Column_priv localhost mysql mariadb.sys global_priv root@localhost 0000-00-00 00:00:00 Select,Delete mysql test_role2 roles_mapping root@localhost 0000-00-00 00:00:00 Select revoke select on mysql.roles_mapping from test_role2; delete from mysql.user where user like'test_%'; delete from mysql.roles_mapping where Role like 'test%'; flush privileges;