create user test_user@localhost;
create role test_role1;
create role test_role2;
grant test_role1 to test_user@localhost;
grant test_role2 to test_user@localhost;
grant test_role2 to test_role1;
select user, host from mysql.user where user not like 'root';
User	Host
mariadb.sys	localhost
test_role1	
test_role2	
test_user	localhost
select * from mysql.roles_mapping;
Host	User	Role	Admin_option
	test_role1	test_role2	N
localhost	root	test_role1	Y
localhost	root	test_role2	Y
localhost	test_user	test_role1	N
localhost	test_user	test_role2	N
select user, host from mysql.db;
user	host
grant select on mysql.* to test_role2;
flush privileges;
select * from information_schema.applicable_roles;
GRANTEE	ROLE_NAME	IS_GRANTABLE	IS_DEFAULT
root@localhost	test_role1	YES	NO
root@localhost	test_role2	YES	NO
test_role1	test_role2	NO	NULL
select * from information_schema.applicable_roles;
GRANTEE	ROLE_NAME	IS_GRANTABLE	IS_DEFAULT
test_role1	test_role2	NO	NULL
test_user@localhost	test_role1	NO	NO
test_user@localhost	test_role2	NO	NO
show grants;
Grants for test_user@localhost
GRANT USAGE ON *.* TO `test_user`@`localhost`
GRANT `test_role1` TO `test_user`@`localhost`
GRANT `test_role2` TO `test_user`@`localhost`
select current_user(), current_role();
current_user()	current_role()
test_user@localhost	NULL
set role test_role1;
select * from information_schema.enabled_roles;
ROLE_NAME
test_role1
test_role2
select current_user(), current_role();
current_user()	current_role()
test_user@localhost	test_role1
show grants;
Grants for test_user@localhost
GRANT SELECT ON `mysql`.* TO `test_role2`
GRANT USAGE ON *.* TO `test_role1`
GRANT USAGE ON *.* TO `test_role2`
GRANT USAGE ON *.* TO `test_user`@`localhost`
GRANT `test_role1` TO `test_user`@`localhost`
GRANT `test_role2` TO `test_role1`
GRANT `test_role2` TO `test_user`@`localhost`
set role none;
select * from information_schema.enabled_roles;
ROLE_NAME
NULL
select current_user(), current_role();
current_user()	current_role()
test_user@localhost	NULL
show grants;
Grants for test_user@localhost
GRANT USAGE ON *.* TO `test_user`@`localhost`
GRANT `test_role1` TO `test_user`@`localhost`
GRANT `test_role2` TO `test_user`@`localhost`
show grants for test_user@localhost;
Grants for test_user@localhost
GRANT USAGE ON *.* TO `test_user`@`localhost`
GRANT `test_role1` TO `test_user`@`localhost`
GRANT `test_role2` TO `test_user`@`localhost`
show grants for test_role1;
ERROR 42000: Access denied for user 'test_user'@'localhost' to database 'mysql'
show grants for test_role2;
ERROR 42000: Access denied for user 'test_user'@'localhost' to database 'mysql'
show grants for CURRENT_USER;
Grants for test_user@localhost
GRANT USAGE ON *.* TO `test_user`@`localhost`
GRANT `test_role1` TO `test_user`@`localhost`
GRANT `test_role2` TO `test_user`@`localhost`
show grants for CURRENT_USER();
Grants for test_user@localhost
GRANT USAGE ON *.* TO `test_user`@`localhost`
GRANT `test_role1` TO `test_user`@`localhost`
GRANT `test_role2` TO `test_user`@`localhost`
show grants for CURRENT_ROLE;
ERROR 42000: There is no such grant defined for user 'test_user' on host 'localhost'
show grants for CURRENT_ROLE();
ERROR 42000: There is no such grant defined for user 'test_user' on host 'localhost'
set role test_role2;
select * from information_schema.enabled_roles;
ROLE_NAME
test_role2
select current_user(), current_role();
current_user()	current_role()
test_user@localhost	test_role2
show grants;
Grants for test_user@localhost
GRANT SELECT ON `mysql`.* TO `test_role2`
GRANT USAGE ON *.* TO `test_role2`
GRANT USAGE ON *.* TO `test_user`@`localhost`
GRANT `test_role1` TO `test_user`@`localhost`
GRANT `test_role2` TO `test_user`@`localhost`
show grants for test_user@localhost;
Grants for test_user@localhost
GRANT USAGE ON *.* TO `test_user`@`localhost`
GRANT `test_role1` TO `test_user`@`localhost`
GRANT `test_role2` TO `test_user`@`localhost`
show grants for test_role1;
Grants for test_role1
GRANT SELECT ON `mysql`.* TO `test_role2`
GRANT USAGE ON *.* TO `test_role1`
GRANT USAGE ON *.* TO `test_role2`
GRANT `test_role2` TO `test_role1`
show grants for test_role2;
Grants for test_role2
GRANT SELECT ON `mysql`.* TO `test_role2`
GRANT USAGE ON *.* TO `test_role2`
show grants for CURRENT_USER;
Grants for test_user@localhost
GRANT USAGE ON *.* TO `test_user`@`localhost`
GRANT `test_role1` TO `test_user`@`localhost`
GRANT `test_role2` TO `test_user`@`localhost`
show grants for CURRENT_USER();
Grants for test_user@localhost
GRANT USAGE ON *.* TO `test_user`@`localhost`
GRANT `test_role1` TO `test_user`@`localhost`
GRANT `test_role2` TO `test_user`@`localhost`
show grants for CURRENT_ROLE;
Grants for test_role2
GRANT SELECT ON `mysql`.* TO `test_role2`
GRANT USAGE ON *.* TO `test_role2`
show grants for CURRENT_ROLE();
Grants for test_role2
GRANT SELECT ON `mysql`.* TO `test_role2`
GRANT USAGE ON *.* TO `test_role2`
drop user 'test_user'@'localhost';
revoke select on mysql.* from test_role2;
drop role test_role1;
drop role test_role2;
delete from mysql.roles_mapping where Role='test_role1';
delete from mysql.roles_mapping where Role='test_role2';
flush privileges;
#
# MDEV-24289: show grants missing with grant option
#
create role anel;
GRANT SELECT, UPDATE, DELETE, ALTER ON *.* TO 'anel';
SHOW GRANTS for 'anel';
Grants for anel
GRANT SELECT, UPDATE, DELETE, ALTER ON *.* TO `anel`
create role MariaDB_admin;
GRANT SELECT, UPDATE, DELETE, ALTER ON *.* TO 'MariaDB_admin' WITH GRANT OPTION;
SHOW GRANTS for 'MariaDB_admin';
Grants for MariaDB_admin
GRANT SELECT, UPDATE, DELETE, ALTER ON *.* TO `MariaDB_admin` WITH GRANT OPTION
drop role MariaDB_admin;
drop role anel;