• Anel Husakovic's avatar
    MDEV-22312: Bad error message for SET DEFAULT ROLE when user account is not granted the role · 957cb7b7
    Anel Husakovic authored
    - `SET DEFAULT ROLE xxx [FOR yyy]` should say:
      "User yyy has not been granted a role xxx" if:
        - The current user (not the user `yyy` in the FOR clause) can see the
        role xxx. It can see the role if:
          * role exists in `mysql.roles_mappings` (traverse the graph),
          * If the current user has read access on `mysql.user` table - in
        that case, it can see all roles, granted or not.
        - Otherwise it should be "Invalid role specification".
    
    In other words, it should not be possible to use `SET DEFAULT ROLE` to discover whether a specific role exist or not.
    957cb7b7
set_role-recursive.result 5.38 KB