-
Vicențiu Ciorbaru authored
The change from MDEV-29465 exposed a flaw in replace_column_table where again we were not properly updating the column-level bits. replace_table_table was changed in MDEV-29465 to properly update grant_table->init_cols, however replace_column_table still only modified grant_column->rights when the GRANT_COLUMN already existed. This lead to a missmatch between GRANT_COLUMN::init_rights and GRANT_COLUMN::rights, *if* the GRANT_COLUMN already existed. As an example: GRANT SELECT (col1) ... Here: For col1 GRANT_COLUMN::init_rights and GRANT_COLUMN::rights are set to 1 (SELECT) in replace_column_table. GRANT INSERT (col1) ... Here, without this patch GRANT_COLUMN::init_rights is still 1 and GRANT_COLUMN::rights is 3 (SELECT_PRIV | INSERT_PRIV) Finally, if before this patch, one does: REVOKE SELECT (col1) ... replace_table_table will see that init_rights loses bit 1 thus it considers there are no more rights granted on that particular table. This prompts the whole GRANT_TABLE to be removed via the first revoke, when the GRANT_COLUMN corresponding to it should still have init_rights == 2. By also updating replace_column_table to keep init_rights in sync properly, the issue is resolved. Reviewed by <serg@mariadb.com>
b527bfe8
