MDEV-19650: Privilege bug on MariaDB 10.4

Also fixes:
MDEV-21487: Implement option for mysql_upgrade that allows root@localhost to be replaced
MDEV-21486: Implement option for mysql_install_db that allows root@localhost to be replaced

Add user mariadb.sys to be definer of user view
(and has right on underlying table global_priv for
required operation over global_priv
(SELECT,UPDATE,DELETE))

Also changed definer of gis functions in case of creation,
but they work with any definer so upgrade script do not try
to push this change.

mysql-test/main/explain_non_select.result

@@ -229,7 +229,7 @@ INSERT INTO t1 VALUES (1),(2);
 EXPLAIN UPDATE v1, mysql.user SET v1.a = v1.a + 1;
 id	select_type	table	type	possible_keys	key	key_len	ref	rows	Extra
 1	SIMPLE	t1	ALL	NULL	NULL	NULL	NULL	2	
-1	SIMPLE	global_priv	index	NULL	PRIMARY	420	NULL	4	Using index
+1	SIMPLE	global_priv	index	NULL	PRIMARY	420	NULL	5	Using index
 DROP TABLE t1;
 DROP VIEW v1;
 #

mysql-test/main/failed_auth_3909.result

@@ -4,14 +4,14 @@ create user baz identified via mysql_old_password;
 connect(localhost,u1,,test,MASTER_PORT,MASTER_SOCKET);
 connect  fail,localhost,u1;
 ERROR 28000: Access denied for user 'u1'@'localhost' (using password: NO)
-connect(localhost,u2,,test,MASTER_PORT,MASTER_SOCKET);
-connect  fail,localhost,u2;
-ERROR HY000: Server is running in --secure-auth mode, but 'u2'@'localhost' has a password in the old format; please change the password to the new format
-connect(localhost,u2,password,test,MASTER_PORT,MASTER_SOCKET);
-connect  fail,localhost,u2,password;
-ERROR HY000: Server is running in --secure-auth mode, but 'u2'@'localhost' has a password in the old format; please change the password to the new format
+connect(localhost,uu2,,test,MASTER_PORT,MASTER_SOCKET);
+connect  fail,localhost,uu2;
+ERROR HY000: Server is running in --secure-auth mode, but 'uu2'@'localhost' has a password in the old format; please change the password to the new format
+connect(localhost,uu2,password,test,MASTER_PORT,MASTER_SOCKET);
+connect  fail,localhost,uu2,password;
+ERROR HY000: Server is running in --secure-auth mode, but 'uu2'@'localhost' has a password in the old format; please change the password to the new format
 ERROR 28000: Access denied for user 'u1'@'localhost' (using password: NO)
-ERROR HY000: Server is running in --secure-auth mode, but 'u2'@'localhost' has a password in the old format; please change the password to the new format
-ERROR HY000: Server is running in --secure-auth mode, but 'u2'@'localhost' has a password in the old format; please change the password to the new format
+ERROR HY000: Server is running in --secure-auth mode, but 'uu2'@'localhost' has a password in the old format; please change the password to the new format
+ERROR HY000: Server is running in --secure-auth mode, but 'uu2'@'localhost' has a password in the old format; please change the password to the new format
 delete from mysql.user where plugin = 'mysql_old_password';
 flush privileges;

mysql-test/main/failed_auth_3909.test

@@ -16,20 +16,20 @@ connect (fail,localhost,u1);
 
 --replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
 --error ER_SERVER_IS_IN_SECURE_AUTH_MODE
-connect (fail,localhost,u2);
+connect (fail,localhost,uu2);
 
 --replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
 --error ER_SERVER_IS_IN_SECURE_AUTH_MODE
-connect (fail,localhost,u2,password);
+connect (fail,localhost,uu2,password);
 
 --error ER_ACCESS_DENIED_ERROR
 change_user u1;
 
 --error ER_SERVER_IS_IN_SECURE_AUTH_MODE
-change_user u2;
+change_user uu2;
 
 --error ER_SERVER_IS_IN_SECURE_AUTH_MODE
-change_user u2,password;
+change_user uu2,password;
 
 delete from mysql.user where plugin = 'mysql_old_password';
 flush privileges;

mysql-test/main/failed_auth_unixsocket.result

-update mysql.global_priv set priv=json_insert(priv, '$.plugin', 'unix_socket');
+update mysql.global_priv set priv=json_insert(priv, '$.plugin', 'unix_socket')  where user='root';
 flush privileges;
 connect(localhost,USER,,test,MASTER_PORT,MASTER_SOCKET);
 ERROR 28000: Access denied for user 'USER'@'localhost'
 ERROR 28000: Access denied for user 'USER'@'localhost'
-update mysql.global_priv set priv=json_compact(json_remove(priv, '$.plugin'));
+update mysql.global_priv set priv=json_compact(json_remove(priv, '$.plugin'))  where user='root';
 flush privileges;

mysql-test/main/failed_auth_unixsocket.test

@@ -4,7 +4,7 @@
 # MDEV-3909 remote user enumeration
 # unix_socket tests
 #
-update mysql.global_priv set priv=json_insert(priv, '$.plugin', 'unix_socket');
+update mysql.global_priv set priv=json_insert(priv, '$.plugin', 'unix_socket')  where user='root';
 flush privileges;
 
 # Make sure that the replace works, even if $USER is 'user' or something else
@@ -22,5 +22,5 @@ connect (fail,localhost,$USER);
 --error ER_ACCESS_DENIED_NO_PASSWORD_ERROR
 change_user $USER;
 
-update mysql.global_priv set priv=json_compact(json_remove(priv, '$.plugin'));
+update mysql.global_priv set priv=json_compact(json_remove(priv, '$.plugin'))  where user='root';
 flush privileges;

mysql-test/main/gis_notembedded.result

 show create procedure mysql.AddGeometryColumn;
 Procedure	sql_mode	Create Procedure	character_set_client	collation_connection	Database Collation
-AddGeometryColumn		CREATE DEFINER=`root`@`localhost` PROCEDURE `AddGeometryColumn`(catalog varchar(64), t_schema varchar(64),
+AddGeometryColumn		CREATE DEFINER=`mariadb.sys`@`localhost` PROCEDURE `AddGeometryColumn`(catalog varchar(64), t_schema varchar(64),
    t_name varchar(64), geometry_column varchar(64), t_srid int)
     SQL SECURITY INVOKER
 begin
   set @qwe= concat('ALTER TABLE ', t_schema, '.', t_name, ' ADD ', geometry_column,' GEOMETRY REF_SYSTEM_ID=', t_srid); PREPARE ls from @qwe; execute ls; deallocate prepare ls; end	latin1	latin1_swedish_ci	latin1_swedish_ci
 show create procedure mysql.DropGeometryColumn;
 Procedure	sql_mode	Create Procedure	character_set_client	collation_connection	Database Collation
-DropGeometryColumn		CREATE DEFINER=`root`@`localhost` PROCEDURE `DropGeometryColumn`(catalog varchar(64), t_schema varchar(64),
+DropGeometryColumn		CREATE DEFINER=`mariadb.sys`@`localhost` PROCEDURE `DropGeometryColumn`(catalog varchar(64), t_schema varchar(64),
    t_name varchar(64), geometry_column varchar(64))
     SQL SECURITY INVOKER
 begin

mysql-test/main/grant.result

@@ -656,9 +656,9 @@ GRANT ALL PRIVILEGES ON mysqltest.dummytable TO dummy@localhost;
 GRANT ALL PRIVILEGES ON mysqltest.dummyview TO dummy@localhost;
 SHOW GRANTS FOR dummy@localhost;
 Grants for dummy@localhost
-GRANT USAGE ON *.* TO `dummy`@`localhost`
-GRANT ALL PRIVILEGES ON `mysqltest`.`dummyview` TO `dummy`@`localhost`
 GRANT ALL PRIVILEGES ON `mysqltest`.`dummytable` TO `dummy`@`localhost`
+GRANT ALL PRIVILEGES ON `mysqltest`.`dummyview` TO `dummy`@`localhost`
+GRANT USAGE ON *.* TO `dummy`@`localhost`
 use INFORMATION_SCHEMA;
 SELECT TABLE_SCHEMA, TABLE_NAME, GROUP_CONCAT(PRIVILEGE_TYPE ORDER BY
 PRIVILEGE_TYPE SEPARATOR ', ') AS PRIVILEGES FROM TABLE_PRIVILEGES WHERE GRANTEE
@@ -669,9 +669,9 @@ mysqltest	dummyview	ALTER, CREATE, CREATE VIEW, DELETE, DELETE HISTORY, DROP, IN
 FLUSH PRIVILEGES;
 SHOW GRANTS FOR dummy@localhost;
 Grants for dummy@localhost
-GRANT USAGE ON *.* TO `dummy`@`localhost`
-GRANT ALL PRIVILEGES ON `mysqltest`.`dummyview` TO `dummy`@`localhost`
 GRANT ALL PRIVILEGES ON `mysqltest`.`dummytable` TO `dummy`@`localhost`
+GRANT ALL PRIVILEGES ON `mysqltest`.`dummyview` TO `dummy`@`localhost`
+GRANT USAGE ON *.* TO `dummy`@`localhost`
 SELECT TABLE_SCHEMA, TABLE_NAME, GROUP_CONCAT(PRIVILEGE_TYPE ORDER BY
 PRIVILEGE_TYPE SEPARATOR ', ') AS PRIVILEGES FROM TABLE_PRIVILEGES WHERE GRANTEE
 = '\'dummy\'@\'localhost\'' GROUP BY TABLE_SCHEMA, TABLE_NAME;
@@ -700,9 +700,9 @@ GRANT CREATE VIEW ON mysqltest.dummytable TO dummy@localhost;
 GRANT CREATE VIEW ON mysqltest.dummyview TO dummy@localhost;
 SHOW GRANTS FOR dummy@localhost;
 Grants for dummy@localhost
-GRANT USAGE ON *.* TO `dummy`@`localhost`
-GRANT CREATE VIEW ON `mysqltest`.`dummyview` TO `dummy`@`localhost`
 GRANT CREATE VIEW ON `mysqltest`.`dummytable` TO `dummy`@`localhost`
+GRANT CREATE VIEW ON `mysqltest`.`dummyview` TO `dummy`@`localhost`
+GRANT USAGE ON *.* TO `dummy`@`localhost`
 use INFORMATION_SCHEMA;
 SELECT TABLE_SCHEMA, TABLE_NAME, GROUP_CONCAT(PRIVILEGE_TYPE ORDER BY
 PRIVILEGE_TYPE SEPARATOR ', ') AS PRIVILEGES FROM TABLE_PRIVILEGES WHERE GRANTEE
@@ -713,9 +713,9 @@ mysqltest	dummyview	CREATE VIEW
 FLUSH PRIVILEGES;
 SHOW GRANTS FOR dummy@localhost;
 Grants for dummy@localhost
-GRANT USAGE ON *.* TO `dummy`@`localhost`
-GRANT CREATE VIEW ON `mysqltest`.`dummyview` TO `dummy`@`localhost`
 GRANT CREATE VIEW ON `mysqltest`.`dummytable` TO `dummy`@`localhost`
+GRANT CREATE VIEW ON `mysqltest`.`dummyview` TO `dummy`@`localhost`
+GRANT USAGE ON *.* TO `dummy`@`localhost`
 SELECT TABLE_SCHEMA, TABLE_NAME, GROUP_CONCAT(PRIVILEGE_TYPE ORDER BY
 PRIVILEGE_TYPE SEPARATOR ', ') AS PRIVILEGES FROM TABLE_PRIVILEGES WHERE GRANTEE
 = '\'dummy\'@\'localhost\'' GROUP BY TABLE_SCHEMA, TABLE_NAME;
@@ -735,8 +735,8 @@ GRANT SHOW VIEW ON mysqltest.dummyview TO dummy@localhost;
 SHOW GRANTS FOR dummy@localhost;
 Grants for dummy@localhost
 GRANT USAGE ON *.* TO `dummy`@`localhost`
-GRANT SHOW VIEW ON `mysqltest`.`dummyview` TO `dummy`@`localhost`
 GRANT SHOW VIEW ON `mysqltest`.`dummytable` TO `dummy`@`localhost`
+GRANT SHOW VIEW ON `mysqltest`.`dummyview` TO `dummy`@`localhost`
 use INFORMATION_SCHEMA;
 SELECT TABLE_SCHEMA, TABLE_NAME, GROUP_CONCAT(PRIVILEGE_TYPE ORDER BY
 PRIVILEGE_TYPE SEPARATOR ', ') AS PRIVILEGES FROM TABLE_PRIVILEGES WHERE GRANTEE
@@ -748,8 +748,8 @@ FLUSH PRIVILEGES;
 SHOW GRANTS FOR dummy@localhost;
 Grants for dummy@localhost
 GRANT USAGE ON *.* TO `dummy`@`localhost`
-GRANT SHOW VIEW ON `mysqltest`.`dummyview` TO `dummy`@`localhost`
 GRANT SHOW VIEW ON `mysqltest`.`dummytable` TO `dummy`@`localhost`
+GRANT SHOW VIEW ON `mysqltest`.`dummyview` TO `dummy`@`localhost`
 SELECT TABLE_SCHEMA, TABLE_NAME, GROUP_CONCAT(PRIVILEGE_TYPE ORDER BY
 PRIVILEGE_TYPE SEPARATOR ', ') AS PRIVILEGES FROM TABLE_PRIVILEGES WHERE GRANTEE
 = '\'dummy\'@\'localhost\'' GROUP BY TABLE_SCHEMA, TABLE_NAME;
@@ -967,6 +967,9 @@ GRANT UPDATE ON `test`.`t1` TO `mysqltest_8`@`%`
 select * from  information_schema.table_privileges;
 GRANTEE	TABLE_CATALOG	TABLE_SCHEMA	TABLE_NAME	PRIVILEGE_TYPE	IS_GRANTABLE
 'mysqltest_8'@'%'	def	test	t1	UPDATE	NO
+'mariadb.sys'@'localhost'	def	mysql	global_priv	SELECT	NO
+'mariadb.sys'@'localhost'	def	mysql	global_priv	UPDATE	NO
+'mariadb.sys'@'localhost'	def	mysql	global_priv	DELETE	NO
 connect  conn5,localhost,mysqltest_8,,;
 select * from t1;
 a
@@ -981,6 +984,9 @@ Grants for mysqltest_8@%
 GRANT USAGE ON *.* TO `mysqltest_8`@`%`
 select * from  information_schema.table_privileges;
 GRANTEE	TABLE_CATALOG	TABLE_SCHEMA	TABLE_NAME	PRIVILEGE_TYPE	IS_GRANTABLE
+'mariadb.sys'@'localhost'	def	mysql	global_priv	SELECT	NO
+'mariadb.sys'@'localhost'	def	mysql	global_priv	UPDATE	NO
+'mariadb.sys'@'localhost'	def	mysql	global_priv	DELETE	NO
 flush privileges;
 show grants for mysqltest_8@'';
 Grants for mysqltest_8@%

mysql-test/main/grant.test

@@ -440,12 +440,14 @@ CREATE TABLE mysqltest.dummytable (dummyfield INT);
 CREATE VIEW mysqltest.dummyview AS SELECT dummyfield FROM mysqltest.dummytable;
 GRANT ALL PRIVILEGES ON mysqltest.dummytable TO dummy@localhost;
 GRANT ALL PRIVILEGES ON mysqltest.dummyview TO dummy@localhost;
+--sorted_result
 SHOW GRANTS FOR dummy@localhost;
 use INFORMATION_SCHEMA;
 SELECT TABLE_SCHEMA, TABLE_NAME, GROUP_CONCAT(PRIVILEGE_TYPE ORDER BY
 PRIVILEGE_TYPE SEPARATOR ', ') AS PRIVILEGES FROM TABLE_PRIVILEGES WHERE GRANTEE
 = '\'dummy\'@\'localhost\'' GROUP BY TABLE_SCHEMA, TABLE_NAME;
 FLUSH PRIVILEGES;
+--sorted_result
 SHOW GRANTS FOR dummy@localhost;
 SELECT TABLE_SCHEMA, TABLE_NAME, GROUP_CONCAT(PRIVILEGE_TYPE ORDER BY
 PRIVILEGE_TYPE SEPARATOR ', ') AS PRIVILEGES FROM TABLE_PRIVILEGES WHERE GRANTEE
@@ -462,12 +464,14 @@ CREATE TABLE mysqltest.dummytable (dummyfield INT);
 CREATE VIEW mysqltest.dummyview AS SELECT dummyfield FROM mysqltest.dummytable;
 GRANT CREATE VIEW ON mysqltest.dummytable TO dummy@localhost;
 GRANT CREATE VIEW ON mysqltest.dummyview TO dummy@localhost;
+--sorted_result
 SHOW GRANTS FOR dummy@localhost;
 use INFORMATION_SCHEMA;
 SELECT TABLE_SCHEMA, TABLE_NAME, GROUP_CONCAT(PRIVILEGE_TYPE ORDER BY
 PRIVILEGE_TYPE SEPARATOR ', ') AS PRIVILEGES FROM TABLE_PRIVILEGES WHERE GRANTEE
 = '\'dummy\'@\'localhost\'' GROUP BY TABLE_SCHEMA, TABLE_NAME;
 FLUSH PRIVILEGES;
+--sorted_result
 SHOW GRANTS FOR dummy@localhost;
 SELECT TABLE_SCHEMA, TABLE_NAME, GROUP_CONCAT(PRIVILEGE_TYPE ORDER BY
 PRIVILEGE_TYPE SEPARATOR ', ') AS PRIVILEGES FROM TABLE_PRIVILEGES WHERE GRANTEE

mysql-test/main/grant2.result

@@ -557,7 +557,7 @@ GRANT INSERT ON *.* TO CURRENT_USER() IDENTIFIED BY 'keksdose';
 SELECT user,host,password,plugin,authentication_string,insert_priv FROM user WHERE user=@u AND host=@h;
 User	Host	Password	plugin	authentication_string	Insert_priv
 root	localhost	*0BB7188CF0DE9B403BA66E9DD810D82652D002EB	mysql_native_password	*0BB7188CF0DE9B403BA66E9DD810D82652D002EB	Y
-UPDATE global_priv SET priv=@root_priv;
+UPDATE global_priv SET priv=@root_priv where user='root' and host='localhost';
 FLUSH PRIVILEGES;
 USE test;
 End of 5.1 tests

mysql-test/main/grant2.test

@@ -669,7 +669,7 @@ SELECT user,host,password,plugin,authentication_string,insert_priv FROM user WHE
 GRANT INSERT ON *.* TO CURRENT_USER() IDENTIFIED BY 'keksdose';
 SELECT user,host,password,plugin,authentication_string,insert_priv FROM user WHERE user=@u AND host=@h;
 
-UPDATE global_priv SET priv=@root_priv;
+UPDATE global_priv SET priv=@root_priv where user='root' and host='localhost';
 FLUSH PRIVILEGES;
 
 USE test;

mysql-test/main/information_schema.result

@@ -565,7 +565,7 @@ create view v2 (c) as select a from t1 WITH LOCAL CHECK OPTION;
 create view v3 (c) as select a from t1 WITH CASCADED CHECK OPTION;
 select * from information_schema.views;
 TABLE_CATALOG	TABLE_SCHEMA	TABLE_NAME	VIEW_DEFINITION	CHECK_OPTION	IS_UPDATABLE	DEFINER	SECURITY_TYPE	CHARACTER_SET_CLIENT	COLLATION_CONNECTION	ALGORITHM
-def	mysql	user	select `mysql`.`global_priv`.`Host` AS `Host`,`mysql`.`global_priv`.`User` AS `User`,if(json_value(`mysql`.`global_priv`.`Priv`,'$.plugin') in ('mysql_native_password','mysql_old_password'),ifnull(json_value(`mysql`.`global_priv`.`Priv`,'$.authentication_string'),''),'') AS `Password`,if(json_value(`mysql`.`global_priv`.`Priv`,'$.access') & 1,'Y','N') AS `Select_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,'$.access') & 2,'Y','N') AS `Insert_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,'$.access') & 4,'Y','N') AS `Update_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,'$.access') & 8,'Y','N') AS `Delete_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,'$.access') & 16,'Y','N') AS `Create_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,'$.access') & 32,'Y','N') AS `Drop_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,'$.access') & 64,'Y','N') AS `Reload_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,'$.access') & 128,'Y','N') AS `Shutdown_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,'$.access') & 256,'Y','N') AS `Process_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,'$.access') & 512,'Y','N') AS `File_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,'$.access') & 1024,'Y','N') AS `Grant_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,'$.access') & 2048,'Y','N') AS `References_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,'$.access') & 4096,'Y','N') AS `Index_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,'$.access') & 8192,'Y','N') AS `Alter_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,'$.access') & 16384,'Y','N') AS `Show_db_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,'$.access') & 32768,'Y','N') AS `Super_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,'$.access') & 65536,'Y','N') AS `Create_tmp_table_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,'$.access') & 131072,'Y','N') AS `Lock_tables_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,'$.access') & 262144,'Y','N') AS `Execute_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,'$.access') & 524288,'Y','N') AS `Repl_slave_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,'$.access') & 1048576,'Y','N') AS `Repl_client_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,'$.access') & 2097152,'Y','N') AS `Create_view_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,'$.access') & 4194304,'Y','N') AS `Show_view_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,'$.access') & 8388608,'Y','N') AS `Create_routine_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,'$.access') & 16777216,'Y','N') AS `Alter_routine_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,'$.access') & 33554432,'Y','N') AS `Create_user_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,'$.access') & 67108864,'Y','N') AS `Event_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,'$.access') & 134217728,'Y','N') AS `Trigger_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,'$.access') & 268435456,'Y','N') AS `Create_tablespace_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,'$.access') & 536870912,'Y','N') AS `Delete_history_priv`,elt(ifnull(json_value(`mysql`.`global_priv`.`Priv`,'$.ssl_type'),0) + 1,'','ANY','X509','SPECIFIED') AS `ssl_type`,ifnull(json_value(`mysql`.`global_priv`.`Priv`,'$.ssl_cipher'),'') AS `ssl_cipher`,ifnull(json_value(`mysql`.`global_priv`.`Priv`,'$.x509_issuer'),'') AS `x509_issuer`,ifnull(json_value(`mysql`.`global_priv`.`Priv`,'$.x509_subject'),'') AS `x509_subject`,cast(ifnull(json_value(`mysql`.`global_priv`.`Priv`,'$.max_questions'),0) as unsigned) AS `max_questions`,cast(ifnull(json_value(`mysql`.`global_priv`.`Priv`,'$.max_updates'),0) as unsigned) AS `max_updates`,cast(ifnull(json_value(`mysql`.`global_priv`.`Priv`,'$.max_connections'),0) as unsigned) AS `max_connections`,cast(ifnull(json_value(`mysql`.`global_priv`.`Priv`,'$.max_user_connections'),0) as signed) AS `max_user_connections`,ifnull(json_value(`mysql`.`global_priv`.`Priv`,'$.plugin'),'') AS `plugin`,ifnull(json_value(`mysql`.`global_priv`.`Priv`,'$.authentication_string'),'') AS `authentication_string`,'N' AS `password_expired`,elt(ifnull(json_value(`mysql`.`global_priv`.`Priv`,'$.is_role'),0) + 1,'N','Y') AS `is_role`,ifnull(json_value(`mysql`.`global_priv`.`Priv`,'$.default_role'),'') AS `default_role`,cast(ifnull(json_value(`mysql`.`global_priv`.`Priv`,'$.max_statement_time'),0.0) as decimal(12,6)) AS `max_statement_time` from `mysql`.`global_priv`	NONE	YES	root@localhost	DEFINER	latin1	latin1_swedish_ci	UNDEFINED
+def	mysql	user	select `mysql`.`global_priv`.`Host` AS `Host`,`mysql`.`global_priv`.`User` AS `User`,if(json_value(`mysql`.`global_priv`.`Priv`,'$.plugin') in ('mysql_native_password','mysql_old_password'),ifnull(json_value(`mysql`.`global_priv`.`Priv`,'$.authentication_string'),''),'') AS `Password`,if(json_value(`mysql`.`global_priv`.`Priv`,'$.access') & 1,'Y','N') AS `Select_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,'$.access') & 2,'Y','N') AS `Insert_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,'$.access') & 4,'Y','N') AS `Update_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,'$.access') & 8,'Y','N') AS `Delete_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,'$.access') & 16,'Y','N') AS `Create_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,'$.access') & 32,'Y','N') AS `Drop_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,'$.access') & 64,'Y','N') AS `Reload_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,'$.access') & 128,'Y','N') AS `Shutdown_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,'$.access') & 256,'Y','N') AS `Process_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,'$.access') & 512,'Y','N') AS `File_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,'$.access') & 1024,'Y','N') AS `Grant_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,'$.access') & 2048,'Y','N') AS `References_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,'$.access') & 4096,'Y','N') AS `Index_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,'$.access') & 8192,'Y','N') AS `Alter_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,'$.access') & 16384,'Y','N') AS `Show_db_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,'$.access') & 32768,'Y','N') AS `Super_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,'$.access') & 65536,'Y','N') AS `Create_tmp_table_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,'$.access') & 131072,'Y','N') AS `Lock_tables_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,'$.access') & 262144,'Y','N') AS `Execute_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,'$.access') & 524288,'Y','N') AS `Repl_slave_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,'$.access') & 1048576,'Y','N') AS `Repl_client_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,'$.access') & 2097152,'Y','N') AS `Create_view_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,'$.access') & 4194304,'Y','N') AS `Show_view_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,'$.access') & 8388608,'Y','N') AS `Create_routine_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,'$.access') & 16777216,'Y','N') AS `Alter_routine_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,'$.access') & 33554432,'Y','N') AS `Create_user_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,'$.access') & 67108864,'Y','N') AS `Event_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,'$.access') & 134217728,'Y','N') AS `Trigger_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,'$.access') & 268435456,'Y','N') AS `Create_tablespace_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,'$.access') & 536870912,'Y','N') AS `Delete_history_priv`,elt(ifnull(json_value(`mysql`.`global_priv`.`Priv`,'$.ssl_type'),0) + 1,'','ANY','X509','SPECIFIED') AS `ssl_type`,ifnull(json_value(`mysql`.`global_priv`.`Priv`,'$.ssl_cipher'),'') AS `ssl_cipher`,ifnull(json_value(`mysql`.`global_priv`.`Priv`,'$.x509_issuer'),'') AS `x509_issuer`,ifnull(json_value(`mysql`.`global_priv`.`Priv`,'$.x509_subject'),'') AS `x509_subject`,cast(ifnull(json_value(`mysql`.`global_priv`.`Priv`,'$.max_questions'),0) as unsigned) AS `max_questions`,cast(ifnull(json_value(`mysql`.`global_priv`.`Priv`,'$.max_updates'),0) as unsigned) AS `max_updates`,cast(ifnull(json_value(`mysql`.`global_priv`.`Priv`,'$.max_connections'),0) as unsigned) AS `max_connections`,cast(ifnull(json_value(`mysql`.`global_priv`.`Priv`,'$.max_user_connections'),0) as signed) AS `max_user_connections`,ifnull(json_value(`mysql`.`global_priv`.`Priv`,'$.plugin'),'') AS `plugin`,ifnull(json_value(`mysql`.`global_priv`.`Priv`,'$.authentication_string'),'') AS `authentication_string`,'N' AS `password_expired`,elt(ifnull(json_value(`mysql`.`global_priv`.`Priv`,'$.is_role'),0) + 1,'N','Y') AS `is_role`,ifnull(json_value(`mysql`.`global_priv`.`Priv`,'$.default_role'),'') AS `default_role`,cast(ifnull(json_value(`mysql`.`global_priv`.`Priv`,'$.max_statement_time'),0.0) as decimal(12,6)) AS `max_statement_time` from `mysql`.`global_priv`	NONE	YES	mariadb.sys@localhost	DEFINER	latin1	latin1_swedish_ci	UNDEFINED
 def	test	v1	select `test`.`t1`.`a` AS `c` from `test`.`t1`	CASCADED	YES	root@localhost	DEFINER	latin1	latin1_swedish_ci	UNDEFINED
 def	test	v2	select `test`.`t1`.`a` AS `c` from `test`.`t1`	LOCAL	YES	root@localhost	DEFINER	latin1	latin1_swedish_ci	UNDEFINED
 def	test	v3	select `test`.`t1`.`a` AS `c` from `test`.`t1`	CASCADED	YES	root@localhost	DEFINER	latin1	latin1_swedish_ci	UNDEFINED
@@ -575,6 +575,9 @@ GRANTEE	TABLE_CATALOG	TABLE_SCHEMA	TABLE_NAME	COLUMN_NAME	PRIVILEGE_TYPE	IS_GRAN
 'joe'@'localhost'	def	test	t1	a	SELECT	YES
 select * from INFORMATION_SCHEMA.TABLE_PRIVILEGES;
 GRANTEE	TABLE_CATALOG	TABLE_SCHEMA	TABLE_NAME	PRIVILEGE_TYPE	IS_GRANTABLE
+'mariadb.sys'@'localhost'	def	mysql	global_priv	SELECT	NO
+'mariadb.sys'@'localhost'	def	mysql	global_priv	UPDATE	NO
+'mariadb.sys'@'localhost'	def	mysql	global_priv	DELETE	NO
 drop view v1, v2, v3;
 drop table t1;
 delete from mysql.user where user='joe';

mysql-test/main/lowercase_fs_off.test

@@ -48,6 +48,7 @@ select * from T1;
 connection default;
 GRANT SELECT ON t1 to user_1@localhost;
 connection con1;
+--sorted_result
 select * from information_schema.table_privileges;
 connection default;
 disconnect con1;

mysql-test/main/mysql_upgrade-6984.result

-update mysql.global_priv set priv=json_set(priv, '$.plugin', 'mysql_native_password', '$.authentication_string', password('foo'));
+update mysql.global_priv set priv=json_set(priv, '$.plugin', 'mysql_native_password', '$.authentication_string', password('foo')) where user='root';
 Phase 1/7: Checking and upgrading mysql database
 Processing databases
 mysql
@@ -63,6 +63,6 @@ test
 Phase 7/7: Running 'FLUSH PRIVILEGES'
 OK
 connect con1,localhost,root,foo,,,;
-update mysql.global_priv set priv=json_compact(json_remove(priv, '$.plugin', '$.authentication_string'));
+update mysql.global_priv set priv=json_compact(json_remove(priv, '$.plugin', '$.authentication_string'))  where user='root';
 flush privileges;
 set global event_scheduler=OFF;

mysql-test/main/mysql_upgrade-6984.test

@@ -11,13 +11,13 @@
 # In this setup MYSQL_UPGRADE cannot continue after issuing FLUSH PRIVILEGES
 #
 
-update mysql.global_priv set priv=json_set(priv, '$.plugin', 'mysql_native_password', '$.authentication_string', password('foo'));
+update mysql.global_priv set priv=json_set(priv, '$.plugin', 'mysql_native_password', '$.authentication_string', password('foo')) where user='root';
 
 --exec $MYSQL_UPGRADE
 
 connect(con1,localhost,root,foo,,,);
 
-update mysql.global_priv set priv=json_compact(json_remove(priv, '$.plugin', '$.authentication_string'));
+update mysql.global_priv set priv=json_compact(json_remove(priv, '$.plugin', '$.authentication_string'))  where user='root';
 flush privileges;
 # Load event table
 set global event_scheduler=OFF;

mysql-test/main/mysql_upgrade.result

@@ -639,7 +639,7 @@ alter table mysql.user change authentication_string auth_string text collate utf
 # mysql_upgrade --force --silent 2>&1
 select count(*) from mysql.global_priv;
 count(*)
-4
+5
 drop table mysql.global_priv;
 rename table mysql.global_priv_bak to mysql.global_priv;
 # End of 10.4 tests

mysql-test/main/plugin_auth_qa_1.result

 CREATE DATABASE test_user_db;
 SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
 User	plugin	authentication_string
+mariadb.sys	mysql_native_password	
 ========== test 1.1.3.2 ====================================
 CREATE USER plug_user IDENTIFIED WITH test_plugin_server AS 'plug_dest';
 CREATE USER plug_dest IDENTIFIED BY 'plug_dest_passwd';
@@ -23,6 +24,7 @@ GRANT ALL PRIVILEGES ON test_user_db.* TO plug_dest IDENTIFIED BY 'plug_dest_pas
 GRANT PROXY ON plug_dest TO plug_user;
 SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
 User	plugin	authentication_string
+mariadb.sys	mysql_native_password	
 plug_dest	mysql_native_password	*939AEE68989794C0F408277411C26055CDF41119
 plug_user	test_plugin_server	plug_dest
 1)
@@ -74,6 +76,7 @@ GRANT PROXY ON new_dest TO plug_user;
 ERROR 1045 (28000): Access denied for user 'plug_user'@'localhost' (using password: YES)
 SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
 User	plugin	authentication_string
+mariadb.sys	mysql_native_password	
 new_dest	mysql_native_password	*939AEE68989794C0F408277411C26055CDF41119
 plug_user	test_plugin_server	plug_dest
 DROP USER plug_user,new_dest;
@@ -92,6 +95,7 @@ GRANT PROXY ON new_dest TO plug_user;
 ERROR 1045 (28000): Access denied for user 'plug_user'@'localhost' (using password: YES)
 SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
 User	plugin	authentication_string
+mariadb.sys	mysql_native_password	
 new_dest	mysql_native_password	*939AEE68989794C0F408277411C26055CDF41119
 plug_user	test_plugin_server	plug_dest
 DROP USER plug_user,new_dest;
@@ -113,6 +117,7 @@ new_user@localhost	plug_dest@%
 connection default;
 SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
 User	plugin	authentication_string
+mariadb.sys	mysql_native_password	
 new_user	test_plugin_server	plug_dest
 plug_dest	mysql_native_password	*939AEE68989794C0F408277411C26055CDF41119
 disconnect plug_user;
@@ -120,6 +125,7 @@ UPDATE mysql.global_priv SET user='plug_user' WHERE user='new_user';
 FLUSH PRIVILEGES;
 SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
 User	plugin	authentication_string
+mariadb.sys	mysql_native_password	
 plug_dest	mysql_native_password	*939AEE68989794C0F408277411C26055CDF41119
 plug_user	test_plugin_server	plug_dest
 DROP USER plug_dest,plug_user;
@@ -136,24 +142,28 @@ connection default;
 disconnect plug_user;
 SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
 User	plugin	authentication_string
+mariadb.sys	mysql_native_password	
 plug_dest	mysql_native_password	*939AEE68989794C0F408277411C26055CDF41119
 plug_user	test_plugin_server	plug_dest
 UPDATE mysql.global_priv SET user='new_user' WHERE user='plug_user';
 FLUSH PRIVILEGES;
 SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
 User	plugin	authentication_string
+mariadb.sys	mysql_native_password	
 new_user	test_plugin_server	plug_dest
 plug_dest	mysql_native_password	*939AEE68989794C0F408277411C26055CDF41119
 UPDATE mysql.global_priv SET priv=JSON_SET(priv, '$.authentication_string', 'new_dest') WHERE user='new_user';
 FLUSH PRIVILEGES;
 SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
 User	plugin	authentication_string
+mariadb.sys	mysql_native_password	
 new_user	test_plugin_server	new_dest
 plug_dest	mysql_native_password	*939AEE68989794C0F408277411C26055CDF41119
 UPDATE mysql.global_priv SET priv=JSON_SET(priv, '$.plugin', 'new_plugin_server') WHERE user='new_user';
 FLUSH PRIVILEGES;
 SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
 User	plugin	authentication_string
+mariadb.sys	mysql_native_password	
 new_user	new_plugin_server	new_dest
 plug_dest	mysql_native_password	*939AEE68989794C0F408277411C26055CDF41119
 ERROR HY000: Plugin 'new_plugin_server' is not loaded
@@ -163,6 +173,7 @@ FLUSH PRIVILEGES;
 GRANT PROXY ON new_dest TO new_user;
 SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
 User	plugin	authentication_string
+mariadb.sys	mysql_native_password	
 new_dest	mysql_native_password	*939AEE68989794C0F408277411C26055CDF41119
 new_user	test_plugin_server	new_dest
 connect plug_user,localhost,new_user,new_dest;
@@ -176,6 +187,7 @@ FLUSH PRIVILEGES;
 CREATE USER new_dest IDENTIFIED BY 'new_dest_passwd';
 SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
 User	plugin	authentication_string
+mariadb.sys	mysql_native_password	
 new_dest	mysql_native_password	*01422E86A6FFF84618914AF149F9AEF64B84170A
 new_user	test_plugin_server	new_dest
 plug_dest	mysql_native_password	*939AEE68989794C0F408277411C26055CDF41119
@@ -193,6 +205,7 @@ CREATE USER proxied_user IDENTIFIED BY 'proxied_user_passwd';
 SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
 User	plugin	authentication_string
 	test_plugin_server	proxied_user
+mariadb.sys	mysql_native_password	
 proxied_user	mysql_native_password	*D7A51428CD38DB3C5293B9321DA1228BFB1611DD
 connect proxy_con,localhost,proxied_user,proxied_user_passwd;
 SELECT USER(),CURRENT_USER();
@@ -229,6 +242,7 @@ CREATE USER proxied_user IDENTIFIED BY 'proxied_user_passwd';
 SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
 User	plugin	authentication_string
 	test_plugin_server	proxied_user
+mariadb.sys	mysql_native_password	
 proxied_user	mysql_native_password	*D7A51428CD38DB3C5293B9321DA1228BFB1611DD
 connect proxy_con,localhost,proxied_user,proxied_user_passwd;
 SELECT USER(),CURRENT_USER();
@@ -271,6 +285,7 @@ GRANT PROXY ON proxied_user_5 TO ''@'%%';
 SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
 User	plugin	authentication_string
 	test_plugin_server	proxied_user
+mariadb.sys	mysql_native_password	
 proxied_user_1	mysql_native_password	*551D5A5177FCC3340F7D2FB0F4D8D1EEA7F7EF71
 proxied_user_2	mysql_native_password	*3D948F77C6A988AFDCA9755AB2A6724362557220
 proxied_user_3	mysql_native_password	*41A18925D237DEE738C76581153990B037F462E3

mysql-test/main/plugin_auth_qa_2.result

@@ -7,6 +7,7 @@ GRANT ALL PRIVILEGES ON test_user_db.* TO qa_test_1_dest identified by 'dest_pas
 GRANT PROXY ON qa_test_1_dest TO qa_test_1_user;
 SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
 User	plugin	authentication_string
+mariadb.sys	mysql_native_password	
 qa_test_1_dest	mysql_native_password	*DFCACE76914AD7BD801FC1A1ECF6562272621A22
 qa_test_1_user	qa_auth_interface	qa_test_1_dest
 SELECT @@proxy_user;
@@ -20,6 +21,7 @@ current_user()	user()	@@local.proxy_user	@@local.external_user
 qa_test_1_user@%	qa_test_1_user@localhost	NULL	NULL
 SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
 User	plugin	authentication_string
+mariadb.sys	mysql_native_password	
 qa_test_1_dest	mysql_native_password	*DFCACE76914AD7BD801FC1A1ECF6562272621A22
 qa_test_1_user	qa_auth_interface	qa_test_1_dest
 DROP USER qa_test_1_user;
@@ -34,6 +36,7 @@ GRANT PROXY ON authenticated_as TO qa_test_2_user;
 SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
 User	plugin	authentication_string
 authenticated_as	mysql_native_password	*DFCACE76914AD7BD801FC1A1ECF6562272621A22
+mariadb.sys	mysql_native_password	
 qa_test_2_dest	mysql_native_password	*DFCACE76914AD7BD801FC1A1ECF6562272621A22
 qa_test_2_user	qa_auth_interface	qa_test_2_dest
 SELECT @@proxy_user;
@@ -48,6 +51,7 @@ authenticated_as@%	user_name@localhost	'qa_test_2_user'@'%'	externaluser
 SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
 User	plugin	authentication_string
 authenticated_as	mysql_native_password	*DFCACE76914AD7BD801FC1A1ECF6562272621A22
+mariadb.sys	mysql_native_password	
 qa_test_2_dest	mysql_native_password	*DFCACE76914AD7BD801FC1A1ECF6562272621A22
 qa_test_2_user	qa_auth_interface	qa_test_2_dest
 DROP USER qa_test_2_user;
@@ -84,6 +88,7 @@ GRANT PROXY ON qa_test_5_dest TO ''@'localhost';
 SELECT user,plugin,authentication_string,password FROM mysql.user WHERE user != 'root';
 User	plugin	authentication_string	Password
 	mysql_native_password	*DFCACE76914AD7BD801FC1A1ECF6562272621A22	*DFCACE76914AD7BD801FC1A1ECF6562272621A22
+mariadb.sys	mysql_native_password		
 qa_test_5_dest	mysql_native_password	*DFCACE76914AD7BD801FC1A1ECF6562272621A22	*DFCACE76914AD7BD801FC1A1ECF6562272621A22
 qa_test_5_user	qa_auth_interface	qa_test_5_dest	
 exec MYSQL -h localhost -P MASTER_MYPORT --user=qa_test_5_user  --password=qa_test_5_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1
@@ -98,6 +103,7 @@ GRANT ALL PRIVILEGES ON test_user_db.* TO qa_test_6_dest identified by 'dest_pas
 GRANT PROXY ON qa_test_6_dest TO qa_test_6_user;
 SELECT user,plugin,authentication_string,password FROM mysql.user WHERE user != 'root';
 User	plugin	authentication_string	Password
+mariadb.sys	mysql_native_password		
 qa_test_6_dest	mysql_native_password	*DFCACE76914AD7BD801FC1A1ECF6562272621A22	*DFCACE76914AD7BD801FC1A1ECF6562272621A22
 qa_test_6_user	qa_auth_interface	qa_test_6_dest	
 exec MYSQL -h localhost -P MASTER_MYPORT --user=qa_test_6_user  --password=qa_test_6_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1
@@ -105,6 +111,7 @@ ERROR 1045 (28000): Access denied for user 'qa_test_6_user'@'localhost' (using p
 GRANT PROXY ON qa_test_6_dest TO root IDENTIFIED WITH qa_auth_interface AS 'qa_test_6_dest';
 SELECT user,plugin,authentication_string,password FROM mysql.user WHERE user != 'root';
 User	plugin	authentication_string	Password
+mariadb.sys	mysql_native_password		
 qa_test_6_dest	mysql_native_password	*DFCACE76914AD7BD801FC1A1ECF6562272621A22	*DFCACE76914AD7BD801FC1A1ECF6562272621A22
 qa_test_6_user	qa_auth_interface	qa_test_6_dest	
 exec MYSQL -h localhost -P MASTER_MYPORT --user=root  --password=qa_test_6_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1
@@ -112,6 +119,7 @@ ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: Y
 REVOKE PROXY ON qa_test_6_dest FROM root;
 SELECT user,plugin,authentication_string FROM mysql.user WHERE user != 'root';
 User	plugin	authentication_string
+mariadb.sys	mysql_native_password	
 qa_test_6_dest	mysql_native_password	*DFCACE76914AD7BD801FC1A1ECF6562272621A22
 qa_test_6_user	qa_auth_interface	qa_test_6_dest
 exec MYSQL -h localhost -P MASTER_MYPORT --user=root  --password=qa_test_6_dest test_user_db -e "SELECT current_user(),user(),@@local.proxy_user,@@local.external_user;" 2>&1
@@ -121,6 +129,7 @@ DROP USER qa_test_6_dest;
 DELETE FROM mysql.user WHERE user='root' AND plugin='qa_auth_interface';
 SELECT user,plugin,authentication_string,password FROM mysql.user WHERE user != 'root';
 User	plugin	authentication_string	Password
+mariadb.sys	mysql_native_password		
 === Test of the --default_auth option for clients ====
 CREATE USER qa_test_11_user IDENTIFIED WITH qa_auth_interface AS 'qa_test_11_dest';
 CREATE USER qa_test_11_dest IDENTIFIED BY 'dest_passwd';

mysql-test/main/ps_grant.result

@@ -11,8 +11,8 @@ grant select on mysqltest.t9 to second_user@localhost
 identified by 'looser' ;
 show grants for second_user@localhost ;
 Grants for second_user@localhost
-GRANT USAGE ON *.* TO `second_user`@`localhost` IDENTIFIED BY PASSWORD '*13843FE600B19A81E32AF50D4A6FED25875FF1F3'
 GRANT SELECT ON `mysqltest`.`t9` TO `second_user`@`localhost`
+GRANT USAGE ON *.* TO `second_user`@`localhost` IDENTIFIED BY PASSWORD '*13843FE600B19A81E32AF50D4A6FED25875FF1F3'
 connect  con3,localhost,second_user,looser,mysqltest;
 connection con3;
 select current_user();
@@ -34,21 +34,21 @@ grant select on mysqltest.t1 to second_user@localhost
 identified by 'looser' ;
 show grants for second_user@localhost ;
 Grants for second_user@localhost
-GRANT USAGE ON *.* TO `second_user`@`localhost` IDENTIFIED BY PASSWORD '*13843FE600B19A81E32AF50D4A6FED25875FF1F3'
-GRANT SELECT ON `mysqltest`.`t9` TO `second_user`@`localhost`
 GRANT SELECT ON `mysqltest`.`t1` TO `second_user`@`localhost`
+GRANT SELECT ON `mysqltest`.`t9` TO `second_user`@`localhost`
+GRANT USAGE ON *.* TO `second_user`@`localhost` IDENTIFIED BY PASSWORD '*13843FE600B19A81E32AF50D4A6FED25875FF1F3'
 drop table mysqltest.t9 ;
 show grants for second_user@localhost ;
 Grants for second_user@localhost
-GRANT USAGE ON *.* TO `second_user`@`localhost` IDENTIFIED BY PASSWORD '*13843FE600B19A81E32AF50D4A6FED25875FF1F3'
-GRANT SELECT ON `mysqltest`.`t9` TO `second_user`@`localhost`
 GRANT SELECT ON `mysqltest`.`t1` TO `second_user`@`localhost`
+GRANT SELECT ON `mysqltest`.`t9` TO `second_user`@`localhost`
+GRANT USAGE ON *.* TO `second_user`@`localhost` IDENTIFIED BY PASSWORD '*13843FE600B19A81E32AF50D4A6FED25875FF1F3'
 connection con3;
 show grants for second_user@localhost ;
 Grants for second_user@localhost
-GRANT USAGE ON *.* TO `second_user`@`localhost` IDENTIFIED BY PASSWORD '*13843FE600B19A81E32AF50D4A6FED25875FF1F3'
-GRANT SELECT ON `mysqltest`.`t9` TO `second_user`@`localhost`
 GRANT SELECT ON `mysqltest`.`t1` TO `second_user`@`localhost`
+GRANT SELECT ON `mysqltest`.`t9` TO `second_user`@`localhost`
+GRANT USAGE ON *.* TO `second_user`@`localhost` IDENTIFIED BY PASSWORD '*13843FE600B19A81E32AF50D4A6FED25875FF1F3'
 prepare s_t1 from 'select a as my_col from t1' ;
 execute s_t1 ;
 my_col
@@ -63,13 +63,13 @@ connection default;
 revoke all privileges on mysqltest.t1 from second_user@localhost;
 show grants for second_user@localhost ;
 Grants for second_user@localhost
-GRANT USAGE ON *.* TO `second_user`@`localhost` IDENTIFIED BY PASSWORD '*13843FE600B19A81E32AF50D4A6FED25875FF1F3'
 GRANT SELECT ON `mysqltest`.`t9` TO `second_user`@`localhost`
+GRANT USAGE ON *.* TO `second_user`@`localhost` IDENTIFIED BY PASSWORD '*13843FE600B19A81E32AF50D4A6FED25875FF1F3'
 connection con3;
 show grants for second_user@localhost ;
 Grants for second_user@localhost
-GRANT USAGE ON *.* TO `second_user`@`localhost` IDENTIFIED BY PASSWORD '*13843FE600B19A81E32AF50D4A6FED25875FF1F3'
 GRANT SELECT ON `mysqltest`.`t9` TO `second_user`@`localhost`
+GRANT USAGE ON *.* TO `second_user`@`localhost` IDENTIFIED BY PASSWORD '*13843FE600B19A81E32AF50D4A6FED25875FF1F3'
 execute s_t1 ;
 ERROR 42000: SELECT command denied to user 'second_user'@'localhost' for table 't1'
 connection default;

mysql-test/main/ps_grant.test

@@ -40,6 +40,7 @@ grant usage on mysqltest.* to second_user@localhost
 identified by 'looser' ;
 grant select on mysqltest.t9 to second_user@localhost
 identified by 'looser' ;
+--sorted_result
 show grants for second_user@localhost ;
 
 
@@ -64,8 +65,10 @@ select a as my_col from t1;
 connection default;
 grant select on mysqltest.t1 to second_user@localhost
 identified by 'looser' ;
+--sorted_result
 show grants for second_user@localhost ;
 drop table mysqltest.t9 ;
+--sorted_result
 show grants for second_user@localhost ;
 
 
@@ -73,6 +76,7 @@ show grants for second_user@localhost ;
 ## switch to the second session
 connection con3;
 ######## Question 1: The table t1 should be now accessible. ########
+--sorted_result
 show grants for second_user@localhost ;
 prepare s_t1 from 'select a as my_col from t1' ;
 execute s_t1 ;
@@ -86,11 +90,13 @@ deallocate prepare s_t9;
 ## switch back to the first session
 connection default;
 revoke all privileges on mysqltest.t1 from second_user@localhost;
+--sorted_result
 show grants for second_user@localhost ;
 
 #### check the access as new user
 ## switch to the second session
 connection con3;
+--sorted_result
 show grants for second_user@localhost ;
 ######## Question 2: The table t1 should be now not accessible. ########
 --error 1142
@@ -103,6 +109,7 @@ connection default;
 disconnect con3 ;
 ## remove all rights of second_user@localhost
 revoke all privileges, grant option from second_user@localhost ;
+--sorted_result
 show grants for second_user@localhost ;
 drop user second_user@localhost ;
 commit ;

mysql-test/main/set_password.result

@@ -9,6 +9,7 @@ create user oldpassold@localhost identified with 'mysql_old_password';
 set password for oldpassold@localhost = '378b243e220ca493';
 select user, host, password, plugin, authentication_string from mysql.user where user != 'root';
 User	Host	Password	plugin	authentication_string
+mariadb.sys	localhost		mysql_native_password	
 natauth	localhost	*94BDCEBE19083CE2A1F959FD02F964C7AF4CFC29	mysql_native_password	*94BDCEBE19083CE2A1F959FD02F964C7AF4CFC29
 newpass	localhost	*94BDCEBE19083CE2A1F959FD02F964C7AF4CFC29	mysql_native_password	*94BDCEBE19083CE2A1F959FD02F964C7AF4CFC29
 newpassnat	localhost	*94BDCEBE19083CE2A1F959FD02F964C7AF4CFC29	mysql_native_password	*94BDCEBE19083CE2A1F959FD02F964C7AF4CFC29
@@ -86,6 +87,7 @@ set password for oldpass@localhost = PASSWORD('test2');
 set password for oldpassold@localhost = PASSWORD('test2');
 select user, host, password, plugin, authentication_string from mysql.user where user != 'root';
 User	Host	Password	plugin	authentication_string
+mariadb.sys	localhost		mysql_native_password	
 natauth	localhost	*7CEB3FDE5F7A9C4CE5FBE610D7D8EDA62EBE5F4E	mysql_native_password	*7CEB3FDE5F7A9C4CE5FBE610D7D8EDA62EBE5F4E
 newpass	localhost	*7CEB3FDE5F7A9C4CE5FBE610D7D8EDA62EBE5F4E	mysql_native_password	*7CEB3FDE5F7A9C4CE5FBE610D7D8EDA62EBE5F4E
 newpassnat	localhost	*7CEB3FDE5F7A9C4CE5FBE610D7D8EDA62EBE5F4E	mysql_native_password	*7CEB3FDE5F7A9C4CE5FBE610D7D8EDA62EBE5F4E

mysql-test/main/stat_tables.result

@@ -592,7 +592,7 @@ explain
 SELECT * FROM INFORMATION_SCHEMA.PROFILING, mysql.user;
 id	select_type	table	type	possible_keys	key	key_len	ref	rows	Extra
 1	SIMPLE	PROFILING	ALL	NULL	NULL	NULL	NULL	NULL	
-1	SIMPLE	global_priv	ALL	NULL	NULL	NULL	NULL	4	Using join buffer (flat, BNL join)
+1	SIMPLE	global_priv	ALL	NULL	NULL	NULL	NULL	5	Using join buffer (flat, BNL join)
 set @@optimizer_use_condition_selectivity=@save_optimizer_use_condition_selectivity;
 set use_stat_tables=@save_use_stat_tables;
 #

mysql-test/main/stat_tables_innodb.result

@@ -624,7 +624,7 @@ explain
 SELECT * FROM INFORMATION_SCHEMA.PROFILING, mysql.user;
 id	select_type	table	type	possible_keys	key	key_len	ref	rows	Extra
 1	SIMPLE	PROFILING	ALL	NULL	NULL	NULL	NULL	NULL	
-1	SIMPLE	global_priv	ALL	NULL	NULL	NULL	NULL	4	Using join buffer (flat, BNL join)
+1	SIMPLE	global_priv	ALL	NULL	NULL	NULL	NULL	5	Using join buffer (flat, BNL join)
 set @@optimizer_use_condition_selectivity=@save_optimizer_use_condition_selectivity;
 set use_stat_tables=@save_use_stat_tables;
 #

mysql-test/main/system_mysql_db.result

@@ -62,7 +62,7 @@ db	CREATE TABLE `db` (
 ) ENGINE=Aria DEFAULT CHARSET=utf8 COLLATE=utf8_bin PAGE_CHECKSUM=1 TRANSACTIONAL=1 COMMENT='Database privileges'
 show create table user;
 View	Create View	character_set_client	collation_connection
-user	CREATE ALGORITHM=UNDEFINED DEFINER=`root`@`localhost` SQL SECURITY DEFINER VIEW `user` AS select `global_priv`.`Host` AS `Host`,`global_priv`.`User` AS `User`,if(json_value(`global_priv`.`Priv`,'$.plugin') in ('mysql_native_password','mysql_old_password'),ifnull(json_value(`global_priv`.`Priv`,'$.authentication_string'),''),'') AS `Password`,if(json_value(`global_priv`.`Priv`,'$.access') & 1,'Y','N') AS `Select_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 2,'Y','N') AS `Insert_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 4,'Y','N') AS `Update_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 8,'Y','N') AS `Delete_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 16,'Y','N') AS `Create_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 32,'Y','N') AS `Drop_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 64,'Y','N') AS `Reload_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 128,'Y','N') AS `Shutdown_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 256,'Y','N') AS `Process_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 512,'Y','N') AS `File_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 1024,'Y','N') AS `Grant_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 2048,'Y','N') AS `References_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 4096,'Y','N') AS `Index_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 8192,'Y','N') AS `Alter_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 16384,'Y','N') AS `Show_db_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 32768,'Y','N') AS `Super_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 65536,'Y','N') AS `Create_tmp_table_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 131072,'Y','N') AS `Lock_tables_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 262144,'Y','N') AS `Execute_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 524288,'Y','N') AS `Repl_slave_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 1048576,'Y','N') AS `Repl_client_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 2097152,'Y','N') AS `Create_view_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 4194304,'Y','N') AS `Show_view_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 8388608,'Y','N') AS `Create_routine_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 16777216,'Y','N') AS `Alter_routine_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 33554432,'Y','N') AS `Create_user_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 67108864,'Y','N') AS `Event_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 134217728,'Y','N') AS `Trigger_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 268435456,'Y','N') AS `Create_tablespace_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 536870912,'Y','N') AS `Delete_history_priv`,elt(ifnull(json_value(`global_priv`.`Priv`,'$.ssl_type'),0) + 1,'','ANY','X509','SPECIFIED') AS `ssl_type`,ifnull(json_value(`global_priv`.`Priv`,'$.ssl_cipher'),'') AS `ssl_cipher`,ifnull(json_value(`global_priv`.`Priv`,'$.x509_issuer'),'') AS `x509_issuer`,ifnull(json_value(`global_priv`.`Priv`,'$.x509_subject'),'') AS `x509_subject`,cast(ifnull(json_value(`global_priv`.`Priv`,'$.max_questions'),0) as unsigned) AS `max_questions`,cast(ifnull(json_value(`global_priv`.`Priv`,'$.max_updates'),0) as unsigned) AS `max_updates`,cast(ifnull(json_value(`global_priv`.`Priv`,'$.max_connections'),0) as unsigned) AS `max_connections`,cast(ifnull(json_value(`global_priv`.`Priv`,'$.max_user_connections'),0) as signed) AS `max_user_connections`,ifnull(json_value(`global_priv`.`Priv`,'$.plugin'),'') AS `plugin`,ifnull(json_value(`global_priv`.`Priv`,'$.authentication_string'),'') AS `authentication_string`,'N' AS `password_expired`,elt(ifnull(json_value(`global_priv`.`Priv`,'$.is_role'),0) + 1,'N','Y') AS `is_role`,ifnull(json_value(`global_priv`.`Priv`,'$.default_role'),'') AS `default_role`,cast(ifnull(json_value(`global_priv`.`Priv`,'$.max_statement_time'),0.0) as decimal(12,6)) AS `max_statement_time` from `global_priv`	latin1	latin1_swedish_ci
+user	CREATE ALGORITHM=UNDEFINED DEFINER=`mariadb.sys`@`localhost` SQL SECURITY DEFINER VIEW `user` AS select `global_priv`.`Host` AS `Host`,`global_priv`.`User` AS `User`,if(json_value(`global_priv`.`Priv`,'$.plugin') in ('mysql_native_password','mysql_old_password'),ifnull(json_value(`global_priv`.`Priv`,'$.authentication_string'),''),'') AS `Password`,if(json_value(`global_priv`.`Priv`,'$.access') & 1,'Y','N') AS `Select_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 2,'Y','N') AS `Insert_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 4,'Y','N') AS `Update_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 8,'Y','N') AS `Delete_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 16,'Y','N') AS `Create_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 32,'Y','N') AS `Drop_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 64,'Y','N') AS `Reload_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 128,'Y','N') AS `Shutdown_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 256,'Y','N') AS `Process_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 512,'Y','N') AS `File_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 1024,'Y','N') AS `Grant_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 2048,'Y','N') AS `References_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 4096,'Y','N') AS `Index_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 8192,'Y','N') AS `Alter_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 16384,'Y','N') AS `Show_db_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 32768,'Y','N') AS `Super_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 65536,'Y','N') AS `Create_tmp_table_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 131072,'Y','N') AS `Lock_tables_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 262144,'Y','N') AS `Execute_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 524288,'Y','N') AS `Repl_slave_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 1048576,'Y','N') AS `Repl_client_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 2097152,'Y','N') AS `Create_view_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 4194304,'Y','N') AS `Show_view_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 8388608,'Y','N') AS `Create_routine_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 16777216,'Y','N') AS `Alter_routine_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 33554432,'Y','N') AS `Create_user_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 67108864,'Y','N') AS `Event_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 134217728,'Y','N') AS `Trigger_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 268435456,'Y','N') AS `Create_tablespace_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 536870912,'Y','N') AS `Delete_history_priv`,elt(ifnull(json_value(`global_priv`.`Priv`,'$.ssl_type'),0) + 1,'','ANY','X509','SPECIFIED') AS `ssl_type`,ifnull(json_value(`global_priv`.`Priv`,'$.ssl_cipher'),'') AS `ssl_cipher`,ifnull(json_value(`global_priv`.`Priv`,'$.x509_issuer'),'') AS `x509_issuer`,ifnull(json_value(`global_priv`.`Priv`,'$.x509_subject'),'') AS `x509_subject`,cast(ifnull(json_value(`global_priv`.`Priv`,'$.max_questions'),0) as unsigned) AS `max_questions`,cast(ifnull(json_value(`global_priv`.`Priv`,'$.max_updates'),0) as unsigned) AS `max_updates`,cast(ifnull(json_value(`global_priv`.`Priv`,'$.max_connections'),0) as unsigned) AS `max_connections`,cast(ifnull(json_value(`global_priv`.`Priv`,'$.max_user_connections'),0) as signed) AS `max_user_connections`,ifnull(json_value(`global_priv`.`Priv`,'$.plugin'),'') AS `plugin`,ifnull(json_value(`global_priv`.`Priv`,'$.authentication_string'),'') AS `authentication_string`,'N' AS `password_expired`,elt(ifnull(json_value(`global_priv`.`Priv`,'$.is_role'),0) + 1,'N','Y') AS `is_role`,ifnull(json_value(`global_priv`.`Priv`,'$.default_role'),'') AS `default_role`,cast(ifnull(json_value(`global_priv`.`Priv`,'$.max_statement_time'),0.0) as decimal(12,6)) AS `max_statement_time` from `global_priv`	latin1	latin1_swedish_ci
 show create table func;
 Table	Create Table
 func	CREATE TABLE `func` (

mysql-test/main/system_mysql_db_fix40123.result

@@ -100,7 +100,7 @@ db	CREATE TABLE `db` (
 ) ENGINE=Aria DEFAULT CHARSET=utf8 COLLATE=utf8_bin PAGE_CHECKSUM=1 TRANSACTIONAL=1 COMMENT='Database privileges'
 show create table user;
 View	Create View	character_set_client	collation_connection
-user	CREATE ALGORITHM=UNDEFINED DEFINER=`root`@`localhost` SQL SECURITY DEFINER VIEW `user` AS select `global_priv`.`Host` AS `Host`,`global_priv`.`User` AS `User`,if(json_value(`global_priv`.`Priv`,'$.plugin') in ('mysql_native_password','mysql_old_password'),ifnull(json_value(`global_priv`.`Priv`,'$.authentication_string'),''),'') AS `Password`,if(json_value(`global_priv`.`Priv`,'$.access') & 1,'Y','N') AS `Select_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 2,'Y','N') AS `Insert_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 4,'Y','N') AS `Update_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 8,'Y','N') AS `Delete_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 16,'Y','N') AS `Create_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 32,'Y','N') AS `Drop_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 64,'Y','N') AS `Reload_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 128,'Y','N') AS `Shutdown_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 256,'Y','N') AS `Process_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 512,'Y','N') AS `File_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 1024,'Y','N') AS `Grant_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 2048,'Y','N') AS `References_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 4096,'Y','N') AS `Index_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 8192,'Y','N') AS `Alter_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 16384,'Y','N') AS `Show_db_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 32768,'Y','N') AS `Super_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 65536,'Y','N') AS `Create_tmp_table_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 131072,'Y','N') AS `Lock_tables_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 262144,'Y','N') AS `Execute_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 524288,'Y','N') AS `Repl_slave_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 1048576,'Y','N') AS `Repl_client_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 2097152,'Y','N') AS `Create_view_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 4194304,'Y','N') AS `Show_view_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 8388608,'Y','N') AS `Create_routine_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 16777216,'Y','N') AS `Alter_routine_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 33554432,'Y','N') AS `Create_user_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 67108864,'Y','N') AS `Event_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 134217728,'Y','N') AS `Trigger_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 268435456,'Y','N') AS `Create_tablespace_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 536870912,'Y','N') AS `Delete_history_priv`,elt(ifnull(json_value(`global_priv`.`Priv`,'$.ssl_type'),0) + 1,'','ANY','X509','SPECIFIED') AS `ssl_type`,ifnull(json_value(`global_priv`.`Priv`,'$.ssl_cipher'),'') AS `ssl_cipher`,ifnull(json_value(`global_priv`.`Priv`,'$.x509_issuer'),'') AS `x509_issuer`,ifnull(json_value(`global_priv`.`Priv`,'$.x509_subject'),'') AS `x509_subject`,cast(ifnull(json_value(`global_priv`.`Priv`,'$.max_questions'),0) as unsigned) AS `max_questions`,cast(ifnull(json_value(`global_priv`.`Priv`,'$.max_updates'),0) as unsigned) AS `max_updates`,cast(ifnull(json_value(`global_priv`.`Priv`,'$.max_connections'),0) as unsigned) AS `max_connections`,cast(ifnull(json_value(`global_priv`.`Priv`,'$.max_user_connections'),0) as signed) AS `max_user_connections`,ifnull(json_value(`global_priv`.`Priv`,'$.plugin'),'') AS `plugin`,ifnull(json_value(`global_priv`.`Priv`,'$.authentication_string'),'') AS `authentication_string`,'N' AS `password_expired`,elt(ifnull(json_value(`global_priv`.`Priv`,'$.is_role'),0) + 1,'N','Y') AS `is_role`,ifnull(json_value(`global_priv`.`Priv`,'$.default_role'),'') AS `default_role`,cast(ifnull(json_value(`global_priv`.`Priv`,'$.max_statement_time'),0.0) as decimal(12,6)) AS `max_statement_time` from `global_priv`	latin1	latin1_swedish_ci
+user	CREATE ALGORITHM=UNDEFINED DEFINER=`mariadb.sys`@`localhost` SQL SECURITY DEFINER VIEW `user` AS select `global_priv`.`Host` AS `Host`,`global_priv`.`User` AS `User`,if(json_value(`global_priv`.`Priv`,'$.plugin') in ('mysql_native_password','mysql_old_password'),ifnull(json_value(`global_priv`.`Priv`,'$.authentication_string'),''),'') AS `Password`,if(json_value(`global_priv`.`Priv`,'$.access') & 1,'Y','N') AS `Select_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 2,'Y','N') AS `Insert_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 4,'Y','N') AS `Update_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 8,'Y','N') AS `Delete_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 16,'Y','N') AS `Create_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 32,'Y','N') AS `Drop_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 64,'Y','N') AS `Reload_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 128,'Y','N') AS `Shutdown_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 256,'Y','N') AS `Process_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 512,'Y','N') AS `File_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 1024,'Y','N') AS `Grant_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 2048,'Y','N') AS `References_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 4096,'Y','N') AS `Index_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 8192,'Y','N') AS `Alter_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 16384,'Y','N') AS `Show_db_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 32768,'Y','N') AS `Super_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 65536,'Y','N') AS `Create_tmp_table_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 131072,'Y','N') AS `Lock_tables_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 262144,'Y','N') AS `Execute_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 524288,'Y','N') AS `Repl_slave_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 1048576,'Y','N') AS `Repl_client_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 2097152,'Y','N') AS `Create_view_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 4194304,'Y','N') AS `Show_view_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 8388608,'Y','N') AS `Create_routine_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 16777216,'Y','N') AS `Alter_routine_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 33554432,'Y','N') AS `Create_user_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 67108864,'Y','N') AS `Event_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 134217728,'Y','N') AS `Trigger_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 268435456,'Y','N') AS `Create_tablespace_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 536870912,'Y','N') AS `Delete_history_priv`,elt(ifnull(json_value(`global_priv`.`Priv`,'$.ssl_type'),0) + 1,'','ANY','X509','SPECIFIED') AS `ssl_type`,ifnull(json_value(`global_priv`.`Priv`,'$.ssl_cipher'),'') AS `ssl_cipher`,ifnull(json_value(`global_priv`.`Priv`,'$.x509_issuer'),'') AS `x509_issuer`,ifnull(json_value(`global_priv`.`Priv`,'$.x509_subject'),'') AS `x509_subject`,cast(ifnull(json_value(`global_priv`.`Priv`,'$.max_questions'),0) as unsigned) AS `max_questions`,cast(ifnull(json_value(`global_priv`.`Priv`,'$.max_updates'),0) as unsigned) AS `max_updates`,cast(ifnull(json_value(`global_priv`.`Priv`,'$.max_connections'),0) as unsigned) AS `max_connections`,cast(ifnull(json_value(`global_priv`.`Priv`,'$.max_user_connections'),0) as signed) AS `max_user_connections`,ifnull(json_value(`global_priv`.`Priv`,'$.plugin'),'') AS `plugin`,ifnull(json_value(`global_priv`.`Priv`,'$.authentication_string'),'') AS `authentication_string`,'N' AS `password_expired`,elt(ifnull(json_value(`global_priv`.`Priv`,'$.is_role'),0) + 1,'N','Y') AS `is_role`,ifnull(json_value(`global_priv`.`Priv`,'$.default_role'),'') AS `default_role`,cast(ifnull(json_value(`global_priv`.`Priv`,'$.max_statement_time'),0.0) as decimal(12,6)) AS `max_statement_time` from `global_priv`	latin1	latin1_swedish_ci
 show create table func;
 Table	Create Table
 func	CREATE TABLE `func` (

mysql-test/main/system_mysql_db_fix50030.result

@@ -104,7 +104,7 @@ db	CREATE TABLE `db` (
 ) ENGINE=Aria DEFAULT CHARSET=utf8 COLLATE=utf8_bin PAGE_CHECKSUM=1 TRANSACTIONAL=1 COMMENT='Database privileges'
 show create table user;
 View	Create View	character_set_client	collation_connection
-user	CREATE ALGORITHM=UNDEFINED DEFINER=`root`@`localhost` SQL SECURITY DEFINER VIEW `user` AS select `global_priv`.`Host` AS `Host`,`global_priv`.`User` AS `User`,if(json_value(`global_priv`.`Priv`,'$.plugin') in ('mysql_native_password','mysql_old_password'),ifnull(json_value(`global_priv`.`Priv`,'$.authentication_string'),''),'') AS `Password`,if(json_value(`global_priv`.`Priv`,'$.access') & 1,'Y','N') AS `Select_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 2,'Y','N') AS `Insert_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 4,'Y','N') AS `Update_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 8,'Y','N') AS `Delete_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 16,'Y','N') AS `Create_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 32,'Y','N') AS `Drop_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 64,'Y','N') AS `Reload_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 128,'Y','N') AS `Shutdown_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 256,'Y','N') AS `Process_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 512,'Y','N') AS `File_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 1024,'Y','N') AS `Grant_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 2048,'Y','N') AS `References_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 4096,'Y','N') AS `Index_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 8192,'Y','N') AS `Alter_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 16384,'Y','N') AS `Show_db_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 32768,'Y','N') AS `Super_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 65536,'Y','N') AS `Create_tmp_table_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 131072,'Y','N') AS `Lock_tables_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 262144,'Y','N') AS `Execute_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 524288,'Y','N') AS `Repl_slave_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 1048576,'Y','N') AS `Repl_client_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 2097152,'Y','N') AS `Create_view_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 4194304,'Y','N') AS `Show_view_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 8388608,'Y','N') AS `Create_routine_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 16777216,'Y','N') AS `Alter_routine_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 33554432,'Y','N') AS `Create_user_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 67108864,'Y','N') AS `Event_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 134217728,'Y','N') AS `Trigger_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 268435456,'Y','N') AS `Create_tablespace_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 536870912,'Y','N') AS `Delete_history_priv`,elt(ifnull(json_value(`global_priv`.`Priv`,'$.ssl_type'),0) + 1,'','ANY','X509','SPECIFIED') AS `ssl_type`,ifnull(json_value(`global_priv`.`Priv`,'$.ssl_cipher'),'') AS `ssl_cipher`,ifnull(json_value(`global_priv`.`Priv`,'$.x509_issuer'),'') AS `x509_issuer`,ifnull(json_value(`global_priv`.`Priv`,'$.x509_subject'),'') AS `x509_subject`,cast(ifnull(json_value(`global_priv`.`Priv`,'$.max_questions'),0) as unsigned) AS `max_questions`,cast(ifnull(json_value(`global_priv`.`Priv`,'$.max_updates'),0) as unsigned) AS `max_updates`,cast(ifnull(json_value(`global_priv`.`Priv`,'$.max_connections'),0) as unsigned) AS `max_connections`,cast(ifnull(json_value(`global_priv`.`Priv`,'$.max_user_connections'),0) as signed) AS `max_user_connections`,ifnull(json_value(`global_priv`.`Priv`,'$.plugin'),'') AS `plugin`,ifnull(json_value(`global_priv`.`Priv`,'$.authentication_string'),'') AS `authentication_string`,'N' AS `password_expired`,elt(ifnull(json_value(`global_priv`.`Priv`,'$.is_role'),0) + 1,'N','Y') AS `is_role`,ifnull(json_value(`global_priv`.`Priv`,'$.default_role'),'') AS `default_role`,cast(ifnull(json_value(`global_priv`.`Priv`,'$.max_statement_time'),0.0) as decimal(12,6)) AS `max_statement_time` from `global_priv`	latin1	latin1_swedish_ci
+user	CREATE ALGORITHM=UNDEFINED DEFINER=`mariadb.sys`@`localhost` SQL SECURITY DEFINER VIEW `user` AS select `global_priv`.`Host` AS `Host`,`global_priv`.`User` AS `User`,if(json_value(`global_priv`.`Priv`,'$.plugin') in ('mysql_native_password','mysql_old_password'),ifnull(json_value(`global_priv`.`Priv`,'$.authentication_string'),''),'') AS `Password`,if(json_value(`global_priv`.`Priv`,'$.access') & 1,'Y','N') AS `Select_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 2,'Y','N') AS `Insert_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 4,'Y','N') AS `Update_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 8,'Y','N') AS `Delete_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 16,'Y','N') AS `Create_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 32,'Y','N') AS `Drop_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 64,'Y','N') AS `Reload_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 128,'Y','N') AS `Shutdown_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 256,'Y','N') AS `Process_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 512,'Y','N') AS `File_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 1024,'Y','N') AS `Grant_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 2048,'Y','N') AS `References_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 4096,'Y','N') AS `Index_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 8192,'Y','N') AS `Alter_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 16384,'Y','N') AS `Show_db_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 32768,'Y','N') AS `Super_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 65536,'Y','N') AS `Create_tmp_table_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 131072,'Y','N') AS `Lock_tables_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 262144,'Y','N') AS `Execute_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 524288,'Y','N') AS `Repl_slave_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 1048576,'Y','N') AS `Repl_client_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 2097152,'Y','N') AS `Create_view_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 4194304,'Y','N') AS `Show_view_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 8388608,'Y','N') AS `Create_routine_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 16777216,'Y','N') AS `Alter_routine_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 33554432,'Y','N') AS `Create_user_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 67108864,'Y','N') AS `Event_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 134217728,'Y','N') AS `Trigger_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 268435456,'Y','N') AS `Create_tablespace_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 536870912,'Y','N') AS `Delete_history_priv`,elt(ifnull(json_value(`global_priv`.`Priv`,'$.ssl_type'),0) + 1,'','ANY','X509','SPECIFIED') AS `ssl_type`,ifnull(json_value(`global_priv`.`Priv`,'$.ssl_cipher'),'') AS `ssl_cipher`,ifnull(json_value(`global_priv`.`Priv`,'$.x509_issuer'),'') AS `x509_issuer`,ifnull(json_value(`global_priv`.`Priv`,'$.x509_subject'),'') AS `x509_subject`,cast(ifnull(json_value(`global_priv`.`Priv`,'$.max_questions'),0) as unsigned) AS `max_questions`,cast(ifnull(json_value(`global_priv`.`Priv`,'$.max_updates'),0) as unsigned) AS `max_updates`,cast(ifnull(json_value(`global_priv`.`Priv`,'$.max_connections'),0) as unsigned) AS `max_connections`,cast(ifnull(json_value(`global_priv`.`Priv`,'$.max_user_connections'),0) as signed) AS `max_user_connections`,ifnull(json_value(`global_priv`.`Priv`,'$.plugin'),'') AS `plugin`,ifnull(json_value(`global_priv`.`Priv`,'$.authentication_string'),'') AS `authentication_string`,'N' AS `password_expired`,elt(ifnull(json_value(`global_priv`.`Priv`,'$.is_role'),0) + 1,'N','Y') AS `is_role`,ifnull(json_value(`global_priv`.`Priv`,'$.default_role'),'') AS `default_role`,cast(ifnull(json_value(`global_priv`.`Priv`,'$.max_statement_time'),0.0) as decimal(12,6)) AS `max_statement_time` from `global_priv`	latin1	latin1_swedish_ci
 show create table func;
 Table	Create Table
 func	CREATE TABLE `func` (

mysql-test/main/system_mysql_db_fix50117.result

@@ -84,7 +84,7 @@ db	CREATE TABLE `db` (
 ) ENGINE=Aria DEFAULT CHARSET=utf8 COLLATE=utf8_bin PAGE_CHECKSUM=1 TRANSACTIONAL=1 COMMENT='Database privileges'
 show create table user;
 View	Create View	character_set_client	collation_connection
-user	CREATE ALGORITHM=UNDEFINED DEFINER=`root`@`localhost` SQL SECURITY DEFINER VIEW `user` AS select `global_priv`.`Host` AS `Host`,`global_priv`.`User` AS `User`,if(json_value(`global_priv`.`Priv`,'$.plugin') in ('mysql_native_password','mysql_old_password'),ifnull(json_value(`global_priv`.`Priv`,'$.authentication_string'),''),'') AS `Password`,if(json_value(`global_priv`.`Priv`,'$.access') & 1,'Y','N') AS `Select_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 2,'Y','N') AS `Insert_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 4,'Y','N') AS `Update_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 8,'Y','N') AS `Delete_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 16,'Y','N') AS `Create_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 32,'Y','N') AS `Drop_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 64,'Y','N') AS `Reload_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 128,'Y','N') AS `Shutdown_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 256,'Y','N') AS `Process_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 512,'Y','N') AS `File_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 1024,'Y','N') AS `Grant_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 2048,'Y','N') AS `References_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 4096,'Y','N') AS `Index_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 8192,'Y','N') AS `Alter_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 16384,'Y','N') AS `Show_db_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 32768,'Y','N') AS `Super_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 65536,'Y','N') AS `Create_tmp_table_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 131072,'Y','N') AS `Lock_tables_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 262144,'Y','N') AS `Execute_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 524288,'Y','N') AS `Repl_slave_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 1048576,'Y','N') AS `Repl_client_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 2097152,'Y','N') AS `Create_view_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 4194304,'Y','N') AS `Show_view_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 8388608,'Y','N') AS `Create_routine_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 16777216,'Y','N') AS `Alter_routine_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 33554432,'Y','N') AS `Create_user_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 67108864,'Y','N') AS `Event_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 134217728,'Y','N') AS `Trigger_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 268435456,'Y','N') AS `Create_tablespace_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 536870912,'Y','N') AS `Delete_history_priv`,elt(ifnull(json_value(`global_priv`.`Priv`,'$.ssl_type'),0) + 1,'','ANY','X509','SPECIFIED') AS `ssl_type`,ifnull(json_value(`global_priv`.`Priv`,'$.ssl_cipher'),'') AS `ssl_cipher`,ifnull(json_value(`global_priv`.`Priv`,'$.x509_issuer'),'') AS `x509_issuer`,ifnull(json_value(`global_priv`.`Priv`,'$.x509_subject'),'') AS `x509_subject`,cast(ifnull(json_value(`global_priv`.`Priv`,'$.max_questions'),0) as unsigned) AS `max_questions`,cast(ifnull(json_value(`global_priv`.`Priv`,'$.max_updates'),0) as unsigned) AS `max_updates`,cast(ifnull(json_value(`global_priv`.`Priv`,'$.max_connections'),0) as unsigned) AS `max_connections`,cast(ifnull(json_value(`global_priv`.`Priv`,'$.max_user_connections'),0) as signed) AS `max_user_connections`,ifnull(json_value(`global_priv`.`Priv`,'$.plugin'),'') AS `plugin`,ifnull(json_value(`global_priv`.`Priv`,'$.authentication_string'),'') AS `authentication_string`,'N' AS `password_expired`,elt(ifnull(json_value(`global_priv`.`Priv`,'$.is_role'),0) + 1,'N','Y') AS `is_role`,ifnull(json_value(`global_priv`.`Priv`,'$.default_role'),'') AS `default_role`,cast(ifnull(json_value(`global_priv`.`Priv`,'$.max_statement_time'),0.0) as decimal(12,6)) AS `max_statement_time` from `global_priv`	latin1	latin1_swedish_ci
+user	CREATE ALGORITHM=UNDEFINED DEFINER=`mariadb.sys`@`localhost` SQL SECURITY DEFINER VIEW `user` AS select `global_priv`.`Host` AS `Host`,`global_priv`.`User` AS `User`,if(json_value(`global_priv`.`Priv`,'$.plugin') in ('mysql_native_password','mysql_old_password'),ifnull(json_value(`global_priv`.`Priv`,'$.authentication_string'),''),'') AS `Password`,if(json_value(`global_priv`.`Priv`,'$.access') & 1,'Y','N') AS `Select_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 2,'Y','N') AS `Insert_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 4,'Y','N') AS `Update_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 8,'Y','N') AS `Delete_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 16,'Y','N') AS `Create_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 32,'Y','N') AS `Drop_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 64,'Y','N') AS `Reload_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 128,'Y','N') AS `Shutdown_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 256,'Y','N') AS `Process_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 512,'Y','N') AS `File_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 1024,'Y','N') AS `Grant_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 2048,'Y','N') AS `References_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 4096,'Y','N') AS `Index_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 8192,'Y','N') AS `Alter_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 16384,'Y','N') AS `Show_db_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 32768,'Y','N') AS `Super_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 65536,'Y','N') AS `Create_tmp_table_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 131072,'Y','N') AS `Lock_tables_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 262144,'Y','N') AS `Execute_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 524288,'Y','N') AS `Repl_slave_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 1048576,'Y','N') AS `Repl_client_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 2097152,'Y','N') AS `Create_view_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 4194304,'Y','N') AS `Show_view_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 8388608,'Y','N') AS `Create_routine_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 16777216,'Y','N') AS `Alter_routine_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 33554432,'Y','N') AS `Create_user_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 67108864,'Y','N') AS `Event_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 134217728,'Y','N') AS `Trigger_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 268435456,'Y','N') AS `Create_tablespace_priv`,if(json_value(`global_priv`.`Priv`,'$.access') & 536870912,'Y','N') AS `Delete_history_priv`,elt(ifnull(json_value(`global_priv`.`Priv`,'$.ssl_type'),0) + 1,'','ANY','X509','SPECIFIED') AS `ssl_type`,ifnull(json_value(`global_priv`.`Priv`,'$.ssl_cipher'),'') AS `ssl_cipher`,ifnull(json_value(`global_priv`.`Priv`,'$.x509_issuer'),'') AS `x509_issuer`,ifnull(json_value(`global_priv`.`Priv`,'$.x509_subject'),'') AS `x509_subject`,cast(ifnull(json_value(`global_priv`.`Priv`,'$.max_questions'),0) as unsigned) AS `max_questions`,cast(ifnull(json_value(`global_priv`.`Priv`,'$.max_updates'),0) as unsigned) AS `max_updates`,cast(ifnull(json_value(`global_priv`.`Priv`,'$.max_connections'),0) as unsigned) AS `max_connections`,cast(ifnull(json_value(`global_priv`.`Priv`,'$.max_user_connections'),0) as signed) AS `max_user_connections`,ifnull(json_value(`global_priv`.`Priv`,'$.plugin'),'') AS `plugin`,ifnull(json_value(`global_priv`.`Priv`,'$.authentication_string'),'') AS `authentication_string`,'N' AS `password_expired`,elt(ifnull(json_value(`global_priv`.`Priv`,'$.is_role'),0) + 1,'N','Y') AS `is_role`,ifnull(json_value(`global_priv`.`Priv`,'$.default_role'),'') AS `default_role`,cast(ifnull(json_value(`global_priv`.`Priv`,'$.max_statement_time'),0.0) as decimal(12,6)) AS `max_statement_time` from `global_priv`	latin1	latin1_swedish_ci
 show create table func;
 Table	Create Table
 func	CREATE TABLE `func` (

mysql-test/main/upgrade_MDEV-19650.test

+
+-- source include/mysql_upgrade_preparation.inc
+
+call mtr.add_suppression("Cannot load from mysql.proc. The table is probably corrupted");
+create database mysqltest1;
+use mysqltest1;
+create table save_global_priv as select * from mysql.global_priv;
+create table save_tables_priv as select * from mysql.tables_priv;
+create table save_proxies_priv as select * from mysql.proxies_priv;
+create table mysql.save_proc like mysql.proc;
+insert into mysql.save_proc select * from mysql.proc;
+set @save_sql_mode= @@sql_mode;
+
+use mysql;
+
+--echo # make old definition of gis procedures and user view
+
+drop view user;
+
+CREATE DEFINER='root'@'localhost' SQL SECURITY DEFINER VIEW IF NOT EXISTS user AS SELECT
+  Host,
+  User,
+  IF(JSON_VALUE(Priv, '$.plugin') IN ('mysql_native_password', 'mysql_old_password'), IFNULL(JSON_VALUE(Priv, '$.authentication_string'), ''), '') AS Password,
+  IF(JSON_VALUE(Priv, '$.access') &         1, 'Y', 'N') AS Select_priv,
+  IF(JSON_VALUE(Priv, '$.access') &         2, 'Y', 'N') AS Insert_priv,
+  IF(JSON_VALUE(Priv, '$.access') &         4, 'Y', 'N') AS Update_priv,
+  IF(JSON_VALUE(Priv, '$.access') &         8, 'Y', 'N') AS Delete_priv,
+  IF(JSON_VALUE(Priv, '$.access') &        16, 'Y', 'N') AS Create_priv,
+  IF(JSON_VALUE(Priv, '$.access') &        32, 'Y', 'N') AS Drop_priv,
+  IF(JSON_VALUE(Priv, '$.access') &        64, 'Y', 'N') AS Reload_priv,
+  IF(JSON_VALUE(Priv, '$.access') &       128, 'Y', 'N') AS Shutdown_priv,
+  IF(JSON_VALUE(Priv, '$.access') &       256, 'Y', 'N') AS Process_priv,
+  IF(JSON_VALUE(Priv, '$.access') &       512, 'Y', 'N') AS File_priv,
+  IF(JSON_VALUE(Priv, '$.access') &      1024, 'Y', 'N') AS Grant_priv,
+  IF(JSON_VALUE(Priv, '$.access') &      2048, 'Y', 'N') AS References_priv,
+  IF(JSON_VALUE(Priv, '$.access') &      4096, 'Y', 'N') AS Index_priv,
+  IF(JSON_VALUE(Priv, '$.access') &      8192, 'Y', 'N') AS Alter_priv,
+  IF(JSON_VALUE(Priv, '$.access') &     16384, 'Y', 'N') AS Show_db_priv,
+  IF(JSON_VALUE(Priv, '$.access') &     32768, 'Y', 'N') AS Super_priv,
+  IF(JSON_VALUE(Priv, '$.access') &     65536, 'Y', 'N') AS Create_tmp_table_priv,
+  IF(JSON_VALUE(Priv, '$.access') &    131072, 'Y', 'N') AS Lock_tables_priv,
+  IF(JSON_VALUE(Priv, '$.access') &    262144, 'Y', 'N') AS Execute_priv,
+  IF(JSON_VALUE(Priv, '$.access') &    524288, 'Y', 'N') AS Repl_slave_priv,
+  IF(JSON_VALUE(Priv, '$.access') &   1048576, 'Y', 'N') AS Repl_client_priv,
+  IF(JSON_VALUE(Priv, '$.access') &   2097152, 'Y', 'N') AS Create_view_priv,
+  IF(JSON_VALUE(Priv, '$.access') &   4194304, 'Y', 'N') AS Show_view_priv,
+  IF(JSON_VALUE(Priv, '$.access') &   8388608, 'Y', 'N') AS Create_routine_priv,
+  IF(JSON_VALUE(Priv, '$.access') &  16777216, 'Y', 'N') AS Alter_routine_priv,
+  IF(JSON_VALUE(Priv, '$.access') &  33554432, 'Y', 'N') AS Create_user_priv,
+  IF(JSON_VALUE(Priv, '$.access') &  67108864, 'Y', 'N') AS Event_priv,
+  IF(JSON_VALUE(Priv, '$.access') & 134217728, 'Y', 'N') AS Trigger_priv,
+  IF(JSON_VALUE(Priv, '$.access') & 268435456, 'Y', 'N') AS Create_tablespace_priv,
+  IF(JSON_VALUE(Priv, '$.access') & 536870912, 'Y', 'N') AS Delete_history_priv,
+  ELT(IFNULL(JSON_VALUE(Priv, '$.ssl_type'), 0) + 1, '', 'ANY','X509', 'SPECIFIED') AS ssl_type,
+  IFNULL(JSON_VALUE(Priv, '$.ssl_cipher'), '') AS ssl_cipher,
+  IFNULL(JSON_VALUE(Priv, '$.x509_issuer'), '') AS x509_issuer,
+  IFNULL(JSON_VALUE(Priv, '$.x509_subject'), '') AS x509_subject,
+  CAST(IFNULL(JSON_VALUE(Priv, '$.max_questions'), 0) AS UNSIGNED) AS max_questions,
+  CAST(IFNULL(JSON_VALUE(Priv, '$.max_updates'), 0) AS UNSIGNED) AS max_updates,
+  CAST(IFNULL(JSON_VALUE(Priv, '$.max_connections'), 0) AS UNSIGNED) AS max_connections,
+  CAST(IFNULL(JSON_VALUE(Priv, '$.max_user_connections'), 0) AS SIGNED) AS max_user_connections,
+  IFNULL(JSON_VALUE(Priv, '$.plugin'), '') AS plugin,
+  IFNULL(JSON_VALUE(Priv, '$.authentication_string'), '') AS authentication_string,
+  'N' AS password_expired,
+  ELT(IFNULL(JSON_VALUE(Priv, '$.is_role'), 0) + 1, 'N', 'Y') AS is_role,
+  IFNULL(JSON_VALUE(Priv, '$.default_role'), '') AS default_role,
+  CAST(IFNULL(JSON_VALUE(Priv, '$.max_statement_time'), 0.0) AS DECIMAL(12,6)) AS max_statement_time
+  FROM global_priv;
+
+
+SET sql_mode='';
+
+delimiter |;
+
+DROP PROCEDURE IF EXISTS mysql.AddGeometryColumn;
+DROP PROCEDURE IF EXISTS mysql.DropGeometryColumn;
+
+CREATE DEFINER=`root`@`localhost` PROCEDURE AddGeometryColumn(catalog varchar(64), t_schema varchar(64),
+   t_name varchar(64), geometry_column varchar(64), t_srid int) SQL SECURITY INVOKER
+begin
+  set @qwe= concat('ALTER TABLE ', t_schema, '.', t_name, ' ADD ', geometry_column,' GEOMETRY REF_SYSTEM_ID=', t_srid); PREPARE ls from @qwe; execute ls; deallocate prepare ls; end |
+
+CREATE DEFINER=`root`@`localhost` PROCEDURE DropGeometryColumn(catalog varchar(64), t_schema varchar(64),
+   t_name varchar(64), geometry_column varchar(64)) SQL SECURITY INVOKER
+begin
+  set @qwe= concat('ALTER TABLE ', t_schema, '.', t_name, ' DROP ', geometry_column); PREPARE ls from @qwe; execute ls; deallocate prepare ls; end |
+
+delimiter ;|
+set @@sql_mode= @save_sql_mode;
+
+drop user 'mariadb.sys'@'localhost';
+
+--echo # check old definitions mysql_upgrade
+
+SELECT count(*) FROM information_schema.VIEWS WHERE TABLE_CATALOG = 'def' and TABLE_SCHEMA = 'mysql' and TABLE_NAME='user' and DEFINER = 'root@localhost';
+SELECT count(*) FROM information_schema.VIEWS WHERE TABLE_CATALOG = 'def' and TABLE_SCHEMA = 'mysql' and TABLE_NAME='user' and DEFINER = 'mariadb.sys@localhost';
+SELECT * FROM information_schema.USER_PRIVILEGES WHERE GRANTEE="'mariadb.sys'@'localhost'";
+SELECT * FROM information_schema.TABLE_PRIVILEGES WHERE GRANTEE="'mariadb.sys'@'localhost'";
+
+let $MYSQLD_DATADIR= `select @@datadir`;
+
+--echo # Run mysql_upgrade
+--exec $MYSQL_UPGRADE  2>&1
+--file_exists $MYSQLD_DATADIR/mysql_upgrade_info
+--remove_file $MYSQLD_DATADIR/mysql_upgrade_info
+
+--echo # check new definitions mysql_upgrade
+
+SELECT count(*) FROM information_schema.VIEWS WHERE TABLE_CATALOG = 'def' and TABLE_SCHEMA = 'mysql' and TABLE_NAME='user' and DEFINER = 'root@localhost';
+SELECT count(*) FROM information_schema.VIEWS WHERE TABLE_CATALOG = 'def' and TABLE_SCHEMA = 'mysql' and TABLE_NAME='user' and DEFINER = 'mariadb.sys@localhost';
+SELECT * FROM information_schema.USER_PRIVILEGES WHERE GRANTEE="'mariadb.sys'@'localhost'";
+SELECT * FROM information_schema.TABLE_PRIVILEGES WHERE GRANTEE="'mariadb.sys'@'localhost'";
+
+--echo # check non root
+
+CREATE USER 'not_root'@'localhost';
+GRANT ALL PRIVILEGES ON *.* TO 'not_root'@'localhost';
+GRANT PROXY ON ''@'%' TO 'not_root'@'localhost' WITH GRANT OPTION;
+
+connect  con1,localhost,not_root,,;
+
+connection con1;
+
+DROP USER 'root'@'localhost';
+DROP USER 'root'@'127.0.0.1';
+DROP USER 'root'@'::1';
+
+use mysqltest1;
+
+create table t1 (a int);
+call mysql.AddGeometryColumn("def", "mysqltest1", "t1", "g", 101);
+
+show create table t1;
+use mysql;
+
+select count(*) from user;
+
+--echo # restore environment
+
+delete from global_priv;
+delete from tables_priv;
+delete from proxies_priv;
+delete from proc;
+insert into mysql.global_priv select * from mysqltest1.save_global_priv;
+insert into mysql.tables_priv select * from mysqltest1.save_tables_priv;
+insert into mysql.proxies_priv select * from mysqltest1.save_proxies_priv;
+rename table proc to bad_proc;
+rename table save_proc to proc;
+drop table bad_proc;
+flush privileges;
+
+disconnect default;
+connect  default,localhost,root,,;
+connection default;
+disconnect con1;
+
+drop database mysqltest1;
+
+--echo # End of 10.4 tests (but better do not add other tests here)

mysql-test/main/view_grant.result

@@ -1343,6 +1343,9 @@ disconnect root;
 connection default;
 select * from information_schema.table_privileges;
 GRANTEE	TABLE_CATALOG	TABLE_SCHEMA	TABLE_NAME	PRIVILEGE_TYPE	IS_GRANTABLE
+'mariadb.sys'@'localhost'	def	mysql	global_priv	SELECT	NO
+'mariadb.sys'@'localhost'	def	mysql	global_priv	UPDATE	NO
+'mariadb.sys'@'localhost'	def	mysql	global_priv	DELETE	NO
 End of 5.0 tests.
 connection default;
 DROP VIEW IF EXISTS v1;

mysql-test/suite/funcs_1/r/is_statistics.result

@@ -238,8 +238,8 @@ def	db_datadict_2	t4	0	db_datadict_2	PRIMARY	1	f1	NULL	0	NULL	NULL		HASH
 SHOW GRANTS FOR 'testuser1'@'localhost';
 Grants for testuser1@localhost
 GRANT USAGE ON *.* TO `testuser1`@`localhost`
-GRANT SELECT ON `db_datadict`.`t1` TO `testuser1`@`localhost` WITH GRANT OPTION
 GRANT SELECT (f5, f1) ON `db_datadict_2`.`t3` TO `testuser1`@`localhost`
+GRANT SELECT ON `db_datadict`.`t1` TO `testuser1`@`localhost` WITH GRANT OPTION
 SHOW GRANTS FOR 'testuser2'@'localhost';
 Grants for testuser2@localhost
 GRANT USAGE ON *.* TO `testuser2`@`localhost`
@@ -257,8 +257,8 @@ def	db_datadict_2	t3	0	db_datadict_2	PRIMARY	1	f1	NULL	0	NULL	NULL		HASH
 SHOW GRANTS FOR 'testuser1'@'localhost';
 Grants for testuser1@localhost
 GRANT USAGE ON *.* TO `testuser1`@`localhost`
-GRANT SELECT ON `db_datadict`.`t1` TO `testuser1`@`localhost` WITH GRANT OPTION
 GRANT SELECT (f5, f1) ON `db_datadict_2`.`t3` TO `testuser1`@`localhost`
+GRANT SELECT ON `db_datadict`.`t1` TO `testuser1`@`localhost` WITH GRANT OPTION
 SHOW GRANTS FOR 'testuser2'@'localhost';
 ERROR 42000: Access denied for user 'testuser1'@'localhost' to database 'mysql'
 connection testuser2;

mysql-test/suite/funcs_1/r/is_table_privileges.result

@@ -55,6 +55,9 @@ IS_GRANTABLE	varchar(3)	NO
 SELECT table_catalog, table_schema, table_name, privilege_type
 FROM information_schema.table_privileges WHERE table_catalog IS NOT NULL;
 table_catalog	table_schema	table_name	privilege_type
+def	mysql	global_priv	SELECT
+def	mysql	global_priv	UPDATE
+def	mysql	global_priv	DELETE
 ######################################################################
 # Testcase 3.2.11.2+3.2.11.3+3.2.11.4:
 #          INFORMATION_SCHEMA.TABLE_PRIVILEGES accessible information
@@ -227,8 +230,8 @@ ERROR 42000: There is no such grant defined for user 'testuser1' on host 'localh
 SHOW GRANTS FOR 'the_user'@'localhost';
 Grants for the_user@localhost
 GRANT USAGE ON *.* TO `the_user`@`localhost`
-GRANT ALL PRIVILEGES ON `test`.`t1_view` TO `the_user`@`localhost`
 GRANT ALL PRIVILEGES ON `test`.`t1_table` TO `the_user`@`localhost`
+GRANT ALL PRIVILEGES ON `test`.`t1_view` TO `the_user`@`localhost`
 SELECT DISTINCT table_schema,table_name FROM information_schema.table_privileges
 WHERE table_name LIKE 't1_%'
 ORDER BY table_schema,table_name;
@@ -247,8 +250,8 @@ test	t1_view
 SHOW GRANTS FOR 'the_user'@'localhost';
 Grants for the_user@localhost
 GRANT USAGE ON *.* TO `the_user`@`localhost`
-GRANT ALL PRIVILEGES ON `test`.`t1_view` TO `the_user`@`localhost`
 GRANT ALL PRIVILEGES ON `test`.`t1_table` TO `the_user`@`localhost`
+GRANT ALL PRIVILEGES ON `test`.`t1_view` TO `the_user`@`localhost`
 REVOKE ALL PRIVILEGES ON test.t1_table FROM 'the_user'@'localhost';
 REVOKE ALL PRIVILEGES ON test.t1_view  FROM 'the_user'@'localhost';
 DROP VIEW test.t1_view;

mysql-test/suite/perfschema/r/privilege_table_io.result

@@ -101,6 +101,7 @@ wait/io/table/sql/handler	handler.cc:	TABLE	mysql	global_priv	fetch	NULL
 wait/io/table/sql/handler	handler.cc:	TABLE	mysql	global_priv	fetch	NULL
 wait/io/table/sql/handler	handler.cc:	TABLE	mysql	global_priv	fetch	NULL
 wait/io/table/sql/handler	handler.cc:	TABLE	mysql	global_priv	fetch	NULL
+wait/io/table/sql/handler	handler.cc:	TABLE	mysql	global_priv	fetch	NULL
 wait/io/table/sql/handler	handler.cc:	TABLE	mysql	db	fetch	NULL
 wait/io/table/sql/handler	handler.cc:	TABLE	mysql	db	fetch	NULL
 wait/io/table/sql/handler	handler.cc:	TABLE	mysql	db	fetch	NULL
@@ -109,6 +110,7 @@ wait/io/table/sql/handler	handler.cc:	TABLE	mysql	proxies_priv	fetch	NULL
 wait/io/table/sql/handler	handler.cc:	TABLE	mysql	proxies_priv	fetch	NULL
 wait/io/table/sql/handler	handler.cc:	TABLE	mysql	roles_mapping	fetch	NULL
 wait/io/table/sql/handler	handler.cc:	TABLE	mysql	tables_priv	fetch	NULL
+wait/io/table/sql/handler	handler.cc:	TABLE	mysql	tables_priv	fetch	NULL
 wait/io/table/sql/handler	handler.cc:	TABLE	mysql	procs_priv	fetch	NULL
 wait/io/table/sql/handler	handler.cc:	TABLE	mysql	servers	fetch	NULL
 wait/io/table/sql/handler	handler.cc:	TABLE	mysql	table_stats	fetch	NULL

mysql-test/suite/roles/acl_statistics.result

@@ -9,8 +9,8 @@ Acl_package_body_grants	0
 Acl_proxy_users	2
 Acl_role_grants	0
 Acl_roles	0
-Acl_table_grants	0
-Acl_users	4
+Acl_table_grants	1
+Acl_users	5
 SELECT count(*) COLUMN_GRANTS from mysql.columns_priv;
 COLUMN_GRANTS
 0
@@ -34,10 +34,10 @@ ROLES
 0
 SELECT count(*) TABLE_GRANTS from mysql.tables_priv;
 TABLE_GRANTS
-0
+1
 SELECT count(*) USERS from mysql.user where is_role='N';
 USERS
-4
+5
 CREATE USER u1;
 CREATE ROLE r1;
 CREATE ROLE r2;
@@ -74,8 +74,8 @@ Acl_package_body_grants	0
 Acl_proxy_users	3
 Acl_role_grants	4
 Acl_roles	2
-Acl_table_grants	2
-Acl_users	5
+Acl_table_grants	3
+Acl_users	6
 SELECT count(*) COLUMN_GRANTS from mysql.columns_priv;
 COLUMN_GRANTS
 2
@@ -99,10 +99,10 @@ ROLES
 2
 SELECT count(*) TABLE_GRANTS from mysql.tables_priv;
 TABLE_GRANTS
-2
+3
 SELECT count(*) USERS from mysql.user where is_role='N';
 USERS
-5
+6
 DROP PROCEDURE mysql.test_proc;
 DROP FUNCTION mysql.test_func;
 DROP ROLE r2;

mysql-test/suite/roles/grant_revoke_current.result

@@ -41,4 +41,4 @@ GRANT PROXY ON ''@'%' TO 'root'@'localhost' WITH GRANT OPTION
 GRANT USAGE ON *.* TO `r1`
 set password='';
 drop role r1;
-update mysql.global_priv set priv=@root_priv;
+update mysql.global_priv set priv=@root_priv where user='root' and host='localhost';

mysql-test/suite/roles/grant_revoke_current.test

@@ -29,4 +29,4 @@ set password='';
 
 #cleanup
 drop role r1;
-update mysql.global_priv set priv=@root_priv;
+update mysql.global_priv set priv=@root_priv where user='root' and host='localhost';

mysql-test/suite/roles/set_role-database-recursive.result

@@ -6,6 +6,7 @@ grant test_role2 to test_user@localhost;
 grant test_role2 to test_role1;
 select user, host from mysql.user where user not like 'root';
 User	Host
+mariadb.sys	localhost
 test_role1	
 test_role2	
 test_user	localhost

mysql-test/suite/roles/set_role-database-simple.result

@@ -3,6 +3,7 @@ create role test_role1;
 grant test_role1 to test_user@localhost;
 select user, host from mysql.user where user not like 'root';
 User	Host
+mariadb.sys	localhost
 test_role1	
 test_user	localhost
 select * from mysql.roles_mapping;

mysql-test/suite/roles/set_role-recursive.result

@@ -5,6 +5,7 @@ create role test_role2;
 grant test_role2 to test_role1;
 select user, host from mysql.user where user not like 'root';
 User	Host
+mariadb.sys	localhost
 test_role1	
 test_role2	
 test_user	localhost

mysql-test/suite/roles/set_role-routine-simple.result

@@ -7,6 +7,7 @@ grant test_role3 to test_user@localhost;
 grant test_role2 to test_role1;
 select user, host from mysql.user where user not like 'root';
 User	Host
+mariadb.sys	localhost
 test_role1	
 test_role2	
 test_role3	

mysql-test/suite/roles/set_role-simple.result

@@ -3,6 +3,7 @@ create role test_role1;
 grant test_role1 to test_user@localhost;
 select user, host from mysql.user where user not like 'root';
 User	Host
+mariadb.sys	localhost
 test_role1	
 test_user	localhost
 select * from mysql.roles_mapping;

mysql-test/suite/roles/set_role-table-column-priv.result

@@ -5,6 +5,7 @@ grant test_role1 to test_user@localhost;
 grant test_role2 to test_role1;
 select user, host from mysql.user where user not like 'root';
 User	Host
+mariadb.sys	localhost
 test_role1	
 test_role2	
 test_user	localhost
@@ -62,6 +63,7 @@ ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table 'ro
 drop user 'test_user'@'localhost';
 select * from mysql.tables_priv;
 Host	Db	User	Table_name	Grantor	Timestamp	Table_priv	Column_priv
+localhost	mysql	mariadb.sys	global_priv	root@localhost	0000-00-00 00:00:00	Select,Update,Delete	
 	mysql	test_role2	roles_mapping	root@localhost	0000-00-00 00:00:00		Select
 revoke select on mysql.roles_mapping from test_role2;
 delete from mysql.user where user like'test_%';

mysql-test/suite/roles/set_role-table-simple.result

@@ -5,6 +5,7 @@ grant test_role1 to test_user@localhost;
 grant test_role2 to test_role1;
 select user, host from mysql.user where user not like 'root';
 User	Host
+mariadb.sys	localhost
 test_role1	
 test_role2	
 test_user	localhost
@@ -60,6 +61,7 @@ ERROR 42000: SELECT command denied to user 'test_user'@'localhost' for table 'ro
 drop user 'test_user'@'localhost';
 select * from mysql.tables_priv;
 Host	Db	User	Table_name	Grantor	Timestamp	Table_priv	Column_priv
+localhost	mysql	mariadb.sys	global_priv	root@localhost	0000-00-00 00:00:00	Select,Update,Delete	
 	mysql	test_role2	roles_mapping	root@localhost	0000-00-00 00:00:00	Select	
 revoke select on mysql.roles_mapping from test_role2;
 delete from mysql.user where user like'test_%';

mysql-test/suite/roles/show_grants.result

@@ -6,6 +6,7 @@ grant test_role2 to test_user@localhost;
 grant test_role2 to test_role1;
 select user, host from mysql.user where user not like 'root';
 User	Host
+mariadb.sys	localhost
 test_role1	
 test_role2	
 test_user	localhost

mysql-test/suite/rpl/disabled.def

@@ -19,3 +19,4 @@ rpl_parallel2             : fails after MDEV-16172
 rpl_semi_sync_after_sync  : fails after MDEV-16172
 rpl_slave_grp_exec: MDEV-10514
 rpl_auto_increment_update_failure  : disabled for now
+rpl_current_user          : waits for MDEV-22374 fix

mysql-test/suite/rpl/r/rpl_ignore_table.result

@@ -39,27 +39,27 @@ GRANT INSERT ON test.* TO mysqltest6@localhost;
 GRANT INSERT ON test.t1 TO mysqltest6@localhost;
 show grants for mysqltest1@localhost;
 Grants for mysqltest1@localhost
-GRANT USAGE ON *.* TO `mysqltest1`@`localhost`
 GRANT SELECT ON `test`.`t1` TO `mysqltest1`@`localhost`
+GRANT USAGE ON *.* TO `mysqltest1`@`localhost`
 show grants for mysqltest2@localhost;
 Grants for mysqltest2@localhost
-GRANT USAGE ON *.* TO `mysqltest2`@`localhost`
-GRANT SELECT, INSERT, UPDATE, REFERENCES ON `test`.`t1` TO `mysqltest2`@`localhost`
 GRANT INSERT ON `test`.`t4` TO `mysqltest2`@`localhost`
+GRANT SELECT, INSERT, UPDATE, REFERENCES ON `test`.`t1` TO `mysqltest2`@`localhost`
+GRANT USAGE ON *.* TO `mysqltest2`@`localhost`
 show grants for mysqltest3@localhost;
 Grants for mysqltest3@localhost
-GRANT USAGE ON *.* TO `mysqltest3`@`localhost`
-GRANT SELECT ON `test`.* TO `mysqltest3`@`localhost`
 GRANT SELECT (a), INSERT, INSERT (a), UPDATE (a), REFERENCES (a) ON `test`.`t4` TO `mysqltest3`@`localhost`
+GRANT SELECT ON `test`.* TO `mysqltest3`@`localhost`
+GRANT USAGE ON *.* TO `mysqltest3`@`localhost`
 show grants for mysqltest4@localhost;
 Grants for mysqltest4@localhost
-GRANT USAGE ON *.* TO `mysqltest4`@`localhost` IDENTIFIED BY PASSWORD '*196BDEDE2AE4F84CA44C47D54D78478C7E2BD7B7'
 GRANT SELECT ON `mysqltest2`.`t2` TO `mysqltest4`@`localhost`
+GRANT USAGE ON *.* TO `mysqltest4`@`localhost` IDENTIFIED BY PASSWORD '*196BDEDE2AE4F84CA44C47D54D78478C7E2BD7B7'
 show grants for mysqltest6@localhost;
 Grants for mysqltest6@localhost
-GRANT SELECT, INSERT ON *.* TO `mysqltest6`@`localhost`
 GRANT INSERT ON `test`.* TO `mysqltest6`@`localhost`
 GRANT INSERT ON `test`.`t1` TO `mysqltest6`@`localhost`
+GRANT SELECT, INSERT ON *.* TO `mysqltest6`@`localhost`
 flush privileges;
 show grants for mysqltest5@somehost;
 Grants for mysqltest5@somehost
@@ -69,24 +69,24 @@ connection slave;
 **** Checking grants on slave ****
 show grants for mysqltest2@localhost;
 Grants for mysqltest2@localhost
-GRANT USAGE ON *.* TO `mysqltest2`@`localhost`
 GRANT INSERT ON `test`.`t4` TO `mysqltest2`@`localhost`
+GRANT USAGE ON *.* TO `mysqltest2`@`localhost`
 show grants for mysqltest3@localhost;
 Grants for mysqltest3@localhost
-GRANT USAGE ON *.* TO `mysqltest3`@`localhost`
-GRANT SELECT ON `test`.* TO `mysqltest3`@`localhost`
 GRANT SELECT (a), INSERT, INSERT (a), UPDATE (a), REFERENCES (a) ON `test`.`t4` TO `mysqltest3`@`localhost`
+GRANT SELECT ON `test`.* TO `mysqltest3`@`localhost`
+GRANT USAGE ON *.* TO `mysqltest3`@`localhost`
 show grants for mysqltest4@localhost;
 Grants for mysqltest4@localhost
-GRANT USAGE ON *.* TO `mysqltest4`@`localhost` IDENTIFIED BY PASSWORD '*196BDEDE2AE4F84CA44C47D54D78478C7E2BD7B7'
 GRANT SELECT ON `mysqltest2`.`t2` TO `mysqltest4`@`localhost`
+GRANT USAGE ON *.* TO `mysqltest4`@`localhost` IDENTIFIED BY PASSWORD '*196BDEDE2AE4F84CA44C47D54D78478C7E2BD7B7'
 show grants for mysqltest5@somehost;
 Grants for mysqltest5@somehost
 GRANT USAGE ON *.* TO `mysqltest5`@`somehost`
 show grants for mysqltest6@localhost;
 Grants for mysqltest6@localhost
-GRANT SELECT, INSERT ON *.* TO `mysqltest6`@`localhost`
 GRANT INSERT ON `test`.* TO `mysqltest6`@`localhost`
+GRANT SELECT, INSERT ON *.* TO `mysqltest6`@`localhost`
 show grants for mysqltest1@localhost;
 ERROR 42000: There is no such grant defined for user 'mysqltest1' on host 'localhost'
 **** Revoking grants on master ****
@@ -100,9 +100,9 @@ Grants for mysqltest1@localhost
 GRANT USAGE ON *.* TO `mysqltest1`@`localhost`
 show grants for mysqltest3@localhost;
 Grants for mysqltest3@localhost
-GRANT USAGE ON *.* TO `mysqltest3`@`localhost`
-GRANT SELECT ON `test`.* TO `mysqltest3`@`localhost`
 GRANT INSERT, INSERT (a), UPDATE (a), REFERENCES (a) ON `test`.`t4` TO `mysqltest3`@`localhost`
+GRANT SELECT ON `test`.* TO `mysqltest3`@`localhost`
+GRANT USAGE ON *.* TO `mysqltest3`@`localhost`
 show grants for mysqltest4@localhost;
 Grants for mysqltest4@localhost
 GRANT USAGE ON *.* TO `mysqltest4`@`localhost` IDENTIFIED BY PASSWORD '*196BDEDE2AE4F84CA44C47D54D78478C7E2BD7B7'

mysql-test/suite/rpl/t/rpl_ignore_table.test

@@ -77,10 +77,15 @@ GRANT INSERT ON *.* TO mysqltest6@localhost;
 GRANT INSERT ON test.* TO mysqltest6@localhost;
 GRANT INSERT ON test.t1 TO mysqltest6@localhost;
 
+--sorted_result
 show grants for mysqltest1@localhost;
+--sorted_result
 show grants for mysqltest2@localhost;
+--sorted_result
 show grants for mysqltest3@localhost;
+--sorted_result
 show grants for mysqltest4@localhost;
+--sorted_result
 show grants for mysqltest6@localhost;
 
 flush privileges;
@@ -92,10 +97,15 @@ sync_slave_with_master;
 --echo **** Checking grants on slave ****
 
 # Check that grants are replicated to slave
+--sorted_result
 show grants for mysqltest2@localhost;
+--sorted_result
 show grants for mysqltest3@localhost;
+--sorted_result
 show grants for mysqltest4@localhost;
+--sorted_result
 show grants for mysqltest5@somehost;
+--sorted_result
 show grants for mysqltest6@localhost;
 
 # mysqltest1 should not be on slave
@@ -109,8 +119,11 @@ REVOKE SELECT ON mysqltest2.t2 FROM mysqltest4@localhost;
 REVOKE select(a) on t4
  from mysqltest3@localhost;
 
+--sorted_result
 show grants for mysqltest1@localhost;
+--sorted_result
 show grants for mysqltest3@localhost;
+--sorted_result
 show grants for mysqltest4@localhost;
 
 sync_slave_with_master;

scripts/maria_add_gis_sp.sql.in

@@ -23,12 +23,12 @@ SET sql_mode='';
 DROP PROCEDURE IF EXISTS AddGeometryColumn;
 DROP PROCEDURE IF EXISTS DropGeometryColumn;
 
-CREATE DEFINER=`root`@`localhost` PROCEDURE AddGeometryColumn(catalog varchar(64), t_schema varchar(64),
+CREATE DEFINER=`mariadb.sys`@`localhost` PROCEDURE AddGeometryColumn(catalog varchar(64), t_schema varchar(64),
    t_name varchar(64), geometry_column varchar(64), t_srid int) SQL SECURITY INVOKER
 begin
   set @qwe= concat('ALTER TABLE ', t_schema, '.', t_name, ' ADD ', geometry_column,' GEOMETRY REF_SYSTEM_ID=', t_srid); PREPARE ls from @qwe; execute ls; deallocate prepare ls; end @ADD_GIS_SP_EOL@
 
-CREATE DEFINER=`root`@`localhost` PROCEDURE DropGeometryColumn(catalog varchar(64), t_schema varchar(64),
+CREATE DEFINER=`mariadb.sys`@`localhost` PROCEDURE DropGeometryColumn(catalog varchar(64), t_schema varchar(64),
    t_name varchar(64), geometry_column varchar(64)) SQL SECURITY INVOKER
 begin
   set @qwe= concat('ALTER TABLE ', t_schema, '.', t_name, ' DROP ', geometry_column); PREPARE ls from @qwe; execute ls; deallocate prepare ls; end @ADD_GIS_SP_EOL@

scripts/mysql_system_tables.sql

@@ -33,9 +33,17 @@ CREATE TABLE IF NOT EXISTS db (   Host char(60) binary DEFAULT '' NOT NULL, Db c
 -- Remember for later if db table already existed
 set @had_db_table= @@warning_count != 0;
 
-CREATE TABLE IF NOT EXISTS global_priv (Host char(60) binary DEFAULT '', User char(80) binary DEFAULT '', Priv JSON NOT NULL DEFAULT '{}' CHECK(JSON_VALID(Priv)), PRIMARY KEY Host (Host,User)) engine=Aria transactional=1 CHARACTER SET utf8 COLLATE utf8_bin comment='Users and global privileges';
+CREATE TABLE IF NOT EXISTS global_priv (Host char(60) binary DEFAULT '', User char(80) binary DEFAULT '', Priv JSON NOT NULL DEFAULT '{}' CHECK(JSON_VALID(Priv)), PRIMARY KEY (Host,User)) engine=Aria transactional=1 CHARACTER SET utf8 COLLATE utf8_bin comment='Users and global privileges';
 
-CREATE DEFINER=root@localhost SQL SECURITY DEFINER VIEW IF NOT EXISTS user AS SELECT
+set @had_sys_user= 0 <> (select count(*) from mysql.global_priv where Host="localhost" and User="mariadb.sys");
+
+CREATE TEMPORARY TABLE tmp_user_sys LIKE global_priv;
+INSERT INTO tmp_user_sys (Host,User,Priv) VALUES ('localhost','mariadb.sys','{"access":0,"plugin":"mysql_native_password","authentication_string":"","account_locked":true,"password_last_changed":0}');
+INSERT INTO global_priv SELECT * FROM tmp_user_sys WHERE NOT @had_sys_user;
+DROP TABLE tmp_user_sys;
+
+
+CREATE DEFINER='mariadb.sys'@'localhost' SQL SECURITY DEFINER VIEW IF NOT EXISTS user AS SELECT
   Host,
   User,
   IF(JSON_VALUE(Priv, '$.plugin') IN ('mysql_native_password', 'mysql_old_password'), IFNULL(JSON_VALUE(Priv, '$.authentication_string'), ''), '') AS Password,
@@ -101,6 +109,11 @@ CREATE TABLE IF NOT EXISTS servers ( Server_name char(64) NOT NULL DEFAULT '', H
 
 CREATE TABLE IF NOT EXISTS tables_priv ( Host char(60) binary DEFAULT '' NOT NULL, Db char(64) binary DEFAULT '' NOT NULL, User char(80) binary DEFAULT '' NOT NULL, Table_name char(64) binary DEFAULT '' NOT NULL, Grantor char(141) DEFAULT '' NOT NULL, Timestamp timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, Table_priv set('Select','Insert','Update','Delete','Create','Drop','Grant','References','Index','Alter','Create View','Show view','Trigger','Delete versioning rows') COLLATE utf8_general_ci DEFAULT '' NOT NULL, Column_priv set('Select','Insert','Update','References') COLLATE utf8_general_ci DEFAULT '' NOT NULL, PRIMARY KEY (Host,Db,User,Table_name), KEY Grantor (Grantor) ) engine=Aria transactional=1 CHARACTER SET utf8 COLLATE utf8_bin   comment='Table privileges';
 
+CREATE TEMPORARY TABLE tmp_user_sys LIKE tables_priv;
+INSERT INTO tmp_user_sys (Host,Db,User,Table_name,Grantor,Timestamp,Table_priv) VALUES ('localhost','mysql','mariadb.sys','global_priv','root@localhost','0','Select,Update,Delete');
+INSERT INTO tables_priv SELECT * FROM tmp_user_sys WHERE NOT @had_sys_user;
+DROP TABLE tmp_user_sys;
+
 CREATE TABLE IF NOT EXISTS columns_priv ( Host char(60) binary DEFAULT '' NOT NULL, Db char(64) binary DEFAULT '' NOT NULL, User char(80) binary DEFAULT '' NOT NULL, Table_name char(64) binary DEFAULT '' NOT NULL, Column_name char(64) binary DEFAULT '' NOT NULL, Timestamp timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, Column_priv set('Select','Insert','Update','References') COLLATE utf8_general_ci DEFAULT '' NOT NULL, PRIMARY KEY (Host,Db,User,Table_name,Column_name) ) engine=Aria transactional=1 CHARACTER SET utf8 COLLATE utf8_bin   comment='Column privileges';
 
 

scripts/mysql_system_tables_fix.sql

@@ -808,4 +808,9 @@ IF 'BASE TABLE' = (select table_type from information_schema.tables where table_
   FROM user;
   DROP TABLE user;
 END IF//
+
+IF 1 = (SELECT count(*) FROM information_schema.VIEWS WHERE TABLE_CATALOG = 'def' and TABLE_SCHEMA = 'mysql' and TABLE_NAME='user' and DEFINER = 'root@localhost') THEN
+  DROP VIEW IF EXISTS mysql.user;
+END IF//
+
 DELIMITER ;