diff --git a/mysql-test/main/grant5.result b/mysql-test/main/grant5.result index 43b58b82231..df09b1fcc64 100644 --- a/mysql-test/main/grant5.result +++ b/mysql-test/main/grant5.result @@ -225,4 +225,21 @@ drop user twg@'%'; insert mysql.tables_priv (host,db,user,table_name,grantor,table_priv) values ('localhost','','otto','t1','root@localhost','select'); flush privileges; delete from mysql.tables_priv where db=''; +create database db; +create table db.t1 (a int); +insert into db.t1 values (1); +create user foo; +grant delete on db.* to foo; +connect con1,localhost,foo,,; +show create table db.t1; +Table Create Table +t1 CREATE TABLE `t1` ( + `a` int(11) DEFAULT NULL +) ENGINE=MyISAM DEFAULT CHARSET=latin1 +delete from db.t1 returning *; +ERROR 42000: SELECT command denied to user 'foo'@'localhost' for column 'a' in table 't1' +disconnect con1; +connection default; +drop database db; +drop user foo; # End of 10.4 tests diff --git a/mysql-test/main/grant5.test b/mysql-test/main/grant5.test index 307549ec9d8..39fcff92435 100644 --- a/mysql-test/main/grant5.test +++ b/mysql-test/main/grant5.test @@ -182,4 +182,21 @@ insert mysql.tables_priv (host,db,user,table_name,grantor,table_priv) values ('l flush privileges; delete from mysql.tables_priv where db=''; +# +# MDEV-21560 Assertion `grant_table || grant_table_role' failed in check_grant_all_columns +# +create database db; +create table db.t1 (a int); +insert into db.t1 values (1); +create user foo; +grant delete on db.* to foo; +--connect (con1,localhost,foo,,) +show create table db.t1; +--error ER_COLUMNACCESS_DENIED_ERROR +delete from db.t1 returning *; +--disconnect con1 +--connection default +drop database db; +drop user foo; + --echo # End of 10.4 tests diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc index 9ea69e5628b..8e17958a8a1 100644 --- a/sql/sql_acl.cc +++ b/sql/sql_acl.cc @@ -8335,7 +8335,8 @@ bool check_grant_all_columns(THD *thd, ulong want_access_arg, grant_table= grant->grant_table_user; grant_table_role= grant->grant_table_role; - DBUG_ASSERT (grant_table || grant_table_role); + if (!grant_table && !grant_table_role) + goto err; } }