WL#2990: SHOW GRANTS: Extend to include SESSION_USER privileges
Affects: Server-7.1 — Status: Un-Assigned — Priority: Medium
MySQL will extend the SHOW GRANTS statement to support the return of privileges for the SESSION_USER. Rationale --------- Currently, one can execute SHOW GRANTS FOR CURRENT_USER; to get the privileges for the current authenticated user. One should also be able to execute SHOW GRANTS FOR SESSION_USER; to get the privileges for the user who has initiated an SQL session. Currently, there is no real difference between the result of these two functions. But CURRENT_USER can switch contexts: in cases where an SQL SECURITY DEFINER view/stored routine/trigger is executed, the value of CURRENT_USER changes to the ID of the definer. Since it's also necessary to be able to identify the user whose actions cause the view/stored routine/trigger to activate, the value of SESSION_USER may be changed to always return the ID of that user. In this case, supporting SHOW GRANTS FOR SESSION_USER becomes a valuable extension. See also: WL#3001 Consistent handling of CURRENT_USER in DEFINER execution context
The task -------- Extend the SHOW GRANTS statement for SESSION_USER. Syntax ------ SHOW GRANTS FOR SESSION_USER - returns the GRANT statements that must be issued to duplicate the privileges granted to the SESSION_USER user account.
Copyright (c) 2000, 2017, Oracle Corporation and/or its affiliates. All rights reserved.