MDEV-35743 Role-granted routine privileges lost after FLUSH PRIVILEGES#5306
MDEV-35743 Role-granted routine privileges lost after FLUSH PRIVILEGES#5306vaintroub wants to merge 1 commit into
Conversation
Roles are merged in dependency order: each role has a counter equal to the number of roles granted to it, and it is merged only once that counter is ticked down to zero (all roles it inherits from are done). The counter is ticked when the walk follows an edge into the role. When rebuilding everything from scratch (acl_load / FLUSH PRIVILEGES), merge_role_privileges() did not follow the edges out of a role whose own privileges did not change. For a role granted to several roles (more than one incoming edge), its counter never reached zero, it was never merged, and it lost the privileges it should have inherited indirectly. The "did not change, so stop" shortcut is only valid for incremental propagation, where the rest of the graph is already merged. During a full rebuild we must always keep walking so every counter reaches zero.
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request addresses MDEV-35743, where running FLUSH PRIVILEGES breaks role-based function execution grants. The fix introduces a rebuild_all flag in PRIVS_TO_MERGE to ensure a full rebuild of privileges without shortcuts during a flush. The review feedback highlights a critical mismatch between the newly added .test and .result files, where the use of the -- prefix for connection commands in the test file will cause test suite failures.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
| --connect con, localhost, supervisor | ||
| select g1(1); | ||
| --disconnect con | ||
| --connection default |
There was a problem hiding this comment.
There is a mismatch between the .test file and the .result file. The .test file uses the -- prefix for connect, disconnect, and connection commands, which prevents them from being logged to the result file. However, the .result file expects these commands to be logged (without the -- prefix). This mismatch will cause the test suite to fail. Please remove the -- prefix and add semicolons to match the .result file.
connect con, localhost, supervisor;
select g1(1);
disconnect con;
connection default;
| --connect con, localhost, supervisor | ||
| select g1(2); | ||
| --disconnect con | ||
| --connection default |
There was a problem hiding this comment.
Similarly to the previous connection block, there is a mismatch here between the .test file and the .result file due to the -- prefix on connect, disconnect, and connection commands. Please remove the -- prefix and add semicolons to ensure the test passes successfully.
connect con, localhost, supervisor;
select g1(2);
disconnect con;
connection default;
1 participant
Roles are merged in dependency order: each role has a counter equal to the number of roles granted to it, and it is merged only once that counter is ticked down to zero (all roles it inherits from are done). The counter is ticked when the walk follows an edge into the role.
When rebuilding everything from scratch (acl_load / FLUSH PRIVILEGES), merge_role_privileges() did not follow the edges out of a role whose own privileges did not change. For a role granted to several roles (more than one incoming edge), its counter never reached zero, it was never merged, and it lost the privileges it should have inherited indirectly.
The "did not change, so stop" shortcut is only valid for incremental propagation, where the rest of the graph is already merged. During a full rebuild we must always keep walking so every counter reaches zero.