Bug#20989: View '(null).(null)' references invalid table(s)... on SQL SECURITY INVOKER

REPLACE ... SELECT would require INSERT privileges on certain tables when SELECT really suffices. Require INSERT only on target table. mysql-test/r/insert_select.result: Bug#20989: View '(null).(null)' references invalid table(s)... on SQL SECURITY INVOKER Show that REPLACE ... SELECT requires INSERT privileges only on target table. (revised test with more view-fu) mysql-test/t/insert_select.test: Bug#20989: View '(null).(null)' references invalid table(s)... on SQL SECURITY INVOKER Show that REPLACE ... SELECT requires INSERT privileges only on target table. (revised test with more view-fu) sql/sql_insert.cc: Bug#20989: View '(null).(null)' references invalid table(s)... on SQL SECURITY INVOKER require SELECT rather than INSERT privs on tables that constitute the views we'll read
2025-08-08 11:22:35 +03:00 · 2006-07-19 11:49:07 +02:00
parent 674636e725
commit c185144609
3 changed files with 246 additions and 1 deletions
--- a/sql/sql_insert.cc
+++ b/sql/sql_insert.cc
@@ -742,11 +742,18 @@ static bool mysql_prepare_insert_check_table(THD *thd, TABLE_LIST *table_list,
  bool insert_into_view= (table_list->view != 0);
  DBUG_ENTER("mysql_prepare_insert_check_table");

+  /*
+     first table in list is the one we'll INSERT into, requires INSERT_ACL.
+     all others require SELECT_ACL only. the ACL requirement below is for
+     new leaves only anyway (view-constituents), so check for SELECT rather
+     than INSERT.
+  */
+
  if (setup_tables_and_check_access(thd, &thd->lex->select_lex.context,
                                    &thd->lex->select_lex.top_join_list,
                                    table_list, where, 
                                    &thd->lex->select_lex.leaf_tables,
-                                    select_insert, INSERT_ACL))
+                                    select_insert, SELECT_ACL))
    DBUG_RETURN(TRUE);

  if (insert_into_view && !fields.elements)