-
Notifications
You must be signed in to change notification settings - Fork 5.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
privilege: fix RequestVerificationWithUser use of default roles (#24442) #24532
privilege: fix RequestVerificationWithUser use of default roles (#24442) #24532
Conversation
Signed-off-by: ti-srebot <[email protected]>
/run-all-tests |
@morgo please accept the invitation then you can push to the cherry-pick pull requests. |
/lgtm |
[REVIEW NOTIFICATION] This pull request has been approved by:
To complete the pull request process, please ask the reviewers in the list to review by filling The full list of commands accepted by this bot can be found here. Reviewer can indicate their review by writing |
/merge |
This pull request has been accepted and is ready to merge. Commit hash: 477f76c
|
/run-all-tests |
/run-unit-test |
/merge |
@zhouqiang-cl This was cherry picked to 4.0 but not 5.0. This is a problem because the user who reported the issue was on 4.0 but they've now upgraded to 5.0. So the bug is not fixed for them :( |
@ti-srebot: Your PR was out of date, I have automatically updated it for you. At the same time I will also trigger all tests for you: /run-all-tests If the CI test fails, you just re-trigger the test that failed and the bot will merge the PR for you after the CI passes. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the ti-community-infra/tichi repository. |
cherry-pick #24442 to release-5.0
You can switch your code base to this Pull Request by using git-extras:
# In tidb repo: git pr https://github.com/pingcap/tidb/pull/24532
After apply modifications, you can push your change to this PR via:
What problem does this PR solve?
Issue Number: close #24414
Problem Summary:
Views support a feature to run in the security of the DEFINER. This is useful because it allows column level / row level security to effectively be supported, when TiDB supports neither.
However, the implementation was buggy because
RequestVerificationWithUser
in the privilege API did not consider default roles for that user correctly. In this fix it now does.What is changed and how it works?
What's Changed:
Bug fix only.
Related changes
Check List
Tests
Side effects
Release note