GRANT statements do not invalidate privilege cache #8427
Description
Bug Report
Please answer these questions before submitting your issue. Thanks!
- What did you do?
CREATE USER ted;
Immediately after:
mysql -u ted
- What did you expect to see?
Login should work.
- What did you see instead?
Error (requires FLUSH PRIVILEGES to be run).
For MySQL the following commands imply FLUSH PRIVILEGES:
- GRANT
- CREATE USER
- SET PASSWORD
- REVOKE
- DROP USER
The TiDB test suite also contains a lot of FLUSH PRIVILEGES commands that for MySQL compatibility would not be required.
This has the greatest impact on users that have permission to change their password, but don't have the ability to FLUSH PRIVILEGES! (fixed in #8426 ) i.e. it is a very weird semantic for the change to take effect much further down the line.
- What version of TiDB are you using (
tidb-server -Vor runselect tidb_version();on TiDB)?
mysql> select tidb_version()\G
*************************** 1. row ***************************
tidb_version(): Release Version: v2.1.0-rc.3-213-g4ec77d5cb
Git Commit Hash: 4ec77d5cbe2536b587afa457a7dcc06bac61eda4
Git Branch: set-password
UTC Build Time: 2018-11-23 01:59:37
GoVersion: go version go1.11 linux/amd64
Race Enabled: false
TiKV Min Version: 2.1.0-alpha.1-ff3dd160846b7d1aed9079c389fc188f7f5ea13e
Check Table Before Drop: false
1 row in set (0.00 sec)