TechQA.

Error 1217 vs 1452: Still less verbose despite `GRANT_ALL`

49 views Asked by At

On MySQL 8.0.34, errors 1217 and 1452 represent the same thing but provide less information in the former case by design. A user without the relevant grants should not see the information about a table restricting a delete. In my case, the 'basic' user has access to the database with the restricting table, but still sees the low verbosity error 1217. What grants are required to show this user 1452?

As advanced user, 1452

mysql> show grants for current_user();
+----------------------------------------------------------------------+
| Grants for advanced@%                                                |
+----------------------------------------------------------------------+
| GRANT SELECT, REFERENCES, SHOW DATABASES ON *.* TO `advanced`@`%`    |
| GRANT ALL PRIVILEGES ON `%`.* TO `advanced`@`%`                      |
(others removed for brevity)
+----------------------------------------------------------------------+
15 rows in set (0.00 sec)

mysql> DELETE FROM `common_a`.`a` WHERE my_field LIKE 'restriction';
ERROR 1451 (23000): Cannot delete or update a parent row: a foreign key constraint fails (`common_b`.`_b`, CONSTRAINT `_b_ibfk_1` FOREIGN KEY (`my_field`) REFERENCES `common_a`.`a` (`my_field`) ON DELETE RESTRICT ON UPDATE CASCADE)

As basic user, 1217 despite having all privileges on the common_ prefix

mysql> show grants for current_user();
+----------------------------------------------------------------------+
| Grants for basic@%                                                   |
+----------------------------------------------------------------------+
| GRANT SELECT, REFERENCES, SHOW DATABASES ON *.* TO `basic`@`%`       |
| GRANT ALL PRIVILEGES ON `common\_%`.* TO `basic`@`%`                 |
(others removed for brevity)
+----------------------------------------------------------------------+
12 rows in set (0.00 sec)

mysql> DELETE FROM `common_a`.`a` WHERE my_field LIKE 'restriction';
ERROR 1217 (23000): Cannot delete or update a parent row: a foreign key constraint fails

I have tried...

  • Revoking and re-granting the privileges shown above. No change.
  • Granting all for `common_a`.* and `common_a`.`a`, and b equivalents.
  • Cascading my delete with the advanced user. I found no restricting tables outside of the common_ prefix.
  • Granting all for each individual table that would be referenced in this cascading delete, and all databases on the common prefix individually
  • Granting all to 'basic', as shown in 'advanced' above. This changed the error, but doesn't protect my other databases.
  • Asking what grants are needed on the existing mysql bug thread.
  • Asking on stack exchange months ago with no reply.
  • Loading a new instance of our database from mysqldumps.
  • Comparing table declarations for tables with and without this bug in mysqldumps.

How can I get the more verbose error while still restricting basic's access outside of common_?

mysql privileges mysql-8.0 mysql-error-1452
Original Q&A
0

There are 0 answers

Related Questions in MYSQL

Related Questions in PRIVILEGES

Related Questions in MYSQL-8.0

Related Questions in MYSQL-ERROR-1452

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Trending Questions