Hi, Anel! On Oct 23, Anel Husakovic wrote:

revision-id: 2e0bac4688a (mariadb-10.2.31-517-g2e0bac4688a) parent(s): 985ede92034 author: Anel Husakovic <anel@mariadb.org> committer: Anel Husakovic <anel@mariadb.org> timestamp: 2020-10-23 12:38:11 +0200 message:

MDEV-22313: Neither SHOW CREATE USER nor SHOW GRANTS prints a user's default role

diff --git a/mysql-test/r/grant5.result b/mysql-test/r/grant5.result index 338bbd36e14..a69070e8399 100644 --- a/mysql-test/r/grant5.result +++ b/mysql-test/r/grant5.result ... +SHOW GRANTS; +Grants for root@localhost +GRANT test_role TO 'root'@'localhost' WITH ADMIN OPTION +GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION +GRANT PROXY ON ''@'%' TO 'root'@'localhost' WITH GRANT OPTION +GRANT USAGE ON *.* TO 'test_role' +SET DEFAULT ROLE test_role FOR 'root'@'localhost' ...

Yes, that's what I mean. I don't have a strong opinion on that, it seems that I very slightly prefer to have SET DEFAULT ROLE after GRANT PROXY, that is to have all statements for root, and then statements for roles. But having SET DEFAULT ROLE at the end makes sense too - all GRANTs first, then SET DEFAULT ROLE. Just make it the way you want. But either way it's good to have a test for it, a test that shows we've considered this issue and intentionally implemented that particular order. Regards, Sergei VP of MariaDB Server Engineering and security@mariadb.org