> The definition still can be being seen by 'user1'@'%' if procedure is created with definer 'user1'@'%'.

The procedure was created with "definer=root@localhost" per your proof-of-concept code. Dos the "test" DB operate different in any way to a user-defined DB? I am puzzled by this behavior but will leave it alone for now.

> Try to grant 'SELECT' privilege to `mysql`.`proc` table, then select data from that table.

I granted the permission and it does allow user1 to see procedure definitions in my_user_defined_db, however it also allows user1 to see procedure definitions in all DBs in the instance, regardless of whether user1 was granted SELECT permissions in that DB. This is not as granular a level of access control as I need.

---

To recap:

1. GRANT SELECT ON my_user_defined_db.* TO user1@'%';

This DOES NOT by itself allow user1 to see procedure definitions in my_user_defined_db. This is contrary to your proof-of-concept using the test DB, however it may have something to do with a basic difference between a user-defined DB and the standard equipment "test" DB.

2. GRANT SELECT ON `mysql`.`proc` TO user1@'%';

This DOES allow user1 to see procedure definitions in my_user_defined_db, as well as all other databases in the instance regardless of their permissions in that database.

---

With your assistance I can now allow users to view procedure definitions using the grant in item 2 above, however at this time, with my current knowledge, it appears that I will need to grant the user more rights than should be required.