MySQL Forums
Forum List  »  Stored Procedures

Re: Access denied; you need (at least one of) the SUPER privilege(s)
Posted by: Peter Brawley
Date: January 16, 2020 12:26PM

Yes stored routine security syntax is bizarre.

From https://dev.mysql.com/doc/refman/8.0/en/create-procedure.html...

"CREATE PROCEDURE and CREATE FUNCTION require the CREATE ROUTINE privilege. If the DEFINER clause is present, the privileges required depend on the user value, as discussed in Section 24.6, “Stored Object Access Control”. If binary logging is enabled, CREATE FUNCTION might require the SUPER privilege, as discussed in Section 24.7, “Stored Program Binary Logging”.

"By default, MySQL automatically grants the ALTER ROUTINE and EXECUTE privileges to the routine creator. This behavior can be changed by disabling the automatic_sp_privileges system variable. See Section 24.2.2, “Stored Routines and MySQL Privileges”.

"The DEFINER and SQL SECURITY clauses specify the security context to be used when checking access privileges at routine execution time, as described later in this section."

To have the sproc run with invoker's instead of definer's privs, use SQL SECURITY INVOKER.

Options: ReplyQuote


Subject
Views
Written By
Posted
Re: Access denied; you need (at least one of) the SUPER privilege(s)
230
January 16, 2020 12:26PM


Sorry, you can't reply to this topic. It has been closed.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.