Skip to content
/ server Public

MDEV-37948 ALTER TABLE TRUNCATE PARTITION requires only DROP privilege #4601

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
FarihaIS wants to merge 1 commit into
base: 12.2
Choose a base branch
from
Open

MDEV-37948 ALTER TABLE TRUNCATE PARTITION requires only DROP privilege #4601

FarihaIS wants to merge 1 commit into from
+48 −1

Conversation

@FarihaIS
Copy link
Contributor

@FarihaIS FarihaIS commented Jan 28, 2026

Description

ALTER TABLE ... TRUNCATE PARTITION only checks for DROP privilege, while ALTER TABLE ... DROP PARTITION correctly requires both DROP and ALTER privileges. This is inconsistent and a privilege issue since TRUNCATE PARTITION is an ALTER TABLE statement.

Add ALTER privilege check to TRUNCATE PARTITION to match DROP PARTITION behavior and documentation.

Release Notes

N/A

How can this PR be tested?

Execute the main.partition_grant test in mysql-test-run. This commit adds a test in partition_grant.test.

Before the fix

A user with only DROP privilege can truncate partitions:

main.partition_grant                     [ fail ]
        Test ended at 2026-01-28 20:16:01

CURRENT_TEST: main.partition_grant
mysqltest: At line 92: query 'alter table t1 truncate partition p1' succeeded - should have failed with error ER_TABLEACCESS_DENIED_ERROR (1142)...

The result from queries just before the failure was:
< snip >
...
create table t1 (a int) partition by list (a) (partition p1 values in (1), partition p2 values in (2), partition p3 values in (3));
insert into t1 values (1),(2),(3);
revoke all privileges on mysqltest_1.* from mysqltest_1@localhost;
grant drop on mysqltest_1.* to mysqltest_1@localhost;
connect  conn6,localhost,mysqltest_1,,mysqltest_1;
show grants for current_user;
Grants for mysqltest_1@localhost
GRANT USAGE ON *.* TO `mysqltest_1`@`localhost`
GRANT DROP ON `mysqltest_1`.* TO `mysqltest_1`@`localhost`
alter table t1 truncate partition p1;

After the fix

A user needs both ALTER and DROP privileges to truncate partitions:

main.partition_grant                     [ pass ]     81

Basing the PR against the correct MariaDB version

  • This is a bug fix, and the PR is based against the branch 12.2.

Copyright

All new code of the whole pull request, including one or several files that are either new files or modified ones, are contributed under the BSD-new license. I am contributing on behalf of my employer Amazon Web Services, Inc.

@FarihaIS
MDEV-37948 ALTER TABLE TRUNCATE PARTITION requires only DROP privilege
e6a1c8e 
ALTER TABLE ... TRUNCATE PARTITION only checks for DROP privilege, while
ALTER TABLE ... DROP PARTITION correctly requires both DROP and ALTER
privileges. This is inconsistent and a privilege issue since TRUNCATE
PARTITION is an ALTER TABLE statement.

Add ALTER privilege check to TRUNCATE PARTITION to match DROP PARTITION
behavior and documentation.

All new code of the whole pull request, including one or several files
that are either new files or modified ones, are contributed under the
BSD-new license. I am contributing on behalf of my employer Amazon Web
Services, Inc.
@CLAassistant
Copy link

CLAassistant commented Jan 28, 2026

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@FarihaIS @CLAassistant