information_schema.tiflash_replica shows table info even if the user has no privileges on it

[yahonda]

Bug Report

Please answer these questions before submitting your issue. Thanks!

1. Minimal reproduce step (Required)

1. Startup tiup playground with --tiflash 1 option

tiup playground --tiflash 1

2. Open another terminal to connect to the tiup playground instance as root.

mysql --comments --host 127.0.0.1 --port 4000 -u root

3. As a root user, create test1 and test2 databases.

create database test1;
create database test2;

3. As a root user, create user1 and user2 users.
   The user1 has all privileges on all of test1 database, Same as user2 has all prvileges on all of test2 database.

create user 'user1'@'localhost';
create user 'user2'@'localhost';
grant all privileges on test1.* to 'user1'@'localhost';
grant all privileges on test2.* to 'user2'@'localhost';

4. Exit the root connection

5. Connect to tiup playground instance as user1

mysql --comments --host 127.0.0.1 --port 4000 -u user1;

6. Use test1 database and create t1 table and create a tiflash replica of t1.

use test1;
create table t1 (id int not null auto_increment, primary key(id));
insert into t1 values();
alter table t1 set tiflash replica 1;

7. Exit the user1 connection

8. Connect to tiup playground instance as user2

mysql --comments --host 127.0.0.1 --port 4000 -u user2;

9. Try to see the test1.t1 table as user2, which gets ERROR 1142 as expected.

mysql> select * from test1.t1;
ERROR 1142 (42000): SELECT command denied to user 'user2'@'localhost' for table 't1'

10. Query information_schema.tables as user2, it does not show any record where where table_schema = 'test1' as expected

mysql> select * from information_schema.tables where table_schema = 'test1';
Empty set (0.00 sec)

11. Query information_schema.tiflash_replica as user2, it somehow shows the record where table_schema= 'test1' and TABLE_NAME = 't1, 'which is unexpected

mysql> select * from information_schema.tiflash_replica where table_schema= 'test1' and TABLE_NAME = 't1';
+--------------+------------+----------+---------------+-----------------+-----------+----------+
| TABLE_SCHEMA | TABLE_NAME | TABLE_ID | REPLICA_COUNT | LOCATION_LABELS | AVAILABLE | PROGRESS |
+--------------+------------+----------+---------------+-----------------+-----------+----------+
| test1        | t1         |       98 |             1 |                 |         1 |        1 |
+--------------+------------+----------+---------------+-----------------+-----------+----------+
1 row in set (0.01 sec)

2. What did you expect to see? (Required)

At step 11, user2 should not see any record from information_schema.tiflash_replica where table_schema= 'test1' and TABLE_NAME = 't1'. Same as information_schema.tables

3. What did you see instead (Required)

mysql> select * from information_schema.tiflash_replica where table_schema= 'test1' and TABLE_NAME = 't1';
+--------------+------------+----------+---------------+-----------------+-----------+----------+
| TABLE_SCHEMA | TABLE_NAME | TABLE_ID | REPLICA_COUNT | LOCATION_LABELS | AVAILABLE | PROGRESS |
+--------------+------------+----------+---------------+-----------------+-----------+----------+
| test1        | t1         |       98 |             1 |                 |         1 |        1 |
+--------------+------------+----------+---------------+-----------------+-----------+----------+
1 row in set (0.01 sec)

4. What is your TiFlash version? (Required)

mysql> select tidb_version()\G
*************************** 1. row ***************************
tidb_version(): Release Version: v7.2.0
Edition: Community
Git Commit Hash: 9fd5f4a8e4f273a60fbe7d3848f85a1be8f0600b
Git Branch: heads/refs/tags/v7.2.0
UTC Build Time: 2023-06-27 14:57:05
GoVersion: go1.20.5
Race Enabled: false
Check Table Before Drop: false
Store: tikv
1 row in set (0.01 sec)

[Lloyd-Pottiger]

close by pingcap/tidb#45319

[yahonda]

Thank you for the fix.