Symfony version(s) affected

7.1.0

Description

When running a database migration, a table schema_subscriber_check_ <RANDOM-STRING> is created and immediately dropped again.

This prevents us from setting restrictive database permissions where the Symfony application is only allowed to access a select subset of tables, but does not have the permission to create (and drop) arbitrary tables.

The corresponding code is located in AbstractSchemaListener->getIsSameDatabaseChecker:

$checkTable = 'schema_subscriber_check_'.bin2hex(random_bytes(7));
$connection->executeStatement(sprintf('CREATE TABLE %s (id INTEGER NOT NULL)', $checkTable));

try {
    $exec(sprintf('DROP TABLE %s', $checkTable));
} catch (\Exception) {
    // ignore
}

I was granting the following permissions for a single table in MySQL 5.7 to the Symfony application:

my_db.my_table:CREATE,DROP,SELECT,INSERT,UPDATE,DELETE

MySQL does not support granting permissions on table names with wild cards (schema_subscriber_check_*).

How to reproduce

I don't seem to be able to trigger the call of getIsSameDatabaseChecker in a dummy application.

Possible Solution

I am not 100% sure what the purpose of the "same database checker" is, so I can't propose an appropriate solution.

Additional Context

No response