NodeJS and Mysql connection configuration ignored

Question

I have a weird behavior while I'm trying to query my MySQL database from a nodeJS API. I define a connection pool to mysql on node using the following code

const mysql = require('mysql2')

const pool = mysql.createPool({
  host: process.env.DB_HOST,
  user: 'mydb.user', 
  database: process.env.DB_DB,
  password: process.env.DB_PWD,
  waitForConnections: true,
  connectionLimit: 10,
  queueLimit: 0,
  multipleStatements: true
}).promise()

Before that, I was using another user named mydb.owner defined in a .env file.

When I execute a query, I have the following error

Access denied for user 'mydb.owner'@'localhost' to database 'mydb'

That's not the user I've configured, that's the old one.

If I have a look on the Mysql connections, I can see that the user of the pool is correct:

show processlist;

Returns

Id   User         Host               db
6    root         localhost:37752    mydb
9    mydb.user    localhost:38102    mydb

It seems I haven't any environment variable defined from elsewhere:

echo $DB_USER

Returns nothing.

The user seems to have the necessary rights:

SHOW GRANTS FOR 'mydb.user'@'localhost';

GRANT USAGE ON *.* TO 'mydb.user'@'localhost'
GRANT SELECT, INSERT, UPDATE, DELETE, EXECUTE ON `mydb`.* TO 'mydb.user'@'localhost' WITH GRANT OPTION

I don't understand why mysql2 returns me an error about my old user mydb.owner .

Answer 1

The query was a stored procedure and was created by default with the tag

CREATE definer = 'mydb.owner'@'localhost' PROCEDURE ...

No matter which user execute the stored procedure, it was impersonated with the mydb.owner account.

To specify that the procedure must be executed under the current account, I added the following instructions:

CREATE definer = 'mydb.owner'@'localhost' PROCEDURE ...()
SQL SECURITY INVOKER
BEGIN ...