[MDEV-13398] Can't distinguish between DROP DATABASE and DROP TABLE permissions on a database - Jira

XML

Word

Printable

Details

Type: Bug
Status: Confirmed (View Workflow)
Priority: Trivial
Resolution: Unresolved
Affects Version/s: 5.5, 10.0, 10.1.25, 10.2.6, 10.3
Fix Version/s: 10.4
Component/s: Authentication and Privilege System
Labels:
- upstream

Description

Feature request:

GRANT DROP ON TABLE db_name.* does not only give a user the privilege to drop any table within the database db_name, but also the database itself.

There is no way to just give permission to drop any table, but not the database itself.

Not sure how to actually solve this in a backwards compatible way, adding an extra ON DATABASE object_type wouldn't really work out as this would require to change the current behavior of ON TABLE.

Maybe an extra DROP_TABLE privilege would work out best. So

GRANT DROP ON TABLE db_name.*

would give DROP permissions on both tables within the database and the database itself, while

GRANT DROP_TABLE ON TABLE db_name.*

would only allow to drop tables, but not the database itself.

When specifying an explicit table level grant

GRANT DROP_TABLE ON TABLE db_name.tab_name

on the other hand DROP and DROP_TABLE would be synonyms for the same privilege.

Attachments

Issue Links

duplicates

MDEV-15491 Allow wildcards in table names of GRANT statement

Stalled

Activity

People

Assignee:: Sergei Golubchik

Reporter:: Hartmut Holzgraefe

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Dates

Created:: 2017-07-28 12:32

Updated:: 2023-04-27 14:25

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.