Details
-
Bug
-
Status: Confirmed (View Workflow)
-
Trivial
-
Resolution: Unresolved
-
5.5, 10.0, 10.1.25, 10.2.6, 10.3
Description
Feature request:
GRANT DROP ON TABLE db_name.* does not only give a user the privilege to drop any table within the database db_name, but also the database itself.
There is no way to just give permission to drop any table, but not the database itself.
Not sure how to actually solve this in a backwards compatible way, adding an extra ON DATABASE object_type wouldn't really work out as this would require to change the current behavior of ON TABLE.
Maybe an extra DROP_TABLE privilege would work out best. So
GRANT DROP ON TABLE db_name.*
would give DROP permissions on both tables within the database and the database itself, while
GRANT DROP_TABLE ON TABLE db_name.*
would only allow to drop tables, but not the database itself.
When specifying an explicit table level grant
GRANT DROP_TABLE ON TABLE db_name.tab_name
on the other hand DROP and DROP_TABLE would be synonyms for the same privilege.
Attachments
Issue Links
- duplicates
-
MDEV-15491 Allow wildcards in table names of GRANT statement
- Stalled