Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-14443

Blacklist for access control a.k.a. "negative grants"

    Details

      Description

      Currently, MariaDB privilege system only perform whiltelist check for access control to certain database, table and column. This makes it difficult if we need to block access to certain database/table/column while allow for all others.

      A good solution would be to allow to REVOKE anything that a user is able to do — not only exactly those grants that were granted to a user, but also a subset. Like

      GRANT SELECT ON some_database.* TO a_user@%;
      REVOKE SELECT ON some_database.secret_table FROM a_user@%;
      

        Attachments

          Activity

            People

            • Assignee:
              cvicentiu Vicențiu Ciorbaru
              Reporter:
              hanzhi Hanzhi
            • Votes:
              0 Vote for this issue
              Watchers:
              12 Start watching this issue

              Dates

              • Created:
                Updated: