Details
-
Task
-
Status: Closed (View Workflow)
-
Minor
-
Resolution: Not a Bug
-
None
Description
And for roles to take on roles.
Currently a user can only "wear one hat at a time"
GRANT USAGE ON *.* TO ‘myuser’@‘%’ IDENTIFIED BY PASSWORD ‘*abcdefxxxxxxxxx’;
|
GRANT mysqlread TO ‘myuser'@‘%’ ;
|
GRANT mysqldml TO ‘myuser’@‘%’ ;
|
GRANT mysqlddl TO ‘myuser’@‘%’;
|
|
|
GRANT SELECT, SHOW DATABASES, SHOW VIEW ON *.* TO ‘mysqlread’;
|
|
|
GRANT INSERT, UPDATE, DELETE, EXECUTE ON `mydb`.* TO ‘mysqldml’;
|
|
GRANT CREATE, DROP, REFERENCES, INDEX, ALTER, CREATE VIEW, CREATE ROUTINE, ALTER ROUTINE, TRIGGER ON `mydb`.* TO ‘mysqlddl’;
|
|
Currently, SET ROLE mysqlread; SET ROLE mysqldml; means I can no longer issue SHOW DATABASES;
Ideally, both sets should apply. This would also mean we need UNSET ROLE mysqldml; available to remove current roles.
Additionally, roles should be able to stack:
GRANT mysqlread to mysqldml;
|
now SET ROLE mysqldml; should have the additional grants of SELECT, SHOW DATABASES, SHOW VIEW
Attachments
Issue Links
- relates to
-
-
- Closed
-