Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-8383

"GRANT role TO user" does not replicate

    XMLWordPrintable

    Details

      Description

      Hello,

      We have encountered a bug trying to build our Galera cluster.

      Due to our app requirements (B2B apps) we need to create different mysql users for each customer, and restrict those users to only some filtered views with check option on to avoid customer X to be able to access data of customer Y (row level security).

      This task can be trivial to manage through ROLES, by creating a role which has access to those views only and then assign that role to each mysql user of each customer.

      It was ok for us to execute "SET ROLE X" at the beginning of each connection (until latest Galera with DEFAULT ROLE per user will become a stable release), but now we've hit another wall: The statement GRANT role TO userx@'%' does not replicate between GALERA nodes. Which means that some customers will end up with permissions (role granted) only on one node, unless we manually patch things out (which is a nightmare to maintain atm).

      Does anybody know about this bug and are there plans to be solved?

      Thank you
      Cosmin

        Attachments

          Activity

            People

            Assignee:
            nirbhay_c Nirbhay Choubey (Inactive)
            Reporter:
            cosmins Cosmin Stahie
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: