Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Fixed
-
2.3.7
-
None
-
MXS-SPRINT-84, MXS-SPRINT-85, MXS-SPRINT-86
Description
MySQLAuth was fixed to check role permissions in MXS-872. It looks like PAMAuth needs a similar fix. See here:
Let's say that you define a PAM user like this:
CREATE ROLE 'admin_role';
|
GRANT ALL PRIVILEGES ON *.* TO 'admin_role';
|
CREATE USER 'pamuser'@'%' IDENTIFIED VIA pam USING 'mariadb';
|
GRANT 'admin_role' TO 'pamuser'@'%';
|
SET DEFAULT ROLE 'admin_role' FOR 'pamuser'@'%';
|
Currently, MaxScale will not recognize the PAM user, because it assumes that it has no privileges. The MaxScale log will contain entries like this:
2019-06-04 10:07:03 notice : Service 'db-service-pam' started (3/12)
|
2019-06-04 10:11:02 notice : Loaded 0 users for service db-service-pam
|