[MXS-5180] Support for roles for MaxScale user - Jira

Details

Type: New Feature
Status: Open (View Workflow)
Priority: Major
Resolution: Unresolved
Affects Version/s: None
Fix Version/s: 25.08
Component/s: None
Labels:
None

Epic Link:
MXS Usability

Description

When assigning provileges to the user that is used for monitoring, to fetch authentication data and for replication it would be convenient to be able to use database roles. As it stands, this only works if the role in question is the default role for the user in question. I suggest that the settings for user/password for servers and sservices, monittoruser/monitorpw for servers and replication_user and replication_password for the mariadbmon monitor are complemented with a similar role parameter. When a role is specified, the role in question would be anabled after connection, i.e. by running SET ROLE <rolename>.

Attachments

Activity

Ascending order - Click to sort in descending order

Anders Karlsson added a comment - 2024-07-26 13:02

When assigning provileges to the user that is used for monitoring, to fetch authentication data and for replication it would be convenient to be able to use database roles. As it stands, this only works if the role in question is the default role for the user in question. I suggest that the settings for user/password for servers and sservices, monittoruser/monitorpw for servers are complemented with a similar role parameter. When a role is specified, the role in question would be anabled after connection, i.e. by running SET ROLE <rolename>.

Anders Karlsson added a comment - 2024-07-26 13:02 When assigning provileges to the user that is used for monitoring, to fetch authentication data and for replication it would be convenient to be able to use database roles. As it stands, this only works if the role in question is the default role for the user in question. I suggest that the settings for user/password for servers and sservices, monittoruser/monitorpw for servers are complemented with a similar role parameter. When a role is specified, the role in question would be anabled after connection, i.e. by running SET ROLE <rolename>.

markus makela added a comment - 2024-08-05 06:13

To start off, I think the use of roles for MaxScale grants is a very smart idea and we definitely should do that. All supported versions of MariaDB and even MySQL/Percona support them and shipping an "installation SQL script" with MaxScale would be very simple.

As for having a parameter for SET ROLE, what's the benefit compared to just doing SET DEFAULT ROLE on the database itself?

markus makela added a comment - 2024-08-05 06:13 To start off, I think the use of roles for MaxScale grants is a very smart idea and we definitely should do that. All supported versions of MariaDB and even MySQL/Percona support them and shipping an "installation SQL script" with MaxScale would be very simple. As for having a parameter for SET ROLE , what's the benefit compared to just doing SET DEFAULT ROLE on the database itself?

Anders Karlsson added a comment - 2024-08-05 08:10

Using SET ROLE is useful as you might want to use different roles for
different purposes but with the same user, i.e. one role for monitoring,
one for authentication and one for replication. This is not critical but
a useful feature.

/Karlsson

Anders Karlsson added a comment - 2024-08-05 08:10 Using SET ROLE is useful as you might want to use different roles for different purposes but with the same user, i.e. one role for monitoring, one for authentication and one for replication. This is not critical but a useful feature. /Karlsson

People

Assignee:: Johan Wikman

Reporter:: Anders Karlsson

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 2024-07-26 12:52

Updated:: 2025-03-21 15:51

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.

MariaDB MaxScale