[#MDEV-14444] Support Role based access control for MariaDB privilege system

[MDEV-14444] Support Role based access control for MariaDB privilege system Created: 2017-11-20 Updated: 2018-02-07 Resolved: 2018-02-07
Status:	Closed
Project:	MariaDB Server
Component/s:	Authentication and Privilege System
Fix Version/s:	10.0.6

Type:

Task

Priority:

Major

Reporter:

Hanzhi (Inactive)

Assignee:

Unassigned

Resolution:

Fixed

Votes:

Labels:

None

Issue Links:

Duplicate
is duplicated by	~~MDEV-4397~~	Roles	Closed

Description

MariaDB privilege system grants all privilges directly to super user, which will cause unrecoverable issues by accident. For example:
1. User with super privilege can revoke super from himself. This can cause no user to perform operations like "set global variables", etc. Such issue also applies for other privileges.
2. If a user with cooresponding privileges happens to delete mysql database by accident, the server will fail to start up after restart.

A proper solution is to introduce role based access control for MariaDB privilege system. Only users assigned with certain roles can perform corresponding operation which super user can do the assignment.

Comments

Comment by Vladislav Vaintroub [ 2017-11-20 ]

We do have role based access control, since 10.0 . Is there any functionality missing there?
https://mariadb.com/kb/en/library/roles_overview/

Generated at Thu Feb 08 08:13:36 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.

[MDEV-14444] Support Role based access control for MariaDB privilege system Created: 2017-11-20 Updated: 2018-02-07 Resolved: 2018-02-07