[MDEV-15491] Allow wildcards in table names of GRANT statement Created: 2018-03-06 Updated: 2018-03-07 |
|
| Status: | Stalled |
| Project: | MariaDB Server |
| Component/s: | Authentication and Privilege System |
| Fix Version/s: | N/A |
| Type: | Task | Priority: | Minor |
| Reporter: | Robert Scheck | Assignee: | Unassigned |
| Resolution: | Unresolved | Votes: | 0 |
| Labels: | None | ||
| Issue Links: |
|
||||||||
| Description |
|
I would like to be able to run something like this:
Sometimes it's not enough to grant on a per database level. There are situations where I would like to be able to forbid creating or dropping a database, but allowing creating or dropping tables inside a database - which currently is not possible. Idea was to not grant create and drop privileges on database level but to grant them on table level using a wildcard (similar like it is possible for databases). Actually above command does not lead to a syntax error but "works", while it silently "upgrades" the desired table permission to a database one, example:
Honestly, I would treat the silent upgrade from table to database level permission as an unexpected privilege escalation. If wildcards are not supported for table names, this should lead to an error simply. |
| Comments |
| Comment by Elena Stepanova [ 2018-03-07 ] |
|
We already have it filed as MDEV-13398. You can pitch in there. |
| Comment by Robert Scheck [ 2018-03-07 ] |
|
Is that really a duplicate? MDEV-13398 does not care about missing wildcard support in table names for GRANT, but about the syntax issue. |
| Comment by Elena Stepanova [ 2018-03-07 ] |
|
As you wish. |