[MDEV-31689] Add privileges to catalogs Created: 2023-07-15  Updated: 2023-12-22

Status: Stalled
Project: MariaDB Server
Component/s: Server
Fix Version/s: 11.5

Type: Task Priority: Major
Reporter: Michael Widenius Assignee: Vicențiu Ciorbaru
Resolution: Unresolved Votes: 0
Labels: None

Issue Links:
PartOf
is part of MDEV-31542 Add multi-tenancy catalogs to MariaDB Stalled

 Description   

Add users and privileges to each catalog.
The super user of the 'def'' catalog is granted the CATALOG privilege that allows one to
change catalog with 'use catalog catalog_name'

When running with catalogs, the 'def' users are the only one that can get the following privileges:
CATALOG_ACL |
SHUTDOWN_ACL |
CREATE_TABLESPACE_ACL |
REPL_SLAVE_ACL |
BINLOG_MONITOR_ACL |
BINLOG_REPLAY_ACL |
BINLOG_MONITOR_ACL |
CONNECTION_ADMIN_ACL |
REPL_SLAVE_ADMIN_ACL |
BINLOG_ADMIN_ACL |
BINLOG_REPLAY_ACL |
SLAVE_MONITOR_ACL |
BINLOG_MONITOR_ACL |
REPL_MASTER_ADMIN_ACL;

Things to do :

  • Privileges globals should be stored in catalog
  • acl_init() should be run for all catalogs (as part of catalog->late_init())
  • grant_init() should be run for all catalogs
  • acl_reload() should only be run for current catalog
  • In case of SIGHUP it should be run for all initialized catalogs
    see reload_acl_and_cache() and late_init_all_catalogs()

 Comments   
Comment by JiraAutomate [ 2023-12-17 ]

Automated message:
----------------------------
Since this issue has not been updated since 6 weeks, it's time to move it back to Stalled.

Generated at Thu Feb 08 10:25:44 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.