[MDEV-5210] Default role Created: 2013-10-30 Updated: 2015-05-18 Resolved: 2014-07-23 |
|
| Status: | Closed |
| Project: | MariaDB Server |
| Component/s: | None |
| Fix Version/s: | 10.1.1 |
| Type: | Task | Priority: | Major |
| Reporter: | Sergei Golubchik | Assignee: | Sergei Golubchik |
| Resolution: | Fixed | Votes: | 3 |
| Labels: | None | ||
| Issue Links: |
|
||||||||
| Description |
|
Syntax variants (which ones we'll do?):
When a default role is set, the server implicitly runs SET ROLE yyy for every new connection (or after a COM_CHANGE_USER for a user xxx). The default role is stored in a new column in the mysql.user table. |
| Comments |
| Comment by Joffrey MICHAIE (Inactive) [ 2014-03-25 ] | ||
|
Hi, Without Roles, when a normal user logs-in, all his rights are loaded, and visible in the SHOW GRANTS FOR CURRENT_USER(); With roles, a user may want to get ALL privileges from all his ROLES granted at connect time. What are your thoughts on this ? Regards, | ||
| Comment by Sergei Golubchik [ 2014-03-25 ] | ||
|
It would be very non-standard. According to the SQL standard one needs SET ROLE to be able to use role's privileges, and one can have at most one role set at any given point in time. To have all privileges from all roles one should — to stay within the SQL standard — create a new role, grant all other roles to it, and then SET this new role. | ||
| Comment by Elena Stepanova [ 2015-05-18 ] | ||
|
For a note, we ended up with the second variant of syntax:
|