MySQL Forums
Forum List  »  Security

Re: User Roles
Posted by: Georgi Kodinov
Date: April 08, 2020 09:37AM

This bug is about a bit of a different thing: it's about mixed case being used for function grants and not taken into account when roles are used.

Otherwise you're correct that in mysql the privilege model is not fine-grained enough to give you access to the text of a specific stored program.
You either get access to the text for all of them residing in a database or none.

Basically the usual MySQL App security model is such that you typically grant each user all access to all objects into a "database" (or what you'd call a schema). This is a bit faster to enforce since you don't have to check grants for every individual access and thus people prefer doing it this way.

This also explains why the stored program text visibility is at database level atm.
Note that we also do not have the concept of "owner" of a schema object (like some other databases do). E.g. if you have CREATE on a database this doesn't mean automatically that, once you create a table you can insert or even select from it.
So please read https://dev.mysql.com/doc/refman/8.0/en/security.html and familiarize yourself with the concepts into it. They are slightly different compared to other databases.

This said what you've experienced is a valid feature request that you may want to file (or vote for) in bugs.mysql.com.

Georgi "Joro" Kodinov
MySQL SrvGen team lead
Plovdiv, Bulgaria

Options: ReplyQuote


Subject
Views
Written By
Posted
850
February 24, 2020 03:03PM
510
February 24, 2020 03:08PM
538
February 28, 2020 08:10AM
Re: User Roles
556
April 08, 2020 09:37AM


Sorry, you can't reply to this topic. It has been closed.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.