Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-8047

Make USERs a special case of ROLE

        Details

        • Type: Task
        • Status: Open
        • Priority: Major
        • Resolution: Unresolved
        • Fix Version/s: None
        • Component/s: Admin statements
        • Labels:
          None

          Description

          I am trying to have one user masquerade as another: grants, default owner/definer, etc.

          This is trivial to do in PostgreSQL because that DB treats “users” merely as “roles that can log in”.

          MariaDB’s implementation of ROLEs doesn’t allow this, though it seems a very useful feature. It’s kinda-sorta possible via MariaDB’s PAM auth plugin and perhaps a custom PAM plugin that would rewrite the username, but being able to do this with MariaDB’s native authentication would be most ideal.

            Gliffy Diagrams

              Attachments

                Activity

                Ascending order - Click to sort in descending order
                Hide
                Permalink
                GeoffMontee Geoff Montee added a comment -

                To give an explicit example, I think Felipe wants to do something like this:

                CREATE USER 'user1'@'%' IDENTIFIED BY 'somepassword';
CREATE USER 'user2'@'%' IDENTIFIED BY 'anotherpassword';
GRANT 'user2' TO 'user1'@'%';

                Then if user1 logs in, they can do this:

                SET ROLE user2;

                At the moment, users and roles are in entirely different namespaces, so this isn't currently possible.

                Show
                GeoffMontee Geoff Montee added a comment - To give an explicit example, I think Felipe wants to do something like this: CREATE USER 'user1'@'%' IDENTIFIED BY 'somepassword'; CREATE USER 'user2'@'%' IDENTIFIED BY 'anotherpassword'; GRANT 'user2' TO 'user1'@'%'; Then if user1 logs in, they can do this: SET ROLE user2; At the moment, users and roles are in entirely different namespaces, so this isn't currently possible.
                Hide
                Permalink
                fgasper Felipe Gasper added a comment -

                ^^ Yes, this. Thank you, @Geoff!

                Show
                fgasper Felipe Gasper added a comment - ^^ Yes, this. Thank you, @Geoff!

                  People

                  • Assignee:
                    Unassigned
                    Reporter:
                    fgasper Felipe Gasper
                  • Votes:
                    0 Vote for this issue
                    Watchers:
                    4 Start watching this issue

                    Dates

                    • Created:
                      Updated: