maria-discuss team mailing list archive

[Sergei Golubchik <serg@xxxxxxxxxxx>]

Hi, Tanstaafl!

On Mar 09, Tanstaafl wrote:
> 
> So, as things stand now, I'm going to have to manually add every
> single individual userid to every single resource they will need to
> have access too, rather than just doing this with groups.

This is what SQL standard roles were designed to solve.
We have implemented roles in 10.0.
You create roles instead of groups, and grant these roles to users.

One of the drawbacks - when a connection is established, one needs to do
"SET ROLE" to be able to use role's privileges. But one can work around
it using --init-connect. For example, with something like this:

select concat("set role ", role_name) into @a from information_schema.applicable_roles where grantee = current_user limit 1;
prepare s from @a;
execute s;

This will be fixed properly when we implement default roles (which is a
non-standard feature), but it didn't make it into 10.0 version.

Regards,
Sergei