← Back to team overview

maria-discuss team mailing list archive

Re: Proxy users in MariaDB?

 

Hi, Felipe!

On Apr 24, Felipe Gasper wrote:
> On 4/23/15 5:48 PM, Geoff Montee wrote:
> >
> > I'm not a big fan of this bit from the MySQL documentation:
> >
> > "When a single account has been granted proxy privileges on more than
> > one account, the server mapping is nondeterministic. Therefore,
> > granting proxy privileges on multiple accounts to a single account is
> > discouraged."
> >
> > Nondeterministic behavior can be pretty messy. Maybe improving the
> > role system to support more use cases would be better than going down
> > this route?
> 
> Agreed. It should fail, IMO, when you try to add a 2nd PROXY privilege 
> to the same user. Very strange design.

That's because they're abusing the PROXY privilege.

PROXY privilege is exactly that, a *privilege* - it allows a given user
to pretend that he's some other given user. What user should it be -
this is defined by a plugin. A plugin says "let's Alice be Bob for this
session". And DBMS checks whether Alice is allowed to be Bob. And,
naturally, there can be many proxies granted to the same user. Alice
might also be allowed to be Carol and Dave, but not Eve.

PROXY privilege was never supposed to be an *instruction* of what a user
will be. When you grant a SELECT privilege on a table to someone, this
someone doesn't get the table dumped out to him every time he connects,
does he? :) A privilege is not an instruction, it doesn't tell what to
do, only what you can do.

> > It would be nice to have the flexibility to allow roles to log in
> > (similar to how PostgreSQL roles can be defined with "WITH LOGIN" role
> > attributes), but I'm not sure if MariaDB will get that feature. Maybe
> > submit a feature request to our JIRA?
> 
> Done: https://mariadb.atlassian.net/browse/MDEV-8047
> 
> I’m not sure it’s filed in quite the best way (e.g., it didn’t let me 
> select “improvement” as the type)

You've done it correctly, the type "Task" is what it should be.

> I wonder what the perceived advantage was/is of keeping users and roles 
> as separate concepts.

I think that's what SQL standard says.

We've implemented roles in 10.0 looking into the standard and following it
almost up to the letter.

In 10.1 we've added an extension - default roles.
We can add another extention, that's surely possible.

Regards,
Sergei


References