add the ability to create a restricted root account
There has been a request to enable a root user through the API that has limited privileges.
Blueprint information
- Status:
- Complete
- Approver:
- Vipul Sabhaya
- Priority:
- Medium
- Drafter:
- Dan Nguyen
- Direction:
- Approved
- Assignee:
- Dan Nguyen
- Definition:
- Approved
- Series goal:
- Accepted for grizzly
- Implementation:
- Implemented
- Milestone target:
- None
- Started by
- Dan Nguyen
- Completed by
- Dan Nguyen
Related branches
Related bugs
Sprints
Whiteboard
Proposed changes.
Notes:
----------
The reddwarf-
root_grant=SELECT, CREATE, UPDATE, DELETE, ALTER, CREATE VIEW ....
If this property is not present the code should default to the original permissions which GRANTS ALL PRIVILGES ...
Concerns:
--------------
We know that the custom GRANT statement will not accommodate everyone.
This is part of the reason for abstracting it out to a config file.
See MySQL Privelages: http://
Design
----------
We will not put the GRANT sql statement directly in the property file.
The property file will just contain a list of privileges that we will build the GRANT statement from.
(i.e. root_grant = CREATE, DELETE, UPDATE ....)
Privileges for restricted root account
-------
Grants for root@%:
GRANT SELECT,
INSERT,
UPDATE,
DELETE,
CREATE,
DROP,
PROCESS,
REFERENCES,
INDEX,
ALTER,
SHOW DATABASES,
CREATE TEMPORARY TABLES,
LOCK TABLES,
EXECUTE,
CREATE VIEW,
SHOW VIEW,
CREATE ROUTINE,
ALTER ROUTINE,
CREATE USER,
EVENT,
TRIGGER
ON *.* TO 'root'@'%'
IDENTIFIED BY PASSWORD '*8E32602BD1C87
Gerrit topic: https:/
Addressed by: https:/
Implement alternate root privileges
Addressed by: https:/
Implement alternate root privileges
Work Items
Dependency tree
* Blueprints in grey have been implemented.