Create an API that will revoke root user privileges.

Registered by Steve Leon on 2013-01-29

Reddwarf already provides a way to enable root privilege. Similarly, we need a way to revoke it. This is useful for reddwarf support team to know whether the user had root privileges when something went wrong with a tenant instance.

The disable-root or revoke-root API will basically undo what create-root API does. This include removing grant privileges and changing the password for root.

There will also be an audit record entry in the enable_root_history add a timestamp of when root privileges was disabled

Blueprint information

Status:
Complete
Approver:
None
Priority:
Undefined
Drafter:
None
Direction:
Needs approval
Assignee:
Steve Leon
Definition:
Obsolete
Series goal:
None
Implementation:
Unknown
Milestone target:
milestone icon next
Completed by
Nikhil Manchanda on 2014-12-08

Related branches

Sprints

Whiteboard

Not sure if this is the right place for this post, but my concern with this is that it affects the support and user model for the database. In my mind, there are two basic usage models: managed and unmanaged. Managed users do not have root access, Unmanaged do. The problem with switching back and forth is that you can't audit what was done in Unmanaged mode & so cannot support the user who switches back to Managed from Unmanaged.

There might be a use case in here around debugging/troubleshooting, in which case maybe there's a need for a different type of user than root. maybe one with limited write access but more extensive ability to view & troubleshoot.

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.