RFC: SQL privileges #2054
RFC: SQL privileges #2054
Conversation
mberhault
force-pushed
the
marc/RFC_sql_privileges
branch
from
6f3c7cd to
a4f294b
Compare
| ### Cockroach | ||
|
|
||
| * the `root` user has default `ALL` privileges on all new databases. It is also the only | ||
| user allowd to create databases. |
|
Looks good, just needs a few adjustments based on comments. |
|
LGTM, this seems simple enough to build and useful for users. |
|
|
||
| Postgres and mysql both have global user tables. We do not require users | ||
| to be in the user config, only to be properly authenticated. This means | ||
| that we cannot have user-defined super users. |
There was a problem hiding this comment.
For completeness: we could make it an attribute of the certificate. Although I guess that is more or less equivalent to simply granting multiple certificates for user root.
There was a problem hiding this comment.
I think we will ultimately want a "users" table or config. We sort of have one, but it's only for the website login, it's not required. The major reason not to have it right now it performance (it's yet another lookup), but we'll need a story for privileges, accounting, and zones other than storing them all in the descriptor. At that point, the users config can follow and become required.
|
LGTM |
|
if there are no further objections, I'll merge this later today. |
|
👍 |
| | Privilege | Level | | ||
| |-----------|-----------| | ||
| | ALL | DB, Table | | ||
| | CREATE | DB | |
There was a problem hiding this comment.
what about CREATE Table?
There was a problem hiding this comment.
this is the level at which the permission is stored, not what they're used for.
CREATE TABLE is documented further down, it requires CREATE at the database level.
CREATE DATABASE requires the root user.
|
LGTM |
mberhault
force-pushed
the
marc/RFC_sql_privileges
branch
from
bda0356 to
7db375b
Compare
|
status changed to in-progress and merging. |
No description provided.