Make grant privileges mutable #1326
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
433551d to
00fd796
Compare
mmontes11
requested changes
Jul 14, 2025
There was a problem hiding this comment.
Thanks for raising this @hedgieinsocks ! Useful feature that users have mentioned long time ago.
I think we should track the existing privileges in the status and revoke them more granularly, as you suggested. Left a couple of observations in the implementation.
Related to #1176.
75b3d15 to
c22205f
Compare
mmontes11
requested changes
Jul 15, 2025
4492d8f to
978191e
Compare
mmontes11
reviewed
Jul 15, 2025
978191e to
a4b910e
Compare
mmontes11
approved these changes
Jul 15, 2025
This was referenced Jul 18, 2025
Merged
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Since MariaDB does not yet support https://jira.mariadb.org/browse/MDEV-17476 we need another way to limit disk usage abusers, e.g. to edit grant permissions on the fly to allow only selecting until the abuser agrees to take action.
However, since privileges are immutable, one will have to delete the grant resource. And if the grant resource is controlled by a custom operator, then uh-oh bad luck.
Luckily, it seems we can easily track last applied privileges in the status, and revoke the ones that are no longer present in the spec declaration.
I revoke only those privileges that are no longer needed. But we can make it simpler if need be and blindly remove the whole set, the ones we still need will be reapplied anyway the next moment.
Or we can refactor revoke sql completely and like mentioned in #1176 just run
REVOKE ALL PRIVILEGES, GRANT OPTION FROM user;to nuke it.