Nov 07, 2018
 Percona Live Open Source Database Conference Europe 2018
  Vicentiu Ciorbaru

MariaDB 10.4 Reverse Privileges (DENY)

How do you exclude one table access from a database with too many tables? In previous versions of MariaDB and MySQL, you have to specifically grant access to all other tables individually. This does not scale, especially if tables are created and dropped frequently.

Reverse privileges solve this problem and many other use cases. With just one SQL statement you can ensure a user can never access a resource, regardless which roles or other privileges are granted to it.

Reverse privileges do not work in a vacuum, so we will start with a broad view of the full privilege system, before diving into the specifics of denying access to resources.



About the Author

Vicentiu Ciorbaru

Vicentiu works at the MariaDB Foundation as a Software Engineer. He focuses on Optimizer development, but has also worked on other parts of the MariaDB Server. Notable projects include: Window Functions in MariaDB Custom Aggregate Functions in MariaDB Roles in MariaDB