MariaDB Beyond Basics: Unlocking Granular Permissions with Partial Revokes
Here's a summary of the key points:
- Grants fine-grained control over user permissions.
- Requires enabling
partial_revokes
. - Works only on schema-level privileges.
- Wildcards need escaping.
Initial Grant:
GRANT SELECT ON sales.* TO 'username';
This grants the user username
the SELECT
privilege on all tables within the sales
schema.
Partial Revoke (Prevent Insert and Update):
REVOKE INSERT, UPDATE ON sales.* FROM 'username';
This removes the INSERT
and UPDATE
privileges for the user on all tables within sales
. The user can still select data using SELECT
.
Important Note: Remember to enable partial revokes before using them:
SET PERSIST partial_revokes=ON;
mariadb