"Fossies" - the Fresh Open Source Software Archive

Member "drizzle-7.1.36-stable/docs/administration/authorization.rst" (6 May 2012, 1567 Bytes) of package /linux/misc/old/drizzle-7.1.36-stable.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format (assuming markdown format). Alternatively you can here view or download the uninterpreted source code file. A member file download can also be achieved by clicking within a package contents listing on the according byte size field.

Authorization

Authorization is finding out if the person, once identified, is permitted to have the resource.1

Drizzle authorization is handled by plugins. There is no single source where users or access rights are defined, such as a system user table, but each auhtorization plugin will use different sources to define or store access rights. By default no authorization plugin is loaded, this means that any logged in user is authorized to access all database objects and do anything he wants (everyone is super user).

The following authorization plugins are included with Drizzle:

Limitations

At the moment there doesn't exist a plugin which would implement anything resembling the traditional SQL standard GRANT and REVOKE type of authorization. You are invited to share your opinion on whether that level of authorization control is necessary in a modern database.

Note that at the moment there also is no plugin that would distinguish between read and write operations, rather access is always granted to schemas and tables in an all or nothing fashion.


Footnotes


  1. Authentication, Authorization, and Access Control↩︎