Bug #15554 Allow wildcards for databases in table-level grants
Submitted: 7 Dec 2005 18:19 Modified: 12 Jun 2017 12:30
Reporter: Domas Mituzas Email Updates:
Status: Won't fix Impact on me:
None 
Category:MySQL Server: Security: Privileges Severity:S4 (Feature request)
Version: OS:Any
Assigned to: CPU Architecture:Any

[7 Dec 2005 18:19] Domas Mituzas 
Description:
In environments where databases are used as logical database partitions, GRANTs are more targetted at tables rather than databases. As it is common use practice, wildcard usage on db names for table-level-grants should be allowed and that would avoid overly complex huge ACL lists, that are often kept in linked lists anyway.

How to repeat:
-

Suggested fix:
Implement pattern matching for in-memory table-level grant list.
[22 Feb 2006 11:28] Valeriy Kravchuk 
Thank you for a reasonable feature request.
[6 Jun 2017 10:01] Georgi Kodinov 
Domas, 

Just curious: would you consider SQL roles as delivering to this need ? 
In more traditional databases you would grant access to multiple individual SQL objects to a role and then grant that role if you have the same needs.

You could even do that in a SQL stored program that operates on a cursor over I_S.tables for example.
[12 Jun 2017 12:30] MySQL Verification Team 
Hi!

A decision has been made that this feature request is not justified. There are several reasons for it , of which the most important one is that privileges can not be granted for future entities.

Another negative consequence of this feature request is that we would have a situation at every table access we would need to go check if the database level allows it in addition to checking the explicit grants.