Bug #31426 Privileges for UDFs
Submitted: 5 Oct 2007 19:53 Modified: 9 Oct 2007 10:16
Reporter: Roland Bouman Email Updates:
Status: Verified Impact on me:
None 
Category:MySQL Server: Security: Privileges Severity:S4 (Feature request)
Version: OS:Any
Assigned to: CPU Architecture:Any
Triage: Triaged: D5 (Feature request)

[5 Oct 2007 19:53] Roland Bouman
Description:
UDFs are a great extension. However, the absence of the ability to restrict execution to only particular users severely limits their usability in production systems, especially if they are shared among many users. 

I can come up with many examples of UDFs that would provide application developers and DBAs with a powerful tool to perform ETL, do RPC, send email, export data, ftp exports and whatnot that are plain evil if accessible to the ordinary users. 

If only these UDFs could be privileged like stored SQL functions, then they could be wrapped in 'safe' procedures that are defined as DEFINER but for which EXECUTE has been granted to ordinary users. 

How to repeat:
NA

Suggested fix:
Please implement same privileges for UDFs as for SQL stored functions
[9 Oct 2007 10:16] Valeriy Kravchuk
Thank you for a reasonable feature request.