Partial revokes with MariaDB

mariadb

I want to use MySQL partial revokes in MariaDB, but there does not seem to be any reference of it in the docs, so is there are workaround?

I grant user foo privileges on *.*, and I want to partially revoke its permission to select column password on table users - how can I do this?

CREATE USER 'foo'@'%' IDENTIFIED BY 'password';
GRANT SELECT, INSERT, DELETE, UPDATE ON *.* TO 'foo'@'%';
REVOKE SELECT (password) ON production.users FROM 'foo'@'%';

Such thing results in:

ERROR 1147 (42000): There is no such grant defined for user 'foo' on host '%' on table 'user'

Version: 10.3.31-MariaDB-0+deb10u1-log

Perhaps I could do something like this easily with roles? If so, can you give examples to do so?


Solution 1:

MDEV-14443 negative grants is actively being worked on so hopefully 10.9.

At the moment creating the grants excluding your password is one option.

The other is putting the password (by which I hope you mean a uniquely salted hash or KDF) in a different table.

Related

static_assert unexpected behavior
get the last modification data of a file in git repo
Can't change border radius of text-field variant=filled in Material-ui-core
kotlin OffsetDateTime format of pattern
Syntax issue with my for loop and while loop keeps repeating infinitely (python)
Is there a semantic difference between toExternalForm and toString on java.net.URL?
Conditionally replace matching values from one data.frame to values in another data.frame
How can I prevent caching when loading javascript with document.createElement('script')?
Trying to understand the differences across these promises and setTimeouts [duplicate]
Flatten parts of list
How to compare a user set variable in MySQL?
How to get the device's IMEI/ESN programmatically in android?