If you create a stored procedure/function, it takes the privileges of the logged in user. If you want to change this, the user needs SUPER privileges and we don't want that...
But as the SSO is another username every time it's used, you'll soon end up with a mess where SSO users can't change procedures because the sso user doesnt exist anymore, the original db user is unable to change the procedures made by SSO user because he has no SUPER privs and the only way to fix this is to give a user super privs of crud privs on the mysql.proc table... and you don't want that either in a shared environment.
So a 'reset func/procedure' permissions option in da, using a sufficiently privileged user to update the 'definer' field in mysql.proc with a selected database user would be a nice to have feature.
Or am I doing things wrong?
@smtalk
@scriptkitty
But as the SSO is another username every time it's used, you'll soon end up with a mess where SSO users can't change procedures because the sso user doesnt exist anymore, the original db user is unable to change the procedures made by SSO user because he has no SUPER privs and the only way to fix this is to give a user super privs of crud privs on the mysql.proc table... and you don't want that either in a shared environment.
So a 'reset func/procedure' permissions option in da, using a sufficiently privileged user to update the 'definer' field in mysql.proc with a selected database user would be a nice to have feature.
Or am I doing things wrong?
@smtalk
@scriptkitty
