Use specific privileges when creating admin

Using the ALL shorthand can cause problems when not all privileges are available to the user.
For example, AWS RDS MariaDB/MySQL will not grant the initial user account on an instance the SUPER privilege.
While the user account is still valid for pretty much any task on the DB instance, it can not use the ALL shorthand when granting privileges to new users.
By supplying a specific set of privileges, we work around this limitation without sacrificing functionality.

Closes #16139

Signed-off-by: Oliver Salzburg <oliver.salzburg@gmail.com>
This commit is contained in:
Oliver Salzburg 2019-07-01 19:55:33 +02:00
parent 84a1712d99
commit 392a4dd68a
No known key found for this signature in database
GPG key ID: 5933A7DE5826006B

View file

@ -79,7 +79,7 @@ class MySQL extends AbstractDatabase {
try {
//this query will fail if there aren't the right permissions, ignore the error
$query="GRANT ALL PRIVILEGES ON `$name` . * TO '$user'";
$query="GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, REFERENCES, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, EVENT, TRIGGER ON `$name` . * TO '$user'";
$connection->executeUpdate($query);
} catch (\Exception $ex) {
$this->logger->logException($ex, [