OSAUTH Privilege
This page is part of MariaDB's Documentation.
The parent of this page is: Privileges for MariaDB Xpand
Topics on this page:
Overview
Grants the ability for the user to be authenticated by the OS.
This allows a SQL user to log in without a password as long as they have been authenticated as the corresponding OS user.
USAGE
With MariaDB Xpand, the OSAUTH
privilege can be granted using the GRANT
statement:
GRANT OSAUTH ON *.* to 'xpand'@'localhost';
DETAILS
Scope: Global
Privilege name for
GRANT
:OSAUTH
Privilege name for
REVOKE
:OSAUTH
Privilege shown by
SHOW GRANTS
:OSAUTH
MariaDB Xpand provides the OSAUTH
privilege to configure a database user account to be authenticated by the operating system. When a database user account has the OSAUTH
privilege, they can log into Xpand without a password as long as they have been authenticated as the corresponding OS user.
The OSAUTH
privilege is granted to certain default user accounts:
The database management user (
xpandm
) is granted theOSAUTH
privilege to allowclx
to be executed without a passwordThe database daemon user (
xpand
) is granted theOSAUTH
privilege to allowstatd
and Xpand GUI to be used without a password
EXAMPLES
GRANT
The following examples demonstrate grant of a single privilege. A single GRANT
statement can grant multiple privileges at the same scope by providing a comma-separated list of the privileges.
To grant the OSAUTH
privilege at global scope, replace the user specification ('USERNAME'@'HOSTNAME'
) in the following query to align to your requirements:
GRANT OSAUTH
ON *.*
TO 'USERNAME'@'HOSTNAME';
REVOKE
The following examples demonstrate revoke of a single previously-granted privilege. A single REVOKE
statement can revoke multiple privileges at the same scope by providing a comma-separated list of the privileges.
To revoke the OSAUTH
privilege at global scope, replace the user specification ('USERNAME'@'HOSTNAME'
) in the following query to align to your requirements:
REVOKE OSAUTH
ON *.*
FROM 'USERNAME'@'HOSTNAME';
SHOW Output
A user's privileges can be displayed using the SHOW GRANTS
statement.
If the OSAUTH
privilege is present, it will be shown as OSAUTH
in the output. For example:
SHOW GRANTS FOR 'app_user'@'192.0.2.%';
+-----------------------------------------------+
| Grants for app_user@192.0.2.% |
+-----------------------------------------------+
| GRANT OSAUTH ON *.* TO 'app_user'@'192.0.2.%' |
+-----------------------------------------------+
Privilege Failure
The OSAUTH
privilege results in no failures since it is used for authentication.