Re: Directory/File Access Permissions for COPY and Generic File Access Functions

On 10/27/14 7:36 PM, Stephen Frost wrote:
> MySQL:
> http://dev.mysql.com/doc/refman/5.1/en/privileges-provided.html#priv_file
>
> (note they provide a way to limit access also, via secure_file_priv)

They have a single privilege to allow the user to read or write any
file. I think that feature could be useful.

> Oracle:
> http://docs.oracle.com/cd/B19306_01/server.102/b14200/statements_5007.htm
> http://docs.oracle.com/cd/B19306_01/server.102/b14200/statements_9013.htm#i2125999

From the description, that CREATE DIRECTORY command looks to me more
like a tablespace, or a general BLOB space, that you reference by object
name, not by file name.

> SQL Server:
> http://msdn.microsoft.com/en-us/library/ms175915.aspx
> (Note: they can actually run as the user connected instead of the SQL DB
> server, if Windows authentication is used, which is basically doing
> Kerberos proxying unless I'm mistaken; it's unclear how the security is
> maintained if it's a SQL server logon user..).

That could be useful. ;-) But it's not actually the same as the feature
proposed here.

> DB2:
> http://www-01.ibm.com/support/knowledgecenter/SSEPGG_9.7.0/com.ibm.db2.luw.admin.dm.doc/doc/c0004589.html?cp=SSEPGG_9.7.0

That's also more like the single capability system that MySQL has.

So while this is interesting food for thought, I don't think this really
supports that claim that other systems have a facility very much like
the proposed one.