Use the minimum privileges needed

Fixes #291
cashapp · Jun 25, 2024 · 44e3dcb · 44e3dcb
1 parent a080ca8
commit 44e3dcb
Showing 1 changed file with 8 additions and 8 deletions.
diff --git a/compose/bootstrap.sql b/compose/bootstrap.sql
@@ -1,18 +1,18 @@
 use mysql;
 
-create role if not exists R_DO_IT_ALL;
-grant all on *.* to R_DO_IT_ALL;
-create user if not exists msandbox@'%' identified with caching_sha2_password by 'msandbox';
-
-grant R_DO_IT_ALL to msandbox@'%' ;
-set default role R_DO_IT_ALL to msandbox@'%';
-
-
+create role if not exists R_MIGRATOR;
+grant alter, create, delete, drop, index, insert, lock tables, select, trigger, update on *.* to R_MIGRATOR;
 create role if not exists R_REPLICATION;
 grant REPLICATION SLAVE, REPLICATION CLIENT on *.* to R_REPLICATION;
 create role if not exists R_THROTTLER;
 grant SELECT on performance_schema.replication_applier_status_by_worker to R_THROTTLER;
 grant SELECT on performance_schema.replication_connection_status to R_THROTTLER;
+
+
+create user if not exists msandbox@'%' identified with caching_sha2_password by 'msandbox';
+grant R_MIGRATOR, R_REPLICATION to msandbox@'%' ;
+set default role R_MIGRATOR, R_REPLICATION to msandbox@'%';
+
 create user if not exists rsandbox@'%' identified with caching_sha2_password by 'rsandbox';
 grant R_REPLICATION, R_THROTTLER to rsandbox@'%';
 set default role R_REPLICATION, R_THROTTLER to rsandbox@'%';