Create an API that will revoke root user privileges.
Reddwarf already provides a way to enable root privilege. Similarly, we need a way to revoke it. This is useful for reddwarf support team to know whether the user had root privileges when something went wrong with a tenant instance.
The disable-root or revoke-root API will basically undo what create-root API does. This include removing grant privileges and changing the password for root.
There will also be an audit record entry in the enable_root_history add a timestamp of when root privileges was disabled
Blueprint information
- Status:
- Complete
- Approver:
- None
- Priority:
- Undefined
- Drafter:
- None
- Direction:
- Needs approval
- Assignee:
- Steve Leon
- Definition:
- Obsolete
- Series goal:
- None
- Implementation:
-
Unknown
- Milestone target:
-
next
- Started by
- Completed by
- Nikhil Manchanda
Related branches
Related bugs
Sprints
Whiteboard
Not sure if this is the right place for this post, but my concern with this is that it affects the support and user model for the database. In my mind, there are two basic usage models: managed and unmanaged. Managed users do not have root access, Unmanaged do. The problem with switching back and forth is that you can't audit what was done in Unmanaged mode & so cannot support the user who switches back to Managed from Unmanaged.
There might be a use case in here around debugging/
