Minimal SQL database privileges

[baldurmen]

Hi!

Like a lot of people, I installed Kanboard granting all privileges to the database to my kanboard user:

GRANT ALL PRIVILEGES ON kanboard.* TO 'username'@'localhost' IDENTIFIED BY 'password';

I was wondering what are the true minimal SQL privileges Kanboard needs to run normally.

I don't normally like to grant all privileges for security reasons and would really appreciate it if you could publish a minimal SQL database privileges list.

I guess I'm expecting something like Drupal does.

  GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER, CREATE TEMPORARY TABLES ON databasename.* TO 'username'@'localhost' IDENTIFIED BY 'password';

At the database level, MySQL/MariaDB supports:

• ALTER
• CREATE
• CREATE ROUTINE
• CREATE TEMPORARY TABLES
• CREATE VIEW
• DELETE
• DELETE HISTORY
• DROP
• EVENT
• INDEX
• INSERT
• LOCK TABLES
• REFERENCES
• SELECT
• SHOW VIEW
• TRIGGER
• UPDATE

Does Kanboard really need database level privileges like EVENT or CREATE ROUTINE? If not, why should I grant them?

I understand that different plugins may require different privileges and that you don't have control on that. I'm thus only asking for the minimal required privileges for Kanboard itself - minus all plugins - to work correctly.

[fguillot]

Only these ones should be necessary:

• ALTER
• CREATE
• DELETE
• DROP
• INDEX
• INSERT
• REFERENCES
• SELECT
• UPDATE

Basically, you need to be able to run SQL migrations and perform CRUD operations.