For table ACLs, delete statements are currently grouped into the WRITER role.
Some environments may find idea of mysql rows being removed by OLTP traffic or ordinary batch jobs scary, with a preference instead of having people soft-delete rows by marking them as deleted until a few days or weeks later a garbage collector job does the actual hard deleting.
Seems like delete and update share plan types and there's a map of plan types to what tableacl role they require, so I'll need to poke a little more to see what might be a good way to support this.
Longer term, it would also be awesome to support MySQL 8 roles or something like them in vitess so that people with permission to do so could selectively activate and deactivate powers like the power to delete rows within a single session as a single user.
For table ACLs,
delete
statements are currently grouped into theWRITER
role.Some environments may find idea of mysql rows being removed by OLTP traffic or ordinary batch jobs scary, with a preference instead of having people soft-delete rows by marking them as deleted until a few days or weeks later a garbage collector job does the actual hard deleting.
Seems like
delete
andupdate
share plan types and there's a map of plan types to what tableacl role they require, so I'll need to poke a little more to see what might be a good way to support this.Longer term, it would also be awesome to support MySQL 8 roles or something like them in vitess so that people with permission to do so could selectively activate and deactivate powers like the power to delete rows within a single session as a single user.