security-hardening
Installation
SKILL.md
Security Hardening
RBAC (Role-Based Access Control)
- Create roles:
CREATE ROLE analyst - Grant permissions:
GRANT SELECT ON db.* TO analyst - Assign to users:
GRANT analyst TO user1 - Hierarchical: roles can inherit from other roles
- Check grants:
SHOW GRANTS FOR user1 - Inspect user:
SHOW CREATE USER username - Password rotation:
ALTER USER username IDENTIFIED BY 'new_password'
Row Policies
- Restrict row access per user:
CREATE ROW POLICY p ON db.table FOR SELECT USING tenant_id = currentUser() - Policies are AND-ed together
- Use for multi-tenant data isolation
- Check policies:
system.row_policies