Hello,

First of all, thank you for creating Kamaji. We're going to use it internally to manage k8s control planes.

Description

Currently, Kamaji grants MySQL/PostgreSQL tenants' users ALL PRIVILEGES on the database, which is broader than necessary for application functionality. This issue proposes narrowing the scope of granted privileges to follow the principle of least privilege.
We tested tenants with reduced privileges on MySQL database and they work fine.

Proposed Change

Update the privilege grant statement in internal/datastore/mysql.go from:

GRANT ALL PRIVILEGES ON `%s`.* TO `%s`@`%%`

to:

GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, ALTER ON `%s`.* TO `%s`@`%%`

Rationale

• Improves security by limiting what the application can do in the database.
• Prevents accidental or malicious use of sensitive operations like DROP, GRANT, or FILE.
• Aligns with security best practices.