cancel
Showing results for 
Search instead for 
Did you mean: 

MySQL grant for additional users

N/A

MySQL grant for additional users

I would like to create specific users in MySQL so that the user for an application only has the required level of access for specific tables/columns etc:

GRANT USAGE on mydb.* to newuser identified by password '1234';
GRANT SELECT on mydb.table1 to newuser;

should i be able to do this, or do i need to submit a request to get it done?
5 REPLIES
N/A

MySQL grant for additional users

An interesting question, but unfortunately not one I imagine most people on this board (including myself) have needed to address, since we deal with just a single user, and everything on the database is done under that user-ID.

As far as I'm aware, it's a full implementation of MySQL which is provided by Force9, so the SQL you've indicated should certainly be understood. The proof of the pudding is in the eating, as they say!

This doesn't help you, I know, but I think a number of people would be interested to know why you're trying to do this, and how the multiple users fit in to your system. Is there any connection, for example, with the "Services Manager" tool on the Account details page which allows "teams" and "users" to be managed? I've never understood what it's all about, and assumed it was primarily a feature related to business accounts.
N/A

MySQL grant for additional users

I dont see any such tool on the account details page, and i don't think my question is related to that (whatever it may be).

I use the db for several purposes, and I would like to use a different MySQL user for each application (with only the relevant permissions "granted" to each one).

I've seen nothing that would suggest the implementation of MySQL is anything other than complete, however I was unable to create a new user in MySQL as it seems the user provided by default does not have "with grant" permission.

As an example:

An application (php) which accesses a single table in the database and only requires to read data from the table. In this case a specific user for that application could be set up with only SELECT permission for that one table - thus ensuring the integrity and security of the whole of the database.

Doing this does not mean the creation of a user who can log in to any other Force9 service, the user is only relevant to the connection to the MySQL service.

Hopefully that explains it a little better
N/A

MySQL grant for additional users

Thanks for that. Yes, it does make it absolutely clear how you're intending to use this, and I can see the sense in it.

Most people, of course, rely on "well-behaved applications" to limit what users can do rather than the security features built in to the database management system. It will be interesting to find out if Force9 will permit you to adopt a different security model, but it seems if you want to use it, you're going to have to request it.

I think my guess is your request will be turned down, but you might be pleasantly surprised.

You could put it forward as a suggestion, as it would be beneficial to customers in allowing us to impose a higher level of security on our system.
N/A

MySQL grant for additional users

Just to keep you up to date, I asked Force9 about this. Their initial reply was:
"Sorry we are unable to provide this".

Hardly informative, so I've asked for an explanation - since technically it IS possible to provide it.
N/A

MySQL grant for additional users

That would enable you to create a user on the mySQL Platform - this is not likely to be provided. Say, for example, you create a new user on the mySQL platform, and someon registered that username as an account and activated mysql... now whats going to happen?