Danny, I would stay away from option 3 for exactly the example you provided. You have 1 user with 2 roles. What if you had 30 users with 2 roles? I would choose option 2 because I would only have to maintain 2 users in MySQL, not 60 as you would in option 3. For option 1, you would have 30 users, but then you would to give them the 'most permissible' privileges of the 2 roles.
What I don't know is why you need to have roles in the first place. Do you have a large number of users and a large number of roles? Kevin Struckhoff Customer Analytics Mgr. NewRoads West Office 818.253.3819 Fax 818.834.8843 [EMAIL PROTECTED] -----Original Message----- From: Danny Stolle [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 14, 2005 11:12 AM To: [EMAIL PROTECTED]; mysql@lists.mysql.com Subject: Re: discuss: user management Hi Kevin, yes it is a complex matter, i agree completely. but how would you plan this as a dba or the person involved on administrating MySql. For instance: You would choose option 2 as the preferable one. But what would you do if somebody would change its role or that the person would get other privileges? he will get a new or already created role userID, but would still be able to logon using the previous user id. why wouldn't you choose for the 3th option or 1st option? what disadvantages do you think would option 1 and 3 have? Best regards, Danny Stolle EmoeSoft, Netherlands Kevin Struckhoff wrote: > Danny, > > Although my experience with MySQL user management is limited to just > maintaining a handful of users, I find it rather overly-complex because > of the need to maintain a table of users and 'from where' they can have > access, and to what databases they can have access to. For example, I > just installed MySQL Administrator on my laptop and then I had to add > rows allowing me to access MySQL from my laptop. The ODBC connection > setup should suffice. For every instance of MySQL, you have to have an > entry in the user table for every user from every access point. Then > multiply that by the number of databases in each instance and you can > see that administration of the users can get out of hand. > > If I had to choose between the 3 methods listed below, I would choose #2 > if there was a large number of roles and users. I would definitely stay > away from option #3 no matter what. HTH. > > Kevin Struckhoff > Customer Analytics Mgr. > NewRoads West > > Office 818.253.3819 Fax 818.834.8843 > [EMAIL PROTECTED] > > > -----Original Message----- > From: Danny Stolle [mailto:[EMAIL PROTECTED] > Sent: Tuesday, June 14, 2005 10:08 AM > To: mysql@lists.mysql.com > Subject: [SPAM] - discuss: user management - Bayesian Filter detected > spam > > hi, > > i would like to discuss 'user management' in mysql. Working with Oracle > you can assign users to roles giving them privileges provided by that > role. MySql doesn't have Roles. I have read (Managing and Using MySql, > O'Reilly) 3 options on managing users having multiple roles in a MySql > environment: > 1. Giving the user a Single user ID and assign the privileges to that > user ID > 2. Create role-bases users and have different people share the same user > > ID for a given role. > 3. Create multiple user IDs for each role played by each user > (dannys_arch as an architect, dannys_dev as a developer). > > Which of these 3 options is the most preferable one or are there more > options which you can use. What are the advantages and disadvantages on > working with one of these 3 options? how do you handle hostnames when > working with random ip-addresses on your site. > > Or just plain simple (or stupid) what are your experiences on user > management in a MySql environment. > > Best regards, > > Danny Stolle > Netherlands > -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED]
