Danny Stolle <[EMAIL PROTECTED]> writes: [...]
> 3. Create multiple user IDs for each role played by each user > (dannys_arch as an architect, dannys_dev as a developer). An interesting argument in favor of the much maligned "option 3" is that it allows users to select which of their privileges they want for a particular task. For example, even if you have developer privileges which allow you to delete tables, you may want to log in as "dannys_search" if you're testing a program or using a GUI frontend, to avoid accidentally damaging anything. I often use a technique like this when doing Web development; I'll create a "cust_select" for use in scripts that should only be reading the data, and a "cust_update" for scripts that should be updating. That way bugs in one script don't allow it to do too much damage. This is in general good security practice, much like only logging in as root when you need to. If you choose this route, I think you could manage it by maintaining your own tables with usernames and roles, then generating the actual MySQL user table. Your frontends could handle automatically appending the appropriate role. Even if you decide on a more traditional RBAC system, this still might be a useful technique. Good luck, ----ScottG. -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED]
