RE: Users and Groups
Date: Wed, 4 Mar 2015 14:04:55 +0100 From: vegiv...@tuxera.be To: lu...@lambrate.inaf.it CC: mysql@lists.mysql.com Subject: Re: Users and Groups That reminds me, this may be of interest: http://www.percona.com/blog/2015/03/02/emulating-roles-percona-pam-plugin-proxy-users/ MGtrès bon johann ! - Original Message - From: Lucio Chiappetti lu...@lambrate.inaf.it To: MySql mysql@lists.mysql.com Sent: Wednesday, 4 March, 2015 12:39:01 Subject: Re: Users and Groups When several years ago a colleague here set up the user interface for an astronomical database (originally using servlets now with Tomcat, and anyhow accessing mysql in JDBC) he considered the internal mysql privilege system, and for some reasons decided not to use it. He wrote an additional layer inside our java front end. We have workspaces, each workspace can access a number of advertised tables, and view advertised columns (but other columns remain accessible if called by name). Users belong to one (or more workspaces) and specify it when logging in our system. All workspaces have readonly access (we do not consider user-writable tables). Our java engine communicates with mysql as a single user. This way we do not have to care about granting access to the mysql server to external hosts. Anyhow I presume that playing around with the grants and privileges tables, one could find a way to write a template set of privileges for a typical user and replicate it for all users of same logical group -- Lucio Chiappetti - INAF/IASF - via Bassini 15 - I-20133 Milano (Italy) For more info : http://www.iasf-milano.inaf.it/~lucio/personal.html Do not like Firefox =29 ? Get Pale Moon ! http://www.palemoon.org -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/mysql -- Unhappiness is discouraged and will be corrected with kitten pictures. -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/mysql
Re: Users and Groups
On Sun, 1 Mar 2015, Reindl Harald wrote: Am 01.03.2015 um 20:07 schrieb Steffan A. Cline: Has anyone seen a plugin for MySQL that will allow you to set up users and groups for access but it has all features for privileges like for tables, views and even colums, you can even restrict the access of a colum of a view to a user and make a difference if that same user comes from ip-address A or ip-address B When several years ago a colleague here set up the user interface for an astronomical database (originally using servlets now with Tomcat, and anyhow accessing mysql in JDBC) he considered the internal mysql privilege system, and for some reasons decided not to use it. He wrote an additional layer inside our java front end. We have workspaces, each workspace can access a number of advertised tables, and view advertised columns (but other columns remain accessible if called by name). Users belong to one (or more workspaces) and specify it when logging in our system. All workspaces have readonly access (we do not consider user-writable tables). Our java engine communicates with mysql as a single user. This way we do not have to care about granting access to the mysql server to external hosts. Anyhow I presume that playing around with the grants and privileges tables, one could find a way to write a template set of privileges for a typical user and replicate it for all users of same logical group -- Lucio Chiappetti - INAF/IASF - via Bassini 15 - I-20133 Milano (Italy) For more info : http://www.iasf-milano.inaf.it/~lucio/personal.html Do not like Firefox =29 ? Get Pale Moon ! http://www.palemoon.org -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/mysql
Re: Users and Groups
That reminds me, this may be of interest: http://www.percona.com/blog/2015/03/02/emulating-roles-percona-pam-plugin-proxy-users/ - Original Message - From: Lucio Chiappetti lu...@lambrate.inaf.it To: MySql mysql@lists.mysql.com Sent: Wednesday, 4 March, 2015 12:39:01 Subject: Re: Users and Groups When several years ago a colleague here set up the user interface for an astronomical database (originally using servlets now with Tomcat, and anyhow accessing mysql in JDBC) he considered the internal mysql privilege system, and for some reasons decided not to use it. He wrote an additional layer inside our java front end. We have workspaces, each workspace can access a number of advertised tables, and view advertised columns (but other columns remain accessible if called by name). Users belong to one (or more workspaces) and specify it when logging in our system. All workspaces have readonly access (we do not consider user-writable tables). Our java engine communicates with mysql as a single user. This way we do not have to care about granting access to the mysql server to external hosts. Anyhow I presume that playing around with the grants and privileges tables, one could find a way to write a template set of privileges for a typical user and replicate it for all users of same logical group -- Lucio Chiappetti - INAF/IASF - via Bassini 15 - I-20133 Milano (Italy) For more info : http://www.iasf-milano.inaf.it/~lucio/personal.html Do not like Firefox =29 ? Get Pale Moon ! http://www.palemoon.org -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/mysql -- Unhappiness is discouraged and will be corrected with kitten pictures. -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/mysql
Re: Users and Groups
- Original Message - From: Reindl Harald h.rei...@thelounge.net Subject: Re: Users and Groups Am 01.03.2015 um 20:07 schrieb Steffan A. Cline: Has anyone seen a plugin for MySQL that will allow you to set up users and groups for access where you can have a user who can login, create db etc but MySQL don't support user groups There is a plugin for LDAP authentication out there; I haven't played with it myself but I suppose you could use LDAP functionality to emulate groups? -- Unhappiness is discouraged and will be corrected with kitten pictures. -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/mysql
Re: Users and Groups
Am 01.03.2015 um 20:07 schrieb Steffan A. Cline: Has anyone seen a plugin for MySQL that will allow you to set up users and groups for access where you can have a user who can login, create db etc but ONLY see the stuff that belongs to them? I'm speaking of a shared server where multiple people can use the same instance but be fully separated just like a file share. MySQL don't support user groups but it has all features for privileges like for tables, views and even colums, you can even restrict the access of a colum of a view to a user and make a difference if that same user comes from ip-address A or ip-address B not sure if you find any RDBMS which is more flexible than stock mysql signature.asc Description: OpenPGP digital signature