From time to time people wonder how to implement roles in MySQL. This can be useful for companies having to deal with many user accounts or for companies with tight security requirements (PCI or HIPAA for instance). Roles do not exist in regular MySQL but here is an example on how to emulate them using Percona Server, the PAM plugin and proxy users.

The goal

Say we have 2 databases: db1 and db2, and we want to be able to create 3 roles:

• db1_dev: can read and write on db1 only.
• db2_dev: can read and write on db2 only.
• stats: can read on db1 and db2

For each role, we will create one user: joe (db1_dev), mike (db2_dev) and tom (stats).

Setting up the Percona PAM plugin

The Percona PAM plugin is distributed with Percona Server 5.5 and 5.6. I will be using …

How-To configure your MySQL to use PAM and/or Active Directory authentication with percona-pam-authentication plugin. Continuing articles about Two-Factor authentication or integrating Linux services with Active Directory, this How-To is one of my recent works that I have done these days, so I hope it may help the community with this guide to configure MySQL with PAM and subsequently using Active Directory to authenticate. If you are new here, please refer to SSH Two-Factor authentication, which explains how to install likewise and integrate your Linux with AD. However, we will have few exceptions to get MySQL working with PAM authentication.

Before you continue, please make sure that you have MySQL 5.5.16 or a newer version, otherwise it can …