Home |  MySQL Buzz |  FAQ |  Feeds |  Submit your blog feed |  Feedback |  Archive |  Aggregate feed RSS 2.0 English Deutsch Español Français Italiano 日本語 Русский Português 中文
Showing entries 1 to 5

Displaying posts with tag: permissions (reset)

TIL: Lookout For DEFINER
+0 Vote Up -0Vote Down
posted by Gerardo Narvaja on Wed 12 Oct 2011 23:08 UTC
Tags:
(edit) mysql, Replication, code, tips, DBA, permissions

The Issue


I haven't blogged in a while an I have a long TODO list of things to publish: The repository for the SNMP Agent, video and slides of my OSCON talk and a quick overview of MHA master-master support. In the meantime, here's a little fact that I didn't know from MySQL CREATE VIEW documentation:

Although it is possible to create a view with a nonexistent DEFINER account, an error occurs when the view is referenced if the SQL SECURITY value is DEFINER but the definer account does not exist.
How can this be possible?

The Problem

For a number of reasons we don't have the same user accounts on the master than we have on the slaves (ie: developers shouldn't be querying the



  [Read more...]
ZRM for MySQL Issues
+2 Vote Up -0Vote Down
posted by Gerardo Narvaja on Wed 25 Nov 2009 05:04 UTC
Tags:
(edit) mysql, sudo, Linux, Backup, Zmanda, permissions, zrm
I really like ZRM for MySQL Community Edition for backups. I find
it very simple to install and configure and it gets the job done. It's default settings suits most installations. The challenges arise once you need to adapt it to more complex organizations. Please note that all the issues described on this article refer to Linux installations.

What If DBAs Have No sudo?

This was the 1st challenge that I ever faced. ZRM requires full root access at least during installation and in some cases, it requires some sudo permissions to be able to manage its files as well. Some organizations don't grant these permissions to the DBAs complicating the installation. When I looked into the scripts, I didn't see any reason why they wouldn't run in the user space, other than a few hard coded paths. I posted the

  [Read more...]
Backing up permissions for individual databases
Employee +0 Vote Up -0Vote Down
posted by Gary Pendergast on Thu 12 Mar 2009 01:00 UTC
Tags:
(edit) mysql, Backup, mysqldump, users, permissions

Sometimes, you want to backup individual databases in MySQL to move to a different server. This part is easy using mysqldump:

shell> mysqldump -u root -p --databases db1 db2 ... > backup.sql

The problem is, what happens when you want to backup the permissions associated with these databases? Well, here are a few queries to help you out.

-- Grab the users with global permissions, 
-- with permissions to the databases you want, 
-- and tables/stored procedures in it.
mysql> SELECT u.* INTO OUTFILE '/tmp/user.txt'
	FIELDS TERMINATED BY ',' OPTIONALLY ENCLOSED BY '"' ESCAPED BY '\\'
	LINES TERMINATED BY '\n'
	FROM
		mysql.user u
	WHERE
		u.Select_priv='Y'
	UNION
	SELECT u.*
	FROM
		mysql.user u,
		mysql.db d
	WHERE
		d.Db IN('db1', 'db2', ...) AND
		d.User = u.user
	UNION
	SELECT u.*
	FROM
		mysql.user u,
		mysql.tables_priv
  [Read more...]
Permissions by interface on the local server
Employee +0 Vote Up -0Vote Down
posted by Gary Pendergast on Thu 19 Feb 2009 08:37 UTC
Tags:
(edit) mysql, permissions

I had an issue come up recently that involved some confusion over permissions for the same user, connecting through different interfaces. For example, say you have a server with the public IP address of 192.168.0.1. You could connect to it from the local machine using the following commands:

shell> mysql -h localhost           # Connects through the socket file
shell> mysql -h 127.0.0.1           # Connects through the loopback interface
shell> mysql -h 192.168.0.1         # Connects through the network interface

They all connect to the local server, but they can all have different permissions. Here are a couple of rules to make your life easier:

  • Don’t use @127.0.0.1, unless you absolutely can’t use the socket file for some reason. Connecting through @localhost is usually faster than the loopback device, and it’s
  [Read more...]
Creative SQL: How to Easily SHOW GRANTS for Many Users
+0 Vote Up -0Vote Down
posted by Sheeri K. Cabral on Fri 12 Sep 2008 17:36 UTC
Tags:
(edit) mysql, Group Blog Posts, Maatkit, ACL, grant, mk-show-grants, permissions, show grants

Scenario: Someone wants to know which of the over 50 MySQL users have certain privileges.

There are many ways to solve this problem. Some of these scenarios are tedious and repetitious, others take no time at all.

The issue, of course, lies in what the “certain” privileges are. If it is “who has the SUPER privilege?” then a simple

SELECT user,host FROM mysql.user WHERE Super_priv='Y';

is sufficient. If it is “who has write access to the foo database”, you might write:

SELECT user,host FROM db WHERE Db='foo' AND Select_priv='Y';

but that only shows who explicitly has read permissions on that database; it does not include those who have global read permissions. The full query would be:
(more…)

Showing entries 1 to 5

Planet MySQL © 1995, 2013, Oracle Corporation and/or its affiliates   Legal Policies | Your Privacy Rights | Terms of Use

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.