List:Internals« Previous MessageNext Message »
From:Michael Widenius Date:January 30 2002 4:28am
Subject:Re: New MySQL privileges
View as plain text  
Hi!

>>>>> "Alexander" == Alexander Keremidarski <salle@stripped>
> writes:

Alexander> Michael Widenius wrote:
>> Hi!
>> 
>> We will in MySQL 4.0.2 introduce some new fields in the MySQL user
>> table, to make it possible to limit the number of queries / hour for a
>> user.
>> 
>> At the same time we could add some new privilege fields to MySQL.
>> 
skip> 

>> 
>> Do anyone have a suggestion for any other privilege we should add at
>> the same time ?
>> 

Alexander> Isn't it time to revise mysql.user table and split it into 2 tables?
Alexander> With 4.0.1 it contains 14 priv_ columns adding more global privileges 
Alexander> will add more columns.

Alexander> Something like:

Alexander> mysql.user
Alexander> (host, user, password)

Alexander> mysql.global
Alexander> (host, user, priv_name, priv enum('N', 'Y'))

Alexander> looks better as DB design.

We plan to in 5.0 change all the privileges to be a 'set' in the user
and db tables.  The main reason is that this makes it much easier to
read the privilege and we can also easily add new privileges (up to
64) without changing the table structure.

Some could agree that having two tables would be more 'pure', but for
this case the set is faster and easier to maintain.

<cut>

Alexander> If Views are implemented current privileges schema will become much more 
Alexander> flexible. Like create view Old_style_mysql.user as select from 
Alexander> mysql.user, mysql.global;

Alexander> And what is more interesting with Views you can render privileges tables 
Alexander> visible within current database like SYSTEM_USER  table containing users 
Alexander> with privileges to current database only. It is usefull for large setups 
Alexander> - many databases, each db with its own DBA, complex privileges.
Alexander> Even read-only views will be quite helpful. DBA can grant DB users 
Alexander> select_priv to SYSTEM_USER without granting them SELECT on mysql.*

I wouldn't like to start planing for views before 4.1 is done.
I will however consider this later.

Thanks for the comments.

Regards,
Monty

Thread
New MySQL privilegesMichael Widenius27 Jan
  • RE: New MySQL privilegesJorge del Conde27 Jan
    • Re: New MySQL privilegesSinisa Milivojevic28 Jan
  • Re: New MySQL privilegesBrian Aker27 Jan
    • Re: New MySQL privilegesMichael Widenius30 Jan
  • Re: New MySQL privilegesAlexander Keremidarski28 Jan
    • Re: New MySQL privilegesMichael Widenius30 Jan
  • Re: New MySQL privilegesAlexander Keremidarski28 Jan
    • Re: New MySQL privilegesSinisa Milivojevic29 Jan
    • Re: New MySQL privilegesMichael Widenius30 Jan
  • Re: New MySQL privilegesSasha Pachev28 Jan
    • Re: New MySQL privilegesMichael Widenius30 Jan
  • Re: New MySQL privilegesAlexander Keremidarski30 Jan
    • Re: New MySQL privilegesMichael Widenius30 Jan
  • Re: New MySQL privilegesJeremy Zawodny31 Jan
  • Re: New MySQL privilegesAlexander Keremidarski31 Jan
RE: New MySQL privilegesMichael Widenius30 Jan