Hello, Sergei!
2008/5/20 Sergei Golubchik <serg@stripped>:
> Hi!
>
> On May 20, Sergey Kudriavtsev wrote:
>> 2008/5/20 Sergei Golubchik <serg@stripped>:
>> > On May 20, Sergey Kudriavtsev wrote:
>
>> >> To distinguish roles from users I propose to use "Host" field of
>> >> mysql.user table - If this field is empty then we should consider
>> >> the specified record to be a role. Now empty field is equivalent
>> >> to '%'. I will change the behaviour of parser to always fail host
>> >> identity check when the checked field has empty value. I will also
>> >> change mysql_fix_privilege_tables script to replace all existing
>> >> empty "Host" field values with '%'.
>> >
>> > This is fine, but what are you going to do with mysql.host table ?
>> > In there empty host is not equivalent to '%' :(
>>
>> I'm not sure whether I have to do something with mysql.host table at
>> all. Anyway, I'm going to store roles in mysql.user/mysql.xxx_priv
>> only and I don't see how mysql.host table will interfere with roles'
>> privileges. Please, explain this issue in more detailed way.
>
> Sorry, it was a typo. I meant mysql.db table. In mysql.db table blank
> host is not the same as '%' host.
>
And again I don't see the interference :(. I've carefully studied the
corresponding
manual page (Access Control, Stage 2: Request Verification), but I didn't found
any possible errors in this scheme.
Anyway, as community considers isRole ENUM('N','Y') column to be better then
I consider I shall implement it in that way.
> Regards / Mit vielen Grüssen,
> Sergei
>
> --
> __ ___ ___ ____ __
> / |/ /_ __/ __/ __ \/ / Sergei Golubchik <serg@stripped>
> / /|_/ / // /\ \/ /_/ / /__ Principal Software Engineer/Server Architect
> /_/ /_/\_, /___/\___\_\___/ Sun Microsystems GmbH, HRB München 161028
> <___/ Sonnenallee 1, 85551 Kirchheim-Heimstetten
> Geschäftsführer: Thomas Schroeder, Wolfgang Engels, Dr. Roland Boemer
> Vorsitzender des Aufsichtsrates: Martin Häring
>
--
Best regards,
Sergey Kudriavtsev
