Jeremy Cole wrote:
> Hi,
>
>> To distinguish roles from users I propose to use "Host" field of
>> mysql.user table - If this field is empty then we should consider the
>> specified record to be a role.
>
> I see all the discussion around this, but I would propose a different
> tack: why not use a host which would otherwise be reserved? The
> similarity in functionality and such between users and roles is obvious,
> but you don't want to break or change existing functionality. How about
> e.g. role "foo" would be equivalent to user "foo" @ "$role". Since $
> (or @, #, &, ^, *, !, etc.) would never appear in a well-formed hostname
> or IP address, they call all be used to mark a role as such. The
> commands to deal with roles would then really just be aliases on
> user@"$role" and thus very easy to implement.
I do not think this is quite intuitive. A role is defined for all hosts,
so the most explicit way of expressing this is to provide a
wildcard-value in the host column (and having a user/role switch column
to distinguish roles from users).
Thanks,
Roy
