I would stay away from option 3 for exactly the example you provided.
You have 1 user with 2 roles. What if you had 30 users with 2 roles? I
would choose option 2 because I would only have to maintain 2 users in
MySQL, not 60 as you would in option 3. For option 1, you would have 30
users, but then you would to give them the 'most permissible' privileges
of the 2 roles.
What I don't know is why you need to have roles in the first place. Do
you have a large number of users and a large number of roles?
Customer Analytics Mgr.
Office 818.253.3819 Fax 818.834.8843
From: Danny Stolle [mailto:d.stolle@stripped]
Sent: Tuesday, June 14, 2005 11:12 AM
To: kevin.struckhoff@stripped; mysql@stripped
Subject: Re: discuss: user management
yes it is a complex matter, i agree completely. but how would you plan
this as a dba or the person involved on administrating MySql. For
instance: You would choose option 2 as the preferable one. But what
would you do if somebody would change its role or that the person would
get other privileges? he will get a new or already created role userID,
but would still be able to logon using the previous user id.
why wouldn't you choose for the 3th option or 1st option? what
disadvantages do you think would option 1 and 3 have?
Kevin Struckhoff wrote:
> Although my experience with MySQL user management is limited to just
> maintaining a handful of users, I find it rather overly-complex
> of the need to maintain a table of users and 'from where' they can
> access, and to what databases they can have access to. For example, I
> just installed MySQL Administrator on my laptop and then I had to add
> rows allowing me to access MySQL from my laptop. The ODBC connection
> setup should suffice. For every instance of MySQL, you have to have an
> entry in the user table for every user from every access point. Then
> multiply that by the number of databases in each instance and you can
> see that administration of the users can get out of hand.
> If I had to choose between the 3 methods listed below, I would choose
> if there was a large number of roles and users. I would definitely
> away from option #3 no matter what. HTH.
> Kevin Struckhoff
> Customer Analytics Mgr.
> NewRoads West
> Office 818.253.3819 Fax 818.834.8843
> -----Original Message-----
> From: Danny Stolle [mailto:d.stolle@stripped]
> Sent: Tuesday, June 14, 2005 10:08 AM
> To: mysql@stripped
> Subject: [SPAM] - discuss: user management - Bayesian Filter detected
> i would like to discuss 'user management' in mysql. Working with
> you can assign users to roles giving them privileges provided by that
> role. MySql doesn't have Roles. I have read (Managing and Using MySql,
> O'Reilly) 3 options on managing users having multiple roles in a MySql
> 1. Giving the user a Single user ID and assign the privileges to that
> user ID
> 2. Create role-bases users and have different people share the same
> ID for a given role.
> 3. Create multiple user IDs for each role played by each user
> (dannys_arch as an architect, dannys_dev as a developer).
> Which of these 3 options is the most preferable one or are there more
> options which you can use. What are the advantages and disadvantages
> working with one of these 3 options? how do you handle hostnames when
> working with random ip-addresses on your site.
> Or just plain simple (or stupid) what are your experiences on user
> management in a MySql environment.
> Best regards,
> Danny Stolle