Jim Winstead wrote:
> On Thu, Aug 17, 2006 at 10:53:15PM +0200, Arjan Hulshoff wrote:
>
>> So there is already some work done on this subject. However I don't see
>> that there is thought of the possibility to add user groups or am I
>> mistaken?
>>
>
> Support for roles (what I believe you mean by "user groups") is part of
> another task, and the high-level specification of that hasn't been
> published yet.
>
> Jim Winstead
> MySQL Inc.
>
>
Well, I actually mean things like Organizational Units and those kind of
things in LDAP. This way you don't need to give every single user access
to a database. But e.g. in LDAP I would be authenticated like
dc=example,dc=com,ou=dba,cn=arjan, then I would like to tell MySQL that
all users belonging to ou=dba have all the rights to maintain the
database server. This is very usefull when I have a large group of users
with the same rights and it would be easier for me to manage it. On the
other hand, you still should be able to give an individual user more
rights, then he can have according to the ou. So I think there is a
slight difference with roles, these are groups that are made
specifically in a database. That could be a way to give a single user
more rights. This way managing users is used in MS SQL Server 2005 and
is very practical for simple user maintenance.
Regards,
Arjan.
