I've searched for an answer to this and all I can seem to find are questions asking whether it is better to use multiple databases or multiple tables in a single database. This isn't my question though.
QUESTION 1.
I want to set up a new database alongside my current DB and don't know how. I want to give a user full admin access to DB2 without seeing DB1. This way I can host a friend's site and they can create and delete as many tables as they want without disturbing my own DB. I could also use it for demo sites that aren't secure and shouldn't exist inside my primary DB.
I figure I could do this pretty easily with a virtual machine and run a separate instance of MySQL but my resources are limited so that isn't really an option.
I'd like to set this up in one of 2 ways. I would prefer to have "server.example.com" host both DBs and open the proper DB based on user login. If not I could do it routing to server1.example.com and server2.example.com.
QUESTION 2.
If this isn't possible I'd like to know how to properly set up restricted access to a single DB in sequel pro. I have been messing around with it and so far prefer it to PHPMyAdmin. For some reason if I set up a new user with no permissions they have full access to my 'information_schema' and 'test' tables but can't create new tables. I don't want other users to access these tables though and I want them to be able to set up their own tables. I'd like to set it up so a new user can create a limited number of tables and only see and edit those tables. I can't seem to find information on this either.
Even if my first question is possible I'd like to know the answer to question 2. I've been searching for a long time and can't find reliable information anywhere. Maybe my brain is just tired...
You can set up multiple instances of mysql but for your situation you are better off creating different databases within the same instance.
You can create databases and then add users that only have access to manipulate the database they are given and nothing else.
Essentially the heirarchy is as follows:
Mysql (root or any other super user can see everything)
- Your DB
- Your Users
- Your tables/functions/Procedures/etc
- Their DB
- Their Users
- Their tables/functions/procedures/etc.
You basically separate the access for each, and in PHPMyAdmin it is very easy. The steps are:
Add Database )
Add User, restricting them to that database allowing only priveleges you want to give to that user and only to that database. (Guide here)
You can grant access to different database to different user using GRANT in MySQL.
https://dev.mysql.com/doc/refman/5.1/en/grant.html has the information you need.
The most simple you can do is
CREATE DATABASE db_for_user_a
CREATE DATABASE db_for_user_b
GRANT ALL PRIVILEGES ON db_for_user_a.* TO user_a IDENTIFIED BY 'user_a_s_password'
GRANT ALL PRIVILEGES ON db_for_user_b.* TO user_a IDENTIFIED BY 'user_b_s_password'
You are going to need to provide more information about your set up to answer this question of setting up multiple databases specifically.
Servers typically have methods to create multiple databases with software that is designed specifically to run on those platforms (Apache, and Windows server are a couple servers that can run software like WAMP or phpMyAdmin to manage these databases).
And in answer to the permissions: Yes, you can designate users that can have specific privileges on one, both, or neither of the databases. But, you can also set up table-specific roles and actions as well. This is more obvious with Microsoft's management studio though, where Mysql you may want to use something like Mysql Workbench initially.
On cPanel, for example, you can add a new database if your host allows it. On windows, you'll have to use other tools to set up a new database.
In answer to your first inquiry, each database requires its own connection, and there are database-wide operations that you can do such as migration and backups. A rule of thumb is to only keep entirely separate data in different databases, unless there is absolutely a reason to separate types of information into a different kind of database for efficiency. Typically, you do not relate data between different databases except for much more complex situations.
You can create separate databases and use them separately in sequel pro, I believe. Most platforms have an option to create a new db in the databases list.
Well I think I was confusing some stuff here. I apologize for that. I was calling databases 'tables'.
I was wanting to allow users to create new databases but not see the ones that others create. I think I can make this work by just limiting permissions and allowing users to access one or two databases.
It seems like PHPMyAdmin has some easier to use options than Sequel Pro. I've only briefly used it in the past but I'll give it another shot.
As for command line stuff, I love being able to work in command line but I don't know all the commands so it makes things generally difficult to figure out and the man pages weren't all that helpful.
Thank you for your answers and I'm sorry for my newbie questions.
Related
We have our test webserver and main webserver on the same (virtual) webserver with CentOs7. Having them both there is very convenient for us (small company) for several reasons.
We also have the test database and the main database on that same server, also convenient for several reasons.
We created first the main database via directadmin/phpmyadmin, only much later the test database. We use two different logins for phpmyadmin: one that only accesses the main database. For accessing both test db and main db and also system db's we now use the root login, handy to maintain all databases (test and main and others).
We sometimes sync the two databases (mostly data from main to test to be able to test with up-to-date data, and the structure from test to main after testing code and db). Part of the structure we want to copy are some phpmyadmin goodies like the popups with foreign keys. phpmyadmin uses a set of pma__xxx tables for this, like pma__table_info.
Problem is: we have this set of tables now in both databases, both in the test and main database.
And in these tables, we always find records for both databases. For instance, on the test server, there may be records with pma__table_info.db_name set to the main server but also the test server. The same in the main server. Yet the content of the tables is completely different. And I notice that if records are in both pma__table_info tables, the system does not necessarily take the pma__table_info-info from the server that table is on.
I don't understand (also not after google and looking at https://docs.phpmyadmin.net/en/latest/config.html):
Why is there not a separate database for the set of pma__ tables? Why is it in our database(s)?
Why are there two sets pma__ tables, on on each of our databases? Was this just because we made a db copy? But why does phpmyadmin then actually then use records from the copy and not from the original? And why are the tables so different on both db's?
So it seems that the pma tables on both databases are used for both databases. How do I know which set of tables is used when? Does that depend on the phpmyadmin login we use?
Should we merge the pma__ tables into a separate database and tell phpmyadmin via the config to use this separate database? Would that work if we login with a login that only has access to the main database?
Googling gives no basic answers, only technical stuff but I need to know the basic stuff above first before I figure the technical stuff out.
A link to basic pma__ table info (other than technical config info) is also very welcome.
Thank you so much!
So I seem to have find the answers myself in the end. If I am somewhere wrong, please correct.
Because phpmyadmin is configured normally to use the current db. So that it goes well when you only have one database. And handy when you don't have access to the config files.
See above. phpmyadmin will, afaik, use the first db you open after starting phpmyadmin, and will keep using the tables in this db even after you switch.
See 2.
Definitely. Create a user and db for pma, adjust the config file with those, and you're good to go.
So we've got a MYSQL database with very sensitive information and we want to prevent it from being exported by a developer/admin who has access to it, while still allowing them to access database while working on their duties.
In simple terms we want to prohibit mass select on specific tables.
Ideally it would be an option to disable mass select, something like limit 0, 1 enforcement for all SELECT queries on specific tables. Is it possible to configure MYSQL like that? Any other ideas how to prevent database from being exported?
Any solution I can think of when someone needs to access your production data within MySQL and you want to apply the principle of least privilege leads to separation of users and to the page on GRANT command in MySQL documentation.
But as I said in a comment to you question, it is much easier to develop a procedure to generate an impersonated sample of your data, so that your developers would not have access to the production data.
I'm looking into using CloudBees for some application prototyping. I am using free accounts right now, I am not paying any subscriptions at the moment.
The first step for me is to create a MySQL database to host my application's data. I've done so (and it was pretty easy!). I also use Liquibase to manage the database (I've started this work using local H2 databases for the pre-prototyping), and I've been able to construct everything as expected.
As part of checking whether liquibase created the tables, I brought up the MySQL database in NetBeans. And, it did function well. But I can also see other schemas as well as the schema I just created. They're all innocently named (test, test_6hob). But, I can see the tables and view their data.
My question is around the visibility of the data that's in the CloudBees database. Is the database created for the free accounts viewable to other people connecting to the same machine? Does this change if I use a paid account? Or is it more the nature of how the database was created? I can see other schemas (and their data) but I have no idea if other people can see mine? Is there a permissions-aspect I need to ensure I set? I've fairly ignorant with the inner-workings of MySQL.
While this is a prototype, were I to move into using CloudBees for production applications, I wouldn't want the data to be visible to anyone who happened to connect to the same database as my application. It's entirely possible that I'm missing something in this new cloud world. :)
Thanks for any info
All CloudBees MySQL databases are secured separately (although will be in shared instances unless you have a dedicated server) - they are not readable by any other account by default.
However, it is possible for the database owner to grant access to users from other accounts on that same database server if you really wanted to - even though it makes very little sense to do so (and your special user configuration will be lost during a failover).
So this is what has happened for the test databases that you can see - the database owner has opened up security on those databases / tables.
This question is probably off topic but i'll bite anyway. The database data is private to your account. Actual hardware/vm's maybe shared but the data/database is not.
I have a personal website using a MySQL database (with justhost.com). The registration is very simple and only requres a username, pw, and email. I want to add an Oekaki to my site, but the Oekaki install instructions say it should have its own database. If I input the database I am currently using, will that screw it up, or will it create a new table within that database so when a member logs in, they have access to the Wiki and Oekaki under the same username and pw?
Please note I am a database newbie. I am using TikiWiki 6.2 currently and at its initial install of TikiWiki 5 created its own database. If the above won't work in any way, after I create a new database for the Oekaki, what would I have to do so it uses the current registration information from my TikiWiki database without me having to manually enter in every single user one by one for the Oekaki side of the site?
Any information is helpful, even if it just helps me learn a little bit more about databases. :)
I don't know any of these software you mentioned. But i can say in general if a software itsself recommends to use one single database for it you should do it.
I had a similar problem with my wordpress blogs database and another organisational software i installed. The next day all my blogs content was gone forever.
It could be, that for example the software just throws all existing tables away.
So my answer (or better advice) is. Be careful and if you can avoid it, don't throw together two applications in one database.
For the user-table thing you could probably just change one of the systems to use only the user-table of the other system. So nothing will be screwed up. Or if you have the opportunity make a third "General" Database where you just put your users data and use it in both systems.
I have 2 different server running django in it. (using postgre)
Both has the same user table.
I wanted to synchronize the user table, as if I update or delete user in one server then the 2 db should also get updated.
I guess replication is not a solution for my case.
Can anyone point me in right directions. or any link or reference will be helpful.
Both server are running different django code.
Thanks,
I don't know how to do this in PostgreSQL, but in MySQL you could create database VIEW pointing to a table in another database. This way you could reuse the existing auth_user table in the other sever.
I would take a look at pgpool-II. I haven't used it myself, but it's been recommended to me for similar purposes and after a bit of research I came to the conclusion that it's one of the better projects out there.