I want to import a db with the same name as an existing one.
If I use a different mysql user would there be any problem? override perharps ?
No. You can only have one MySQL database with any given name -- you will need to change the name of one (or both!) databases.
Two distinct databases must have two distinct names; MySQL cannot distinguish between them by name. A common practice on web hosting services for example, is to prefix the database names with the username, so the database would be called:
CREATE DATABASE user1_dbname
CREATE DATABASE user2_dbname
MySQL can separate permissions to tables in one database per user, which would make it possible for user1 to have access only to a specific set of tables, and user2 to have access to a different set, but that is confusing to manage. Really, they should be separately named.
/* Separate SELECT permissions for user1 and user2 by table */
GRANT SELECT ON shared_dbname.user1table1,shared_dbname.user1table2 TO user1#localhost
GRANT SELECT ON shared_dbname.user2table1,shared_dbname.user2table2 TO user2#localhost
Related
I have two databases in MySQL on the same server which means hostname is same.
I want to use the REPLACE INTO statement to replace data in DB1 with data in DB2.
The concern is that both databases has different login credentials.
Kindly advice how can I do that?
Regards,
Kalpesh
You will need an account that has the appropriate access to both databases. After that, you can use the database name before the table names to specify which table to use.
REPLACE INTO Database1.Table1(A, B, C)
SELECT A, B, C
FROM Database2.Table1
With two different accounts this won't work, but the accounts are created per server, so you may create a different account for this purpose, or grant one of the existing accounts access to the other database.
If it is not possible to get such an account, I think the only option is to export the table from the first database, import it in the second database under a different name, and then run the statement on the imported table.
Let's say we have a public DNA database running on mysql. Database contains only complete data. In this scenario, some special users want to add experimental data to the database, which may not be complete or they don't want it to be visible to everyone. Instead they want the experimental data to only be visible to users with correct privileges. What approach would you take to achieve this?
Presumably these datasets are large, and performance is important. That means the privilege system should be as coarse as possible.
If I were doing this, I'd create a "public" database, and use the MySQL GRANT command to allow guest users to SELECT on that database.
For example:
CREATE USER 'guest'#'%' IDENTIFIED BY 'changethispassword';
GRANT SELECT ON public.* TO 'guest'#'%';
Then, for the nonpublic datasets, I'd put them into other databases, and be more selective about the users GRANTed privileges. For example, these GRANTs give two different users access to private information and the public information.
CREATE USER 'venter'#'%' IDENTIFIED BY 'changethispassword';
GRANT SELECT ON public.* TO 'venter'#'%';
GRANT SELECT ON celera.* TO 'venter'#'%';
CREATE USER 'collins'#'%' IDENTIFIED BY 'changethispassword';
GRANT SELECT ON public.* TO 'collins'#'%';
GRANT SELECT ON hgp.* TO 'collins'#'%';
A user who has SELECT privileges on, let us say, the public database and the celera database, can issue queries like this allowing seamless (if not optimally performing) merging of private and public data.
SELECT whatever
FROM public.AGCT
UNION ALL
SELECT whatever
FROM celera.AGCT
Of course, it has to make scientific sense to take the union of these datasets. That may or may not be the case.
Don't be alarmed at the idea of creating multiple databases. They really are nothing more complex than directories in a computer file system. A single server can deliver dozens of them without any problems.
MySQL is definitely up to this kinds of security. Hosting providers run multi-tenant servers routinely.
I would consider MariaDB (a MySQL-compatible database written by MySQL's founder) over MySQL, as it supports roles.
Neither of them support Row Security like Oracle does, but you can mimic it by adding an "owner" column with the name of the role that can select/update the row.
Add a WITH CHECK OPTION view that checks that the current_user is in the role specified in that column.
Add a trigger to set owner value properly.
update: If you can't alter the table but can add new ones, add a new one w same key as original, and add owner column, and join the tables in your view.
See
http://www.sqlmaestro.com/resources/all/row_level_security_mysql/
i was wondering if there is a way to limit the number of databases a user can create in mysql? I would like to give a user the right to create databases, but he should not be able to create an infinite number of databases.
Thanks,
Gerold
If your users only have granted permissions on their own databases, you can check information_schema.SCHEMA_PRIVILEGES prior to permitting creation how many databases they already have. However, for this to work, you would have to prohibit CREATE DATABASE by the users directly and instead create the databases in application code via another privileged database user then grant access to the users to their newly created databases.
SELECT
GRANTEE,
COUNT(DISTINCT TABLE_SCHEMA) AS NUM_DBS
FROM information_schema.SCHEMA_PRIVILEGES
GROUP BY GRANTEE
If NUM_DBS is greater than your limit, don't create a new database for them.
Note that if you are granting permissions to users for databases other than the ones they "own", you will need to account for that in your query by excluding those via something like
WHERE TABLE_SCHEMA NOT IN ('other','dbs','you','grant','access','on')
I would like to understand how hard this is to implement.
In unix, there are unix groups where certain people with a group can access certain folders and files.
I would like to apply the same concept into MYSQL where people could only access, view certain tables or even same tables but different rows ...
How can I achieve this? Would I have to use a different database system?
Gordon
This is a very common and simple approach. You can create users and specify which databases/tables they can access and what type of operations they can execute. See the mysql documentation on this
For instance:
--create the user
CREATE USER 'gordon'#'localhost' IDENTIFIED BY 'yourpassword';
--specify table and specific operations for that user
GRANT SELECT,UPDATE,DELETE,INSERT ON database.table TO 'gordon'#'localhost';
Short version: How can I write an SQL procedure to list which of several tables in a MySQL database a particular user has access to?
Longer version:
I'm writing a multi-user app that accesses a database with data for several branches of a company. The database has a number of lookup tables that any user can access, and a table for each branch that only authorized users can access. My strategy is:
Write a stored procecure that returns a list of the relevant tables for which the user has SELECT privilege.
From the app, call the procedure. If there's only one table returned, use it, otherwise let the user select which branch they want to access (e.g. for managers).
I'm having trouble figuring out how to write such a stored procedure. SHOW GRANTS FOR CURRENT_USER is an obvious possibility, but parsing something like:
GRANT SELECT ON Company.BranchABC TO 'auser'#'%clientdomain.com'
in SQL to figure out what the tables are seems way too messy. Doing a SELECT from the actual tables that hold the permissions also seems problematic, because I'd have to duplicate MySQL's logic for combining the permissions from the various tables (user, db, host, etc.)
Any words of wisdom?
You can see what privileges on which tables a user has:
show grants for 'user'#'host';
For example, to see the privileges of user1 (all machines in the network 10.25), run:
show grants for 'user'#'10.25.%.%';
I have never granted per table permissions to MySQL users before, but to do this, you would check that the TABLE_PRIVILEGES table in the information_schema database.
That should point you in the right direction.
MySQL users list and its privilege can be check with the Query.
select * from mysql.user\G;
http://www.thedevheaven.com/2012/04/retrieve-mysql-users-list-and-its.html