openholdings, Member
I have a large scale database deployment. I installed mydbr and all databases show up in the sql editor. I have the user in the config file only have access to the mydbr database and the customer database (basically only itself). Why does all databases show up in the sql editor?
Can I have a config setting that only shows the customer database (not even the mydbr database)?
myDBR Team, Key Master
Assuming you are using MySQL database. The databases shown in SQL are determined by the access rights for myDBR's user to the server and are fully configurable by you.
In case of MySQL, myDBR executes "show databases" command and shows the result. "show databases"-command will show those databases where there is some kind of privilege assigned to myDBR user.
For the same reason the myDBR database is shown. Hiding myDBR database from the list would not change the fact that admin can still access data from myDBR database, as intended.
--
myDBR Team
openholdings, Member
I installed mydbr and tested the application with both mysql users, "root" and a new user "mydbr". When I used the sql editor, both usernames enumerated all databases. the mydbr user only has express permissions for mydbr and test_database.
I then logged into a cli and issued the show databases command with both usernames (logged on to each separately.
CLI root user:
show databases - all databases listed
CLI mydbr user:
show databases - test_database, mydbr and information_schema
This ticket says that the limited user should be limited to the databases in show database, but it doesn't behave that way. Have I set something up wrong? Is there a "mydbr admin connection user" and a "tenant database user"?
myDBR Team, Key Master
Hi,
when you create the myDBR objects (including the stored procedures) the permissions are determined by the user creating the objects. You probably created myDBR objects as 'root'. When myDBR lists the databases it uses sp_MyDBR_db_dbs-procedure wrapper, which in MySQL contains just "show databases" command. When you run it as mydbr, but have created the procedure as root, it will show the output as run as root. This is a standard MySQL feature.
Note that changing the myDBR user afterwards, may give you some additional problems. If you have already created reports under root and change to mydbr-username afterwards, mydbr-user may not (depending on permissions given) be able to modify the report procedures as they are owned by root.
The recommended installation is that you create a separate username (mydbr) for myDBR, this allows for you to set permissions with more granularity.
Best Regards,
--
myDBR Team
You must log in to post.