On Wed, May 15, 2013 at 4:23 PM, William Muriithi < william.murii...@gmail.com> wrote:
> Hello, > > I have spent an hour or so looking at the least recommended permission RT > need to be able to manage mysql database and everybody seem to be taking > the easy way, grant everything > People usually don't grant any mysql level permissions and just trust RT to do so and the following is what RT grants: 18 "GRANT SELECT,INSERT,CREATE,INDEX,UPDATE,DELETE 19 ON `$db_name`.* 20 TO '$db_user'\@'$db_rthost' 21 IDENTIFIED BY '$db_pass';", 22 ); It's a bit over-granting and I believe that our code is clean enough that it's possible to limit the list to SELECT,INSERT,UPDATE,DELETE, but I can not say it's possible for sure without fixing code. > Is it possible Best Practice has listed the necessary grants that is > needed for RT to work successfully on mysql server that I missed? Would > appreciate any guidance > RT's user in mysql (RT uses one account for operation) has to have SELECT, INSERT, UPDATE, DELETE rights on all RT's tables to operate. Upgrade steps should use DBA account for steps that require DROP/CREATE/ALTER/INDEX or any other rights, but as I said, considering above GRANT, this code may have "bugs" and use RT's primary account to perform some upgrade operations. What is the problem you're trying to solve? > Regards, > > William > -- Best regards, Ruslan.
-- RT Training in Seattle, June 19-20: http://bestpractical.com/training